* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 531f57d71cec4d2d7564e4c35fc1df187a42349d
@ 2022-06-17 16:49 Peter Müller
0 siblings, 0 replies; only message in thread
From: Peter Müller @ 2022-06-17 16:49 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 134386 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 531f57d71cec4d2d7564e4c35fc1df187a42349d (commit)
via 609f41867d11619d9996509f6be05d004b2ccb1c (commit)
via 3cf7a3b15386010871f15256c4f97dce97d9841d (commit)
via 75c49d6bec65ec865b37f7a44bdb7c46cf264b4c (commit)
via 29df9f89c9168e4248076cf9c7e294384c0fd6ae (commit)
via 4c4669041168fa6c8b20d4906c37813820969285 (commit)
via 8d920449d27fe5816fc157f5d101aab0855e76e4 (commit)
via c13e562b6e403808f90703e90b717a2193a2592f (commit)
via fa30456c5e4bc6ff7b735ecbc10dd3deaa8a16e0 (commit)
via 65264b3ba6358d78d70c2cc7b9e1c883b0b4af4a (commit)
via b8a9c9e70a0ff84401e53f1481f3c1eafab76a29 (commit)
via ed5572536f5fbd3af2383555a87a634fd257a88f (commit)
via a609195a26f2666a177b988a6691bc27b10e6d64 (commit)
via b9196b9d62b3c85d11e99c08e720e1007eeb3e7a (commit)
via 015ea59a4d3ead64fd84276e9be8d453e96eb1f1 (commit)
via 3740b7ad3ade3ff9d645bc3dca709791d012bbc2 (commit)
via 6a53c26cf71c49113a1a2d4b810f35ebfa240464 (commit)
via 209d62f0058c88e038760bc07773072fed0050da (commit)
via c9dc7fdec09ceec217534cf4a9832338ac9be671 (commit)
via b6f9fff2bcec35a98c4b01a4bab3038ee7813ee2 (commit)
via 59f9e413611e6724a039429020fd528b782a5017 (commit)
via 472cd78269a8d03cfa1447b3c80bed6dd3fd0897 (commit)
via a4a42daeeaefed48dd9b40d7001f1fc613978f85 (commit)
via 74ab6f9fc03dab8dae8d63c86e036f2b96162f25 (commit)
via 10b32d3895e7ca2134d403b2445f9569b1f7f36a (commit)
via 16d4a5c264d7deec49e3c1ee84541a231c31b5bb (commit)
via a999886759f360f4747084f1c69768a991766df3 (commit)
via 5111dc3df3233720235f40269c2655d6b7e125a0 (commit)
via 6834749d223458d5ee95302732227bea0df62d60 (commit)
via 339b84d50910b1c258304bff68d1f875e8b2a25a (commit)
via c63a54f0908f8dcce2fde30d4476e82dbc2c3bfd (commit)
via 2050be20e1600377914736531307d3fab863285e (commit)
via f27d021470fb31731844ee2c70d142c6651da0f0 (commit)
via 4b519aa8b0a3314e5cb01c953a517b3da354ea53 (commit)
via 2d44871aa1363990b2f1416d1be65c7e51020c0b (commit)
via 6ede67fb5aa54ea5ba9e806f31c3e35077aa71ba (commit)
via d7772284a1f9cd82c7672c35ad0b22fb988d1859 (commit)
via 89bdc5563cc6f829add64b62231349be2912c5ef (commit)
via 4f3f7f57847312aec2d406d9165950faf50d9099 (commit)
via 42a2a93911fb8bd96f7878dd48eec4a3eab5aa68 (commit)
via aeff5e3fee7f1a0c5816ff47918fce1feb693d6a (commit)
via baf62b83cbf5300055d4bd0fc8073874794a5197 (commit)
via e0fa8c25e88860df2f1dd9e60a212d9f3a4fbb4d (commit)
via e1e10515ece3bbe51936d572f32b14f02db6750d (commit)
via dc124917e3a0468ae4f1a4c6fe15ed3c68fc2f62 (commit)
via e97759c292d49a5c397e52fe46a17e4674623f29 (commit)
via bc8bea129cbd85a8921b1fe47b07da5452f8ed6a (commit)
via cb36c0929c6aab35e6c78d90d58e53d2ffc6010d (commit)
via 3aeadfd8bda88ca123cb0bfffc3c6d55c0fb3fdc (commit)
via bfc889a70ac4e2ef2f7a126611aa927c0efd6c40 (commit)
via a102cdbae1243c8dd113a0a118ce891e43850ab5 (commit)
via 6f8b1c534ecdb9dd9f8042da5ac7778c5574b154 (commit)
via 3780b7a4ace485be68c874185ee5dacddd824f9e (commit)
via 7e4af6eb54bcbd1fa651610d8f0a99d86270042c (commit)
from a0d3956686f64744d06a5d2f9911a4987d9129ec (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 531f57d71cec4d2d7564e4c35fc1df187a42349d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 16:48:44 2022 +0000
Zut alors, uniq 'files' as well
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 609f41867d11619d9996509f6be05d004b2ccb1c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 16:48:13 2022 +0000
Sort 'files'
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 3cf7a3b15386010871f15256c4f97dce97d9841d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 16:47:44 2022 +0000
Core Update 169: Ship OpenVPN 2FA changes
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 75c49d6bec65ec865b37f7a44bdb7c46cf264b4c
Merge: a0d395668 29df9f89c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 16:39:40 2022 +0000
Merge branch 'temp-ms-ovpn-2fa' into next
commit 29df9f89c9168e4248076cf9c7e294384c0fd6ae
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 16:30:51 2022 +0000
Core Update 169: Ship libtiff and krb5
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 4c4669041168fa6c8b20d4906c37813820969285
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 16:29:55 2022 +0000
Core Update 169: Remove pakfire metadata for krb5 and libtiff
Both packages have become part of the core system, so these files
are not longer needed.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 8d920449d27fe5816fc157f5d101aab0855e76e4
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun May 15 18:02:20 2022 +0200
libtiff: Move into core system.
pango and the PDF tools as core parts are linked against
libtiff, therefore this library has to become a part of the
core distribution too.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit c13e562b6e403808f90703e90b717a2193a2592f
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun May 15 18:02:19 2022 +0200
krb5: Move package into core system.
On one hand, the key.dns_resolver binary is linked against libkrb5, so this
library at least is required by the base system.
On the other hand this easily allows different services on the firewall
to use kerberos for authentication (ssh etc).
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit fa30456c5e4bc6ff7b735ecbc10dd3deaa8a16e0
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 16:27:42 2022 +0000
kernel: Align x86_64 rootfile for kernel update
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 65264b3ba6358d78d70c2cc7b9e1c883b0b4af4a
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 15:54:10 2022 +0000
Core Update 169: Ship U-Boot
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit b8a9c9e70a0ff84401e53f1481f3c1eafab76a29
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 15:52:45 2022 +0000
U-Boot: Update to 2022.04
https://wiki.ipfire.org/devel/telco/2022-06-13
Cc: Arne Fitzenreiter <arne.fitzenreiter(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit ed5572536f5fbd3af2383555a87a634fd257a88f
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 11:01:06 2022 +0000
Core Update 169: Ship misc-progs
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit a609195a26f2666a177b988a6691bc27b10e6d64
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 15 09:53:20 2022 +0000
misc-progs: Add path to executable to argv
Otherwise, the first argument would always be swollowed :(
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Acked-by: Peter Müller <peter.mueller(a)ipfire.org>
commit b9196b9d62b3c85d11e99c08e720e1007eeb3e7a
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Jun 16 23:31:59 2022 +0200
samba: Ship with CU169
- samba is linked to liblber from openldap. openldap was updated in CU168 but
I missed that samba had a dependency to one of its libraries.
- find-dependencies was not run on openldap liblber although looking at the openldap
rootfile it is clear that an sobump occurred.
- This patch increments the samba PAK_VER so that it will be shipped and therefore
have the library links updated.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 015ea59a4d3ead64fd84276e9be8d453e96eb1f1
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Jun 16 23:16:36 2022 +0200
netatalk: Ship with CU169 - Fixes bug #12878
- netatalk is linked to liblber from openldap. openldap was updated in CU168 but
I missed that netatalk had a dependency to one of its libraries.
- find-dependencies was not run on openldap liblber although looking at the openldap
rootfile it is clear that an sobump occurred.
- This patch increments the netatalk PAK_VER so that it will be shipped and therefore
have the library links updated.
Fixes: Bug #12878
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 3740b7ad3ade3ff9d645bc3dca709791d012bbc2
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Thu Jun 16 12:39:45 2022 +0200
ovpnmain.cgi: URI encode OTPAuth String in QRCode
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit 6a53c26cf71c49113a1a2d4b810f35ebfa240464
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Thu Jun 16 12:38:48 2022 +0200
perl-URI-Encode: New package
Simple percent Encoding/Decoding
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit 209d62f0058c88e038760bc07773072fed0050da
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Tue Jun 14 20:56:12 2022 +0200
ovpnmain.cgi: Remove trailing newline from OTP secret
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit c9dc7fdec09ceec217534cf4a9832338ac9be671
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jun 14 15:57:03 2022 +0000
openvpn-authenticator: Always return general connection data
The function returned different output when TOTP was configured and not
which is not what it should do.
This version will now try to add the TOTP configuration, or will add
nothing it if fails to do so.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit b6f9fff2bcec35a98c4b01a4bab3038ee7813ee2
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jun 14 15:53:19 2022 +0000
openvpn-authenticator: Don't process configuration when row is too short
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 59f9e413611e6724a039429020fd528b782a5017
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Tue Jun 7 17:53:23 2022 +0200
openvpn-authenticator: Change event and environment handling
Move reading of environment in it's own function because not all
events have a ENV block following and thus always reading the ENV
will cause RuntimeError("Unexpected environment line ...").
commit 472cd78269a8d03cfa1447b3c80bed6dd3fd0897
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Tue Jun 7 12:20:14 2022 +0200
openvpn-authenticator: Fix call of _client_auth_successful
commit a4a42daeeaefed48dd9b40d7001f1fc613978f85
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Tue Jun 7 12:14:12 2022 +0200
openvpn-authenticator: Return only available data
For connections which have not enabled OTP return
connection name and common_name attributes only.
commit 74ab6f9fc03dab8dae8d63c86e036f2b96162f25
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Tue Jun 7 12:12:20 2022 +0200
openvpn-authenticator: Generate TOTP instead of HOTP codes
commit 10b32d3895e7ca2134d403b2445f9569b1f7f36a
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Tue Jun 7 11:20:56 2022 +0200
ovpnmain.cgi: Fix OTP secret handling
Convert stored hex OTP secret to binary prior to converting to base32.
commit 16d4a5c264d7deec49e3c1ee84541a231c31b5bb
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Tue Jun 7 11:16:31 2022 +0200
ovpnmain.cgi: Fix comparison operators
commit a999886759f360f4747084f1c69768a991766df3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 4 14:58:18 2022 +0100
openvpn-2fa: Configure fake authentication credentials
These configuration option are required to make the client authenticate
itself against the server.
