* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. ebe438926d76400a83ee822ef5911b2a7c69c03e
@ 2026-05-21 18:38 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2026-05-21 18:38 UTC (permalink / raw)
To: ipfire-scm
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via ebe438926d76400a83ee822ef5911b2a7c69c03e (commit)
via f9d0d903266cdbed7f043675d4f6c140e0fc632e (commit)
via bbbe82b0ddd86795b1f6c5107c9949cf24a0ea63 (commit)
via bd4da3cc7b489d9dc976b78143875bd6a01f06a9 (commit)
via 9e804fcd58307c2f5f0e13550a3f7c881768e289 (commit)
via 6845b8f4c88d9d5457166282a10def82801339d8 (commit)
via 1c1fd605383765f94fc96cb2be0efcc4a81d82b3 (commit)
via 82474dfc248519051f7cd5c0d418a24ed93b5f73 (commit)
via a55457c131c28fdefce5caca21276658f05c12d5 (commit)
via bc87ef39d6151dfb40854c96f53f032b644de749 (commit)
via 316821d47b2eddc5fac19a8c087e21e111538024 (commit)
via df88ee12d04cfd6cd94620abc6d1718aaf33fb02 (commit)
via ac57a9ea1a31d8df8d9da51fd3aedda691fef7a4 (commit)
via 6e13e33bbdf2697d7d33e0998f07568b4057ae10 (commit)
via 278b2122bbf8e25fa14d1af9f9a66035722b83d2 (commit)
via 1b13399a87178479c1c5fe4a5630d8284af0b6f8 (commit)
via 8cccdf62374e4aa79ac4fda84fc18626a514e65f (commit)
via 742ceea6830e71f0c3b84d17de720ed290294c6e (commit)
via d609e2cdcac2ace6c5292d95c3dd325eb6637fe1 (commit)
via f6ba847ddacb575b4303d46ce82df3928d494b38 (commit)
via a86f9f986e416cf7adca1ced43c597377a09e71e (commit)
via 2f8d26381cfb8dd2d064a6c04d2551da0ca742fc (commit)
via 261a5a36be9f1c680688ca998e2e4bd37ae0b849 (commit)
via 7136fe1503514a418aa02af0876f6794fa7c9e35 (commit)
via 89d9771c5aa6fb39e56e0ecba898105fdb5b2586 (commit)
via 98745cf88f47c90f2160be135ed17a7a58142034 (commit)
via 256ff12e54c2992c642374c36360eca256abbea9 (commit)
via 4cc49e4786ce41ed9c2b15712e3c8f91a8fba92c (commit)
via b63f689b635df689e5fbd36576c2884caa27bde7 (commit)
via 3637c456d09dc4ad56ac82bb896420dac5cf6d77 (commit)
via 32511fe790fdd0d7e6e64aefbeaa8fb95c3f50b6 (commit)
via 3533260a176efcc92458351977b67d6053267c2e (commit)
via cf4d8c0db24030270bbcf6c07210116d7ae07535 (commit)
via f66b59f208ba25c60d0d1c4c925a97e2ad28a46d (commit)
via 36352ca28de17cae19d43ae2edd98145cf61385f (commit)
via 93b1ea6b145c2466a2fe840edf457160f56c4e38 (commit)
via 5b595020322fb2906263d1f9ddf3a849292bb87b (commit)
via a15383e0502e5f2a5b4450dbf942e13c4e05a29d (commit)
via e27f96ba1319a265ba47530e9b419ffc6a46ee21 (commit)
via 3dbaf45859f8f604e95de06e45997aafd6f3cc34 (commit)
via dcc5821f965f27bc747c008880c32f4771ae0c8e (commit)
via 3e665dde039374b380b8cc0cd6d9ad120f856064 (commit)
via 0bad2bd9661e7537374fcfdf7ea959cba7d9b37c (commit)
via f86b4314a7cf7fd166ae9fdc48aa649068d118ff (commit)
via d9a2111fe11cd03385bed2524d423874fe153d0b (commit)
via a33d4fb367c78cdae4b88580105a2a7a8914ec95 (commit)
via b19cc5edcf6a44163fbf97f2af299e396561914a (commit)
via 2395cac2e587730d28ebe74fd8629d4bfac2086e (commit)
via 33dd29a5557fbbfd434766bf6ee510f38612c4de (commit)
via ef7daf39f64dc776138867a5c57ea28c01a59a71 (commit)
via 35f839cc40c015cb9af1a3a065c61f16c5f73980 (commit)
via ec3415f0ed45977c11dbb263187a88e6e06e9b88 (commit)
via 10bf6302f3e27a20b3cecc09347cb329ab314fe0 (commit)
via c2ab9480158f00cf1543e0663ed20e1ea2b7a20b (commit)
via 49cb23685f2f1740c2f16bfae5d6684eda1864f8 (commit)
via 5cbdacc7cc20612b8c2578fc57babced6f8f8422 (commit)
via 54a60bba3101743159e4b8658c22f9055b5bb9c1 (commit)
via ab726b34e0049c786ec38b24b037955aaa339426 (commit)
via 75683252f15fdb23b21c5b9f8b0b047fb72d3c76 (commit)
via 5a6002fdc452dcd8c4188b5770565fd93725e187 (commit)
via 6c265520beb8dbd23f612087280dfd19f5d0439e (commit)
via 307197445e530819792e32227a210a41d238bb07 (commit)
via 43429c0182ef7b910d26ad098f91be984ce0e4e3 (commit)
via a0aa0352fb3505ba2dfe2d0b36ba88cc52204050 (commit)
via 2f8985ba7d825cd8ea5238d538b9966d77d86115 (commit)
via b66c405c64eb91ad6f457930754b4ce478a262aa (commit)
via f40e68bc1cb9aa0ffcaeb487b5f39c49cc88faa8 (commit)
via 4795f2c3d277bc56d288c1f8f04414fad8ede501 (commit)
via 133dc8c02fd598524e7047af923dec55c76f5323 (commit)
via 7a55a51dd97530c9289482ea79847302717e4119 (commit)
via 8bffc927afe06009d0eec270ed0a9fdc8221dddf (commit)
via 3f75b6777dafa7cda348204d2b662fd9f9279373 (commit)
via 5317ea8d473f23da15a5035991df4da26f0732c1 (commit)
via 8620147961ea620d8a27bf2955c7bb5e6ab192fb (commit)
via c65f2a810e6655a51aa6f3c7e61f2bc4c00dbff8 (commit)
via 4936107a097d2a1fbf1d167bf7c7c77395aee131 (commit)
via cd82d0f1c97d05594a2ae5a44a94e5405aa61485 (commit)
via 7370c2e17b79bc40082852d6620fda16ddd52dbc (commit)
via 02d5e788f0b424a3cba4c094076153b0ca621da4 (commit)
via e0e8cf0d0c52f005b44664e93d81128b20fb2660 (commit)
via be6be61a6a4d59c5a5798801a1b8a86de1ade396 (commit)
via 0773f6a3b9570738e3ab8c7c9ff9084b16fe1688 (commit)
via d621c3dad2c46cf8c3d700d4d6fc798b95c2df80 (commit)
via e22c043202ce0872cbb797c08a3bf5595369e843 (commit)
via b07d54091d2e986fe8b5430b208ef5aa92eb1612 (commit)
via 3b6858d266927c696e55957336438b1ea5d4ebef (commit)
via 64f3e07c19d02e79f03a1a44c25af99338a9167a (commit)
via 14e9b8bdf638b8b499193870aa334805866c2c84 (commit)
via 82115f3dd80552f89f2e70cb9f5c72e29c77ced8 (commit)
via d4fa373f784c5a0198c2d3a021f541558597a4e9 (commit)
via b579bcb0c38ba5ff0b8f23b4dbf12dbd408bd911 (commit)
via 46c5143571e763b84479dc60aad9fa71cc42cb9c (commit)
via 70d5e7f099535365e1ed81a138be5c790ba23784 (commit)
via 92389071150dd0f7a3b7069584dd03c0f7dc94cb (commit)
via a7f04b0ecfdd88698a8585b8d91cb296de912806 (commit)
via 53d4933a33b5951d450e8e6190d2d75e9ee16f8b (commit)
via 082e639adf83c221ed7cbd5d43378b7447c65ebf (commit)
via c19887f3490bcc7f582b57ed4d44c8a269a29121 (commit)
via 51e86f2fdcc61de6efa24ccd5ddbbd9676d720b8 (commit)
via e1e2957e36ff1be74671294fd90da211832c0e8f (commit)
via 8e5e7cf00f7ceead54e49bd8e0a35727e94ef9cf (commit)
via 8adae218935f3ee360d5579a1fa70fcdd26b928c (commit)
via 4040f21cbd7a5859c4e338c4cb2264d643ca7eca (commit)
via 75909361a2fcbb47c0bbeff2b02f3fba8a877ff2 (commit)
via 764022c071564e37b6a358f0e72c6543c4cbc8d3 (commit)
via 5a2efb20bd46258c8c1af69851c23b44b73146c9 (commit)
via 4e9198b20c5eb5beb134816646f3165fa9276387 (commit)
via 75b3398e02ff7619ef72b8c01400b1989d0ebb95 (commit)
via a2b72cdf405fef9f7b8646ec94c0c17a759bda8c (commit)
via 90d1a0a64d93b1b862663c624b460cca9165dc6c (commit)
via 949649ae66718b30758c9d23a3e4ee4fbc03ea23 (commit)
via 7d971d89c29a0eeacde3fb77340f6de870f69640 (commit)
via eb43acc0bb6a0a681acd4edbf6669901bfdab3c1 (commit)
via 57a91e96c364a5d8c65983705012bf71cfe35c46 (commit)
via 0aa96f66adc95d835eb35d8c76e269f28b8f96b9 (commit)
via 38dec8a2d6083deaa7955c1466b145f8571d637d (commit)
via a8b0754ecc35b4985b34111e7fe4c64de6ee4eaa (commit)
via 9f60049df4fa5b94dff8bf33752aae5a79adddbb (commit)
via 3290b9ad1d36f36ea1c50072bd0618d21719baf0 (commit)
via c3d2471ea9ef2428f1fc35f635e0d47b8b6c3f05 (commit)
via ffe4b20650fb927bcf9022d3dabeb999690f1000 (commit)
via 0ea4b8a715c5193dc43fe1b9b2966b202baca5c7 (commit)
via 119fadf18fca7a6db0478bff63155883de47d216 (commit)
from 72c728b9cf74a7813803e27bfe90ff4f9fdbe1d5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ebe438926d76400a83ee822ef5911b2a7c69c03e
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 19:37:36 2026 +0100
initscripts: Reload DNS if our forwarders have changed
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit f9d0d903266cdbed7f043675d4f6c140e0fc632e
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 19:36:24 2026 +0100
Revert "networking: Remove script to update Unbound forwarders"
This reverts commit c19887f3490bcc7f582b57ed4d44c8a269a29121.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit bbbe82b0ddd86795b1f6c5107c9949cf24a0ea63
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 19:31:12 2026 +0100
core203: Ship Knot Resolver
This replaces Unbound: https://www.ipfire.org/docs/roadmap/knot-resolver
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit bd4da3cc7b489d9dc976b78143875bd6a01f06a9
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 18:31:22 2026 +0100
knot-resolver: Start at boot
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 9e804fcd58307c2f5f0e13550a3f7c881768e289
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 18:22:09 2026 +0100
firewall: Grant Knot Resolver access to the internet
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 6845b8f4c88d9d5457166282a10def82801339d8
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 18:20:35 2026 +0100
zabbix: Consider kresd our DNS proxy
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 1c1fd605383765f94fc96cb2be0efcc4a81d82b3
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 17:59:34 2026 +0100
knot-resolver: Decrease the cache size to 256 MiB
This should be a good compromise for all kinds of installations, but we
might have to collect some experience first.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 82474dfc248519051f7cd5c0d418a24ed93b5f73
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 17:57:58 2026 +0100
knot-resolver: Don't crash on empty netmask input
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a55457c131c28fdefce5caca21276658f05c12d5
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 17:53:54 2026 +0100
knot-resolver: Don't log DNSSEC bogons
The setting does not work although it is documented.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit bc87ef39d6151dfb40854c96f53f032b644de749
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 16:49:23 2026 +0100
update-rpzs: Reload DNS after we updated the zones
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 316821d47b2eddc5fac19a8c087e21e111538024
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 16:47:57 2026 +0100
web UI: Reload DNS after any changes have been made
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit df88ee12d04cfd6cd94620abc6d1718aaf33fb02
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 15:37:10 2026 +0000
misc-progs: dnsctrl: Tool to reload the DNS system
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ac57a9ea1a31d8df8d9da51fd3aedda691fef7a4
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 16:12:55 2026 +0100
knot-resolver: Apply some more useful defaults
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 6e13e33bbdf2697d7d33e0998f07568b4057ae10
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 16:12:27 2026 +0100
knot-resolver: Don't set IP_FREEBIND on listening sockets
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 278b2122bbf8e25fa14d1af9f9a66035722b83d2
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 16:03:32 2026 +0100
knot-resolver: Increase the maximum number of file descriptors
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 1b13399a87178479c1c5fe4a5630d8284af0b6f8
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 15:57:37 2026 +0100
knot-resolver: Move the configuration into a separate module
It does not seem to be a good idea to have a massive amount of Lua code
in a YAML configuration file. Therefore the configuration has been moved
to a separate module and migrated to the rules API.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 8cccdf62374e4aa79ac4fda84fc18626a514e65f
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 14:59:14 2026 +0100
knot-resolver: Start even if the initscript thinks it is running
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 742ceea6830e71f0c3b84d17de720ed290294c6e
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 18:20:35 2026 +0100
knot-resolver: Don't explicitely configure the CA file
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit d609e2cdcac2ace6c5292d95c3dd325eb6637fe1
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 09:24:58 2026 +0000
python3-watchdog: New package
Required by Knot Resolver.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit f6ba847ddacb575b4303d46ce82df3928d494b38
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 17:19:09 2026 +0000
gnutls: Tell the library where the CA trust store is
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a86f9f986e416cf7adca1ced43c597377a09e71e
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 16:07:30 2026 +0000
lua-sqlite3: Update rootfile
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 2f8d26381cfb8dd2d064a6c04d2551da0ca742fc
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 16:07:11 2026 +0000
python3-packaging: Update rootfile
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 261a5a36be9f1c680688ca998e2e4bd37ae0b849
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 16:06:13 2026 +0000
samba: Update rootfile
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 7136fe1503514a418aa02af0876f6794fa7c9e35
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 11:30:28 2026 +0000
util-linux: Build setpriv
We need this in initscripts to starts processes as unprivileged users.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 89d9771c5aa6fb39e56e0ecba898105fdb5b2586
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 09:07:38 2026 +0000
python3-setuptools: Update to 82.0.1
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 98745cf88f47c90f2160be135ed17a7a58142034
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 15:28:06 2026 +0100
knot-resolver: Migrate the configuration into YAML
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 256ff12e54c2992c642374c36360eca256abbea9
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 15:26:53 2026 +0100
knot-resolver: Log everything to syslog
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4cc49e4786ce41ed9c2b15712e3c8f91a8fba92c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 13:14:51 2026 +0100
knot-resolver: Create a new declarative configuration file
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit b63f689b635df689e5fbd36576c2884caa27bde7
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 12:54:03 2026 +0100
initscripts: Start knot-resolver in background and save the PID
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 3637c456d09dc4ad56ac82bb896420dac5cf6d77
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 11:30:28 2026 +0000
util-linux: Build setpriv
We need this in initscripts to starts processes as unprivileged users.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 32511fe790fdd0d7e6e64aefbeaa8fb95c3f50b6
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 12:28:49 2026 +0100
initscripts: Replace the knot-resolver initscripts
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 3533260a176efcc92458351977b67d6053267c2e
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 12:27:13 2026 +0100
initscripts: Start knot-resolver as non-priv user
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit cf4d8c0db24030270bbcf6c07210116d7ae07535
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 12:26:42 2026 +0100
initscript: Add option to start something as non-priv user
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit f66b59f208ba25c60d0d1c4c925a97e2ad28a46d
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 12:19:32 2026 +0100
cleanfs: Create /var/run/knot-resolver at boot
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 36352ca28de17cae19d43ae2edd98145cf61385f
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 12:19:11 2026 +0100
knot-resolver: Rename the user from kresd to knot-resolver
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 93b1ea6b145c2466a2fe840edf457160f56c4e38
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 12:16:56 2026 +0100
knot-resolver: Give kresd CAP_NET_BIND
This is required so we can bind to port 53 even though the process is
being started as an unprivileged user.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5b595020322fb2906263d1f9ddf3a849292bb87b
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 11:38:04 2026 +0100
knot-resolver: New initscript
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a15383e0502e5f2a5b4450dbf942e13c4e05a29d
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 10:31:14 2026 +0000
python3-supervisor: New package
Required by Knot Resolver.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit e27f96ba1319a265ba47530e9b419ffc6a46ee21
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 10:25:27 2026 +0000
python3-typing-extensions: Make this part of the core system
Required by aiosignal.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 3dbaf45859f8f604e95de06e45997aafd6f3cc34
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 10:23:48 2026 +0000
python3-idna: Make this part of the core system
Required by python3-yarl.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit dcc5821f965f27bc747c008880c32f4771ae0c8e
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 10:21:54 2026 +0000
python3-attrs: Make it part of the core system
Required by python3-aiohttp.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 3e665dde039374b380b8cc0cd6d9ad120f856064
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 10:19:33 2026 +0000
python3-yaml: Make this a part of the core
This is required by Knot Resolver.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 0bad2bd9661e7537374fcfdf7ea959cba7d9b37c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 10:17:22 2026 +0000
python3-MarkupSafe: Ship package
This is required by python3-Jinja2.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit f86b4314a7cf7fd166ae9fdc48aa649068d118ff
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 10:16:46 2026 +0000
python3-jinja2: Ship package
This is required for Knot Resolver.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit d9a2111fe11cd03385bed2524d423874fe153d0b
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 10:07:52 2026 +0000
python3-frozenlist: New package
Required by python3-aiohttp.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a33d4fb367c78cdae4b88580105a2a7a8914ec95