The server may then accept those credentials without any further ado or
ask for a OTP.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5111dc3df3233720235f40269c2655d6b7e125a0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 4 14:51:51 2022 +0100
openvpn-2fa: Enable management socket for RW server
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6834749d223458d5ee95302732227bea0df62d60
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 4 14:49:32 2022 +0100
openvpn-2fa: Drop the previous authentication handler
This has been replaced by the newer authenticator
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 339b84d50910b1c258304bff68d1f875e8b2a25a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 4 14:46:41 2022 +0100
openvpn-2fa: Import a prototype of an authenticator
This script runs aside of OpenVPN and connects to the management socket.
On the socket, OpenVPN will post any new clients trying to authenticate
which will be handled by the authenticator.
If a client has 2FA enabled, it will be challanged for the current token
which will then be checked in a second pass.
Clients which do not have 2FA enabled will just be authenticated no
matter what and tls-verify will have handled the rest.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c63a54f0908f8dcce2fde30d4476e82dbc2c3bfd
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue May 3 11:54:17 2022 +0000
ovpnmain.cgi: Load all modules at the beginning
Although Perl modules tend to take a long time to load, it is better to
do this at the beginning so that loading the script will show any
errors.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2050be20e1600377914736531307d3fab863285e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue May 3 11:51:11 2022 +0000
ovpnmain.cgi: Disable sending any error messages to the browser again
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f27d021470fb31731844ee2c70d142c6651da0f0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Apr 15 07:29:10 2022 +0000
openpvn-2fa: Fix rootfiles
Some rootfiles where in the wrong location, some others had some
architecture hard-coded.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4b519aa8b0a3314e5cb01c953a517b3da354ea53
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 21:02:04 2022 +0000
perl-YAML-Tiny: Update checksum and remove unnecessary fields
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2d44871aa1363990b2f1416d1be65c7e51020c0b
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 20:59:10 2022 +0000
perl-Module-ScanDeps: Update checksum and remove unnecessary fields
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6ede67fb5aa54ea5ba9e806f31c3e35077aa71ba
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 20:57:33 2022 +0000
perl-Module-Install: Update checksum and remove unnecessary fields
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d7772284a1f9cd82c7672c35ad0b22fb988d1859
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 20:55:27 2022 +0000
perl-Module-Build: Update checksum and remove unnecessary fields
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 89bdc5563cc6f829add64b62231349be2912c5ef
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 20:53:31 2022 +0000
perl-MIME-Base32: Update checksum and remove unnecessary fields
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4f3f7f57847312aec2d406d9165950faf50d9099
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 20:52:12 2022 +0000
perl-Imager-QRCode: Update checksum and remove unnecessary fields
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 42a2a93911fb8bd96f7878dd48eec4a3eab5aa68
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 20:50:12 2022 +0000
perl-Imager: Update checksum and remove unnecessary fields
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit aeff5e3fee7f1a0c5816ff47918fce1feb693d6a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 20:48:39 2022 +0000
perl-File-Remove: Update checksum and drop unnecessary fields
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit baf62b83cbf5300055d4bd0fc8073874794a5197
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 20:48:20 2022 +0000
oauth-toolkit: Update checksum and drop unnecessary fields
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e0fa8c25e88860df2f1dd9e60a212d9f3a4fbb4d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 19:15:42 2022 +0000
qrencode: Rename package and update checksum
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e1e10515ece3bbe51936d572f32b14f02db6750d
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Fri Apr 8 10:50:20 2022 +0200
OpenVPN: Add support for 2FA / One-Time Password
Add two-factor authentication (2FA) to OpenVPN host connections with
one-time passwords.
The 2FA can be enabled or disabled per host connection and requires the
client to download it's configuration again after 2FA has beend enabled
for it.
Additionally the client needs to configure an TOTP application, like
"Google Authenticator" which then provides the second factor.
To faciliate this every connection with enabled 2FA
gets an "show qrcode" button after the "show file" button in the
host connection list to show the 2FA secret and an 2FA configuration QRCode.
When 2FA is enabled, the client needs to provide the second factor plus
the private key password (if set) to successfully authorize.
This only supports time based one-time passwords, TOTP with 30s
window and 6 digits, for now but we may update this in the future.
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit dc124917e3a0468ae4f1a4c6fe15ed3c68fc2f62
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Fri Apr 8 08:11:07 2022 +0200
perl-MIME-Base32: New package
Base32 encoder and decoder
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit e97759c292d49a5c397e52fe46a17e4674623f29
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Mon Apr 4 17:58:19 2022 +0200
perl-Imager-QRCode: New package
Generate QR Code with Imager using libqrencode
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit bc8bea129cbd85a8921b1fe47b07da5452f8ed6a
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Mon Apr 4 17:56:44 2022 +0200
perl-Imager: New package
Perl extension for Generating 24 bit Images
Required by perl-Imager-QRCode.
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit cb36c0929c6aab35e6c78d90d58e53d2ffc6010d
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Mon Apr 4 17:54:36 2022 +0200
perl-Module-Install: New package
Module::Install configuration system
Required by perl-Imager-QRCode.
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit 3aeadfd8bda88ca123cb0bfffc3c6d55c0fb3fdc
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Mon Apr 4 17:49:42 2022 +0200
perl-YAML-Tiny: New package
Read/Write YAML files with as little code as possible
Required by perl-Module-Install.
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit bfc889a70ac4e2ef2f7a126611aa927c0efd6c40
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Mon Apr 4 17:48:32 2022 +0200
perl-Module-ScanDeps: New package
Recursively scan Perl code for dependencies
Required by perl-Module-Install.
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit a102cdbae1243c8dd113a0a118ce891e43850ab5
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Mon Apr 4 17:46:56 2022 +0200
perl-Module-Build: New package
Build and install Perl modules
Required by perl-Module-Install.
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit 6f8b1c534ecdb9dd9f8042da5ac7778c5574b154
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Mon Apr 4 17:45:01 2022 +0200
perl-File-Remove: New package
Remove files and directories
Required by perl-Module-Install.
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit 3780b7a4ace485be68c874185ee5dacddd824f9e
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Mon Apr 4 12:47:37 2022 +0200
libqrcode: New package
A fast and compact QR Code encoding library.
Homepage: https://fukuchi.org/works/qrencode/
Source: https://fukuchi.org/works/qrencode/qrencode-4.1.1.tar.gz
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit 7e4af6eb54bcbd1fa651610d8f0a99d86270042c
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Mon Apr 4 11:38:43 2022 +0200
oath-toolkit: New package
OATH Toolkit provide components to build one-time password
authentication systems.
Homepage: https://www.nongnu.org/oath-toolkit/index.html
Source: https://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-2.6.7.tar.gz
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/httpd/vhosts.d/ipfire-interface-ssl.conf | 2 +-
config/httpd/vhosts.d/ipfire-interface.conf | 2 +-
config/ovpn/openvpn-authenticator | 381 +++++++++++++++++++++
config/rootfiles/common/oath-toolkit | 219 ++++++++++++
config/rootfiles/common/openvpn | 1 +
config/rootfiles/common/perl-File-Remove | 4 +
config/rootfiles/common/perl-Imager | 165 +++++++++
config/rootfiles/common/perl-Imager-QRCode | 5 +
config/rootfiles/common/perl-MIME-Base32 | 4 +
config/rootfiles/common/perl-Module-Build | 51 +++
config/rootfiles/common/perl-Module-Install | 66 ++++
config/rootfiles/common/perl-Module-ScanDeps | 8 +
config/rootfiles/common/perl-URI-Encode | 4 +
config/rootfiles/common/perl-YAML-Tiny | 6 +
config/rootfiles/common/qrencode | 8 +
config/rootfiles/core/169/filelists/files | 4 +
config/rootfiles/core/169/filelists/oath-toolkit | 1 +
.../rootfiles/core/169/filelists/perl-File-Remove | 1 +
config/rootfiles/core/169/filelists/perl-Imager | 1 +
.../core/169/filelists/perl-Imager-QRCode | 1 +
.../rootfiles/core/169/filelists/perl-MIME-Base32 | 1 +
.../rootfiles/core/169/filelists/perl-Module-Build | 1 +
.../core/169/filelists/perl-Module-Install | 1 +
.../core/169/filelists/perl-Module-ScanDeps | 1 +
.../rootfiles/core/169/filelists/perl-URI-Encode | 1 +
config/rootfiles/core/169/filelists/perl-YAML-Tiny | 1 +
config/rootfiles/core/169/filelists/qrencode | 1 +
html/cgi-bin/ovpnmain.cgi | 93 ++++-
html/html/images/qr-code.png | Bin 0 -> 760 bytes
html/html/images/qr-code.svg | 49 +++
langs/de/cgi-bin/de.pl | 4 +
langs/en/cgi-bin/en.pl | 4 +
lfs/{openvpn => oath-toolkit} | 48 +--
lfs/openvpn | 4 +
lfs/{openvpn => perl-File-Remove} | 51 +--
lfs/{openvpn => perl-Imager} | 51 +--
lfs/{openvpn => perl-Imager-QRCode} | 51 +--
lfs/{openvpn => perl-MIME-Base32} | 51 +--
lfs/{openvpn => perl-Module-Build} | 51 +--
lfs/{openvpn => perl-Module-Install} | 51 +--
lfs/{openvpn => perl-Module-ScanDeps} | 52 +--
lfs/{openvpn => perl-URI-Encode} | 51 +--
lfs/{openvpn => perl-YAML-Tiny} | 51 +--
lfs/{openvpn => qrencode} | 51 +--
make.sh | 11 +
src/misc-progs/openvpnctrl.c | 21 ++
46 files changed, 1263 insertions(+), 423 deletions(-)
create mode 100644 config/ovpn/openvpn-authenticator
create mode 100644 config/rootfiles/common/oath-toolkit
create mode 100644 config/rootfiles/common/perl-File-Remove
create mode 100644 config/rootfiles/common/perl-Imager
create mode 100644 config/rootfiles/common/perl-Imager-QRCode
create mode 100644 config/rootfiles/common/perl-MIME-Base32
create mode 100644 config/rootfiles/common/perl-Module-Build
create mode 100644 config/rootfiles/common/perl-Module-Install
create mode 100644 config/rootfiles/common/perl-Module-ScanDeps
create mode 100644 config/rootfiles/common/perl-URI-Encode
create mode 100644 config/rootfiles/common/perl-YAML-Tiny
create mode 100644 config/rootfiles/common/qrencode
create mode 120000 config/rootfiles/core/169/filelists/oath-toolkit
create mode 120000 config/rootfiles/core/169/filelists/perl-File-Remove
create mode 120000 config/rootfiles/core/169/filelists/perl-Imager
create mode 120000 config/rootfiles/core/169/filelists/perl-Imager-QRCode
create mode 120000 config/rootfiles/core/169/filelists/perl-MIME-Base32
create mode 120000 config/rootfiles/core/169/filelists/perl-Module-Build
create mode 120000 config/rootfiles/core/169/filelists/perl-Module-Install
create mode 120000 config/rootfiles/core/169/filelists/perl-Module-ScanDeps
create mode 120000 config/rootfiles/core/169/filelists/perl-URI-Encode
create mode 120000 config/rootfiles/core/169/filelists/perl-YAML-Tiny
create mode 120000 config/rootfiles/core/169/filelists/qrencode
create mode 100644 html/html/images/qr-code.png
create mode 100644 html/html/images/qr-code.svg
copy lfs/{openvpn => oath-toolkit} (65%)
copy lfs/{openvpn => perl-File-Remove} (65%)
copy lfs/{openvpn => perl-Imager} (65%)
copy lfs/{openvpn => perl-Imager-QRCode} (65%)
copy lfs/{openvpn => perl-MIME-Base32} (65%)
copy lfs/{openvpn => perl-Module-Build} (65%)
copy lfs/{openvpn => perl-Module-Install} (65%)
copy lfs/{openvpn => perl-Module-ScanDeps} (65%)
copy lfs/{openvpn => perl-URI-Encode} (65%)
copy lfs/{openvpn => perl-YAML-Tiny} (65%)
copy lfs/{openvpn => qrencode} (65%)
Difference in files:
diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
index 8c4cf3806..639f1d479 100644
--- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
+++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
@@ -21,7 +21,7 @@
SSLCertificateKeyFile /etc/httpd/server-ecdsa.key
Header always set X-Content-Type-Options nosniff
- Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
+ Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:"
Header always set Referrer-Policy strict-origin
Header always set X-Frame-Options sameorigin
diff --git a/config/httpd/vhosts.d/ipfire-interface.conf b/config/httpd/vhosts.d/ipfire-interface.conf
index 2cf57dd29..caa4b92f0 100644
--- a/config/httpd/vhosts.d/ipfire-interface.conf
+++ b/config/httpd/vhosts.d/ipfire-interface.conf
@@ -7,7 +7,7 @@
RewriteRule .* - [F]
Header always set X-Content-Type-Options nosniff
- Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
+ Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src: 'self' data:"
Header always set Referrer-Policy strict-origin
Header always set X-Frame-Options sameorigin
diff --git a/config/ovpn/openvpn-authenticator b/config/ovpn/openvpn-authenticator
new file mode 100644
index 000000000..65844012b
--- /dev/null
+++ b/config/ovpn/openvpn-authenticator
@@ -0,0 +1,381 @@
+#!/usr/bin/python3
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2022 Michael Tremer #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+import argparse
+import base64
+import csv
+import daemon
+import logging
+import logging.handlers
+import signal
+import socket
+import subprocess
+import sys
+
+OPENVPN_CONFIG = "/var/ipfire/ovpn/ovpnconfig"
+
+CHALLENGETEXT = "One Time Token: "
+
+log = logging.getLogger()
+log.setLevel(logging.DEBUG)
+
+def setup_logging(daemon=True, loglevel=logging.INFO):
+ log.setLevel(loglevel)
+
+ # Log to syslog by default
+ handler = logging.handlers.SysLogHandler(address="/dev/log", facility="daemon")
+ log.addHandler(handler)
+
+ # Format everything
+ formatter = logging.Formatter("%(name)s[%(process)d]: %(message)s")
+ handler.setFormatter(formatter)
+
+ handler.setLevel(loglevel)
+
+ # If we are running in foreground, we should write everything to the console, too
+ if not daemon:
+ handler = logging.StreamHandler()
+ log.addHandler(handler)
+
+ handler.setLevel(loglevel)
+
+ return log
+
+class OpenVPNAuthenticator(object):
+ def __init__(self, socket_path):
+ self.socket_path = socket_path
+
+ def _read_line(self):
+ buf = []
+
+ while True:
+ char = self.sock.recv(1)
+ buf.append(char)
+
+ # Reached end of line
+ if char == b"\n":
+ break
+
+ line = b"".join(buf).decode()
+ line = line.rstrip()
+
+ log.debug("< %s" % line)
+
+ return line
+
+ def _write_line(self, line):
+ log.debug("> %s" % line)
+
+ if not line.endswith("\n"):
+ line = "%s\n" % line
+
+ # Convert into bytes
+ buf = line.encode()
+
+ # Send to socket
+ self.sock.send(buf)
+
+ def _send_command(self, command):
+ # Send the command
+ self._write_line(command)
+
+ return # XXX Code below doesn't work
+
+ # Read response
+ response = self._read_line()
+
+ # Handle response
+ if not response.startswith("SUCCESS:"):
+ log.error("Command '%s' returned an error:" % command)
+ log.error(" %s" % response)
+
+ return response
+
+ def run(self):
+ # Connect to socket
+ self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+ self.sock.connect(self.socket_path)
+
+ log.info("OpenVPN Authenticator started")
+
+ while True:
+ line = self._read_line()
+
+ if line.startswith(">CLIENT"):
+ self._client_event(line)
+
+ log.info("OpenVPN Authenticator terminated")
+
+ def terminate(self, *args):
+ # XXX TODO
+ raise SystemExit
+
+ def _client_event(self, line):
+ # Strip away "CLIENT:"
+ client, delim, line = line.partition(":")
+
+ # Extract the event & split any arguments
+ event, delim, arguments = line.partition(",")
+ arguments = arguments.split(",")
+
+ environ = {}
+
+ if event == "CONNECT":
+ environ = self._read_env(environ)
+ self._client_connect(*arguments, environ=environ)
+ elif event == "DISCONNECT":
+ environ = self._read_env(environ)
+ self._client_disconnect(*arguments, environ=environ)
+ elif event == "REAUTH":
+ environ = self._read_env(environ)
+ self._client_reauth(*arguments, environ=environ)
+ elif event == "ESTABLISHED":
+ environ = self._read_env(environ)
+ else:
+ log.debug("Unhandled event: %s" % event)
+
+ def _read_env(self, environ):
+ # Read environment
+ while True:
+ line = self._read_line()
+
+ if not line.startswith(">CLIENT:ENV,"):
+ raise RuntimeError("Unexpected environment line: %s" % line)
+
+ # Strip >CLIENT:ENV,
+ line = line[12:]
+
+ # Done
+ if line == "END":
+ break
+
+ # Parse environment
+ key, delim, value = line.partition("=")
+ environ[key] = value
+
+ return environ
+
+ def _client_connect(self, cid, kid, environ={}):
+ log.debug("Received client connect (cid=%s, kid=%s)" % (cid, kid))
+ for key in sorted(environ):
+ log.debug(" %s : %s" % (key, environ[key]))
+
+ # Fetch common name
+ common_name = environ.get("common_name")
+
+ # Find connection details
+ conn = self._find_connection(common_name)
+ if not conn:
+ log.warning("Could not find connection '%s'" % common_name)
+ # XXX deny auth?
+
+ log.debug("Found connection:")
+ for key in conn:
+ log.debug(" %s : %s" % (key, conn[key]))
+
+ # Perform no further checks if TOTP is disabled for this client
+ if not conn.get("totp_status") == "on":
+ return self._client_auth_successful(cid, kid)
+
+ # Fetch username & password
+ username = environ.get("username")
+ password = environ.get("password")
+
+ # Client sent the special password TOTP to start challenge authentication
+ if password == "TOTP":
+ return self._client_auth_challenge(cid, kid,
+ username=common_name, password="TOTP")
+
+ elif password.startswith("CRV1:"):
+ log.debug("Received dynamic challenge response %s" % password)
+
+ # Decode the string
+ (command, flags, username, password, token) = password.split(":", 5)
+
+ # Decode username
+ username = self._b64decode(username)
+
+ # Check if username matches common name
+ if username == common_name:
+ # Check if TOTP token matches
+ if self._check_totp_token(token, conn.get("totp_secret")):
+ return self._client_auth_successful(cid, kid)
+
+ # Restart authentication
+ self._client_auth_challenge(cid, kid,
+ username=common_name, password="TOTP")
+
+ def _client_disconnect(self, cid, environ={}):
+ """
+ Handles CLIENT:DISCONNECT events
+ """
+ pass
+
+ def _client_reauth(self, cid, kid, environ={}):
+ """
+ Handles CLIENT:REAUTH events
+ """
+ # Perform no checks
+ self._client_auth_successful(cid, kid)
+
+ def _client_auth_challenge(self, cid, kid, username, password):
+ """
+ Initiates a dynamic challenge authentication with the client
+ """
+ log.debug("Sending request for dynamic challenge...")
+
+ self._send_command(
+ "client-deny %s %s \"CRV1\" \"CRV1:R,E:%s:%s:%s\"" % (
+ cid,
+ kid,
+ self._b64encode(username),
+ self._b64encode(password),
+ self._escape(CHALLENGETEXT),
+ ),
+ )
+
+ def _client_auth_successful(self, cid, kid):
+ """
+ Sends a positive authentication response
+ """
+ log.debug("Client Authentication Successful (cid=%s, kid=%s)" % (cid, kid))
+
+ self._send_command(
+ "client-auth-nt %s %s" % (cid, kid),
+ )
+
+ @staticmethod
+ def _b64encode(s):
+ return base64.b64encode(s.encode()).decode()
+
+ @staticmethod
+ def _b64decode(s):
+ return base64.b64decode(s.encode()).decode()
+
+ @staticmethod
+ def _escape(s):
+ return s.replace(" ", "\ ")
+
+ def _find_connection(self, common_name):
+ with open(OPENVPN_CONFIG, "r") as f:
+ for row in csv.reader(f, dialect="unix"):
+ # Skip empty rows or rows that are too short
+ if not row or len(row) < 5:
+ continue
+
+ # Skip disabled connections
+ if not row[1] == "on":
+ continue
+
+ # Skip any net-2-net connections
+ if not row[4] == "host":
+ continue
+
+ # Skip if common name does not match
+ if not row[3] == common_name:
+ continue
+
+ # Return match!