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 10:04:11 2026 +0000
python3-aiosignal: New package
Required by python3-aiohttp.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit b19cc5edcf6a44163fbf97f2af299e396561914a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 10:00:01 2026 +0000
python3-poetry-core: New package
Required to build python3-aiohappyeyeballs.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 2395cac2e587730d28ebe74fd8629d4bfac2086e
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 09:58:50 2026 +0000
python3-aiohappyeyeballs: New package
Required by python3-aiohttp.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 33dd29a5557fbbfd434766bf6ee510f38612c4de
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 09:32:40 2026 +0000
python3-async-timeout: New package
Required by python3-aiohttp.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ef7daf39f64dc776138867a5c57ea28c01a59a71
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 09:24:35 2026 +0000
python3-propcache: New package
Required by python3-yarl.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 35f839cc40c015cb9af1a3a065c61f16c5f73980
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 09:09:20 2026 +0000
python3-yarl: New package
Required by python3-aiohttp.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ec3415f0ed45977c11dbb263187a88e6e06e9b88
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 09:07:38 2026 +0000
python3-setuptools: Update to 82.0.1
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 10bf6302f3e27a20b3cecc09347cb329ab314fe0
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 09:02:04 2026 +0000
python3-expandvars: New package
Required by python3-yarl.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c2ab9480158f00cf1543e0663ed20e1ea2b7a20b
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 08:47:39 2026 +0000
python3-multidict: New package
Required by python3-aiohttp.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 49cb23685f2f1740c2f16bfae5d6684eda1864f8
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 20 08:40:32 2026 +0000
python3-aiohttp: New package
Required by Knot Resolver.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5cbdacc7cc20612b8c2578fc57babced6f8f8422
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 19 17:48:35 2026 +0000
knot-resolver: Build and install the Python tools
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 54a60bba3101743159e4b8658c22f9055b5bb9c1
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 19 16:42:24 2026 +0000
zone-sync: New package
Required so that we can sync RPZs for Knot Resolver.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ab726b34e0049c786ec38b24b037955aaa339426
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 19 17:21:27 2026 +0100
Add a script to synchronise the RPZs using zone-sync
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 75683252f15fdb23b21c5b9f8b0b047fb72d3c76
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 19 11:03:05 2026 +0100
knot resolver: Don't use the "if not ... == ..." syntax
The not negates the value before the comparison which leads to incorrect
results.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5a6002fdc452dcd8c4188b5770565fd93725e187
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 19 11:00:36 2026 +0100
knot resolver: Configure the ISP nameservers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 6c265520beb8dbd23f612087280dfd19f5d0439e
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat May 16 15:52:32 2026 +0100
dhcp-lease: Ignore any unknown values
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 307197445e530819792e32227a210a41d238bb07
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat May 16 15:51:19 2026 +0100
dhcp.cgi: Align dhcp-leases script field names
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 43429c0182ef7b910d26ad098f91be984ce0e4e3
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat May 16 15:42:20 2026 +0100
dns.cgi: Remove option to configure qname minimisation
This is enabled by default in Knot Resolver and strict mode is not
supported.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a0aa0352fb3505ba2dfe2d0b36ba88cc52204050
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat May 16 15:05:39 2026 +0100
unbound-dhcp-leases-bridge: Drop this
This is now being replaced by a module that we are loading into Knot
Resolver and a helper script that is being called by dhcpd.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 2f8985ba7d825cd8ea5238d538b9966d77d86115
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat May 16 15:03:27 2026 +0100
knot-resolver: Add the DHCP helper script
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit b66c405c64eb91ad6f457930754b4ce478a262aa
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat May 16 14:45:16 2026 +0100
knot-resolver: Implement reverse lookup
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit f40e68bc1cb9aa0ffcaeb487b5f39c49cc88faa8
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat May 16 14:24:03 2026 +0100
knot-resolver: Configure DHCP lease forward lookups
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4795f2c3d277bc56d288c1f8f04414fad8ede501
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat May 16 13:56:46 2026 +0100
knot-resolver: Create a prototype for a DHCP leases integration
This module will implement a policy handler which can be used to fetch
any current DHCP leases from a SQLite3 database.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 133dc8c02fd598524e7047af923dec55c76f5323
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat May 16 11:15:20 2026 +0000
lua-sqlite3: New package
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 7a55a51dd97530c9289482ea79847302717e4119
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat May 16 11:07:59 2026 +0000
luarocks: New package
This is required to build SQLite bindings for Lua.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 8bffc927afe06009d0eec270ed0a9fdc8221dddf
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat May 16 11:37:44 2026 +0100
dhcp: Rename the DHCP lease command
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 3f75b6777dafa7cda348204d2b662fd9f9279373
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat May 16 11:32:35 2026 +0100
dhcp: Pass the domain name to the DHCP leases client
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5317ea8d473f23da15a5035991df4da26f0732c1
Author: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Fri May 15 05:08:55 2026 +0200
knot-resolver: Proper forward requests to DNS servers without DNSSEC
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 8620147961ea620d8a27bf2955c7bb5e6ab192fb
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 14 16:34:45 2026 +0100
knot-resolver: Configuration file cleanup
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c65f2a810e6655a51aa6f3c7e61f2bc4c00dbff8
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 14 16:33:21 2026 +0100
knot-resolver: Free any RPZs that are no longer in use
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4936107a097d2a1fbf1d167bf7c7c77395aee131
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 14 16:26:38 2026 +0100
knot-resolver: Cache RPZs
That way, once loaded, we won't have to reload the entire RPZ on any
kind of configuration change which would be very slow.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit cd82d0f1c97d05594a2ae5a44a94e5405aa61485
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 14 16:22:01 2026 +0100
knot-resolver: Load RPZs
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 7370c2e17b79bc40082852d6620fda16ddd52dbc
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 14 16:04:25 2026 +0100
knot-resolver: Return early if we don't have any forwarders to configure
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 02d5e788f0b424a3cba4c094076153b0ca621da4
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 14 15:06:49 2026 +0100
knot-resolver: Load settings only once on reload
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit e0e8cf0d0c52f005b44664e93d81128b20fb2660
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 14 15:04:22 2026 +0100
knot-resolver: Load configured forwarders
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit be6be61a6a4d59c5a5798801a1b8a86de1ade396
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 14 10:26:59 2026 +0000
gnutls: Update danetool
danetool (and its library) needs libunbound which no longer is available
in IPFire.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 0773f6a3b9570738e3ab8c7c9ff9084b16fe1688
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 14 10:26:07 2026 +0000
knot-resolver: Update rootfile
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit d621c3dad2c46cf8c3d700d4d6fc798b95c2df80
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 13 18:09:54 2026 +0100
knot-resolver: Implement listening to more than one file at once
This allows us to define a single function (and call it only once on
init) when we are creating the file listeners.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit e22c043202ce0872cbb797c08a3bf5595369e843
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 13 17:58:11 2026 +0100
knot-resolver: Add YouTube Safe Search
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit b07d54091d2e986fe8b5430b208ef5aa92eb1612
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 13 17:56:17 2026 +0100
knot-resolver: Implement Safe Search for the other search engines
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 3b6858d266927c696e55957336438b1ea5d4ebef
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 13 17:46:48 2026 +0100
knot-resolver: Enable Google Safe Search when requested
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 64f3e07c19d02e79f03a1a44c25af99338a9167a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 13 17:29:26 2026 +0100
knot-resolver: Fix command to change ownership
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 14e9b8bdf638b8b499193870aa334805866c2c84
Author: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Tue May 12 21:50:51 2026 +0200
lua-csv: New package
This module is use for easy reading and parsing CSV files
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 82115f3dd80552f89f2e70cb9f5c72e29c77ced8
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 13 17:26:57 2026 +0100
knot-resolver: Build a prototype for Google SafeSearch
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit d4fa373f784c5a0198c2d3a021f541558597a4e9
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 19:18:08 2026 +0100
observium-agent: Drop unbound script
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit b579bcb0c38ba5ff0b8f23b4dbf12dbd408bd911
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 19:16:16 2026 +0100
knot-resolver: Use its own user by default
We drop privileges explicitely in the configuration file, but in case
someone is doing their own thing, they should run kresd as the kresd
user, too.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 46c5143571e763b84479dc60aad9fa71cc42cb9c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 19:15:17 2026 +0100
knot-resolver: Disable QUIC
This builds kresd with a bundled version of libngtcp2 which is against
the IPFire packaging policy. We currently don't support DoQ in IPFire.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 70d5e7f099535365e1ed81a138be5c790ba23784
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 19:10:56 2026 +0100
services: Replace Unbound with Knot Resolver
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 92389071150dd0f7a3b7069584dd03c0f7dc94cb
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 19:09:14 2026 +0100
backup: Drop Unbound files
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a7f04b0ecfdd88698a8585b8d91cb296de912806
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 19:08:29 2026 +0100
unbound: Drop the user/group on new systems
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 53d4933a33b5951d450e8e6190d2d75e9ee16f8b
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 19:07:48 2026 +0100
unbound: Drop package
This is being replaced by the Knot Resolver.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 082e639adf83c221ed7cbd5d43378b7447c65ebf
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 19:03:03 2026 +0100
initscripts: Drop the Unbound initscript
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c19887f3490bcc7f582b57ed4d44c8a269a29121
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 18:53:41 2026 +0100
networking: Remove script to update Unbound forwarders
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 51e86f2fdcc61de6efa24ccd5ddbbd9676d720b8
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 18:51:56 2026 +0100
setup: Don't restart Unbound after changing the network
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit e1e2957e36ff1be74671294fd90da211832c0e8f
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 18:50:55 2026 +0100
misc-progs: Drop unboundctrl
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 8e5e7cf00f7ceead54e49bd8e0a35727e94ef9cf
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 18:42:11 2026 +0100
knot-resolver: Reload DNS Forwarding rules on change
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 8adae218935f3ee360d5579a1fa70fcdd26b928c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 18:19:54 2026 +0100
knot-resolver: Dynamically reload the static hosts on change
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4040f21cbd7a5859c4e338c4cb2264d643ca7eca
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 17:02:12 2026 +0100
knot-resolver: Create a helper function that will call functions on changes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 75909361a2fcbb47c0bbeff2b02f3fba8a877ff2
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 16:35:59 2026 +0100
knot-resolver: Add initscript for the GC daemon
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 764022c071564e37b6a358f0e72c6543c4cbc8d3
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 16:31:23 2026 +0100
knot-resolver: Update rootfile
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5a2efb20bd46258c8c1af69851c23b44b73146c9
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 16:06:50 2026 +0100
knot-resolver: Update description in initscript
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4e9198b20c5eb5beb134816646f3165fa9276387
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 16:04:21 2026 +0100
knot-resolver: Create cache directory
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 75b3398e02ff7619ef72b8c01400b1989d0ebb95
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 16:03:20 2026 +0100
knot-resolver: Run as unpriviledged user
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a2b72cdf405fef9f7b8646ec94c0c17a759bda8c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 15:40:50 2026 +0100
knot-resolver: Configure an on-disk cache of up to 512 MiB
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 90d1a0a64d93b1b862663c624b460cca9165dc6c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 15:35:31 2026 +0100
knot-resolver: Decrease log level
The debug log level is *very* verbose and I cannot see anything useful
in the logs any more.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 949649ae66718b30758c9d23a3e4ee4fbc03ea23
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 15:34:58 2026 +0100
knot-resolver: Don't explicitely configure the hostname
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 7d971d89c29a0eeacde3fb77340f6de870f69640
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 15:32:34 2026 +0100
knot-resolver: Move the control socket to /var/run
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit eb43acc0bb6a0a681acd4edbf6669901bfdab3c1
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 15:31:28 2026 +0100
knot-resolver: Bind to port 53 on all interfaces by default
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 57a91e96c364a5d8c65983705012bf71cfe35c46
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 15:28:15 2026 +0100
knot-resolver: Always log to syslog
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 0aa96f66adc95d835eb35d8c76e269f28b8f96b9
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 15:38:18 2026 +0000
knot-resolver: Move keys to /var/lib/knot-resolver
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 38dec8a2d6083deaa7955c1466b145f8571d637d
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 12 14:16:25 2026 +0000
initscripts: Update rootfile
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a8b0754ecc35b4985b34111e7fe4c64de6ee4eaa
Author: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Mon May 11 20:56:52 2026 +0200
knot-resolver: Add basic config file
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
commit 9f60049df4fa5b94dff8bf33752aae5a79adddbb
Author: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Mon May 11 20:55:35 2026 +0200
knot-resolver: Add a basic initscript
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
commit 3290b9ad1d36f36ea1c50072bd0618d21719baf0
Author: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sun May 10 10:34:14 2026 +0200
lua-cqueues: New package
This lua module is required for auto-reloading RPZ files by kresd
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
commit c3d2471ea9ef2428f1fc35f635e0d47b8b6c3f05
Author: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sat May 9 17:57:54 2026 +0200
knot-resolver: Update to 6.3.0
For the moment this does not contain the python3 stuff like kresctrl or
the manager wrapper.