+ conn = {
+ "name" : row[2],
+ "common_name" : row[3],
+ }
+
+ # TOTP options
+ try:
+ conn |= {
+ "totp_protocol" : row[43],
+ "totp_status" : row[44],
+ "totp_secret" : row[45],
+ }
+ except IndexError:
+ pass
+
+ return conn
+
+
+ def _check_totp_token(self, token, secret):
+ p = subprocess.run(
+ ["oathtool", "--totp", "-w", "3", "%s" % secret],
+ capture_output=True,
+ )
+
+ # Catch any errors if we could not run the command
+ if p.returncode:
+ log.error("Could not run oathtool: %s" % p.stderr)
+
+ return False
+
+ # Reading returned tokens looking for a match
+ for line in p.stdout.split(b"\n"):
+ # Skip empty/last line(s)
+ if not line:
+ continue
+
+ # Decode bytes into string
+ line = line.decode()
+
+ # Return True if a token matches
+ if line == token:
+ return True
+
+ # No match
+ return False
+
+
+if __name__ == "__main__":
+ parser = argparse.ArgumentParser(description="OpenVPN Authenticator")
+
+ # Daemon Stuff
+ parser.add_argument("--daemon", "-d", action="store_true",
+ help="Launch as daemon in background")
+ parser.add_argument("--verbose", "-v", action="count", help="Be more verbose")
+
+ # Paths
+ parser.add_argument("--socket", default="/var/run/openvpn.sock",
+ metavar="PATH", help="Path to OpenVPN Management Socket")
+
+ # Parse command line arguments
+ args = parser.parse_args()
+
+ # Setup logging
+ loglevel = logging.WARN
+
+ if args.verbose:
+ if args.verbose == 1:
+ loglevel = logging.INFO
+ elif args.verbose >= 2:
+ loglevel = logging.DEBUG
+
+ # Create an authenticator
+ authenticator = OpenVPNAuthenticator(args.socket)
+
+ with daemon.DaemonContext(
+ detach_process=args.daemon,
+ stderr=None if args.daemon else sys.stderr,
+ signal_map = {
+ signal.SIGINT : authenticator.terminate,
+ signal.SIGTERM : authenticator.terminate,
+ },
+ ) as daemon:
+ setup_logging(daemon=args.daemon, loglevel=loglevel)
+
+ authenticator.run()
diff --git a/config/rootfiles/common/oath-toolkit b/config/rootfiles/common/oath-toolkit
new file mode 100644
index 000000000..ef10a861f
--- /dev/null
+++ b/config/rootfiles/common/oath-toolkit
@@ -0,0 +1,219 @@
+usr/bin/oathtool
+#usr/bin/pskctool
+#usr/include/liboath
+#usr/include/liboath/oath.h
+#usr/include/pskc
+#usr/include/pskc/container.h
+#usr/include/pskc/enums.h
+#usr/include/pskc/errors.h
+#usr/include/pskc/exports.h
+#usr/include/pskc/global.h
+#usr/include/pskc/keypackage.h
+#usr/include/pskc/pskc.h
+#usr/include/pskc/version.h
+#usr/lib/liboath.a
+#usr/lib/liboath.la
+#usr/lib/liboath.so
+usr/lib/liboath.so.0
+usr/lib/liboath.so.0.1.3
+#usr/lib/libpskc.a
+#usr/lib/libpskc.la
+#usr/lib/libpskc.so
+#usr/lib/libpskc.so.0
+#usr/lib/libpskc.so.0.0.1
+#usr/lib/pkgconfig/liboath.pc
+#usr/lib/pkgconfig/libpskc.pc
+#usr/lib/security/pam_oath.la
+#usr/lib/security/pam_oath.so
+#usr/share/gtk-doc/html/liboath
+#usr/share/gtk-doc/html/liboath/api-index-1-10-0.html
+#usr/share/gtk-doc/html/liboath/api-index-1-12-0.html
+#usr/share/gtk-doc/html/liboath/api-index-1-4-0.html
+#usr/share/gtk-doc/html/liboath/api-index-1-6-0.html
+#usr/share/gtk-doc/html/liboath/api-index-1-8-0.html
+#usr/share/gtk-doc/html/liboath/api-index-2-4-0.html
+#usr/share/gtk-doc/html/liboath/api-index-2-6-0.html
+#usr/share/gtk-doc/html/liboath/api-index-full.html
+#usr/share/gtk-doc/html/liboath/deprecated-api-index.html
+#usr/share/gtk-doc/html/liboath/home.png
+#usr/share/gtk-doc/html/liboath/index.html
+#usr/share/gtk-doc/html/liboath/intro.html
+#usr/share/gtk-doc/html/liboath/left-insensitive.png
+#usr/share/gtk-doc/html/liboath/left.png
+#usr/share/gtk-doc/html/liboath/liboath-oath.h.html
+#usr/share/gtk-doc/html/liboath/liboath.devhelp2
+#usr/share/gtk-doc/html/liboath/right-insensitive.png
+#usr/share/gtk-doc/html/liboath/right.png
+#usr/share/gtk-doc/html/liboath/style.css
+#usr/share/gtk-doc/html/liboath/up-insensitive.png
+#usr/share/gtk-doc/html/liboath/up.png
+#usr/share/gtk-doc/html/libpskc
+#usr/share/gtk-doc/html/libpskc/api-index-2-2-0.html
+#usr/share/gtk-doc/html/libpskc/api-index-full.html
+#usr/share/gtk-doc/html/libpskc/deprecated-api-index.html
+#usr/share/gtk-doc/html/libpskc/home.png
+#usr/share/gtk-doc/html/libpskc/index.html
+#usr/share/gtk-doc/html/libpskc/left-insensitive.png
+#usr/share/gtk-doc/html/libpskc/left.png
+#usr/share/gtk-doc/html/libpskc/libpskc-container.html
+#usr/share/gtk-doc/html/libpskc/libpskc-enums.html
+#usr/share/gtk-doc/html/libpskc/libpskc-errors.html
+#usr/share/gtk-doc/html/libpskc/libpskc-global.html
+#usr/share/gtk-doc/html/libpskc/libpskc-keypackage.html
+#usr/share/gtk-doc/html/libpskc/libpskc-pskc.html
+#usr/share/gtk-doc/html/libpskc/libpskc-version.html
+#usr/share/gtk-doc/html/libpskc/libpskc.devhelp2
+#usr/share/gtk-doc/html/libpskc/pskc-reference.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial-libpskc-create.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial-libpskc-sign.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial-libpskc-verify.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial-library.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial-pskctool-sign.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial-pskctool-validate.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial-pskctool-verify.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial-pskctool.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial-quickstart.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial.html
+#usr/share/gtk-doc/html/libpskc/right-insensitive.png
+#usr/share/gtk-doc/html/libpskc/right.png
+#usr/share/gtk-doc/html/libpskc/style.css
+#usr/share/gtk-doc/html/libpskc/up-insensitive.png
+#usr/share/gtk-doc/html/libpskc/up.png
+#usr/share/man/man1/oathtool.1
+#usr/share/man/man1/pskctool.1
+#usr/share/man/man3/oath_authenticate_usersfile.3
+#usr/share/man/man3/oath_base32_decode.3
+#usr/share/man/man3/oath_base32_encode.3
+#usr/share/man/man3/oath_bin2hex.3
+#usr/share/man/man3/oath_check_version.3
+#usr/share/man/man3/oath_done.3
+#usr/share/man/man3/oath_hex2bin.3
+#usr/share/man/man3/oath_hotp_generate.3
+#usr/share/man/man3/oath_hotp_validate.3
+#usr/share/man/man3/oath_hotp_validate_callback.3
+#usr/share/man/man3/oath_init.3
+#usr/share/man/man3/oath_strerror.3
+#usr/share/man/man3/oath_strerror_name.3
+#usr/share/man/man3/oath_totp_generate.3
+#usr/share/man/man3/oath_totp_generate2.3
+#usr/share/man/man3/oath_totp_validate.3
+#usr/share/man/man3/oath_totp_validate2.3
+#usr/share/man/man3/oath_totp_validate2_callback.3
+#usr/share/man/man3/oath_totp_validate3.3
+#usr/share/man/man3/oath_totp_validate3_callback.3
+#usr/share/man/man3/oath_totp_validate4.3
+#usr/share/man/man3/oath_totp_validate4_callback.3
+#usr/share/man/man3/oath_totp_validate_callback.3
+#usr/share/man/man3/pskc_add_keypackage.3
+#usr/share/man/man3/pskc_build_xml.3
+#usr/share/man/man3/pskc_check_version.3
+#usr/share/man/man3/pskc_done.3
+#usr/share/man/man3/pskc_free.3
+#usr/share/man/man3/pskc_get_cryptomodule_id.3
+#usr/share/man/man3/pskc_get_device_devicebinding.3
+#usr/share/man/man3/pskc_get_device_expirydate.3
+#usr/share/man/man3/pskc_get_device_issueno.3
+#usr/share/man/man3/pskc_get_device_manufacturer.3
+#usr/share/man/man3/pskc_get_device_model.3
+#usr/share/man/man3/pskc_get_device_serialno.3
+#usr/share/man/man3/pskc_get_device_startdate.3
+#usr/share/man/man3/pskc_get_device_userid.3
+#usr/share/man/man3/pskc_get_id.3
+#usr/share/man/man3/pskc_get_key_algorithm.3
+#usr/share/man/man3/pskc_get_key_algparm_chall_checkdigits.3
+#usr/share/man/man3/pskc_get_key_algparm_chall_encoding.3
+#usr/share/man/man3/pskc_get_key_algparm_chall_max.3
+#usr/share/man/man3/pskc_get_key_algparm_chall_min.3
+#usr/share/man/man3/pskc_get_key_algparm_resp_checkdigits.3
+#usr/share/man/man3/pskc_get_key_algparm_resp_encoding.3
+#usr/share/man/man3/pskc_get_key_algparm_resp_length.3
+#usr/share/man/man3/pskc_get_key_algparm_suite.3
+#usr/share/man/man3/pskc_get_key_data_b64secret.3
+#usr/share/man/man3/pskc_get_key_data_counter.3
+#usr/share/man/man3/pskc_get_key_data_secret.3
+#usr/share/man/man3/pskc_get_key_data_time.3
+#usr/share/man/man3/pskc_get_key_data_timedrift.3
+#usr/share/man/man3/pskc_get_key_data_timeinterval.3
+#usr/share/man/man3/pskc_get_key_friendlyname.3
+#usr/share/man/man3/pskc_get_key_id.3
+#usr/share/man/man3/pskc_get_key_issuer.3
+#usr/share/man/man3/pskc_get_key_policy_expirydate.3
+#usr/share/man/man3/pskc_get_key_policy_keyusages.3
+#usr/share/man/man3/pskc_get_key_policy_numberoftransactions.3
+#usr/share/man/man3/pskc_get_key_policy_pinencoding.3
+#usr/share/man/man3/pskc_get_key_policy_pinkeyid.3
+#usr/share/man/man3/pskc_get_key_policy_pinmaxfailedattempts.3
+#usr/share/man/man3/pskc_get_key_policy_pinmaxlength.3
+#usr/share/man/man3/pskc_get_key_policy_pinminlength.3
+#usr/share/man/man3/pskc_get_key_policy_pinusagemode.3
+#usr/share/man/man3/pskc_get_key_policy_startdate.3
+#usr/share/man/man3/pskc_get_key_profileid.3
+#usr/share/man/man3/pskc_get_key_reference.3
+#usr/share/man/man3/pskc_get_key_userid.3
+#usr/share/man/man3/pskc_get_keypackage.3
+#usr/share/man/man3/pskc_get_signed_p.3
+#usr/share/man/man3/pskc_get_version.3
+#usr/share/man/man3/pskc_global_done.3
+#usr/share/man/man3/pskc_global_init.3
+#usr/share/man/man3/pskc_global_log.3
+#usr/share/man/man3/pskc_init.3
+#usr/share/man/man3/pskc_keyusage2str.3
+#usr/share/man/man3/pskc_output.3
+#usr/share/man/man3/pskc_parse_from_memory.3
+#usr/share/man/man3/pskc_pinusagemode2str.3
+#usr/share/man/man3/pskc_set_cryptomodule_id.3
+#usr/share/man/man3/pskc_set_device_devicebinding.3
+#usr/share/man/man3/pskc_set_device_expirydate.3
+#usr/share/man/man3/pskc_set_device_issueno.3
+#usr/share/man/man3/pskc_set_device_manufacturer.3
+#usr/share/man/man3/pskc_set_device_model.3
+#usr/share/man/man3/pskc_set_device_serialno.3
+#usr/share/man/man3/pskc_set_device_startdate.3
+#usr/share/man/man3/pskc_set_device_userid.3
+#usr/share/man/man3/pskc_set_id.3
+#usr/share/man/man3/pskc_set_key_algorithm.3
+#usr/share/man/man3/pskc_set_key_algparm_chall_checkdigits.3
+#usr/share/man/man3/pskc_set_key_algparm_chall_encoding.3
+#usr/share/man/man3/pskc_set_key_algparm_chall_max.3
+#usr/share/man/man3/pskc_set_key_algparm_chall_min.3
+#usr/share/man/man3/pskc_set_key_algparm_resp_checkdigits.3
+#usr/share/man/man3/pskc_set_key_algparm_resp_encoding.3
+#usr/share/man/man3/pskc_set_key_algparm_resp_length.3
+#usr/share/man/man3/pskc_set_key_algparm_suite.3
+#usr/share/man/man3/pskc_set_key_data_b64secret.3
+#usr/share/man/man3/pskc_set_key_data_counter.3
+#usr/share/man/man3/pskc_set_key_data_secret.3
+#usr/share/man/man3/pskc_set_key_data_time.3
+#usr/share/man/man3/pskc_set_key_data_timedrift.3
+#usr/share/man/man3/pskc_set_key_data_timeinterval.3
+#usr/share/man/man3/pskc_set_key_friendlyname.3
+#usr/share/man/man3/pskc_set_key_id.3
+#usr/share/man/man3/pskc_set_key_issuer.3
+#usr/share/man/man3/pskc_set_key_policy_expirydate.3
+#usr/share/man/man3/pskc_set_key_policy_keyusages.3
+#usr/share/man/man3/pskc_set_key_policy_numberoftransactions.3
+#usr/share/man/man3/pskc_set_key_policy_pinencoding.3
+#usr/share/man/man3/pskc_set_key_policy_pinkeyid.3
+#usr/share/man/man3/pskc_set_key_policy_pinmaxfailedattempts.3
+#usr/share/man/man3/pskc_set_key_policy_pinmaxlength.3
+#usr/share/man/man3/pskc_set_key_policy_pinminlength.3
+#usr/share/man/man3/pskc_set_key_policy_pinusagemode.3
+#usr/share/man/man3/pskc_set_key_policy_startdate.3
+#usr/share/man/man3/pskc_set_key_profileid.3
+#usr/share/man/man3/pskc_set_key_reference.3
+#usr/share/man/man3/pskc_set_key_userid.3
+#usr/share/man/man3/pskc_set_version.3
+#usr/share/man/man3/pskc_sign_x509.3
+#usr/share/man/man3/pskc_str2keyusage.3
+#usr/share/man/man3/pskc_str2pinusagemode.3
+#usr/share/man/man3/pskc_str2valueformat.3
+#usr/share/man/man3/pskc_strerror.3
+#usr/share/man/man3/pskc_strerror_name.3
+#usr/share/man/man3/pskc_validate.3
+#usr/share/man/man3/pskc_valueformat2str.3
+#usr/share/man/man3/pskc_verify_x509crt.3
+#usr/share/xml/pskc
+#usr/share/xml/pskc/catalog-pskc.xml
+#usr/share/xml/pskc/pskc-schema.xsd
+#usr/share/xml/pskc/xenc-schema.xsd
+#usr/share/xml/pskc/xmldsig-core-schema.xsd
diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn
index 6c3457d01..1784651b4 100644
--- a/config/rootfiles/common/openvpn
+++ b/config/rootfiles/common/openvpn
@@ -9,6 +9,7 @@ usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so
usr/lib/openvpn/plugins/openvpn-plugin-down-root.so
usr/lib/openvpn/verify
usr/sbin/openvpn
+usr/sbin/openvpn-authenticator
#usr/share/doc/openvpn
#usr/share/doc/openvpn/COPYING
#usr/share/doc/openvpn/COPYRIGHT.GPL
diff --git a/config/rootfiles/common/perl-File-Remove b/config/rootfiles/common/perl-File-Remove
new file mode 100644
index 000000000..b9b646143
--- /dev/null
+++ b/config/rootfiles/common/perl-File-Remove
@@ -0,0 +1,4 @@
+usr/lib/perl5/site_perl/5.32.1/File/Remove.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/File/Remove
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/File/Remove/.packlist
+#usr/share/man/man3/File::Remove.3
diff --git a/config/rootfiles/common/perl-Imager b/config/rootfiles/common/perl-Imager
new file mode 100644
index 000000000..2416a78b5
--- /dev/null
+++ b/config/rootfiles/common/perl-Imager
@@ -0,0 +1,165 @@
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/API.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/APIRef.pod
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Color
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Color.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Color/Float.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Color/Table.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Cookbook.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/CountColor.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Draw.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Engines.pod
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Expr
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Expr.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Expr/Assem.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/ExtUtils.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File/CUR.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File/ICO.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File/JPEG.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File/PNG.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File/SGI.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File/TIFF.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Files.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Fill.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Filter
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Filter/DynTest.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Filter/Flines.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Filter/Mandelbrot.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Filters.pod
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/BBox.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/FT2.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/FreeType2.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/Image.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/Test.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/Truetype.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/Type1.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/Wrap.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Fountain.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Handy.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/IO.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/ImageTypes.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Inline.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Install.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/LargeSamples.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Matrix2d.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Preprocess.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Probe.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Regops.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Security.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Test.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Threads.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Transform.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Transformations.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Tutorial.pod
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/draw.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/dynaload.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/ext.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/feat.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imager.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imageri.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imconfig.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imdatatypes.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imerror.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imexif.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imext.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imextdef.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imextpl.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imextpltypes.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imexttypes.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imio.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/immacros.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imperl.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imperlio.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imrender.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/iolayer.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/iolayert.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/log.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/plug.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/ppport.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/regmach.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/rendert.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/stackmach.h
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/interface.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/regmach.pod
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/typemap
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/.packlist
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/CountColor
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/CountColor/CountColor.so
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/ICO
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/ICO/ICO.so
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/JPEG
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/JPEG/JPEG.so
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/PNG
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/PNG/PNG.so
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/SGI
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/SGI/SGI.so
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/TIFF
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/TIFF/TIFF.so
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter/DynTest
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter/DynTest/DynTest.so
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter/Flines
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter/Flines/Flines.so
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter/Mandelbrot
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter/Mandelbrot/Mandelbrot.so
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Font
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Font/FT2
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Font/FT2/FT2.so
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Imager.so
+#usr/share/man/man3/Imager.3
+#usr/share/man/man3/Imager::API.3
+#usr/share/man/man3/Imager::APIRef.3
+#usr/share/man/man3/Imager::Color.3
+#usr/share/man/man3/Imager::Color::Float.3
+#usr/share/man/man3/Imager::Color::Table.3
+#usr/share/man/man3/Imager::Cookbook.3
+#usr/share/man/man3/Imager::CountColor.3
+#usr/share/man/man3/Imager::Draw.3
+#usr/share/man/man3/Imager::Engines.3
+#usr/share/man/man3/Imager::Expr.3
+#usr/share/man/man3/Imager::Expr::Assem.3
+#usr/share/man/man3/Imager::ExtUtils.3
+#usr/share/man/man3/Imager::File::ICO.3
+#usr/share/man/man3/Imager::File::JPEG.3
+#usr/share/man/man3/Imager::File::PNG.3
+#usr/share/man/man3/Imager::File::SGI.3
+#usr/share/man/man3/Imager::File::TIFF.3
+#usr/share/man/man3/Imager::Files.3
+#usr/share/man/man3/Imager::Fill.3
+#usr/share/man/man3/Imager::Filter::Flines.3
+#usr/share/man/man3/Imager::Filter::Mandelbrot.3
+#usr/share/man/man3/Imager::Filters.3
+#usr/share/man/man3/Imager::Font.3
+#usr/share/man/man3/Imager::Font::BBox.3
+#usr/share/man/man3/Imager::Font::FT2.3
+#usr/share/man/man3/Imager::Font::FreeType2.3
+#usr/share/man/man3/Imager::Font::Test.3
+#usr/share/man/man3/Imager::Font::Truetype.3
+#usr/share/man/man3/Imager::Font::Type1.3
+#usr/share/man/man3/Imager::Font::Wrap.3
+#usr/share/man/man3/Imager::Fountain.3
+#usr/share/man/man3/Imager::Handy.3
+#usr/share/man/man3/Imager::IO.3
+#usr/share/man/man3/Imager::ImageTypes.3
+#usr/share/man/man3/Imager::Inline.3
+#usr/share/man/man3/Imager::Install.3
+#usr/share/man/man3/Imager::LargeSamples.3
+#usr/share/man/man3/Imager::Matrix2d.3
+#usr/share/man/man3/Imager::Preprocess.3
+#usr/share/man/man3/Imager::Probe.3
+#usr/share/man/man3/Imager::Regops.3
+#usr/share/man/man3/Imager::Security.3
+#usr/share/man/man3/Imager::Test.3
+#usr/share/man/man3/Imager::Threads.3
+#usr/share/man/man3/Imager::Transform.3
+#usr/share/man/man3/Imager::Transformations.3
+#usr/share/man/man3/Imager::Tutorial.3
+#usr/share/man/man3/Imager::interface.3
+#usr/share/man/man3/Imager::regmach.3
diff --git a/config/rootfiles/common/perl-Imager-QRCode b/config/rootfiles/common/perl-Imager-QRCode
new file mode 100644
index 000000000..0ca11f270
--- /dev/null
+++ b/config/rootfiles/common/perl-Imager-QRCode
@@ -0,0 +1,5 @@
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/QRCode.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/QRCode
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/QRCode/.packlist
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/QRCode/QRCode.so
+#usr/share/man/man3/Imager::QRCode.3
diff --git a/config/rootfiles/common/perl-MIME-Base32 b/config/rootfiles/common/perl-MIME-Base32
new file mode 100644
index 000000000..31c21ef21
--- /dev/null
+++ b/config/rootfiles/common/perl-MIME-Base32