Also the new kresd does not install any default config anymore.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
commit ffe4b20650fb927bcf9022d3dabeb999690f1000
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun Apr 20 11:16:16 2025 +0000
knot-resolver: New package
This could potentially replace Unbound.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 0ea4b8a715c5193dc43fe1b9b2966b202baca5c7
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun Apr 20 11:14:28 2025 +0000
knot: Install everything
We want the libraries for the knot-resolver.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 119fadf18fca7a6db0478bff63155883de47d216
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun Apr 20 11:14:02 2025 +0000
luajit: New package
Required for knot-resolver.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/backup/backup.pl | 16 +
config/backup/exclude | 1 -
config/backup/include | 1 -
config/cron/crontab | 3 -
config/etc/group | 2 +-
config/etc/passwd | 2 +-
config/knot-resolver/config.lua | 483 +++++++++
config/knot-resolver/config.yaml | 69 ++
config/knot-resolver/dhcp-lease | 137 +++
config/knot-resolver/leases.lua | 170 ++++
config/rootfiles/common/aarch64/initscripts | 8 +-
config/rootfiles/common/aarch64/stage2 | 1 +
config/rootfiles/common/aarch64/util-linux | 3 +
config/rootfiles/common/gnutls | 8 -
config/rootfiles/common/knot | 99 +-
config/rootfiles/common/knot-resolver | 272 +++++
config/rootfiles/common/libcap | 2 -
config/rootfiles/common/lua-cqueues | 43 +
config/rootfiles/common/lua-csv | 2 +
config/rootfiles/common/lua-sqlite3 | 20 +
config/rootfiles/common/luajit | 35 +
config/rootfiles/common/luarocks | 126 +++
config/rootfiles/common/misc-progs | 2 +-
config/rootfiles/common/python3-Jinja2 | 68 +-
config/rootfiles/common/python3-MarkupSafe | 24 +-
config/rootfiles/common/python3-aiohappyeyeballs | 13 +
config/rootfiles/common/python3-aiohttp | 86 ++
config/rootfiles/common/python3-aiosignal | 10 +
config/rootfiles/common/python3-async-timeout | 11 +
.../rootfiles/{packages => common}/python3-attrs | 0
config/rootfiles/common/python3-expandvars | 7 +
config/rootfiles/common/python3-frozenlist | 13 +
config/rootfiles/{packages => common}/python3-idna | 0
config/rootfiles/common/python3-multidict | 13 +
config/rootfiles/common/python3-poetry-core | 204 ++++
config/rootfiles/common/python3-propcache | 16 +
config/rootfiles/common/python3-setuptools | 305 +++---
config/rootfiles/common/python3-supervisor | 128 +++
.../{packages => common}/python3-typing-extensions | 0
config/rootfiles/common/python3-watchdog | 41 +
config/rootfiles/{packages => common}/python3-yaml | 0
config/rootfiles/common/python3-yarl | 20 +
config/rootfiles/common/riscv64/initscripts | 8 +-
config/rootfiles/common/riscv64/stage2 | 1 +
config/rootfiles/common/riscv64/util-linux | 3 +
config/rootfiles/common/unbound | 64 --
config/rootfiles/common/x86_64/initscripts | 8 +-
config/rootfiles/common/x86_64/stage2 | 1 +
config/rootfiles/common/x86_64/util-linux | 3 +
config/rootfiles/common/zone-sync | 4 +
config/rootfiles/core/203/filelists/files | 20 +
.../{oldcore/128 => core/203}/filelists/knot | 0
config/rootfiles/core/203/filelists/knot-resolver | 1 +
config/rootfiles/core/203/filelists/lua-cqueues | 1 +
config/rootfiles/core/203/filelists/lua-csv | 1 +
config/rootfiles/core/203/filelists/lua-sqlite3 | 1 +
config/rootfiles/core/203/filelists/luajit | 1 +
config/rootfiles/core/203/filelists/luarocks | 1 +
.../{oldcore/106 => core/203}/filelists/misc-progs | 0
config/rootfiles/core/203/filelists/python3-Jinja2 | 1 +
.../198 => core/203}/filelists/python3-MarkupSafe | 0
.../core/203/filelists/python3-aiohappyeyeballs | 1 +
.../rootfiles/core/203/filelists/python3-aiohttp | 1 +
.../rootfiles/core/203/filelists/python3-aiosignal | 1 +
.../core/203/filelists/python3-async-timeout | 1 +
config/rootfiles/core/203/filelists/python3-attrs | 1 +
.../core/203/filelists/python3-expandvars | 1 +
.../core/203/filelists/python3-frozenlist | 1 +
config/rootfiles/core/203/filelists/python3-idna | 1 +
.../rootfiles/core/203/filelists/python3-multidict | 1 +
.../core/203/filelists/python3-poetry-core | 1 +
.../rootfiles/core/203/filelists/python3-propcache | 1 +
.../198 => core/203}/filelists/python3-setuptools | 0
.../core/203/filelists/python3-supervisor | 1 +
.../core/203/filelists/python3-typing-extensions | 1 +
.../rootfiles/core/203/filelists/python3-watchdog | 1 +
config/rootfiles/core/203/filelists/python3-yaml | 1 +
config/rootfiles/core/203/filelists/zone-sync | 1 +
config/rootfiles/core/203/update.sh | 51 +
config/rootfiles/packages/aarch64/samba | 1 +
config/rootfiles/packages/observium-agent | 1 -
config/rootfiles/packages/python3-packaging | 10 +-
config/rootfiles/packages/riscv64/samba | 1 +
config/rootfiles/packages/x86_64/samba | 1 +
config/unbound/icannbundle.pem | 237 -----
config/unbound/root.hints | 92 --
config/unbound/root.key | 2 -
config/unbound/unbound-dhcp-leases-bridge | 892 -----------------
config/unbound/unbound-dhcp-leases-client | 75 --
config/unbound/unbound.conf | 86 --
config/zabbix_agentd/ipfire_services.pl | 2 +-
doc/language_issues.de | 3 +
doc/language_issues.en | 3 -
doc/language_issues.es | 3 +
doc/language_issues.fr | 3 +
doc/language_issues.it | 3 -
doc/language_issues.nl | 3 -
doc/language_issues.pl | 3 -
doc/language_issues.ru | 3 -
doc/language_issues.tr | 3 -
doc/language_issues.tw | 3 +
doc/language_issues.zh | 3 +
html/cgi-bin/dhcp.cgi | 26 +-
html/cgi-bin/dns.cgi | 22 +-
html/cgi-bin/dnsbl.cgi | 12 +-
html/cgi-bin/dnsforward.cgi | 15 +-
html/cgi-bin/hosts.cgi | 4 +-
html/cgi-bin/services.cgi | 2 +-
lfs/aws-cli | 4 +-
lfs/gnutls | 3 +-
lfs/initscripts | 6 +-
lfs/knot | 19 +-
lfs/{fribidi => knot-resolver} | 43 +-
lfs/{utfcpp => lua-cqueues} | 9 +-
lfs/{bwm-ng => lua-csv} | 25 +-
lfs/{ubuntu-font-family => lua-sqlite3} | 16 +-
lfs/{bwm-ng => luajit} | 39 +-
lfs/{speexdsp => luarocks} | 11 +-
lfs/observium-agent | 4 +-
lfs/{python3-lxml => python3-aiohappyeyeballs} | 6 +-
lfs/{python3-build => python3-aiohttp} | 7 +-
lfs/{python3-lxml => python3-aiosignal} | 6 +-
...ython3-prompt-toolkit => python3-async-timeout} | 13 +-
lfs/python3-attrs | 10 -
lfs/{python3-lxml => python3-expandvars} | 6 +-
lfs/{python3-lxml => python3-frozenlist} | 6 +-
lfs/python3-idna | 7 -
lfs/{python3-reportlab => python3-multidict} | 6 +-
lfs/{python3-lxml => python3-poetry-core} | 6 +-
lfs/{python3-lxml => python3-propcache} | 6 +-
lfs/python3-requests | 4 +-
lfs/python3-setuptools | 4 +-
lfs/{python3-reportlab => python3-supervisor} | 6 +-
lfs/python3-trio | 4 +-
lfs/python3-typing-extensions | 5 -
lfs/{python3-lxml => python3-watchdog} | 6 +-
lfs/python3-yaml | 10 -
lfs/{python3-lxml => python3-yarl} | 6 +-
lfs/unbound | 123 ---
lfs/util-linux | 1 -
lfs/zabbix_agentd | 2 +-
lfs/{abseil-cpp => zone-sync} | 16 +-
make.sh | 24 +-
.../networking/red.up/25-update-dns-forwarders | 4 +-
src/initscripts/system/cleanfs | 4 +
src/initscripts/system/dhcp | 10 -
src/initscripts/system/firewall | 4 +-
src/initscripts/system/functions | 13 +-
.../{packages/freeradius => system/knot-resolver} | 24 +-
src/initscripts/system/unbound | 1040 --------------------
src/misc-progs/Makefile | 4 +-
src/misc-progs/{lldpdctrl.c => dnsctrl.c} | 13 +-
src/misc-progs/unboundctrl.c | 36 -
src/scripts/{archive.files => update-rpzs} | 109 +-
src/setup/networking.c | 2 -
155 files changed, 2646 insertions(+), 3250 deletions(-)
create mode 100644 config/knot-resolver/config.lua
create mode 100644 config/knot-resolver/config.yaml
create mode 100644 config/knot-resolver/dhcp-lease
create mode 100644 config/knot-resolver/leases.lua
create mode 100644 config/rootfiles/common/knot-resolver
create mode 100644 config/rootfiles/common/lua-cqueues
create mode 100644 config/rootfiles/common/lua-csv
create mode 100644 config/rootfiles/common/lua-sqlite3
create mode 100644 config/rootfiles/common/luajit
create mode 100644 config/rootfiles/common/luarocks
create mode 100644 config/rootfiles/common/python3-aiohappyeyeballs
create mode 100644 config/rootfiles/common/python3-aiohttp
create mode 100644 config/rootfiles/common/python3-aiosignal
create mode 100644 config/rootfiles/common/python3-async-timeout
rename config/rootfiles/{packages => common}/python3-attrs (100%)
create mode 100644 config/rootfiles/common/python3-expandvars
create mode 100644 config/rootfiles/common/python3-frozenlist
rename config/rootfiles/{packages => common}/python3-idna (100%)
create mode 100644 config/rootfiles/common/python3-multidict
create mode 100644 config/rootfiles/common/python3-poetry-core
create mode 100644 config/rootfiles/common/python3-propcache
create mode 100644 config/rootfiles/common/python3-supervisor
rename config/rootfiles/{packages => common}/python3-typing-extensions (100%)
create mode 100644 config/rootfiles/common/python3-watchdog
rename config/rootfiles/{packages => common}/python3-yaml (100%)
create mode 100644 config/rootfiles/common/python3-yarl
delete mode 100644 config/rootfiles/common/unbound
create mode 100644 config/rootfiles/common/zone-sync
copy config/rootfiles/{oldcore/128 => core/203}/filelists/knot (100%)
create mode 120000 config/rootfiles/core/203/filelists/knot-resolver
create mode 120000 config/rootfiles/core/203/filelists/lua-cqueues
create mode 120000 config/rootfiles/core/203/filelists/lua-csv
create mode 120000 config/rootfiles/core/203/filelists/lua-sqlite3
create mode 120000 config/rootfiles/core/203/filelists/luajit
create mode 120000 config/rootfiles/core/203/filelists/luarocks
copy config/rootfiles/{oldcore/106 => core/203}/filelists/misc-progs (100%)
create mode 120000 config/rootfiles/core/203/filelists/python3-Jinja2
copy config/rootfiles/{oldcore/198 => core/203}/filelists/python3-MarkupSafe (100%)
create mode 120000 config/rootfiles/core/203/filelists/python3-aiohappyeyeballs
create mode 120000 config/rootfiles/core/203/filelists/python3-aiohttp
create mode 120000 config/rootfiles/core/203/filelists/python3-aiosignal
create mode 120000 config/rootfiles/core/203/filelists/python3-async-timeout
create mode 120000 config/rootfiles/core/203/filelists/python3-attrs
create mode 120000 config/rootfiles/core/203/filelists/python3-expandvars
create mode 120000 config/rootfiles/core/203/filelists/python3-frozenlist
create mode 120000 config/rootfiles/core/203/filelists/python3-idna
create mode 120000 config/rootfiles/core/203/filelists/python3-multidict
create mode 120000 config/rootfiles/core/203/filelists/python3-poetry-core
create mode 120000 config/rootfiles/core/203/filelists/python3-propcache
copy config/rootfiles/{oldcore/198 => core/203}/filelists/python3-setuptools (100%)
create mode 120000 config/rootfiles/core/203/filelists/python3-supervisor
create mode 120000 config/rootfiles/core/203/filelists/python3-typing-extensions
create mode 120000 config/rootfiles/core/203/filelists/python3-watchdog
create mode 120000 config/rootfiles/core/203/filelists/python3-yaml
create mode 120000 config/rootfiles/core/203/filelists/zone-sync
delete mode 100644 config/unbound/icannbundle.pem
delete mode 100644 config/unbound/root.hints
delete mode 100644 config/unbound/root.key
delete mode 100644 config/unbound/unbound-dhcp-leases-bridge
delete mode 100644 config/unbound/unbound-dhcp-leases-client
delete mode 100644 config/unbound/unbound.conf
copy lfs/{fribidi => knot-resolver} (71%)
copy lfs/{utfcpp => lua-cqueues} (89%)
copy lfs/{bwm-ng => lua-csv} (85%)
copy lfs/{ubuntu-font-family => lua-sqlite3} (89%)
copy lfs/{bwm-ng => luajit} (78%)
copy lfs/{speexdsp => luarocks} (92%)
copy lfs/{python3-lxml => python3-aiohappyeyeballs} (93%)
copy lfs/{python3-build => python3-aiohttp} (91%)
copy lfs/{python3-lxml => python3-aiosignal} (93%)
copy lfs/{python3-prompt-toolkit => python3-async-timeout} (90%)
copy lfs/{python3-lxml => python3-expandvars} (93%)
copy lfs/{python3-lxml => python3-frozenlist} (93%)
copy lfs/{python3-reportlab => python3-multidict} (93%)
copy lfs/{python3-lxml => python3-poetry-core} (93%)
copy lfs/{python3-lxml => python3-propcache} (93%)
copy lfs/{python3-reportlab => python3-supervisor} (93%)
copy lfs/{python3-lxml => python3-watchdog} (93%)
copy lfs/{python3-lxml => python3-yarl} (94%)
delete mode 100644 lfs/unbound
copy lfs/{abseil-cpp => zone-sync} (88%)
copy src/initscripts/{packages/freeradius => system/knot-resolver} (77%)
delete mode 100644 src/initscripts/system/unbound
copy src/misc-progs/{lldpdctrl.c => dnsctrl.c} (64%)
delete mode 100644 src/misc-progs/unboundctrl.c
copy src/scripts/{archive.files => update-rpzs} (50%)
mode change 100755 => 100644
Difference in files:
diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index 8dd77b3ee3..e899d71396 100644
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -116,6 +116,22 @@ restore_backup() {
-s /bin/false \
-u 103 unbound
+ # Create Knot Resolver group
+ if ! getent group knot-resolver &>/dev/null; then
+ groupadd -g 119 knot-resolver
+ fi
+
+ # Create Knot Resolver user
+ if ! getent passwd knot-resolver &>/dev/null; then
+ useradd \
+ -c "Knot Resolver User" \
+ -d /var/empty \
+ -g knot-resolver \
+ -s /bin/false \
+ -u 119 \
+ knot-resolver
+ fi
+
# Run converters
# Outgoing Firewall
diff --git a/config/backup/exclude b/config/backup/exclude
index 0719b471f3..4c7ae1ccc8 100644
--- a/config/backup/exclude
+++ b/config/backup/exclude
@@ -1,5 +1,4 @@
etc/sysconfig/lm_sensors
-etc/unbound/unbound.conf
*.tmp
var/cache/suricata/sgh/*
var/ipfire/ethernet/settings
diff --git a/config/backup/include b/config/backup/include
index ad3a6d35c8..b547d1520b 100644
--- a/config/backup/include
+++ b/config/backup/include
@@ -18,7 +18,6 @@ etc/squid/squid.conf.pre.local
etc/sysconfig/*
etc/sysconfig/firewall.local
etc/sysconfig/rc.local
-etc/unbound
root/.bash_history
root/.gitconfig
root/.ssh
diff --git a/config/cron/crontab b/config/cron/crontab
index 5df2356ab0..df326977d7 100644
--- a/config/cron/crontab
+++ b/config/cron/crontab
@@ -87,6 +87,3 @@ HOME=/
# Cleanup the collectd RRD (graphs)
%weekly * * /bin/find /var/log/rrd -mtime +365 -type f -name '*.rrd' -delete -o -type d -empty -delete
-
-# Update DNS trust anchor
-%daily,random * * @runas(unbound) /usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem
diff --git a/config/etc/group b/config/etc/group
index 828e911d81..5087e0a0d1 100644
--- a/config/etc/group
+++ b/config/etc/group
@@ -30,7 +30,6 @@ nobody:x:99:
users:x:100:
suricata:x:101:
logwatch:x:102:
-unbound:x:103:
cron:x:104:
syslogd:x:105:
klogd:x:106:
@@ -45,4 +44,5 @@ nut:x:115:
cdrom:x:116:
usb:x:117:
zabbix:x:118:
+knot-resolver:x:119:
samba:x:1000:
diff --git a/config/etc/passwd b/config/etc/passwd
index deecce8856..7595688105 100644
--- a/config/etc/passwd
+++ b/config/etc/passwd
@@ -14,7 +14,6 @@ nobody:x:99:99:Nobody:/home/nobody:/bin/false
postfix:x:100:100::/var/spool/postfix:/bin/false
suricata:x:101:101:Suricata:/var/log/suricata:/bin/false
logwatch:x:102:102::/var/log/logwatch:/bin/false
-unbound:x:103:103:unbound User:/var/empty:/bin/false
cron:x:104:104::/:/bin/false
syslogd:x:105:105:/var/empty:/bin/false
klogd:x:106:106:/var/empty:/bin/false
@@ -24,4 +23,5 @@ cyrus:x:111:12:Cyrus user:/usr/cyrus:
filter:x:112:12:Spam user:/home/filter:/bin/false
asterisk:x:114:114:Asterisk user:/var/empty:/bin/false
zabbix:x:118:118:Zabbix Monitoring:/var/empty:/bin/false
+knot-resolver:x:119:119:Knot Resolver User:/var/empty:/bin/false
samba:x:1000:1000:Samba User:/var/empty:/bin/false
diff --git a/config/knot-resolver/config.lua b/config/knot-resolver/config.lua
new file mode 100644
index 0000000000..d594c88eb5
--- /dev/null
+++ b/config/knot-resolver/config.lua
@@ -0,0 +1,483 @@
+--[[###########################################################################
+# #
+# IPFire.org - An Open Source Firewall #
+# Copyright (C) 2026 - IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###########################################################################]]--
+
+local config = {}
+
+-- Load required Lua modules
+local csv = require("csv")
+local ffi = require("ffi")
+
+-- Get access to the C interface
+local C = ffi.C
+
+-- Helper function to load a key/value configuration file
+function config.load_settings(path)
+ local settings = {}
+
+ -- Read the file line by line
+ for line in io.lines(path) do
+ -- Skip comment and empty lines
+ if not line:match('^%s*#') and not line:match('^%s*$') then
+ -- Split the line
+ local k, v = line:match('^%s*([^=%s]+)%s*=%s*(.-)%s*$')
+
+ -- Store the key/value pair
+ if k then
+ settings[k] = v
+ end
+ end
+ end
+
+ return settings
+end
+
+local function netmask_to_prefix(netmask)
+ -- Return nil on empty input
+ if not netmask then
+ return
+ end
+
+ local prefix = 0
+
+ -- Iterate through octets
+ for octet in netmask:gmatch("(%d+)") do
+ local n = tonumber(octet)
+
+ -- Count bits in each octet
+ while n > 0 do
+ if n % 2 == 1 then
+ prefix = prefix + 1
+ end
+ n = math.floor(n / 2)
+ end
+ end
+
+ return prefix
+end
+
+local function reverse_zones(address, netmask)
+ local a, b, c, d = address:match("^(%d+)%.(%d+)%.(%d+)%.(%d+)$")
+
+ -- Return if we could not parse the address
+ if not a or not b or not c or not d then
+ return
+ end
+
+ -- Convert the octets into numbers
+ a, b, c, d = tonumber(a), tonumber(b), tonumber(c), tonumber(d)
+
+ -- Convert the netmask into prefix
+ local prefix = netmask_to_prefix(netmask)
+ if not prefix then
+ return
+ end
+
+ -- Round to to the nearest /8, /16, /24 or /32
+ local p = math.floor(prefix / 8) * 8
+
+ -- Fail if we would be generating all /8 zones
+ if not p then
+ return
+ end
+
+ -- Determine how many zones we need
+ local n = 2 ^ (p - prefix)
+
+ local zones = {}
+
+ -- Generate all zones
+ for i = 0, n - 1 do
+ local zone, oa, ob, oc, od = nil, a, b, c, d
+
+ -- /8
+ if p == 8 then
+ oa = a + i
+ zone = string.format("%s.in-addr.arpa.", oa)
+
+ -- /16
+ elseif p == 16 then
+ ob = b + i
+ zone = string.format("%s.%s.in-addr.arpa.", ob, oa)
+
+ -- /24
+ elseif p == 24 then
+ oc = c + i
+ zone = string.format("%s.%s.%s.in-addr.arpa.", oc, ob, oa)
+
+ -- /32
+ elseif p == 32 then
+ od = d + i
+ zone = string.format("%s.%s.%s.%s.in-addr.arpa.", od, oc, ob, oa)
+ end
+
+ -- Append the zone
+ if zone then
+ table.insert(zones, kres.str2dname(zone))
+ end
+ end
+
+ return zones
+end
+
+-- Setup DNS Forwarders
+function config.load_forwarders(settings)
+ -- Fetch the transport protocol
+ local proto = settings["PROTO"]
+
+ -- Collect all forwarders
+ local forwarders = {}
+
+ -- Add provider-assigned servers?