@@ -0,0 +1,4 @@
+usr/lib/perl5/site_perl/5.32.1/MIME/Base32.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/MIME/Base32
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/MIME/Base32/.packlist
+#usr/share/man/man3/MIME::Base32.3
diff --git a/config/rootfiles/common/perl-Module-Build b/config/rootfiles/common/perl-Module-Build
new file mode 100644
index 000000000..16cecf272
--- /dev/null
+++ b/config/rootfiles/common/perl-Module-Build
@@ -0,0 +1,51 @@
+#usr/bin/config_data
+#usr/lib/perl5/site_perl/5.32.1/Module
+#usr/lib/perl5/site_perl/5.32.1/Module/Build
+#usr/lib/perl5/site_perl/5.32.1/Module/Build.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/API.pod
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Authoring.pod
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Base.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Bundling.pod
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Compat.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Config.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/ConfigData.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Cookbook.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Dumper.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Notes.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/PPMMaker.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/Default.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/MacOS.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/Unix.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/VMS.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/VOS.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/Windows.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/aix.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/cygwin.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/darwin.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/os2.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/PodParser.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module/Build
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module/Build/.packlist
+#usr/share/man/man1/config_data.1
+#usr/share/man/man3/Module::Build.3
+#usr/share/man/man3/Module::Build::API.3
+#usr/share/man/man3/Module::Build::Authoring.3
+#usr/share/man/man3/Module::Build::Base.3
+#usr/share/man/man3/Module::Build::Bundling.3
+#usr/share/man/man3/Module::Build::Compat.3
+#usr/share/man/man3/Module::Build::ConfigData.3
+#usr/share/man/man3/Module::Build::Cookbook.3
+#usr/share/man/man3/Module::Build::Notes.3
+#usr/share/man/man3/Module::Build::PPMMaker.3
+#usr/share/man/man3/Module::Build::Platform::Default.3
+#usr/share/man/man3/Module::Build::Platform::MacOS.3
+#usr/share/man/man3/Module::Build::Platform::Unix.3
+#usr/share/man/man3/Module::Build::Platform::VMS.3
+#usr/share/man/man3/Module::Build::Platform::VOS.3
+#usr/share/man/man3/Module::Build::Platform::Windows.3
+#usr/share/man/man3/Module::Build::Platform::aix.3
+#usr/share/man/man3/Module::Build::Platform::cygwin.3
+#usr/share/man/man3/Module::Build::Platform::darwin.3
+#usr/share/man/man3/Module::Build::Platform::os2.3
diff --git a/config/rootfiles/common/perl-Module-Install b/config/rootfiles/common/perl-Module-Install
new file mode 100644
index 000000000..caabe9375
--- /dev/null
+++ b/config/rootfiles/common/perl-Module-Install
@@ -0,0 +1,66 @@
+#usr/lib/perl5/site_perl/5.32.1/Module/AutoInstall.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install
+#usr/lib/perl5/site_perl/5.32.1/Module/Install.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install.pod
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/API.pod
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Bundle.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Compiler.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Find.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Include.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Makefile.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Manifest.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Metadata.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/ScanDeps.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/WriteAll.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/AutoInstall.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Base.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Bundle.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Can.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Compiler.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/DSL.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Deprecated.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/External.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/FAQ.pod
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Fetch.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Include.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Inline.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/MakeMaker.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Makefile.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Metadata.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/PAR.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Philosophy.pod
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Run.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Scripts.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Share.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Win32.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/With.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/WriteAll.pm
+#usr/lib/perl5/site_perl/5.32.1/inc
+#usr/lib/perl5/site_perl/5.32.1/inc/Module
+#usr/lib/perl5/site_perl/5.32.1/inc/Module/Install
+#usr/lib/perl5/site_perl/5.32.1/inc/Module/Install.pm
+#usr/lib/perl5/site_perl/5.32.1/inc/Module/Install/DSL.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module/Install
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module/Install/.packlist
+#usr/share/man/man3/Module::AutoInstall.3
+#usr/share/man/man3/Module::Install.3
+#usr/share/man/man3/Module::Install::API.3
+#usr/share/man/man3/Module::Install::Admin.3
+#usr/share/man/man3/Module::Install::Admin::Include.3
+#usr/share/man/man3/Module::Install::Admin::Manifest.3
+#usr/share/man/man3/Module::Install::Base.3
+#usr/share/man/man3/Module::Install::Bundle.3
+#usr/share/man/man3/Module::Install::Can.3
+#usr/share/man/man3/Module::Install::Compiler.3
+#usr/share/man/man3/Module::Install::Deprecated.3
+#usr/share/man/man3/Module::Install::External.3
+#usr/share/man/man3/Module::Install::FAQ.3
+#usr/share/man/man3/Module::Install::Makefile.3
+#usr/share/man/man3/Module::Install::PAR.3
+#usr/share/man/man3/Module::Install::Philosophy.3
+#usr/share/man/man3/Module::Install::Share.3
+#usr/share/man/man3/Module::Install::With.3
+#usr/share/man/man3/inc::Module::Install.3
+#usr/share/man/man3/inc::Module::Install::DSL.3
diff --git a/config/rootfiles/common/perl-Module-ScanDeps b/config/rootfiles/common/perl-Module-ScanDeps
new file mode 100644
index 000000000..3886fb3ac
--- /dev/null
+++ b/config/rootfiles/common/perl-Module-ScanDeps
@@ -0,0 +1,8 @@
+#usr/bin/scandeps.pl
+#usr/lib/perl5/site_perl/5.32.1/Module/ScanDeps
+#usr/lib/perl5/site_perl/5.32.1/Module/ScanDeps.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/ScanDeps/Cache.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module/ScanDeps
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module/ScanDeps/.packlist
+#usr/share/man/man1/scandeps.pl.1
+#usr/share/man/man3/Module::ScanDeps.3
diff --git a/config/rootfiles/common/perl-URI-Encode b/config/rootfiles/common/perl-URI-Encode
new file mode 100644
index 000000000..2bae6f8c3
--- /dev/null
+++ b/config/rootfiles/common/perl-URI-Encode
@@ -0,0 +1,4 @@
+usr/lib/perl5/site_perl/5.32.1/URI/Encode.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/URI/Encode
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/URI/Encode/.packlist
+#usr/share/man/man3/URI::Encode.3
diff --git a/config/rootfiles/common/perl-YAML-Tiny b/config/rootfiles/common/perl-YAML-Tiny
new file mode 100644
index 000000000..7114b12ac
--- /dev/null
+++ b/config/rootfiles/common/perl-YAML-Tiny
@@ -0,0 +1,6 @@
+#usr/lib/perl5/site_perl/5.32.1/YAML
+usr/lib/perl5/site_perl/5.32.1/YAML/Tiny.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/YAML
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/YAML/Tiny
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/YAML/Tiny/.packlist
+#usr/share/man/man3/YAML::Tiny.3
diff --git a/config/rootfiles/common/qrencode b/config/rootfiles/common/qrencode
new file mode 100644
index 000000000..c0406bd9e
--- /dev/null
+++ b/config/rootfiles/common/qrencode
@@ -0,0 +1,8 @@
+usr/bin/qrencode
+#usr/include/qrencode.h
+#usr/lib/libqrencode.la
+#usr/lib/libqrencode.so
+usr/lib/libqrencode.so.4
+usr/lib/libqrencode.so.4.1.1
+#usr/lib/pkgconfig/libqrencode.pc
+#usr/share/man/man1/qrencode.1
diff --git a/config/rootfiles/core/169/filelists/files b/config/rootfiles/core/169/filelists/files
index 4f1eaf57f..3b80f1385 100644
--- a/config/rootfiles/core/169/filelists/files
+++ b/config/rootfiles/core/169/filelists/files
@@ -1,3 +1,5 @@
+etc/httpd/conf/vhosts.d/ipfire-interface.conf
+etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf
etc/rc.d/helper/aws-setup
etc/rc.d/helper/azure-setup
etc/rc.d/helper/exoscale-setup
@@ -209,6 +211,8 @@ lib/firmware/rtl_bt/rtl8852cu_fw.bin
lib/firmware/rtw89/rtw8852c_fw.bin
opt/pakfire/etc/pakfire.conf
srv/web/ipfire/cgi-bin/ovpnmain.cgi
+srv/web/ipfire/html/images/qr-code.png
+srv/web/ipfire/html/images/qr-code.svg
srv/web/ipfire/html/themes/ipfire/include/functions.pl
usr/sbin/setup
var/ipfire/header.pl
diff --git a/config/rootfiles/core/169/filelists/oath-toolkit b/config/rootfiles/core/169/filelists/oath-toolkit
new file mode 120000
index 000000000..589cc0d9f
--- /dev/null
+++ b/config/rootfiles/core/169/filelists/oath-toolkit
@@ -0,0 +1 @@
+../../../common/oath-toolkit
\ No newline at end of file
diff --git a/config/rootfiles/core/169/filelists/perl-File-Remove b/config/rootfiles/core/169/filelists/perl-File-Remove
new file mode 120000
index 000000000..1fe57c84c
--- /dev/null
+++ b/config/rootfiles/core/169/filelists/perl-File-Remove
@@ -0,0 +1 @@
+../../../common/perl-File-Remove
\ No newline at end of file
diff --git a/config/rootfiles/core/169/filelists/perl-Imager b/config/rootfiles/core/169/filelists/perl-Imager
new file mode 120000
index 000000000..380cf519e
--- /dev/null
+++ b/config/rootfiles/core/169/filelists/perl-Imager
@@ -0,0 +1 @@
+../../../common/perl-Imager
\ No newline at end of file
diff --git a/config/rootfiles/core/169/filelists/perl-Imager-QRCode b/config/rootfiles/core/169/filelists/perl-Imager-QRCode
new file mode 120000
index 000000000..f7c97c753
--- /dev/null
+++ b/config/rootfiles/core/169/filelists/perl-Imager-QRCode
@@ -0,0 +1 @@
+../../../common/perl-Imager-QRCode
\ No newline at end of file
diff --git a/config/rootfiles/core/169/filelists/perl-MIME-Base32 b/config/rootfiles/core/169/filelists/perl-MIME-Base32
new file mode 120000
index 000000000..66dfd7b1d
--- /dev/null
+++ b/config/rootfiles/core/169/filelists/perl-MIME-Base32
@@ -0,0 +1 @@
+../../../common/perl-MIME-Base32
\ No newline at end of file