+ if settings["USE_ISP_NAMESERVERS"] == "on" and proto ~= "TLS" then
+ for i, path in ipairs({ "/var/run/dns1", "/var/run/dns2" }) do
+ for address in io.lines(path) do
+ if address ~= "" then
+ table.insert(forwarders, {address})
+ end
+ end
+ end
+ end
+
+ -- Open the file
+ local f = csv.open("/var/ipfire/dns/servers")
+
+ -- Add manually configured servers
+ for fields in f:lines() do
+ local id, address, hostname, status, comment = unpack(fields)
+
+ if status == "enabled" then
+ if proto == "TLS" then
+ table.insert(forwarders, {
+ address, tls=true, hostname=hostname,
+ })
+ else
+ table.insert(forwarders, {address})
+ end
+ end
+ end
+
+ -- Don't configure anything if we don't have any forwarders
+ if #forwarders == 0 then
+ return
+ end
+
+ -- Apply the forwarding rule
+ policy.rule_forward_add(".", { dnssec=true, auth=false }, forwarders)
+end
+
+-- Load any hosts
+function config.load_hosts()
+ local path = "/var/ipfire/main/hosts"
+
+ -- Log action
+ log_debug(ffi.C.LOG_GRP_HINT, string.format("Loading hosts from %s", path))
+
+ -- Clear any previously registered hints
+ hints.config()
+
+ -- Set the TTL to one minute
+ hints.ttl(60)
+
+ -- Open the file
+ local f = csv.open(path)
+
+ for fields in f:lines() do
+ local status, address, hostname, domainname, ptr = unpack(fields)
+
+ -- Add the entry
+ if status == "on" then
+ local hint = ""
+
+ if domainname then
+ hint = string.format("%s.%s %s",
+ hostname, domainname, address)
+ else
+ hint = string.format("%s %s",
+ hostname, address)
+ end
+
+ -- Add the hint
+ hints.set(hint)
+ end
+ end
+end
+
+local GOOGLE_TLDS = {
+ "com",
+
+ -- ccTLDs
+ "ad", "ae", "al", "am", "as", "at", "az", "ba", "be", "bf", "bg", "bi", "bj",
+ "bs", "bt", "by", "ca", "cat", "cd", "cf", "cg", "ch", "ci", "cl", "cm", "cn",
+ "cv", "cz", "de", "dj", "dk", "dm", "dz", "ee", "es", "fi", "fm", "fr", "ga",
+ "ge", "gg", "gl", "gm", "gr", "gy", "hn", "hr", "ht", "hu", "ie", "im", "iq",
+ "is", "it", "je", "jo", "kg", "ki", "kz", "la", "li", "lk", "lt", "lu", "lv",
+ "md", "me", "mg", "mk", "ml", "mn", "mu", "mv", "mw", "ne", "nl", "no", "nr",
+ "nu", "pl", "pn", "ps", "pt", "ro", "rs", "ru", "rw", "sc", "se", "sh", "si",
+ "sk", "sm", "sn", "so", "sr", "st", "td", "tg", "tl", "tm", "tn", "to", "tt",
+ "vu", "ws",
+
+ -- co.*
+ "co.ao", "co.bw", "co.ck", "co.cr", "co.id", "co.il", "co.in", "co.jp", "co.ke",
+ "co.kr", "co.ls", "co.ma", "co.mz", "co.nz", "co.th", "co.tz", "co.ug", "co.uk",
+ "co.uz", "co.ve", "co.vi", "co.za", "co.zm", "co.zw",
+
+ -- com.*
+ "com.af", "com.ag", "com.ar", "com.au", "com.bd", "com.bh", "com.bn", "com.bo",
+ "com.br", "com.bz", "com.co", "com.cu", "com.cy", "com.do", "com.ec", "com.eg",
+ "com.et", "com.fj", "com.gh", "com.gi", "com.gt", "com.hk", "com.jm", "com.kh",
+ "com.kw", "com.lb", "com.ly", "com.mm", "com.mt", "com.mx", "com.my", "com.na",
+ "com.ng", "com.ni", "com.np", "com.om", "com.pa", "com.pe", "com.pg", "com.ph",
+ "com.pk", "com.pr", "com.py", "com.qa", "com.sa", "com.sb", "com.sg", "com.sl",
+ "com.sv", "com.tj", "com.tr", "com.tw", "com.ua", "com.uy", "com.vc", "com.vn"
+}
+
+-- Loads the Safe Search rules
+function config.load_safesearch(settings)
+ -- Check if Safe Search is enabled
+ if settings["ENABLE_SAFE_SEARCH"] ~= "on" then
+ return
+ end
+
+ local zone = {}
+
+ -- Adds an entry to the zone
+ local function add(sources, target)
+ for i, source in ipairs(sources) do
+ local rr = string.format("%s. CNAME %s.", source, target)
+
+ table.insert(zone, rr)
+ end
+ end
+
+ -- Enable Googe Safe Search
+ for i, tld in ipairs(GOOGLE_TLDS) do
+ local name = string.format("google.%s", tld)
+
+ add({ name, "www." .. name}, "forcesafesearch.google.com")
+ end
+
+ -- Enable Bing Strict Search
+ add({ "bing.com", "www.bing.com" }, "strict.bing.com")
+
+ -- Enable DuckDuckGo Safe Search
+ add({ "duckduckgo.com", "www.duckduckgo.com" }, "safe.duckduckgo.com")
+
+ -- Enable Yandex Family Search
+ add({ "yandex.com", "www.yandex.com" }, "familysearch.yandex.com")
+ add({ "yandex.ru", "www.yandex.ru" }, "familysearch.yandex.ru")
+
+ -- Enable YouTube Safe Search
+ if settings["ENABLE_SAFE_SEARCH_YOUTUBE"] == "on" then
+ add({ "youtube.com", "www.youtube.com" }, "restrictmoderate.youtube.com")
+ end
+
+ -- Create a new zone
+ rrs = ffi.new("struct kr_rule_zonefile_config")
+ rrs.ttl = C.KR_RULE_TTL_DEFAULT
+ rrs.tags = 0
+ rrs.nodata = true
+ rrs.is_rpz = false
+ rrs.input_str = table.concat(zone, "\n")
+ rrs.opts = C.KR_RULE_OPTS_DEFAULT
+
+ assert(C.kr_rule_zonefile(rrs) == 0)
+end
+
+-- Loads the Forwarding Rules
+function config.load_forwarding()
+ local path = "/var/ipfire/dnsforward/config"
+
+ local f = csv.open(path)
+
+ for fields in f:lines() do
+ local status, name, address, comment, no_dnssec = unpack(fields)
+
+ if status == "on" then
+ local dnssec = true
+
+ -- Split multiple addresses
+ local addresses = {}
+ for a in address:gmatch("[^|]+") do
+ addresses[#addresses+1] = { a }
+ end
+
+ -- Use a stub resolver if we don't want DNSSEC
+ if no_dnssec == "on" then
+ dnssec = false
+ end
+
+ -- Apply the forwarding rule
+ policy.rule_forward_add(name, { dnssec=dnssec, auth=false }, addresses)
+ end
+ end
+end
+
+function config.load_leases()
+ -- Load DHCP settings
+ local settings = config.load_settings("/var/ipfire/dhcp/settings")
+
+ -- Load Ethernet settings
+ local ethernet = config.load_settings("/var/ipfire/ethernet/settings")
+
+ -- Skip this if DNS UPDATE is being used instead
+ if settings["DNS_UPDATE_ENABLED"] == "on" then
+ return
+ end
+
+ -- Load the leases module
+ modules.load("leases")
+
+ -- Enabled on GREEN?
+ if settings["ENABLE_GREEN"] == "on" then
+ policy.add(
+ policy.suffix(leases.answer(), {
+ todname(settings["DOMAIN_NAME_GREEN"])
+ })
+ )
+
+ -- Fetch subnet
+ local netaddr = ethernet["GREEN_NETADDRESS"]
+ local netmask = ethernet["GREEN_NETMASK"]
+
+ -- Reverse lookup
+ policy.add(
+ policy.suffix(leases.answer(), reverse_zones(netaddr, netmask))
+ )
+ end
+
+ -- Enabled on BLUE?
+ if settings["ENABLE_BLUE"] == "on" then
+ policy.add(
+ policy.suffix(leases.answer(), {
+ todname(settings["DOMAIN_NAME_BLUE"])
+ })
+ )
+
+ -- Fetch subnet
+ local netaddr = ethernet["BLUE_NETADDRESS"]
+ local netmask = ethernet["BLUE_NETMASK"]
+
+ -- Reverse lookup
+ policy.add(
+ policy.suffix(leases.answer(), reverse_zones(netaddr, netmask))
+ )
+ end
+end
+
+local function get_zone(name)
+ local settings = config.load_settings("/var/ipfire/ethernet/settings")
+
+ -- Fetch net address & mask
+ local netaddr = settings[name .. "_NETADDRESS"]
+ local netmask = settings[name .. "_NETMASK"]
+
+ -- Convert the netmask into prefix notation
+ local prefix = netmask_to_prefix(netmask)
+
+ if netaddr and prefix then
+ return string.format("%s/%s", netaddr, prefix)
+ end
+end
+
+local function add_tag(views, subnet, tag)
+ if views[subnet] then
+ table.insert(views[subnet], tag)
+ else
+ views[subnet] = { tag }
+ end
+end
+
+function config.load_rpzs()
+ local zones
+
+ -- Open the configuration
+ local f = csv.open("/var/ipfire/dns/dnsbl")
+
+ local views = {}
+
+ for fields in f:lines() do
+ local name, status, comment, enabled_zones, custom_acl = unpack(fields)
+
+ if status == "on" then
+ local path = string.format("/var/cache/knot-resolver/rpzs/%s.zone", name)
+
+ -- Ensure the zone exists
+ if not io.open(path) then
+ io.open(path, "w")
+ end
+
+ -- Make the tag
+ local tag = name:match("^([^.]+)"):lower()
+
+ -- Load a new zone file
+ local rpz = ffi.new("struct kr_rule_zonefile_config")
+ rpz.nodata = true
+ rpz.is_rpz = true
+
+ -- Load the zone from path
+ rpz.filename = path
+
+ -- Set a default TTL
+ rpz.ttl = C.KR_RULE_TTL_DEFAULT
+ rpz.tags = policy.get_tagset({tag,})
+
+ -- opts are complicated
+ rpz.opts = C.KR_RULE_OPTS_DEFAULT
+ rpz.opts.score = 9
+
+ -- Enable logging
+ rpz.opts.log_level = 3 -- NOTICE
+ rpz.opts.log_ip = true
+ rpz.opts.log_name = true
+
+ -- Load the file
+ assert(C.kr_rule_zonefile(rpz) == 0)
+
+ -- Apply zone ACLs
+ for zone in enabled_zones:gmatch("[^|]+") do
+ local subnet = get_zone(zone)
+
+ if subnet then
+ add_tag(views, subnet, tag)
+ end
+ end
+
+ -- Apply custom ACLs
+ for subnet in custom_acl:gmatch("[^|]+") do
+ if subnet then
+ add_tag(views, subnet, tag)
+ end
+ end
+
+ -- Load it globally if no ACLs have been defined
+ if enabled_zones == "" and custom_acl == "" then
+ add_tag(views, "0.0.0.0/0", tag)
+ end
+ end
+ end
+
+ -- Apply views
+ for subnet, tag in ipairs(views) do
+ assert(C.kr_view_insert_action(subnet, "",
+ 0, policy.COMBINE({ policy.TAGS_ASSIGN(tags) })) == 0)
+ end
+end
+
+return config
diff --git a/config/knot-resolver/config.yaml b/config/knot-resolver/config.yaml
new file mode 100644
index 0000000000..4114939f14
--- /dev/null
+++ b/config/knot-resolver/config.yaml
@@ -0,0 +1,69 @@
+# Knot Resolver Configuration File For IPFire
+# DO NOT EDIT as any changes will be overwritten
+
+# Enable logging
+logging:
+ level: info
+ target: syslog
+
+# Listen on all interfaces
+network:
+ listen:
+ - interface: 0.0.0.0@53
+
+ do-ipv4: true
+ do-ipv6: false
+
+# Start as many workers as we have CPU threads
+workers: auto
+
+# Enable a persistent cache
+cache:
+ storage: /var/cache/knot-resolver
+ size-max: 256M
+
+ # Enable prefetching
+ prefetch:
+ expiring: true
+
+options:
+ # Minimise all queries
+ minimize: true
+
+ # Apply workarounds for broken domains
+ violators-workarounds: true
+
+ # Detect time jumps
+ time-jump-detection: true
+
+# Load our policy
+lua:
+ script: |
+ -- Load config helpers
+ local config = require("config")
+
+ -- Load DHCP Leases Lookup
+ config.load_leases()
+
+ # Load policies
+ policy-script: |
+ -- Load config helpers
+ local config = require("config")
+
+ -- Load the settings
+ local settings = config.load_settings("/var/ipfire/dns/settings")
+
+ -- Load hosts
+ config.load_hosts()
+
+ -- Load RPZs
+ config.load_rpzs()
+
+ -- Load SafeSearch
+ config.load_safesearch(settings)
+
+ -- Load Forwarding Rules
+ config.load_forwarding()
+
+ -- Load Forwarders
+ config.load_forwarders(settings)
diff --git a/config/knot-resolver/dhcp-lease b/config/knot-resolver/dhcp-lease
new file mode 100644
index 0000000000..982bd35661
--- /dev/null
+++ b/config/knot-resolver/dhcp-lease
@@ -0,0 +1,137 @@
+#!/bin/bash
+
+readonly DB_PATH="/var/lib/knot-resolver/dhcp-leases.db"
+
+main() {
+ # Create the database if it does not exist
+ if [ ! -f "${DB_PATH}" ]; then
+ sqlite3 "${DB_PATH}" >/dev/null <<EOF
+ -- Create schema
+ CREATE TABLE IF NOT EXISTS leases(
+ address TEXT PRIMARY KEY,
+ hostname TEXT NOT NULL
+ );
+ CREATE UNIQUE INDEX IF NOT EXISTS
+ leases_address ON leases(address);
+ CREATE UNIQUE INDEX IF NOT EXISTS
+ leases_hostname ON leases(hostname COLLATE NOCASE);
+
+ -- Run in WAL mode
+ PRAGMA journal_mode=WAL;
+ PRAGMA synchronous=NORMAL;
+EOF
+ fi
+
+ local action="${1}"
+ shift
+
+ case "${action}" in
+ commit)
+ local address
+ local hostname
+ local domainname
+
+ while [ $# -gt 0 ]; do
+ case "${1}" in
+ ADDRESS=*)
+ address="${1#*=}"
+ ;;
+ HOSTNAME=*)
+ hostname="${1#*=}"
+ ;;
+ DOMAINNAME=*)
+ domainname="${1#*=}"
+ ;;
+ *)
+ # Ignore any unknown arguments
+ ;;
+ esac
+ shift
+ done
+
+ # Check if we have enough data
+ if [ -z "${address}" ]; then
+ echo "${0}: Missing ADDRESS=" >&2
+ return 2
+ elif [ -z "${hostname}" ]; then
+ echo "${0}: Missing HOSTNAME=" >&2
+ return 2
+ elif [ -z "${domainname}" ]; then
+ echo "${0}: Missing DOMAINNAME=" >&2
+ return 2
+
+ # Validate the hostname
+ elif ! [[ ${hostname} =~ ^[A-Za-z0-9_-]{1,63}$ ]]; then
+ echo "${0}: Invalid hostname" >&2
+ return 2
+ fi
+
+ # Join the hostname together
+ hostname="${hostname}.${domainname}."
+
+ # Make the hostname lowercase
+ hostname="${hostname,,}"
+
+ sqlite3 "${DB_PATH}" <<-EOF
+ -- Set parameters
+ .parameter set :address '${address}'
+ .parameter set :hostname '${hostname}'
+
+ -- Run statement
+ INSERT INTO
+ leases
+ (
+ address,
+ hostname
+ )
+ VALUES
+ (
+ :address,
+ :hostname
+ )
+ ON CONFLICT
+ (
+ address
+ )
+ DO UPDATE SET
+ hostname = excluded.hostname;
+ EOF
+ ;;
+
+ release|expiry)
+ local address
+
+ while [ $# -gt 0 ]; do
+ case "${1}" in
+ ADDRESS=*)
+ address="${1#*=}"
+ ;;
+ *)
+ # Ignore any unknown arguments
+ ;;
+ esac
+ shift
+ done
+
+ # Check if we have enough data
+ if [ -z "${address}" ]; then
+ echo "${0}: Missing ADDRESS=" >&2
+ return 2
+ fi
+
+ sqlite3 "${DB_PATH}" <<-EOF
+ -- Set parameters
+ .parameter set :address '${address}'
+
+ -- Run statement
+ DELETE FROM
+ leases
+ WHERE
+ address = :address;
+ EOF
+ esac
+
+ return 0
+}
+
+main "$@" || exit $?
diff --git a/config/knot-resolver/leases.lua b/config/knot-resolver/leases.lua
new file mode 100644
index 0000000000..a78a800c55
--- /dev/null
+++ b/config/knot-resolver/leases.lua
@@ -0,0 +1,170 @@
+-- Load modules
+local sqlite3 = require("lsqlite3")
+
+local DB_PATH = "/var/lib/knot-resolver/dhcp-leases.db"
+local TTL = 60
+
+local M = {}
+local db
+local sql_fwd
+local sql_rev
+
+local function log_error(s)
+ print(s)
+end
+
+local function log_debug(s)
+ print(s)
+end
+
+-- Initializes the module
+function M.init()
+ -- Open the database
+ db = sqlite3.open(DB_PATH, sqlite3.OPEN_READONLY)
+
+ -- Fail if we cannot open the database
+ if not db then
+ log_error("leases: Failed to open " .. DB_PATH)
+ return -1
+ end
+
+ -- Don't ever block
+ db:exec("PRAGMA query_only = 1")
+
+ -- Prepare the forward lookup query
+ sql_fwd = db:prepare(
+ "SELECT address FROM leases WHERE hostname = ?1 COLLATE NOCASE LIMIT 1"
+ )
+
+ -- Prepare the reverse lookup query
+ sql_rev = db:prepare(
+ "SELECT hostname FROM leases WHERE address = ?1 LIMIT 1"
+ )
+end
+
+-- Cleans up the module
+function M.deinit()
+ -- Cleanup the statements
+ if sql_fwd then
+ sql_fwd:finalize()
+ end
+ if sql_rev then
+ sql_rev:finalize()
+ end
+
+ -- Close the database
+ if db then
+ db:close()
+ end
+end
+
+-- Parses an IPv4 address from the reverse pointer query name
+local function address_from_reverse_pointer(qname)
+ local d, c, b, a = qname:match("^(%d+)%.(%d+)%.(%d+)%.(%d+)%.in%-addr%.arpa%.$")
+
+ -- Return nil if we could not parse the name
+ if not a or not b or not c or not d then
+ return
+ end
+
+ -- Concatenate the address
+ return string.format("%s.%s.%s.%s", a, b, c, d)
+end
+
+local function lookup_fwd(hostname)
+ -- Reset the statement
+ sql_fwd:reset()
+
+ -- Bind the query name
+ sql_fwd:bind_values(hostname)
+
+ -- Execute the statement
+ if sql_fwd:step() == sqlite3.ROW then
+ local address = sql_fwd:get_value(0)
+
+ -- Convert the address to wire format
+ if address then
+ return kres.str2ip(address)
+ end
+ end
+end
+
+local function lookup_rev(qname)
+ -- Parse the address from the query name
+ local address = address_from_reverse_pointer(qname)
+
+ -- Fail if we could not parse the address
+ if not address then
+ return
+ end
+
+ -- Reset the statement
+ sql_rev:reset()
+
+ -- Bind the address
+ sql_rev:bind_values(address)
+
+ -- Execute the statement
+ if sql_rev:step() == sqlite3.ROW then
+ local hostname = sql_rev:get_value(0)
+
+ -- Convert the hostname to wire format
+ if hostname then
+ return todname(hostname)
+ end
+ end
+end
+
+-- Function that will try to answer the query
+function M.answer()
+ return function(state, req)
+ -- Fetch the current query
+ local query = req:current()
+
+ -- Fetch the query name
+ local qname = kres.dname2str(query.sname)
+
+ -- Fetch the query type
+ local qtype = query.stype
+
+ -- Log action
+ log_debug(
+ string.format("Called for %s (%d)", qname, qtype)
+ )
+
+ local answer = {}
+
+ -- Is this a forward lookup?
+ if qtype == kres.type.A then
+ -- Perform a forward lookup
+ local address = lookup_fwd(qname)
+
+ if address then
+ answer[qtype] = { rdata = address, ttl = TTL }
+ end
+
+ -- Or is this a reverse lookup?
+ elseif qtype == kres.type.PTR then
+ -- Perform a reverse lookup
+ local hostname = lookup_rev(qname)
+
+ if hostname then
+ answer[qtype] = { rdata = hostname, ttl = TTL }
+ end
+ end
+
+ -- If we have an answer, use the policy module to send it
+ if answer then
+ answer = policy.ANSWER(answer)
+
+ -- Otherwise we send NXDOMAIN
+ else
+ answer = policy.DENY
+ end
+
+ -- Pass the state and request
+ return answer(state, req)
+ end
+end
+
+return M
diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts
index feb2aba444..4ea4cf933e 100644
--- a/config/rootfiles/common/aarch64/initscripts
+++ b/config/rootfiles/common/aarch64/initscripts
@@ -30,6 +30,7 @@ etc/rc.d/init.d/functions
etc/rc.d/init.d/grub-btrfsd
etc/rc.d/init.d/halt
etc/rc.d/init.d/ipsec
+etc/rc.d/init.d/knot-resolver
etc/rc.d/init.d/leds
etc/rc.d/init.d/lldpd
etc/rc.d/init.d/localnet
@@ -92,7 +93,6 @@ etc/rc.d/init.d/sysklogd
etc/rc.d/init.d/template
etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry
-etc/rc.d/init.d/unbound
etc/rc.d/init.d/vnstat
etc/rc.d/init.d/waitdrives
etc/rc.d/init.d/wireguard
@@ -116,7 +116,7 @@ etc/rc.d/rc0.d/K79leds
etc/rc.d/rc0.d/K80network
etc/rc.d/rc0.d/K82wlanclient
etc/rc.d/rc0.d/K85messagebus
-etc/rc.d/rc0.d/K86unbound
+etc/rc.d/rc0.d/K86knot-resolver
etc/rc.d/rc0.d/K87acpid
etc/rc.d/rc0.d/K90sysklogd
etc/rc.d/rc0.d/S60sendsignals
@@ -127,7 +127,7 @@ etc/rc.d/rc0.d/S99halt
#etc/rc.d/rc3.d
etc/rc.d/rc3.d/S01vnstat
etc/rc.d/rc3.d/S10sysklogd
-etc/rc.d/rc3.d/S11unbound
+etc/rc.d/rc3.d/S11knot-resolver
etc/rc.d/rc3.d/S12acpid
etc/rc.d/rc3.d/S15fireinfo
etc/rc.d/rc3.d/S15messagebus
@@ -167,7 +167,7 @@ etc/rc.d/rc6.d/K79leds
etc/rc.d/rc6.d/K80network
etc/rc.d/rc6.d/K82wlanclient
etc/rc.d/rc6.d/K85messagebus
-etc/rc.d/rc6.d/K86unbound
+etc/rc.d/rc6.d/K86knot-resolver
etc/rc.d/rc6.d/K87acpid
etc/rc.d/rc6.d/K90sysklogd
etc/rc.d/rc6.d/S60sendsignals
diff --git a/config/rootfiles/common/aarch64/stage2 b/config/rootfiles/common/aarch64/stage2
index 7e36bf86f7..03f21cddf4 100644
--- a/config/rootfiles/common/aarch64/stage2
+++ b/config/rootfiles/common/aarch64/stage2
@@ -109,6 +109,7 @@ usr/local/bin/update-ids-ruleset
usr/local/bin/update-ipblocklists
usr/local/bin/update-lang-cache
usr/local/bin/update-location-database
+usr/local/bin/update-rpzs
#usr/local/include
#usr/local/lib
#usr/local/sbin
diff --git a/config/rootfiles/common/aarch64/util-linux b/config/rootfiles/common/aarch64/util-linux
index bf418cea52..d2041e2366 100644
--- a/config/rootfiles/common/aarch64/util-linux
+++ b/config/rootfiles/common/aarch64/util-linux
@@ -103,6 +103,7 @@ usr/bin/scriptlive
#usr/bin/scriptreplay
#usr/bin/setarch
usr/bin/setpgid
+usr/bin/setpriv
usr/bin/setsid
#usr/bin/setterm
#usr/bin/taskset
@@ -243,6 +244,7 @@ usr/sbin/rtcwake
#usr/share/bash-completion/completions/scriptreplay
#usr/share/bash-completion/completions/setarch
#usr/share/bash-completion/completions/setpgid
+#usr/share/bash-completion/completions/setpriv
#usr/share/bash-completion/completions/setsid
#usr/share/bash-completion/completions/setterm
#usr/share/bash-completion/completions/sfdisk
@@ -317,6 +319,7 @@ usr/sbin/rtcwake
#usr/share/man/man1/scriptlive.1
#usr/share/man/man1/scriptreplay.1
#usr/share/man/man1/setpgid.1
+#usr/share/man/man1/setpriv.1
#usr/share/man/man1/setsid.1
#usr/share/man/man1/setterm.1
#usr/share/man/man1/taskset.1
diff --git a/config/rootfiles/common/gnutls b/config/rootfiles/common/gnutls
index c02780dfb0..461e30902a 100644
--- a/config/rootfiles/common/gnutls
+++ b/config/rootfiles/common/gnutls
@@ -1,5 +1,4 @@
usr/bin/certtool
-usr/bin/danetool
usr/bin/gnutls-cli
usr/bin/gnutls-cli-debug
usr/bin/gnutls-serv
@@ -9,7 +8,6 @@ usr/bin/psktool
#usr/include/gnutls/abstract.h
#usr/include/gnutls/compat.h
#usr/include/gnutls/crypto.h
-#usr/include/gnutls/dane.h
#usr/include/gnutls/dtls.h
#usr/include/gnutls/gnutls.h
#usr/include/gnutls/gnutlsxx.h
@@ -26,10 +24,6 @@ usr/bin/psktool
#usr/include/gnutls/urls.h
#usr/include/gnutls/x509-ext.h
#usr/include/gnutls/x509.h
-#usr/lib/libgnutls-dane.la
-#usr/lib/libgnutls-dane.so
-usr/lib/libgnutls-dane.so.0
-usr/lib/libgnutls-dane.so.0.4.1
#usr/lib/libgnutls.la
#usr/lib/libgnutls.so
usr/lib/libgnutls.so.30
@@ -38,7 +32,6 @@ usr/lib/libgnutls.so.30.42.0
#usr/lib/libgnutlsxx.so
usr/lib/libgnutlsxx.so.30
usr/lib/libgnutlsxx.so.30.0.0
-#usr/lib/pkgconfig/gnutls-dane.pc
#usr/lib/pkgconfig/gnutls.pc
#usr/share/doc/gnutls
#usr/share/doc/gnutls/gnutls-client-server-use-case.png
@@ -88,7 +81,6 @@ usr/lib/libgnutlsxx.so.30.0.0
#usr/share/locale/vi/LC_MESSAGES/gnutls.mo
#usr/share/locale/zh_CN/LC_MESSAGES/gnutls.mo
#usr/share/man/man1/certtool.1
-#usr/share/man/man1/danetool.1
#usr/share/man/man1/gnutls-cli-debug.1
#usr/share/man/man1/gnutls-cli.1
#usr/share/man/man1/gnutls-serv.1
diff --git a/config/rootfiles/common/knot b/config/rootfiles/common/knot
index fdca132f89..cde89bedef 100644
--- a/config/rootfiles/common/knot
+++ b/config/rootfiles/common/knot
@@ -1,15 +1,102 @@
usr/bin/kdig
-#usr/lib/libcontrib.a
-#usr/lib/libcontrib.la
+usr/bin/khost
+usr/bin/knsec3hash
+usr/bin/knsupdate
+#usr/include/knot
+#usr/include/knot/module.h
+#usr/include/libdnssec
+#usr/include/libdnssec/binary.h
+#usr/include/libdnssec/crypto.h
+#usr/include/libdnssec/digest.h
+#usr/include/libdnssec/dnssec.h
+#usr/include/libdnssec/error.h
+#usr/include/libdnssec/key.h
+#usr/include/libdnssec/keyid.h
+#usr/include/libdnssec/keystore.h
+#usr/include/libdnssec/keytag.h
+#usr/include/libdnssec/nsec.h
+#usr/include/libdnssec/pem.h
+#usr/include/libdnssec/random.h
+#usr/include/libdnssec/sign.h
+#usr/include/libdnssec/tsig.h
+#usr/include/libdnssec/version.h
+#usr/include/libknot
+#usr/include/libknot/attribute.h
+#usr/include/libknot/codes.h
+#usr/include/libknot/consts.h
+#usr/include/libknot/control
+#usr/include/libknot/control/control.h
+#usr/include/libknot/cookies.h
+#usr/include/libknot/db
+#usr/include/libknot/db/db.h
+#usr/include/libknot/db/db_lmdb.h
+#usr/include/libknot/db/db_trie.h
+#usr/include/libknot/descriptor.h
+#usr/include/libknot/dname.h
+#usr/include/libknot/dynarray.h
+#usr/include/libknot/endian.h
+#usr/include/libknot/errcode.h
+#usr/include/libknot/error.h
+#usr/include/libknot/libknot.h
+#usr/include/libknot/lookup.h
+#usr/include/libknot/mm_ctx.h
+#usr/include/libknot/packet
+#usr/include/libknot/packet/compr.h
+#usr/include/libknot/packet/pkt.h
+#usr/include/libknot/packet/rrset-wire.h
+#usr/include/libknot/packet/wire.h
+#usr/include/libknot/probe
+#usr/include/libknot/probe/data.h
+#usr/include/libknot/probe/probe.h
+#usr/include/libknot/quic
+#usr/include/libknot/quic/tls.h
+#usr/include/libknot/quic/tls_common.h
+#usr/include/libknot/rdata.h
+#usr/include/libknot/rdataset.h
+#usr/include/libknot/rrset-dump.h
+#usr/include/libknot/rrset.h
+#usr/include/libknot/rrtype
+#usr/include/libknot/rrtype/dnskey.h
+#usr/include/libknot/rrtype/ds.h
+#usr/include/libknot/rrtype/naptr.h
+#usr/include/libknot/rrtype/nsec.h
+#usr/include/libknot/rrtype/nsec3.h
+#usr/include/libknot/rrtype/nsec3param.h
+#usr/include/libknot/rrtype/opt.h
+#usr/include/libknot/rrtype/rdname.h
+#usr/include/libknot/rrtype/rrsig.h
+#usr/include/libknot/rrtype/soa.h
+#usr/include/libknot/rrtype/svcb.h
+#usr/include/libknot/rrtype/tsig.h
+#usr/include/libknot/rrtype/zonemd.h
+#usr/include/libknot/tsig-op.h
+#usr/include/libknot/tsig.h
+#usr/include/libknot/version.h
+#usr/include/libknot/wire.h
+#usr/include/libknot/xdp
+#usr/include/libknot/xdp.h
+#usr/include/libknot/xdp/tcp_iobuf.h
+#usr/include/libknot/yparser
+#usr/include/libknot/yparser/yparser.h
+#usr/include/libknot/yparser/ypformat.h
+#usr/include/libknot/yparser/ypschema.h
+#usr/include/libknot/yparser/yptrafo.h
+#usr/include/libzscanner
+#usr/include/libzscanner/error.h
+#usr/include/libzscanner/scanner.h
+#usr/include/libzscanner/version.h
#usr/lib/libdnssec.la
-#usr/lib/libdnssec.lai
#usr/lib/libdnssec.so
usr/lib/libdnssec.so.10
usr/lib/libdnssec.so.10.0.0
#usr/lib/libknot.la
-#usr/lib/libknot.lai
#usr/lib/libknot.so
usr/lib/libknot.so.16
usr/lib/libknot.so.16.0.0
-#usr/lib/libknotus.a
-#usr/lib/libknotus.la
+#usr/lib/libzscanner.la
+#usr/lib/libzscanner.so
+usr/lib/libzscanner.so.5
+usr/lib/libzscanner.so.5.0.0
+#usr/lib/pkgconfig/libdnssec.pc
+#usr/lib/pkgconfig/libknot.pc
+#usr/lib/pkgconfig/libzscanner.pc
diff --git a/config/rootfiles/common/knot-resolver b/config/rootfiles/common/knot-resolver
new file mode 100644
index 0000000000..4376cef509
--- /dev/null
+++ b/config/rootfiles/common/knot-resolver
@@ -0,0 +1,272 @@
+#etc/knot-resolver
+etc/knot-resolver/config.yaml
+etc/knot-resolver/root.hints
+usr/bin/knot-resolver
+usr/bin/kresctl
+#usr/include/libkres
+#usr/include/libkres/api.h
+#usr/include/libkres/array.h
+#usr/include/libkres/cdb_api.h
+#usr/include/libkres/cdb_lmdb.h
+#usr/include/libkres/defines.h
+#usr/include/libkres/dnssec.h
+#usr/include/libkres/impl.h
+#usr/include/libkres/iterate.h
+#usr/include/libkres/kru.h
+#usr/include/libkres/layer.h
+#usr/include/libkres/log.h
+#usr/include/libkres/lru.h
+#usr/include/libkres/mmapped.h
+#usr/include/libkres/module.h
+#usr/include/libkres/nsec.h
+#usr/include/libkres/nsec3.h
+#usr/include/libkres/pack.h
+#usr/include/libkres/proto.h
+#usr/include/libkres/queue.h
+#usr/include/libkres/resolve-impl.h
+#usr/include/libkres/resolve.h
+#usr/include/libkres/rplan.h
+#usr/include/libkres/selection.h
+#usr/include/libkres/selection_forward.h
+#usr/include/libkres/selection_iter.h
+#usr/include/libkres/signature.h
+#usr/include/libkres/ta.h
+#usr/include/libkres/top.h
+#usr/include/libkres/trie.h
+#usr/include/libkres/utils.h
+#usr/include/libkres/zonecut.h
+#usr/lib/knot-resolver
+usr/lib/knot-resolver/ahocorasick.so
+usr/lib/knot-resolver/config.lua
+usr/lib/knot-resolver/debug_opensslkeylog.so
+usr/lib/knot-resolver/distro-preconfig.lua
+usr/lib/knot-resolver/kluautil.lua
+usr/lib/knot-resolver/kres-gen.lua
+usr/lib/knot-resolver/kres.lua
+usr/lib/knot-resolver/kres_modules
+usr/lib/knot-resolver/kres_modules/bogus_log.so
+#usr/lib/knot-resolver/kres_modules/daf
+usr/lib/knot-resolver/kres_modules/daf.lua
+usr/lib/knot-resolver/kres_modules/daf/daf.js
+usr/lib/knot-resolver/kres_modules/detect_time_jump.lua
+usr/lib/knot-resolver/kres_modules/detect_time_skew.lua
+usr/lib/knot-resolver/kres_modules/dns64.lua
+usr/lib/knot-resolver/kres_modules/edns_keepalive.so
+usr/lib/knot-resolver/kres_modules/etcd.lua
+usr/lib/knot-resolver/kres_modules/experimental_dot_auth.lua
+usr/lib/knot-resolver/kres_modules/extended_error.so
+usr/lib/knot-resolver/kres_modules/fallback.lua
+usr/lib/knot-resolver/kres_modules/graphite.lua
+usr/lib/knot-resolver/kres_modules/hints.so
+#usr/lib/knot-resolver/kres_modules/http
+usr/lib/knot-resolver/kres_modules/http.lua
+usr/lib/knot-resolver/kres_modules/http/bootstrap-theme.min.css
+usr/lib/knot-resolver/kres_modules/http/bootstrap.min.css
+usr/lib/knot-resolver/kres_modules/http/bootstrap.min.js
+usr/lib/knot-resolver/kres_modules/http/d3.js
+usr/lib/knot-resolver/kres_modules/http/datamaps.world.min.js
+usr/lib/knot-resolver/kres_modules/http/dygraph.min.js
+usr/lib/knot-resolver/kres_modules/http/epoch.css
+usr/lib/knot-resolver/kres_modules/http/epoch.js
+usr/lib/knot-resolver/kres_modules/http/favicon.ico
+usr/lib/knot-resolver/kres_modules/http/glyphicons-halflings-regular.woff2
+usr/lib/knot-resolver/kres_modules/http/jquery.js
+usr/lib/knot-resolver/kres_modules/http/kresd.css
+usr/lib/knot-resolver/kres_modules/http/kresd.js
+usr/lib/knot-resolver/kres_modules/http/main.tpl
+usr/lib/knot-resolver/kres_modules/http/selectize.bootstrap3.css
+usr/lib/knot-resolver/kres_modules/http/selectize.min.js
+usr/lib/knot-resolver/kres_modules/http/topojson.js
+usr/lib/knot-resolver/kres_modules/http_doh.lua
+usr/lib/knot-resolver/kres_modules/http_tls_cert.lua
+usr/lib/knot-resolver/kres_modules/http_trace.lua
+usr/lib/knot-resolver/kres_modules/leases.lua
+usr/lib/knot-resolver/kres_modules/nsid.so
+usr/lib/knot-resolver/kres_modules/policy.lua
+usr/lib/knot-resolver/kres_modules/predict.lua
+usr/lib/knot-resolver/kres_modules/prefetch.lua
+usr/lib/knot-resolver/kres_modules/prefill.lua
+usr/lib/knot-resolver/kres_modules/priming.lua
+usr/lib/knot-resolver/kres_modules/prometheus.lua
+usr/lib/knot-resolver/kres_modules/rebinding.lua
+usr/lib/knot-resolver/kres_modules/refuse_nord.so
+usr/lib/knot-resolver/kres_modules/renumber.lua
+usr/lib/knot-resolver/kres_modules/serve_stale.lua
+usr/lib/knot-resolver/kres_modules/stats.so
+usr/lib/knot-resolver/kres_modules/ta_sentinel.lua
+usr/lib/knot-resolver/kres_modules/ta_signal_query.lua
+usr/lib/knot-resolver/kres_modules/ta_update.lua
+usr/lib/knot-resolver/kres_modules/view.lua
+usr/lib/knot-resolver/kres_modules/watchdog.lua
+usr/lib/knot-resolver/kres_modules/workarounds.lua
+usr/lib/knot-resolver/krprint.lua
+usr/lib/knot-resolver/postconfig.lua
+usr/lib/knot-resolver/sandbox.lua
+usr/lib/knot-resolver/trust_anchors.lua
+usr/lib/knot-resolver/zonefile.lua
+#usr/lib/libkres.so
+usr/lib/libkres.so.9
+#usr/lib/pkgconfig/libkres.pc
+usr/lib/python3.10/site-packages/knot_resolver
+usr/lib/python3.10/site-packages/knot_resolver-6.3.0-py3.10.egg-info
+usr/lib/python3.10/site-packages/knot_resolver-6.3.0-py3.10.egg-info/PKG-INFO
+usr/lib/python3.10/site-packages/knot_resolver-6.3.0-py3.10.egg-info/SOURCES.txt
+usr/lib/python3.10/site-packages/knot_resolver-6.3.0-py3.10.egg-info/dependency_links.txt
+usr/lib/python3.10/site-packages/knot_resolver-6.3.0-py3.10.egg-info/entry_points.txt
+usr/lib/python3.10/site-packages/knot_resolver-6.3.0-py3.10.egg-info/requires.txt
+usr/lib/python3.10/site-packages/knot_resolver-6.3.0-py3.10.egg-info/top_level.txt
+#usr/lib/python3.10/site-packages/knot_resolver/__init__.py
+#usr/lib/python3.10/site-packages/knot_resolver/client
+#usr/lib/python3.10/site-packages/knot_resolver/client/__init__.py
+#usr/lib/python3.10/site-packages/knot_resolver/client/__main__.py
+#usr/lib/python3.10/site-packages/knot_resolver/client/client.py
+#usr/lib/python3.10/site-packages/knot_resolver/client/command.py
+#usr/lib/python3.10/site-packages/knot_resolver/client/commands
+#usr/lib/python3.10/site-packages/knot_resolver/client/commands/cache.py
+#usr/lib/python3.10/site-packages/knot_resolver/client/commands/completion.py
+#usr/lib/python3.10/site-packages/knot_resolver/client/commands/config.py
+#usr/lib/python3.10/site-packages/knot_resolver/client/commands/convert.py
+#usr/lib/python3.10/site-packages/knot_resolver/client/commands/debug.py
+#usr/lib/python3.10/site-packages/knot_resolver/client/commands/help.py
+#usr/lib/python3.10/site-packages/knot_resolver/client/commands/metrics.py
+#usr/lib/python3.10/site-packages/knot_resolver/client/commands/migrate.py
+#usr/lib/python3.10/site-packages/knot_resolver/client/commands/pids.py
+#usr/lib/python3.10/site-packages/knot_resolver/client/commands/reload.py
+#usr/lib/python3.10/site-packages/knot_resolver/client/commands/schema.py
+#usr/lib/python3.10/site-packages/knot_resolver/client/commands/stop.py
+#usr/lib/python3.10/site-packages/knot_resolver/client/commands/validate.py
+#usr/lib/python3.10/site-packages/knot_resolver/client/main.py
+#usr/lib/python3.10/site-packages/knot_resolver/constants.py
+#usr/lib/python3.10/site-packages/knot_resolver/constants.py.in
+#usr/lib/python3.10/site-packages/knot_resolver/controller
+#usr/lib/python3.10/site-packages/knot_resolver/controller/__init__.py
+#usr/lib/python3.10/site-packages/knot_resolver/controller/exceptions.py
+#usr/lib/python3.10/site-packages/knot_resolver/controller/interface.py
+#usr/lib/python3.10/site-packages/knot_resolver/controller/registered_workers.py
+#usr/lib/python3.10/site-packages/knot_resolver/controller/supervisord
+#usr/lib/python3.10/site-packages/knot_resolver/controller/supervisord/__init__.py
+#usr/lib/python3.10/site-packages/knot_resolver/controller/supervisord/config_file.py
+#usr/lib/python3.10/site-packages/knot_resolver/controller/supervisord/plugin
+#usr/lib/python3.10/site-packages/knot_resolver/controller/supervisord/plugin/fast_rpcinterface.py
+#usr/lib/python3.10/site-packages/knot_resolver/controller/supervisord/plugin/manager_integration.py
+#usr/lib/python3.10/site-packages/knot_resolver/controller/supervisord/plugin/notify.cpython-310-x86_64-linux-gnu.so
+#usr/lib/python3.10/site-packages/knot_resolver/controller/supervisord/plugin/notifymodule.c
+#usr/lib/python3.10/site-packages/knot_resolver/controller/supervisord/plugin/patch_logger.py
+#usr/lib/python3.10/site-packages/knot_resolver/controller/supervisord/plugin/sd_notify.py
+#usr/lib/python3.10/site-packages/knot_resolver/controller/supervisord/supervisord.conf.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/__init__.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/cache_schema.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/config_schema.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/defer_schema.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/design-notes.yml
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/dns64_schema.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/dnssec_schema.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/forward_schema.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/globals.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/local_data_schema.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/logging_schema.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/lua_schema.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/management_schema.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/monitoring_schema.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/network_schema.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/options_schema.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/rate_limiting_schema.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/__init__.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/cache.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/defer.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/dns64.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/dnssec.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/forward.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/kresd.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/local_data.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/logging.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/macros
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/macros/cache_macros.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/macros/common_macros.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/macros/forward_macros.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/macros/local_data_macros.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/macros/network_macros.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/macros/policy_macros.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/macros/view_macros.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/monitoring.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/network.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/options.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/policy-loader.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/rate_limiting.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/templates/views.lua.j2
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/types
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/types/__init__.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/types/base_types.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/types/enums.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/types/files.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/types/generic_types.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/types/types.py
+#usr/lib/python3.10/site-packages/knot_resolver/datamodel/view_schema.py
+#usr/lib/python3.10/site-packages/knot_resolver/exceptions.py
+#usr/lib/python3.10/site-packages/knot_resolver/manager
+#usr/lib/python3.10/site-packages/knot_resolver/manager/__init__.py
+#usr/lib/python3.10/site-packages/knot_resolver/manager/__main__.py
+#usr/lib/python3.10/site-packages/knot_resolver/manager/config_store.py
+#usr/lib/python3.10/site-packages/knot_resolver/manager/constants.py
+#usr/lib/python3.10/site-packages/knot_resolver/manager/exceptions.py
+#usr/lib/python3.10/site-packages/knot_resolver/manager/files
+#usr/lib/python3.10/site-packages/knot_resolver/manager/files/__init__.py
+#usr/lib/python3.10/site-packages/knot_resolver/manager/files/reload.py
+#usr/lib/python3.10/site-packages/knot_resolver/manager/files/watchdog.py
+#usr/lib/python3.10/site-packages/knot_resolver/manager/logger.py
+#usr/lib/python3.10/site-packages/knot_resolver/manager/main.py
+#usr/lib/python3.10/site-packages/knot_resolver/manager/manager.py
+#usr/lib/python3.10/site-packages/knot_resolver/manager/metrics
+#usr/lib/python3.10/site-packages/knot_resolver/manager/metrics/__init__.py
+#usr/lib/python3.10/site-packages/knot_resolver/manager/metrics/collect.py
+#usr/lib/python3.10/site-packages/knot_resolver/manager/metrics/prometheus.py
+#usr/lib/python3.10/site-packages/knot_resolver/manager/server.py
+#usr/lib/python3.10/site-packages/knot_resolver/manager/triggers.py
+#usr/lib/python3.10/site-packages/knot_resolver/meson.build
+#usr/lib/python3.10/site-packages/knot_resolver/utils
+#usr/lib/python3.10/site-packages/knot_resolver/utils/__init__.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/async_utils.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/compat
+#usr/lib/python3.10/site-packages/knot_resolver/utils/compat/__init__.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/compat/asyncio.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/custom_atexit.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/etag.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/functional.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/modeling
+#usr/lib/python3.10/site-packages/knot_resolver/utils/modeling/README.md
+#usr/lib/python3.10/site-packages/knot_resolver/utils/modeling/__init__.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/modeling/base_generic_type_wrapper.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/modeling/base_schema.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/modeling/base_value_type.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/modeling/exceptions.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/modeling/json_pointer.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/modeling/parsing.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/modeling/query.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/modeling/renaming.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/modeling/types.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/requests.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/systemd_notify.py