diff --git a/config/rootfiles/core/169/filelists/perl-Module-Build b/config/rootfiles/core/169/filelists/perl-Module-Build
new file mode 120000
index 000000000..9885efd2b
--- /dev/null
+++ b/config/rootfiles/core/169/filelists/perl-Module-Build
@@ -0,0 +1 @@
+../../../common/perl-Module-Build
\ No newline at end of file
diff --git a/config/rootfiles/core/169/filelists/perl-Module-Install b/config/rootfiles/core/169/filelists/perl-Module-Install
new file mode 120000
index 000000000..4eac44f69
--- /dev/null
+++ b/config/rootfiles/core/169/filelists/perl-Module-Install
@@ -0,0 +1 @@
+../../../common/perl-Module-Install
\ No newline at end of file
diff --git a/config/rootfiles/core/169/filelists/perl-Module-ScanDeps b/config/rootfiles/core/169/filelists/perl-Module-ScanDeps
new file mode 120000
index 000000000..8aa94dd53
--- /dev/null
+++ b/config/rootfiles/core/169/filelists/perl-Module-ScanDeps
@@ -0,0 +1 @@
+../../../common/perl-Module-ScanDeps
\ No newline at end of file
diff --git a/config/rootfiles/core/169/filelists/perl-URI-Encode b/config/rootfiles/core/169/filelists/perl-URI-Encode
new file mode 120000
index 000000000..08ee7c47a
--- /dev/null
+++ b/config/rootfiles/core/169/filelists/perl-URI-Encode
@@ -0,0 +1 @@
+../../../common/perl-URI-Encode
\ No newline at end of file
diff --git a/config/rootfiles/core/169/filelists/perl-YAML-Tiny b/config/rootfiles/core/169/filelists/perl-YAML-Tiny
new file mode 120000
index 000000000..9b00d0b44
--- /dev/null
+++ b/config/rootfiles/core/169/filelists/perl-YAML-Tiny
@@ -0,0 +1 @@
+../../../common/perl-YAML-Tiny
\ No newline at end of file
diff --git a/config/rootfiles/core/169/filelists/qrencode b/config/rootfiles/core/169/filelists/qrencode
new file mode 120000
index 000000000..d6aa23da9
--- /dev/null
+++ b/config/rootfiles/core/169/filelists/qrencode
@@ -0,0 +1 @@
+../../../common/qrencode
\ No newline at end of file
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index c2558bd81..b8c3e5064 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -23,6 +23,10 @@
###
use CGI;
use CGI qw/:standard/;
+use Imager::QRCode;
+use MIME::Base32;
+use MIME::Base64;
+use URI::Encode qw(uri_encode uri_decode);;
use Net::DNS;
use Net::Ping;
use Net::Telnet;
@@ -40,6 +44,7 @@ require "${General::swroot}/location-functions.pl";
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
+
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::colourgreen}, ${Header::colourblue} );
undef (@dummy);
@@ -372,6 +377,8 @@ sub writeserverconf {
}
print CONF "tls-verify /usr/lib/openvpn/verify\n";
print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n";
+ print CONF "auth-user-pass-optional\n";
+ print CONF "reneg-sec 86400\n";
print CONF "user nobody\n";
print CONF "group nobody\n";
print CONF "persist-key\n";
@@ -385,6 +392,11 @@ sub writeserverconf {
print CONF "# Log clients connecting/disconnecting\n";
print CONF "client-connect \"/usr/sbin/openvpn-metrics client-connect\"\n";
print CONF "client-disconnect \"/usr/sbin/openvpn-metrics client-disconnect\"\n";
+ print CONF "\n";
+
+ print CONF "# Enable Management Socket\n";
+ print CONF "management /var/run/openvpn.sock unix\n";
+ print CONF "management-client-auth\n";
# Print server.conf.local if entries exist to server.conf
if ( !-z $local_serverconf && $sovpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
@@ -2431,6 +2443,16 @@ else
print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
}
+ # Disable storing any credentials in memory
+ print CLIENTCONF "auth-nocache\r\n";
+
+ # Set a fake user name for authentication
+ print CLIENTCONF "auth-token-user USER\r\n";
+ print CLIENTCONF "auth-token TOTP\r\n";
+
+ # If the server is asking for TOTP this needs to happen interactively
+ print CLIENTCONF "auth-retry interact\r\n";
+
if ($include_certs) {
print CLIENTCONF "\r\n";
@@ -2617,6 +2639,45 @@ else
exit(0);
}
+###
+### Display OTP QRCode
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show otp qrcode'}) {
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+
+ my $qrcode = Imager::QRCode->new(
+ size => 6,
+ margin => 0,
+ version => 0,
+ level => 'M',
+ mode => '8-bit',
+ casesensitive => 1,
+ lightcolor => Imager::Color->new(255, 255, 255),
+ darkcolor => Imager::Color->new(0, 0, 0),
+ );
+ my $cn = uri_encode($confighash{$cgiparams{'KEY'}}[2]);
+ my $secret = encode_base32(pack('H*', $confighash{$cgiparams{'KEY'}}[44]));
+ my $issuer = uri_encode("$mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}");
+ my $qrcodeimg = $qrcode->plot("otpauth://totp/$cn?secret=$secret&issuer=$issuer");
+ my $qrcodeimgdata;
+ $qrcodeimg->write(data => \$qrcodeimgdata, type=> 'png')
+ or die $qrcodeimg->errstr;
+ $qrcodeimgdata = encode_base64($qrcodeimgdata, '');
+
+ &Header::showhttpheaders();
+ &Header::openpage($Lang::tr{'ovpn'}, 1, '');
+ &Header::openbigbox('100%', 'LEFT', '', '');
+ &Header::openbox('100%', 'LEFT', "$Lang::tr{'otp qrcode'}:");
+ print <<END;
+$Lang::tr{'secret'}: $secret</br></br>
+<img alt="$Lang::tr{'otp qrcode'}" src="data:image/png;base64,$qrcodeimgdata">
+END
+ &Header::closebox();
+ print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
+ &Header::closebigbox();
+ &Header::closepage();
+ exit(0);
+
###
### Display Diffie-Hellman key
###
@@ -3660,6 +3721,7 @@ if ($confighash{$cgiparams{'KEY'}}) {
$cgiparams{'DAUTH'} = $confighash{$cgiparams{'KEY'}}[39];
$cgiparams{'DCIPHER'} = $confighash{$cgiparams{'KEY'}}[40];
$cgiparams{'TLSAUTH'} = $confighash{$cgiparams{'KEY'}}[41];
+ $cgiparams{'OTP_STATE'} = $confighash{$cgiparams{'KEY'}}[43];
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
@@ -4422,6 +4484,16 @@ if ($cgiparams{'TYPE'} eq 'net') {
$confighash{$key}[41] = "no-pass";
}
+ $confighash{$key}[42] = 'HOTP/T30/6';
+ $confighash{$key}[43] = $cgiparams{'OTP_STATE'};
+ if (($confighash{$key}[43] eq 'on') && ($confighash{$key}[44] eq '')) {
+ my @otp_secret = &General::system_output("/usr/bin/openssl", "rand", "-hex", "20");
+ chomp($otp_secret[0]);
+ $confighash{$key}[44] = $otp_secret[0];
+ } elsif ($confighash{$key}[43] eq '') {
+ $confighash{$key}[44] = '';
+ }
+
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
if ($cgiparams{'CHECK1'} ){
@@ -4835,6 +4907,7 @@ if ($cgiparams{'TYPE'} eq 'host') {
print"</td></tr></table><br><br>";
my $name=$cgiparams{'CHECK1'};
$checked{'RG'}{$cgiparams{'RG'}} = 'CHECKED';
+ $checked{'OTP_STATE'}{$cgiparams{'OTP_STATE'}} = 'CHECKED';
if (! -z "${General::swroot}/ovpn/ccd.conf"){
print"<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td width='1%'></td><td width='30%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td width='15%' class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' align='center' width='18%'><b>$Lang::tr{'ccd clientip'}</td></tr>";
@@ -4970,6 +5043,7 @@ if ($cgiparams{'TYPE'} eq 'host') {
print <<END;
<table border='0' width='100%'>
+ <tr><td width='20%'>$Lang::tr{'enable otp'}:</td><td colspan='3'><input type='checkbox' name='OTP_STATE' $checked{'OTP_STATE'}{'on'} /></td></tr>
<tr><td width='20%'>Redirect Gateway:</td><td colspan='3'><input type='checkbox' name='RG' $checked{'RG'}{'on'} /></td></tr>
<tr><td colspan='4'><b><br>$Lang::tr{'ccd routes'}</b></td></tr>
<tr><td colspan='4'> </td></tr>
@@ -5413,7 +5487,7 @@ END
<th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
<th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
<th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
- <th width='5%' class='boldbase' colspan='7' align='center'><b>$Lang::tr{'action'}</b></th>
+ <th width='5%' class='boldbase' colspan='8' align='center'><b>$Lang::tr{'action'}</b></th>
</tr>
END
}
@@ -5427,7 +5501,7 @@ END
<th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
<th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
<th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
- <th width='5%' class='boldbase' colspan='7' align='center'><b>$Lang::tr{'action'}</b></th>
+ <th width='5%' class='boldbase' colspan='8' align='center'><b>$Lang::tr{'action'}</b></th>
</tr>
END
}
@@ -5560,6 +5634,19 @@ END
; } else {
print "<td> </td>";
}
+
+ if ($confighash{$key}[43] eq 'on') {
+ print <<END;
+<form method='post' name='frm${key}o'><td align='center' $col>
+<input type='image' name='$Lang::tr{'show otp qrcode'}' src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}' title='$Lang::tr{'show otp qrcode'}' border='0' />
+<input type='hidden' name='ACTION' value='$Lang::tr{'show otp qrcode'}' />
+<input type='hidden' name='KEY' value='$key' />
+</td></form>
+END
+; } else {
+ print "<td $col> </td>";
+ }
+
if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") {
print <<END;
<form method='post' name='frm${key}c'><td align='center' $col>
@@ -5628,6 +5715,8 @@ END
<td class='base'>$Lang::tr{'download certificate'}</td>
<td> <img src='/images/openvpn.png' alt='?RELOAD'/></td>
<td class='base'>$Lang::tr{'dl client arch'}</td>
+ <td> <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td>
+ <td class='base'>$Lang::tr{'show otp qrcode'}</td>
</tr>
</table><br>
END
diff --git a/html/html/images/qr-code.png b/html/html/images/qr-code.png
new file mode 100644
index 000000000..946e10a2a
Binary files /dev/null and b/html/html/images/qr-code.png differ
diff --git a/html/html/images/qr-code.svg b/html/html/images/qr-code.svg
new file mode 100644
index 000000000..66c6b9d17
--- /dev/null
+++ b/html/html/images/qr-code.svg
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!-- Generator: Adobe Illustrator 19.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+ viewBox="0 0 512 512" style="enable-background:new 0 0 512 512;" xml:space="preserve">
+<path d="M0,0v233.739h233.739V0H0z M200.348,200.348H33.391V33.391h166.957V200.348z"/>
+<rect x="66.783" y="66.783" width="100.174" height="100.174"/>
+<path d="M278.261,0v233.739H512V0H278.261z M478.609,200.348H311.652V33.391h166.957V200.348z"/>
+<rect x="345.043" y="66.783" width="100.174" height="100.174"/>
+<path d="M0,278.261V512h233.739V278.261H0z M200.348,478.609H33.391V311.652h166.957V478.609z"/>
+<rect x="66.783" y="345.043" width="100.174" height="100.174"/>
+<polygon points="278.261,278.261 278.261,512 345.043,512 345.043,478.609 311.652,478.609 311.652,411.826 345.043,411.826
+ 345.043,378.435 311.652,378.435 311.652,311.652 345.043,311.652 345.043,278.261 "/>
+<rect x="478.609" y="278.261" width="33.391" height="33.391"/>
+<polygon points="478.609,478.609 445.217,478.609 445.217,512 512,512 512,356.174 478.609,356.174 "/>
+<rect x="378.435" y="278.261" width="66.783" height="33.391"/>
+<polygon points="445.217,411.826 411.826,411.826 411.826,378.435 445.217,378.435 445.217,345.043 378.435,345.043
+ 378.435,445.217 445.217,445.217 "/>
+<rect x="378.435" y="478.609" width="33.391" height="33.391"/>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+</svg>
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 7a39e233b..1799d8c74 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -979,6 +979,7 @@
'empty profile' => 'Unbenannt',
'enable ignore filter' => '"Ignorieren"-Filter ein',
'enable javascript' => 'Javascript aktivieren',
+'enable otp' => 'Aktiviere OTP',
'enable smt' => 'Simultaneous Multi-Threading (SMT) einschalten',
'enable wildcards' => 'Wildcards erlauben:',
'enabled' => 'Aktiviert:',
@@ -1903,6 +1904,7 @@
'other login script' => 'Anderes Anmeldeskript',
'otherip' => 'Andere IP',