+#usr/lib/python3.10/site-packages/knot_resolver/utils/which.py
+usr/sbin/dhcp-lease
+usr/sbin/kres-cache-gc
+usr/sbin/kresd
+#usr/share/bash-completion/completions/kresctl
+#usr/share/doc/knot-resolver
+#usr/share/doc/knot-resolver/AUTHORS
+#usr/share/doc/knot-resolver/COPYING
+#usr/share/doc/knot-resolver/NEWS
+#usr/share/doc/knot-resolver/examples
+#usr/share/doc/knot-resolver/examples/config.cluster
+#usr/share/doc/knot-resolver/examples/config.docker
+#usr/share/doc/knot-resolver/examples/config.internal
+#usr/share/doc/knot-resolver/examples/config.isp
+#usr/share/doc/knot-resolver/examples/config.personal
+#usr/share/doc/knot-resolver/examples/config.privacy
+#usr/share/doc/knot-resolver/examples/config.splitview
+#usr/share/man/man8/kresctl.8
+#usr/share/man/man8/kresd.8
+var/cache/knot-resolver
+var/lib/knot-resolver
+var/lib/knot-resolver/root.keys
diff --git a/config/rootfiles/common/libcap b/config/rootfiles/common/libcap
index a3e2752df8..d6aa7b59b6 100644
--- a/config/rootfiles/common/libcap
+++ b/config/rootfiles/common/libcap
@@ -12,8 +12,6 @@ usr/lib/libcap.so.2.78
usr/lib/libpsx.so.2.78
#usr/lib/pkgconfig/libcap.pc
#usr/lib/pkgconfig/libpsx.pc
-#usr/lib/security
-usr/lib/security/pam_cap.so
#usr/share/man/man1/capsh.1
#usr/share/man/man3/__psx_syscall.3
#usr/share/man/man3/cap_clear.3
diff --git a/config/rootfiles/common/lua-cqueues b/config/rootfiles/common/lua-cqueues
new file mode 100644
index 0000000000..41626ec1a9
--- /dev/null
+++ b/config/rootfiles/common/lua-cqueues
@@ -0,0 +1,43 @@
+#usr/lib/lua/5.1
+usr/lib/lua/5.1/_cqueues.so
+usr/lib/lua/5.4/_cqueues.so
+#usr/share/lua/5.1
+#usr/share/lua/5.1/cqueues
+usr/share/lua/5.1/cqueues.lua
+usr/share/lua/5.1/cqueues/auxlib.lua
+usr/share/lua/5.1/cqueues/condition.lua
+#usr/share/lua/5.1/cqueues/dns
+usr/share/lua/5.1/cqueues/dns.lua
+usr/share/lua/5.1/cqueues/dns/config.lua
+usr/share/lua/5.1/cqueues/dns/hints.lua
+usr/share/lua/5.1/cqueues/dns/hosts.lua
+usr/share/lua/5.1/cqueues/dns/packet.lua
+usr/share/lua/5.1/cqueues/dns/record.lua
+usr/share/lua/5.1/cqueues/dns/resolver.lua
+usr/share/lua/5.1/cqueues/dns/resolvers.lua
+usr/share/lua/5.1/cqueues/errno.lua
+usr/share/lua/5.1/cqueues/notify.lua
+usr/share/lua/5.1/cqueues/promise.lua
+usr/share/lua/5.1/cqueues/signal.lua
+usr/share/lua/5.1/cqueues/socket.lua
+usr/share/lua/5.1/cqueues/thread.lua
+usr/share/lua/5.4
+#usr/share/lua/5.4/cqueues
+usr/share/lua/5.4/cqueues.lua
+usr/share/lua/5.4/cqueues/auxlib.lua
+usr/share/lua/5.4/cqueues/condition.lua
+#usr/share/lua/5.4/cqueues/dns
+usr/share/lua/5.4/cqueues/dns.lua
+usr/share/lua/5.4/cqueues/dns/config.lua
+usr/share/lua/5.4/cqueues/dns/hints.lua
+usr/share/lua/5.4/cqueues/dns/hosts.lua
+usr/share/lua/5.4/cqueues/dns/packet.lua
+usr/share/lua/5.4/cqueues/dns/record.lua
+usr/share/lua/5.4/cqueues/dns/resolver.lua
+usr/share/lua/5.4/cqueues/dns/resolvers.lua
+usr/share/lua/5.4/cqueues/errno.lua
+usr/share/lua/5.4/cqueues/notify.lua
+usr/share/lua/5.4/cqueues/promise.lua
+usr/share/lua/5.4/cqueues/signal.lua
+usr/share/lua/5.4/cqueues/socket.lua
+usr/share/lua/5.4/cqueues/thread.lua
diff --git a/config/rootfiles/common/lua-csv b/config/rootfiles/common/lua-csv
new file mode 100644
index 0000000000..6060dca423
--- /dev/null
+++ b/config/rootfiles/common/lua-csv
@@ -0,0 +1,2 @@
+usr/share/lua/5.1/csv.lua
+usr/share/lua/5.4/csv.lua
diff --git a/config/rootfiles/common/lua-sqlite3 b/config/rootfiles/common/lua-sqlite3
new file mode 100644
index 0000000000..880812f781
--- /dev/null
+++ b/config/rootfiles/common/lua-sqlite3
@@ -0,0 +1,20 @@
+usr/lib/lua/5.1/lsqlite3.so
+#usr/lib/luarocks
+#usr/lib/luarocks/rocks-5.1
+#usr/lib/luarocks/rocks-5.1/lsqlite3
+#usr/lib/luarocks/rocks-5.1/lsqlite3/0.9.7-1
+#usr/lib/luarocks/rocks-5.1/lsqlite3/0.9.7-1/doc
+#usr/lib/luarocks/rocks-5.1/lsqlite3/0.9.7-1/doc/lsqlite3.wiki
+#usr/lib/luarocks/rocks-5.1/lsqlite3/0.9.7-1/examples
+#usr/lib/luarocks/rocks-5.1/lsqlite3/0.9.7-1/examples/aggregate.lua
+#usr/lib/luarocks/rocks-5.1/lsqlite3/0.9.7-1/examples/function.lua
+#usr/lib/luarocks/rocks-5.1/lsqlite3/0.9.7-1/examples/hooks_advanced.lua
+#usr/lib/luarocks/rocks-5.1/lsqlite3/0.9.7-1/examples/order.lua
+#usr/lib/luarocks/rocks-5.1/lsqlite3/0.9.7-1/examples/simple.lua
+#usr/lib/luarocks/rocks-5.1/lsqlite3/0.9.7-1/examples/smart.lua
+#usr/lib/luarocks/rocks-5.1/lsqlite3/0.9.7-1/examples/statement.lua
+#usr/lib/luarocks/rocks-5.1/lsqlite3/0.9.7-1/examples/tracing.lua
+#usr/lib/luarocks/rocks-5.1/lsqlite3/0.9.7-1/examples/update_hook.lua
+#usr/lib/luarocks/rocks-5.1/lsqlite3/0.9.7-1/lsqlite3-0.9.7-1.rockspec
+#usr/lib/luarocks/rocks-5.1/lsqlite3/0.9.7-1/rock_manifest
+#usr/lib/luarocks/rocks-5.1/manifest
diff --git a/config/rootfiles/common/luajit b/config/rootfiles/common/luajit
new file mode 100644
index 0000000000..7b712b8459
--- /dev/null
+++ b/config/rootfiles/common/luajit
@@ -0,0 +1,35 @@
+usr/bin/luajit
+usr/bin/luajit-2.1.0-beta3
+#usr/include/luajit-2.1
+#usr/include/luajit-2.1/lauxlib.h
+#usr/include/luajit-2.1/lua.h
+#usr/include/luajit-2.1/lua.hpp
+#usr/include/luajit-2.1/luaconf.h
+#usr/include/luajit-2.1/luajit.h
+#usr/include/luajit-2.1/lualib.h
+#usr/lib/libluajit-5.1.so
+usr/lib/libluajit-5.1.so.2
+usr/lib/libluajit-5.1.so.2.1.0
+#usr/lib/lua/5.1
+#usr/lib/pkgconfig/luajit.pc
+#usr/share/lua/5.1
+#usr/share/luajit-2.1.0-beta3
+#usr/share/luajit-2.1.0-beta3/jit
+#usr/share/luajit-2.1.0-beta3/jit/bc.lua
+#usr/share/luajit-2.1.0-beta3/jit/bcsave.lua
+#usr/share/luajit-2.1.0-beta3/jit/dis_arm.lua
+#usr/share/luajit-2.1.0-beta3/jit/dis_arm64.lua
+#usr/share/luajit-2.1.0-beta3/jit/dis_arm64be.lua
+#usr/share/luajit-2.1.0-beta3/jit/dis_mips.lua
+#usr/share/luajit-2.1.0-beta3/jit/dis_mips64.lua
+#usr/share/luajit-2.1.0-beta3/jit/dis_mips64el.lua
+#usr/share/luajit-2.1.0-beta3/jit/dis_mipsel.lua
+#usr/share/luajit-2.1.0-beta3/jit/dis_ppc.lua
+#usr/share/luajit-2.1.0-beta3/jit/dis_x64.lua
+#usr/share/luajit-2.1.0-beta3/jit/dis_x86.lua
+#usr/share/luajit-2.1.0-beta3/jit/dump.lua
+#usr/share/luajit-2.1.0-beta3/jit/p.lua
+#usr/share/luajit-2.1.0-beta3/jit/v.lua
+#usr/share/luajit-2.1.0-beta3/jit/vmdef.lua
+#usr/share/luajit-2.1.0-beta3/jit/zone.lua
+#usr/share/man/man1/luajit.1
diff --git a/config/rootfiles/common/luarocks b/config/rootfiles/common/luarocks
new file mode 100644
index 0000000000..b2efa223e4
--- /dev/null
+++ b/config/rootfiles/common/luarocks
@@ -0,0 +1,126 @@
+#etc/luarocks
+#etc/luarocks/config-5.1.lua
+#usr/bin/luarocks
+#usr/bin/luarocks-admin
+#usr/share/lua/5.1/compat53
+#usr/share/lua/5.1/compat53/file_mt.lua
+#usr/share/lua/5.1/compat53/init.lua
+#usr/share/lua/5.1/compat53/module.lua
+#usr/share/lua/5.1/luarocks
+#usr/share/lua/5.1/luarocks/admin
+#usr/share/lua/5.1/luarocks/admin/cache.lua
+#usr/share/lua/5.1/luarocks/admin/cmd
+#usr/share/lua/5.1/luarocks/admin/cmd/add.lua
+#usr/share/lua/5.1/luarocks/admin/cmd/make_manifest.lua
+#usr/share/lua/5.1/luarocks/admin/cmd/refresh_cache.lua
+#usr/share/lua/5.1/luarocks/admin/cmd/remove.lua
+#usr/share/lua/5.1/luarocks/admin/index.lua
+#usr/share/lua/5.1/luarocks/build
+#usr/share/lua/5.1/luarocks/build.lua
+#usr/share/lua/5.1/luarocks/build/builtin.lua
+#usr/share/lua/5.1/luarocks/build/cmake.lua
+#usr/share/lua/5.1/luarocks/build/command.lua
+#usr/share/lua/5.1/luarocks/build/make.lua
+#usr/share/lua/5.1/luarocks/cmd
+#usr/share/lua/5.1/luarocks/cmd.lua
+#usr/share/lua/5.1/luarocks/cmd/build.lua
+#usr/share/lua/5.1/luarocks/cmd/config.lua
+#usr/share/lua/5.1/luarocks/cmd/doc.lua
+#usr/share/lua/5.1/luarocks/cmd/download.lua
+#usr/share/lua/5.1/luarocks/cmd/init.lua
+#usr/share/lua/5.1/luarocks/cmd/install.lua
+#usr/share/lua/5.1/luarocks/cmd/lint.lua
+#usr/share/lua/5.1/luarocks/cmd/list.lua
+#usr/share/lua/5.1/luarocks/cmd/make.lua
+#usr/share/lua/5.1/luarocks/cmd/new_version.lua
+#usr/share/lua/5.1/luarocks/cmd/pack.lua
+#usr/share/lua/5.1/luarocks/cmd/path.lua
+#usr/share/lua/5.1/luarocks/cmd/purge.lua
+#usr/share/lua/5.1/luarocks/cmd/remove.lua
+#usr/share/lua/5.1/luarocks/cmd/search.lua
+#usr/share/lua/5.1/luarocks/cmd/show.lua
+#usr/share/lua/5.1/luarocks/cmd/test.lua
+#usr/share/lua/5.1/luarocks/cmd/unpack.lua
+#usr/share/lua/5.1/luarocks/cmd/upload.lua
+#usr/share/lua/5.1/luarocks/cmd/which.lua
+#usr/share/lua/5.1/luarocks/cmd/write_rockspec.lua
+#usr/share/lua/5.1/luarocks/config.lua
+#usr/share/lua/5.1/luarocks/core
+#usr/share/lua/5.1/luarocks/core/cfg.lua
+#usr/share/lua/5.1/luarocks/core/dir.lua
+#usr/share/lua/5.1/luarocks/core/manif.lua
+#usr/share/lua/5.1/luarocks/core/path.lua
+#usr/share/lua/5.1/luarocks/core/persist.lua
+#usr/share/lua/5.1/luarocks/core/sysdetect.lua
+#usr/share/lua/5.1/luarocks/core/types
+#usr/share/lua/5.1/luarocks/core/types/query.lua
+#usr/share/lua/5.1/luarocks/core/types/result.lua
+#usr/share/lua/5.1/luarocks/core/types/rockspec.lua
+#usr/share/lua/5.1/luarocks/core/util.lua
+#usr/share/lua/5.1/luarocks/core/vers.lua
+#usr/share/lua/5.1/luarocks/deplocks.lua
+#usr/share/lua/5.1/luarocks/deps.lua
+#usr/share/lua/5.1/luarocks/dir.lua
+#usr/share/lua/5.1/luarocks/download.lua
+#usr/share/lua/5.1/luarocks/fetch
+#usr/share/lua/5.1/luarocks/fetch.lua
+#usr/share/lua/5.1/luarocks/fetch/cvs.lua
+#usr/share/lua/5.1/luarocks/fetch/git.lua
+#usr/share/lua/5.1/luarocks/fetch/git_file.lua
+#usr/share/lua/5.1/luarocks/fetch/git_http.lua
+#usr/share/lua/5.1/luarocks/fetch/git_https.lua
+#usr/share/lua/5.1/luarocks/fetch/git_ssh.lua
+#usr/share/lua/5.1/luarocks/fetch/hg.lua
+#usr/share/lua/5.1/luarocks/fetch/hg_http.lua
+#usr/share/lua/5.1/luarocks/fetch/hg_https.lua
+#usr/share/lua/5.1/luarocks/fetch/hg_ssh.lua
+#usr/share/lua/5.1/luarocks/fetch/sscm.lua
+#usr/share/lua/5.1/luarocks/fetch/svn.lua
+#usr/share/lua/5.1/luarocks/fs
+#usr/share/lua/5.1/luarocks/fs.lua
+#usr/share/lua/5.1/luarocks/fs/linux.lua
+#usr/share/lua/5.1/luarocks/fs/lua.lua
+#usr/share/lua/5.1/luarocks/fs/macosx.lua
+#usr/share/lua/5.1/luarocks/fs/tools.lua
+#usr/share/lua/5.1/luarocks/fs/unix
+#usr/share/lua/5.1/luarocks/fs/unix.lua
+#usr/share/lua/5.1/luarocks/fs/unix/tools.lua
+#usr/share/lua/5.1/luarocks/fs/win32
+#usr/share/lua/5.1/luarocks/fs/win32.lua
+#usr/share/lua/5.1/luarocks/fs/win32/tools.lua
+#usr/share/lua/5.1/luarocks/fun.lua
+#usr/share/lua/5.1/luarocks/loader.lua
+#usr/share/lua/5.1/luarocks/manif
+#usr/share/lua/5.1/luarocks/manif.lua
+#usr/share/lua/5.1/luarocks/manif/writer.lua
+#usr/share/lua/5.1/luarocks/pack.lua
+#usr/share/lua/5.1/luarocks/path.lua
+#usr/share/lua/5.1/luarocks/persist.lua
+#usr/share/lua/5.1/luarocks/queries.lua
+#usr/share/lua/5.1/luarocks/remove.lua
+#usr/share/lua/5.1/luarocks/repo_writer.lua
+#usr/share/lua/5.1/luarocks/repos.lua
+#usr/share/lua/5.1/luarocks/require.lua
+#usr/share/lua/5.1/luarocks/results.lua
+#usr/share/lua/5.1/luarocks/rockspecs.lua
+#usr/share/lua/5.1/luarocks/search.lua
+#usr/share/lua/5.1/luarocks/signing.lua
+#usr/share/lua/5.1/luarocks/test
+#usr/share/lua/5.1/luarocks/test.lua
+#usr/share/lua/5.1/luarocks/test/busted.lua
+#usr/share/lua/5.1/luarocks/test/command.lua
+#usr/share/lua/5.1/luarocks/tools
+#usr/share/lua/5.1/luarocks/tools/patch.lua
+#usr/share/lua/5.1/luarocks/tools/tar.lua
+#usr/share/lua/5.1/luarocks/tools/zip.lua
+#usr/share/lua/5.1/luarocks/type
+#usr/share/lua/5.1/luarocks/type/manifest.lua
+#usr/share/lua/5.1/luarocks/type/rockspec.lua
+#usr/share/lua/5.1/luarocks/type_check.lua
+#usr/share/lua/5.1/luarocks/upload
+#usr/share/lua/5.1/luarocks/upload/api.lua
+#usr/share/lua/5.1/luarocks/upload/multipart.lua
+#usr/share/lua/5.1/luarocks/util.lua
+#usr/share/lua/5.1/luarocks/vendor
+#usr/share/lua/5.1/luarocks/vendor/argparse.lua
+#usr/share/lua/5.1/luarocks/vendor/dkjson.lua
diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs
index 2c846878ad..94d213e19a 100644
--- a/config/rootfiles/common/misc-progs
+++ b/config/rootfiles/common/misc-progs
@@ -5,6 +5,7 @@ usr/local/bin/captivectrl
usr/local/bin/collectdctrl
usr/local/bin/ddnsctrl
usr/local/bin/dhcpctrl
+usr/local/bin/dnsctrl
usr/local/bin/extrahdctrl
usr/local/bin/fireinfoctrl
usr/local/bin/firewallctrl
@@ -31,7 +32,6 @@ usr/local/bin/suricatactrl
usr/local/bin/syslogdctrl
usr/local/bin/timectrl
#usr/local/bin/torctrl
-usr/local/bin/unboundctrl
usr/local/bin/updxlratorctrl
usr/local/bin/urlfilterctrl
#usr/local/bin/wiohelper
diff --git a/config/rootfiles/common/python3-Jinja2 b/config/rootfiles/common/python3-Jinja2
index 6a29decd07..51bd35f739 100644
--- a/config/rootfiles/common/python3-Jinja2
+++ b/config/rootfiles/common/python3-Jinja2
@@ -1,34 +1,34 @@
-#usr/lib/python3.10/site-packages/Jinja2-3.1.2-py3.10.egg-info
-#usr/lib/python3.10/site-packages/Jinja2-3.1.2-py3.10.egg-info/PKG-INFO
-#usr/lib/python3.10/site-packages/Jinja2-3.1.2-py3.10.egg-info/SOURCES.txt
-#usr/lib/python3.10/site-packages/Jinja2-3.1.2-py3.10.egg-info/dependency_links.txt
-#usr/lib/python3.10/site-packages/Jinja2-3.1.2-py3.10.egg-info/entry_points.txt
-#usr/lib/python3.10/site-packages/Jinja2-3.1.2-py3.10.egg-info/requires.txt
-#usr/lib/python3.10/site-packages/Jinja2-3.1.2-py3.10.egg-info/top_level.txt
-#usr/lib/python3.10/site-packages/jinja2
-#usr/lib/python3.10/site-packages/jinja2/__init__.py
-#usr/lib/python3.10/site-packages/jinja2/_identifier.py
-#usr/lib/python3.10/site-packages/jinja2/async_utils.py
-#usr/lib/python3.10/site-packages/jinja2/bccache.py
-#usr/lib/python3.10/site-packages/jinja2/compiler.py
-#usr/lib/python3.10/site-packages/jinja2/constants.py
-#usr/lib/python3.10/site-packages/jinja2/debug.py
-#usr/lib/python3.10/site-packages/jinja2/defaults.py
-#usr/lib/python3.10/site-packages/jinja2/environment.py
-#usr/lib/python3.10/site-packages/jinja2/exceptions.py
-#usr/lib/python3.10/site-packages/jinja2/ext.py
-#usr/lib/python3.10/site-packages/jinja2/filters.py
-#usr/lib/python3.10/site-packages/jinja2/idtracking.py
-#usr/lib/python3.10/site-packages/jinja2/lexer.py
-#usr/lib/python3.10/site-packages/jinja2/loaders.py
-#usr/lib/python3.10/site-packages/jinja2/meta.py
-#usr/lib/python3.10/site-packages/jinja2/nativetypes.py
-#usr/lib/python3.10/site-packages/jinja2/nodes.py
-#usr/lib/python3.10/site-packages/jinja2/optimizer.py
-#usr/lib/python3.10/site-packages/jinja2/parser.py
-#usr/lib/python3.10/site-packages/jinja2/py.typed
-#usr/lib/python3.10/site-packages/jinja2/runtime.py
-#usr/lib/python3.10/site-packages/jinja2/sandbox.py
-#usr/lib/python3.10/site-packages/jinja2/tests.py
-#usr/lib/python3.10/site-packages/jinja2/utils.py
-#usr/lib/python3.10/site-packages/jinja2/visitor.py
+usr/lib/python3.10/site-packages/Jinja2-3.1.2-py3.10.egg-info
+usr/lib/python3.10/site-packages/Jinja2-3.1.2-py3.10.egg-info/PKG-INFO
+usr/lib/python3.10/site-packages/Jinja2-3.1.2-py3.10.egg-info/SOURCES.txt
+usr/lib/python3.10/site-packages/Jinja2-3.1.2-py3.10.egg-info/dependency_links.txt
+usr/lib/python3.10/site-packages/Jinja2-3.1.2-py3.10.egg-info/entry_points.txt
+usr/lib/python3.10/site-packages/Jinja2-3.1.2-py3.10.egg-info/requires.txt
+usr/lib/python3.10/site-packages/Jinja2-3.1.2-py3.10.egg-info/top_level.txt
+usr/lib/python3.10/site-packages/jinja2
+usr/lib/python3.10/site-packages/jinja2/__init__.py
+usr/lib/python3.10/site-packages/jinja2/_identifier.py
+usr/lib/python3.10/site-packages/jinja2/async_utils.py
+usr/lib/python3.10/site-packages/jinja2/bccache.py
+usr/lib/python3.10/site-packages/jinja2/compiler.py
+usr/lib/python3.10/site-packages/jinja2/constants.py
+usr/lib/python3.10/site-packages/jinja2/debug.py
+usr/lib/python3.10/site-packages/jinja2/defaults.py
+usr/lib/python3.10/site-packages/jinja2/environment.py
+usr/lib/python3.10/site-packages/jinja2/exceptions.py
+usr/lib/python3.10/site-packages/jinja2/ext.py
+usr/lib/python3.10/site-packages/jinja2/filters.py
+usr/lib/python3.10/site-packages/jinja2/idtracking.py
+usr/lib/python3.10/site-packages/jinja2/lexer.py
+usr/lib/python3.10/site-packages/jinja2/loaders.py
+usr/lib/python3.10/site-packages/jinja2/meta.py
+usr/lib/python3.10/site-packages/jinja2/nativetypes.py
+usr/lib/python3.10/site-packages/jinja2/nodes.py
+usr/lib/python3.10/site-packages/jinja2/optimizer.py
+usr/lib/python3.10/site-packages/jinja2/parser.py
+usr/lib/python3.10/site-packages/jinja2/py.typed
+usr/lib/python3.10/site-packages/jinja2/runtime.py
+usr/lib/python3.10/site-packages/jinja2/sandbox.py
+usr/lib/python3.10/site-packages/jinja2/tests.py
+usr/lib/python3.10/site-packages/jinja2/utils.py
+usr/lib/python3.10/site-packages/jinja2/visitor.py
diff --git a/config/rootfiles/common/python3-MarkupSafe b/config/rootfiles/common/python3-MarkupSafe
index 32ca581fc6..52fc9519c7 100644
--- a/config/rootfiles/common/python3-MarkupSafe
+++ b/config/rootfiles/common/python3-MarkupSafe
@@ -1,12 +1,12 @@
-#usr/lib/python3.10/site-packages/MarkupSafe-2.1.3-py3.10.egg-info
-#usr/lib/python3.10/site-packages/MarkupSafe-2.1.3-py3.10.egg-info/PKG-INFO
-#usr/lib/python3.10/site-packages/MarkupSafe-2.1.3-py3.10.egg-info/SOURCES.txt
-#usr/lib/python3.10/site-packages/MarkupSafe-2.1.3-py3.10.egg-info/dependency_links.txt
-#usr/lib/python3.10/site-packages/MarkupSafe-2.1.3-py3.10.egg-info/top_level.txt
-#usr/lib/python3.10/site-packages/markupsafe
-#usr/lib/python3.10/site-packages/markupsafe/__init__.py
-#usr/lib/python3.10/site-packages/markupsafe/_native.py
-#usr/lib/python3.10/site-packages/markupsafe/_speedups.c
-#usr/lib/python3.10/site-packages/markupsafe/_speedups.cpython-310-xxxMACHINExxx-linux-gnu.so
-#usr/lib/python3.10/site-packages/markupsafe/_speedups.pyi
-#usr/lib/python3.10/site-packages/markupsafe/py.typed
+usr/lib/python3.10/site-packages/MarkupSafe-2.1.3-py3.10.egg-info
+usr/lib/python3.10/site-packages/MarkupSafe-2.1.3-py3.10.egg-info/PKG-INFO
+usr/lib/python3.10/site-packages/MarkupSafe-2.1.3-py3.10.egg-info/SOURCES.txt
+usr/lib/python3.10/site-packages/MarkupSafe-2.1.3-py3.10.egg-info/dependency_links.txt
+usr/lib/python3.10/site-packages/MarkupSafe-2.1.3-py3.10.egg-info/top_level.txt
+usr/lib/python3.10/site-packages/markupsafe
+usr/lib/python3.10/site-packages/markupsafe/__init__.py
+usr/lib/python3.10/site-packages/markupsafe/_native.py
+usr/lib/python3.10/site-packages/markupsafe/_speedups.c
+usr/lib/python3.10/site-packages/markupsafe/_speedups.cpython-310-xxxMACHINExxx-linux-gnu.so
+usr/lib/python3.10/site-packages/markupsafe/_speedups.pyi
+usr/lib/python3.10/site-packages/markupsafe/py.typed
diff --git a/config/rootfiles/common/python3-aiohappyeyeballs b/config/rootfiles/common/python3-aiohappyeyeballs
new file mode 100644
index 0000000000..af2fb0a96a
--- /dev/null
+++ b/config/rootfiles/common/python3-aiohappyeyeballs
@@ -0,0 +1,13 @@
+usr/lib/python3.10/site-packages/aiohappyeyeballs
+#usr/lib/python3.10/site-packages/aiohappyeyeballs-2.6.1.dist-info
+#usr/lib/python3.10/site-packages/aiohappyeyeballs-2.6.1.dist-info/METADATA
+#usr/lib/python3.10/site-packages/aiohappyeyeballs-2.6.1.dist-info/RECORD
+#usr/lib/python3.10/site-packages/aiohappyeyeballs-2.6.1.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/aiohappyeyeballs-2.6.1.dist-info/licenses
+#usr/lib/python3.10/site-packages/aiohappyeyeballs-2.6.1.dist-info/licenses/LICENSE
+#usr/lib/python3.10/site-packages/aiohappyeyeballs/__init__.py
+#usr/lib/python3.10/site-packages/aiohappyeyeballs/_staggered.py
+#usr/lib/python3.10/site-packages/aiohappyeyeballs/impl.py
+#usr/lib/python3.10/site-packages/aiohappyeyeballs/py.typed
+#usr/lib/python3.10/site-packages/aiohappyeyeballs/types.py
+#usr/lib/python3.10/site-packages/aiohappyeyeballs/utils.py
diff --git a/config/rootfiles/common/python3-aiohttp b/config/rootfiles/common/python3-aiohttp
new file mode 100644
index 0000000000..6a36f894fe
--- /dev/null
+++ b/config/rootfiles/common/python3-aiohttp
@@ -0,0 +1,86 @@
+usr/lib/python3.10/site-packages/aiohttp
+#usr/lib/python3.10/site-packages/aiohttp-3.13.5-py3.10.egg-info
+#usr/lib/python3.10/site-packages/aiohttp-3.13.5-py3.10.egg-info/PKG-INFO
+#usr/lib/python3.10/site-packages/aiohttp-3.13.5-py3.10.egg-info/SOURCES.txt
+#usr/lib/python3.10/site-packages/aiohttp-3.13.5-py3.10.egg-info/dependency_links.txt
+#usr/lib/python3.10/site-packages/aiohttp-3.13.5-py3.10.egg-info/requires.txt
+#usr/lib/python3.10/site-packages/aiohttp-3.13.5-py3.10.egg-info/top_level.txt
+#usr/lib/python3.10/site-packages/aiohttp/.hash
+#usr/lib/python3.10/site-packages/aiohttp/.hash/_cparser.pxd.hash
+#usr/lib/python3.10/site-packages/aiohttp/.hash/_find_header.pxd.hash
+#usr/lib/python3.10/site-packages/aiohttp/.hash/_http_parser.pyx.hash
+#usr/lib/python3.10/site-packages/aiohttp/.hash/_http_writer.pyx.hash
+#usr/lib/python3.10/site-packages/aiohttp/.hash/hdrs.py.hash
+#usr/lib/python3.10/site-packages/aiohttp/__init__.py
+#usr/lib/python3.10/site-packages/aiohttp/_cookie_helpers.py
+#usr/lib/python3.10/site-packages/aiohttp/_cparser.pxd
+#usr/lib/python3.10/site-packages/aiohttp/_find_header.pxd
+#usr/lib/python3.10/site-packages/aiohttp/_headers.pxi
+#usr/lib/python3.10/site-packages/aiohttp/_http_parser.cpython-310-xxxMACHINExxx-linux-gnu.so
+#usr/lib/python3.10/site-packages/aiohttp/_http_parser.pyx
+#usr/lib/python3.10/site-packages/aiohttp/_http_writer.cpython-310-xxxMACHINExxx-linux-gnu.so
+#usr/lib/python3.10/site-packages/aiohttp/_http_writer.pyx
+#usr/lib/python3.10/site-packages/aiohttp/_websocket
+#usr/lib/python3.10/site-packages/aiohttp/_websocket/.hash
+#usr/lib/python3.10/site-packages/aiohttp/_websocket/.hash/mask.pxd.hash
+#usr/lib/python3.10/site-packages/aiohttp/_websocket/.hash/mask.pyx.hash
+#usr/lib/python3.10/site-packages/aiohttp/_websocket/.hash/reader_c.pxd.hash
+#usr/lib/python3.10/site-packages/aiohttp/_websocket/__init__.py
+#usr/lib/python3.10/site-packages/aiohttp/_websocket/helpers.py
+#usr/lib/python3.10/site-packages/aiohttp/_websocket/mask.cpython-310-xxxMACHINExxx-linux-gnu.so
+#usr/lib/python3.10/site-packages/aiohttp/_websocket/mask.pxd
+#usr/lib/python3.10/site-packages/aiohttp/_websocket/mask.pyx
+#usr/lib/python3.10/site-packages/aiohttp/_websocket/models.py
+#usr/lib/python3.10/site-packages/aiohttp/_websocket/reader.py
+#usr/lib/python3.10/site-packages/aiohttp/_websocket/reader_c.cpython-310-xxxMACHINExxx-linux-gnu.so
+#usr/lib/python3.10/site-packages/aiohttp/_websocket/reader_c.pxd
+#usr/lib/python3.10/site-packages/aiohttp/_websocket/reader_c.py
+#usr/lib/python3.10/site-packages/aiohttp/_websocket/reader_py.py
+#usr/lib/python3.10/site-packages/aiohttp/_websocket/writer.py
+#usr/lib/python3.10/site-packages/aiohttp/abc.py
+#usr/lib/python3.10/site-packages/aiohttp/base_protocol.py
+#usr/lib/python3.10/site-packages/aiohttp/client.py
+#usr/lib/python3.10/site-packages/aiohttp/client_exceptions.py
+#usr/lib/python3.10/site-packages/aiohttp/client_middleware_digest_auth.py
+#usr/lib/python3.10/site-packages/aiohttp/client_middlewares.py
+#usr/lib/python3.10/site-packages/aiohttp/client_proto.py
+#usr/lib/python3.10/site-packages/aiohttp/client_reqrep.py
+#usr/lib/python3.10/site-packages/aiohttp/client_ws.py
+#usr/lib/python3.10/site-packages/aiohttp/compression_utils.py
+#usr/lib/python3.10/site-packages/aiohttp/connector.py
+#usr/lib/python3.10/site-packages/aiohttp/cookiejar.py
+#usr/lib/python3.10/site-packages/aiohttp/formdata.py
+#usr/lib/python3.10/site-packages/aiohttp/hdrs.py
+#usr/lib/python3.10/site-packages/aiohttp/helpers.py
+#usr/lib/python3.10/site-packages/aiohttp/http.py
+#usr/lib/python3.10/site-packages/aiohttp/http_exceptions.py
+#usr/lib/python3.10/site-packages/aiohttp/http_parser.py
+#usr/lib/python3.10/site-packages/aiohttp/http_websocket.py
+#usr/lib/python3.10/site-packages/aiohttp/http_writer.py
+#usr/lib/python3.10/site-packages/aiohttp/log.py
+#usr/lib/python3.10/site-packages/aiohttp/multipart.py
+#usr/lib/python3.10/site-packages/aiohttp/payload.py
+#usr/lib/python3.10/site-packages/aiohttp/payload_streamer.py
+#usr/lib/python3.10/site-packages/aiohttp/py.typed
+#usr/lib/python3.10/site-packages/aiohttp/pytest_plugin.py
+#usr/lib/python3.10/site-packages/aiohttp/resolver.py
+#usr/lib/python3.10/site-packages/aiohttp/streams.py
+#usr/lib/python3.10/site-packages/aiohttp/tcp_helpers.py
+#usr/lib/python3.10/site-packages/aiohttp/test_utils.py
+#usr/lib/python3.10/site-packages/aiohttp/tracing.py
+#usr/lib/python3.10/site-packages/aiohttp/typedefs.py
+#usr/lib/python3.10/site-packages/aiohttp/web.py
+#usr/lib/python3.10/site-packages/aiohttp/web_app.py
+#usr/lib/python3.10/site-packages/aiohttp/web_exceptions.py
+#usr/lib/python3.10/site-packages/aiohttp/web_fileresponse.py
+#usr/lib/python3.10/site-packages/aiohttp/web_log.py
+#usr/lib/python3.10/site-packages/aiohttp/web_middlewares.py
+#usr/lib/python3.10/site-packages/aiohttp/web_protocol.py
+#usr/lib/python3.10/site-packages/aiohttp/web_request.py
+#usr/lib/python3.10/site-packages/aiohttp/web_response.py
+#usr/lib/python3.10/site-packages/aiohttp/web_routedef.py
+#usr/lib/python3.10/site-packages/aiohttp/web_runner.py
+#usr/lib/python3.10/site-packages/aiohttp/web_server.py
+#usr/lib/python3.10/site-packages/aiohttp/web_urldispatcher.py
+#usr/lib/python3.10/site-packages/aiohttp/web_ws.py
+#usr/lib/python3.10/site-packages/aiohttp/worker.py
diff --git a/config/rootfiles/common/python3-aiosignal b/config/rootfiles/common/python3-aiosignal
new file mode 100644
index 0000000000..f61299eec5
--- /dev/null
+++ b/config/rootfiles/common/python3-aiosignal
@@ -0,0 +1,10 @@
+usr/lib/python3.10/site-packages/aiosignal
+#usr/lib/python3.10/site-packages/aiosignal-1.4.0.dist-info
+#usr/lib/python3.10/site-packages/aiosignal-1.4.0.dist-info/METADATA
+#usr/lib/python3.10/site-packages/aiosignal-1.4.0.dist-info/RECORD
+#usr/lib/python3.10/site-packages/aiosignal-1.4.0.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/aiosignal-1.4.0.dist-info/licenses
+#usr/lib/python3.10/site-packages/aiosignal-1.4.0.dist-info/licenses/LICENSE
+#usr/lib/python3.10/site-packages/aiosignal-1.4.0.dist-info/top_level.txt
+#usr/lib/python3.10/site-packages/aiosignal/__init__.py
+#usr/lib/python3.10/site-packages/aiosignal/py.typed
diff --git a/config/rootfiles/common/python3-async-timeout b/config/rootfiles/common/python3-async-timeout
new file mode 100644
index 0000000000..f65e4f01a1
--- /dev/null
+++ b/config/rootfiles/common/python3-async-timeout
@@ -0,0 +1,11 @@
+usr/lib/python3.10/site-packages/async_timeout
+#usr/lib/python3.10/site-packages/async_timeout-5.0.1.dist-info
+#usr/lib/python3.10/site-packages/async_timeout-5.0.1.dist-info/METADATA
+#usr/lib/python3.10/site-packages/async_timeout-5.0.1.dist-