'otherport' => 'Anderer Port',
+'otp qrcode' => 'OTP QRCode',
'our donors' => 'Unsere Unterstützer',
'out' => 'Aus',
'outgoing' => 'ausgehend',
@@ -2201,6 +2203,7 @@
'secondary ntp server' => 'Sekundärer NTP-Server',
'secondary wins server address' => 'Sekundärer WINS-Server',
'seconds' => 'Sek.',
+'secret' => 'Geheimnis',
'section' => 'Abschnitt',
'secure shell server' => 'Secure Shell Server',
'security' => 'Sicherheit',
@@ -2244,6 +2247,7 @@
'show last x lines' => 'die letzten x Zeilen anzeigen',
'show root certificate' => 'Root-Zertifikat anzeigen',
'show share options' => 'Anzeige der Freigabeeinstellungen',
+'show otp qrcode' => 'Zeige OTP QRCode',
'shuffle' => 'Zufall',
'shutdown' => 'Herunterfahren',
'shutdown ask' => 'Herunterfahren?',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index f90e3103b..9cc2fde05 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1018,6 +1018,7 @@
'empty' => 'This field may be left blank',
'empty profile' => 'empty',
'enable' => 'Enable',
+'enable otp' => 'Enable OTP',
'enable ignore filter' => 'Enable ignore filter',
'enable javascript' => 'Enable javascript',
'enable smt' => 'Enable Simultaneous Multi-Threading (SMT)',
@@ -1955,6 +1956,7 @@
'other login script' => 'Other login script',
'otherip' => 'other IP',
'otherport' => 'other Port',
+'otp qrcode' => 'OTP QRCode',
'our donors' => 'Our donors',
'out' => 'Out',
'outgoing' => 'outgoing',
@@ -2253,6 +2255,7 @@
'secondary ntp server' => 'Secondary NTP server',
'secondary wins server address' => 'Secondary WINS server address',
'seconds' => 'Secs',
+'secret' => 'Secret',
'section' => 'Section',
'secure shell server' => 'Secure Shell Server',
'security' => 'Security',
@@ -2297,6 +2300,7 @@
'show host certificate' => 'Show host certificate',
'show last x lines' => 'Show last x lines',
'show lines' => 'Show lines',
+'show otp qrcode' => 'Show OTP QRCode',
'show root certificate' => 'Show root certificate',
'show share options' => 'Show shares options',
'show tls-auth key' => 'Show tls-auth key',
diff --git a/lfs/oath-toolkit b/lfs/oath-toolkit
new file mode 100644
index 000000000..e3225f45b
--- /dev/null
+++ b/lfs/oath-toolkit
@@ -0,0 +1,77 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2022 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 2.6.7
+
+THISAPP = oath-toolkit-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 23f377c51eb633bf01d6085d33c7362cd91b6bed1cf4c2bbf32dc9433849e20c53f6896b16e5056b13f420f6a65a3c593fa1dafd7e184ed9e52666d94a7f75d1
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/openvpn b/lfs/openvpn
index 27a052ae1..8d6ba07ed 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -101,5 +101,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
chown root:root /etc/fcron.daily/openvpn-crl-updater
chmod 750 /etc/fcron.daily/openvpn-crl-updater
+ # Install authenticator
+ install -v -m 755 $(DIR_SRC)/config/ovpn/openvpn-authenticator \
+ /usr/sbin/openvpn-authenticator
+
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/lfs/perl-File-Remove b/lfs/perl-File-Remove
new file mode 100644
index 000000000..88a567349
--- /dev/null
+++ b/lfs/perl-File-Remove
@@ -0,0 +1,80 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2022 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.60
+
+THISAPP = File-Remove-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = ffb98155d757bae6ec0d4f56dabdb78749fc968845e284797d0f0611fe9068722a007c7e0e890179720745d1451c926575949f36642dceef7071468a2863c7c6
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+ $(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && yes 'n' | perl Makefile.PL
+ cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/perl-Imager b/lfs/perl-Imager
new file mode 100644
index 000000000..e7301b92b
--- /dev/null
+++ b/lfs/perl-Imager
@@ -0,0 +1,80 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2022 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.012
+
+THISAPP = Imager-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 32dad83e9cfd66a162380b502ab49b343dae8c87eca8e6c0537d260956bf466e200511a7b4f89eed9b0bc1f20447584c7c4aabffaad77f0824ee9d5126848c39
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+ $(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && yes 'n' | perl Makefile.PL
+ cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/perl-Imager-QRCode b/lfs/perl-Imager-QRCode
new file mode 100644
index 000000000..303671540
--- /dev/null
+++ b/lfs/perl-Imager-QRCode
@@ -0,0 +1,80 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2022 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 0.035
+
+THISAPP = Imager-QRCode-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 740119e2d7fab7286f8eeb0c1d9690f94146d51b09b721eaa65a8f9849784c6f113f64344d0fb2550cd5981665369b3881fe8f034b00f925987bb69ccd537b59
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+ $(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && yes 'n' | perl Makefile.PL
+ cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/perl-MIME-Base32 b/lfs/perl-MIME-Base32
new file mode 100644
index 000000000..4cb7c9616
--- /dev/null
+++ b/lfs/perl-MIME-Base32
@@ -0,0 +1,80 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2022 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.303
+
+THISAPP = MIME-Base32-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = d9dad50d7474a42741f7a61fad4a7b30c4acb72eb80684e24c45d0478480cfe936d6b87ab37b735ff2065afeb0b5457cc50130187264fcb6addefa8e8cb8d934
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+ $(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && yes 'n' | perl Makefile.PL
+ cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/perl-Module-Build b/lfs/perl-Module-Build
new file mode 100644
index 000000000..977f7f653
--- /dev/null
+++ b/lfs/perl-Module-Build
@@ -0,0 +1,80 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2022 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 0.4231
+
+THISAPP = Module-Build-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = f35be09072a2facc505b199dd69cdb2605ab32c34376ef393170dca9d67871bc00cbe25b1fa6dcb925e92724a778ad5ddc3157afb33d18a10648ef1133c83991
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+ $(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && yes 'n' | perl Makefile.PL
+ cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/perl-Module-Install b/lfs/perl-Module-Install
new file mode 100644
index 000000000..3389aa63d
--- /dev/null
+++ b/lfs/perl-Module-Install
@@ -0,0 +1,80 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2022 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.19
+
+THISAPP = Module-Install-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = a6f4b93ba964ff6f4b16a8db7117bee8c125cd8a280c649b007622ece8c14b79e36f6747a1b792fb312d2c6c8153aee05e7479ca53a76a253a415374839e6b90
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+ $(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && yes 'n' | perl Makefile.PL
+ cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/perl-Module-ScanDeps b/lfs/perl-Module-ScanDeps
new file mode 100644
index 000000000..19c36c689
--- /dev/null
+++ b/lfs/perl-Module-ScanDeps
@@ -0,0 +1,79 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2022 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.31
+
+THISAPP = Module-ScanDeps-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 61d7438359d035d847fefdfa1427b4e444935c8207d41b7e4994a3704fb4c6fb48d7fac169214abed3d71212fd372f478b01cb91d8876c0fdb68962c791101ba
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+ $(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && yes 'n' | perl Makefile.PL
+ cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/perl-URI-Encode b/lfs/perl-URI-Encode
new file mode 100644
index 000000000..6a1478738
--- /dev/null
+++ b/lfs/perl-URI-Encode
@@ -0,0 +1,80 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2022 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.1.1
+
+THISAPP = URI-Encode-v$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 2eb668d645be7ab726689dee7d3e1c9aa333623653b34d538666eb3b70cf28b3f2e0a27b4380db6148a85b3cdd738193262ab58c0b828d8119531c7011264449
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+ $(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && yes 'n' | perl Makefile.PL
+ cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/perl-YAML-Tiny b/lfs/perl-YAML-Tiny
new file mode 100644
index 000000000..052bcb8ce
--- /dev/null
+++ b/lfs/perl-YAML-Tiny
@@ -0,0 +1,80 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2022 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.73
+
+THISAPP = YAML-Tiny-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 42e9c5cffa2b9babb0dd1453af69866405fd7273c2b340ceb010d78d8fe28db61268b6bb5ad1840b1aa72819ae048150bf5c416bed1b2e518b28f77b2ba978be
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+ $(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && yes 'n' | perl Makefile.PL
+ cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/qrencode b/lfs/qrencode
new file mode 100644
index 000000000..aaf004b4d
--- /dev/null
+++ b/lfs/qrencode
@@ -0,0 +1,80 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2022 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 4.1.1
+
+THISAPP = qrencode-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 03416ffdb8bf992ef2323a0bc92b52f3a6605e7eb182e3839178fea3c3669242780171b10e77674f0945224e57bcd1a841282a0d5f396d3955f23e3990d761c7
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+ $(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 2a4f6d0bd..fde39bb29 100755
--- a/make.sh
+++ b/make.sh
@@ -1693,6 +1693,17 @@ buildipfire() {
lfsmake2 squid-asnbl
lfsmake2 qemu-ga
lfsmake2 gptfdisk
+ lfsmake2 oath-toolkit
+ lfsmake2 qrencode
+ lfsmake2 perl-File-Remove
+ lfsmake2 perl-Module-Build
+ lfsmake2 perl-Module-ScanDeps
+ lfsmake2 perl-YAML-Tiny
+ lfsmake2 perl-Module-Install
+ lfsmake2 perl-Imager
+ lfsmake2 perl-Imager-QRCode
+ lfsmake2 perl-MIME-Base32
+ lfsmake2 perl-URI-Encode
}
buildinstaller() {
diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index db23e9f00..b9e4fd2a6 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -457,6 +457,15 @@ void setFirewallRules(void) {
}
}
+static void stopAuthenticator() {
+ const char* argv[] = {
+ "/usr/sbin/openvpn-authenticator",
+ NULL,
+ };
+
+ run("/sbin/killall", argv);
+}
+
void stopDaemon(void) {
char command[STRING_SIZE];
@@ -470,6 +479,15 @@ void stopDaemon(void) {
snprintf(command, STRING_SIZE - 1, "/bin/rm -f /var/run/openvpn.pid");
executeCommand(command);
+
+ // Stop OpenVPN authenticator
+ stopAuthenticator();
+}
+
+static int startAuthenticator(void) {
+ const char* argv[] = { "-d", NULL };
+
+ return run("/usr/sbin/openvpn-authenticator", argv);
}
void startDaemon(void) {
@@ -487,6 +505,9 @@ void startDaemon(void) {
executeCommand(command);
snprintf(command, STRING_SIZE-1, "/bin/chmod 644 /var/run/ovpnserver.log");
executeCommand(command);
+
+ // Start OpenVPN Authenticator
+ startAuthenticator();
}
}
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-06-17 16:49 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-17 16:49 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 531f57d71cec4d2d7564e4c35fc1df187a42349d Peter Müller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox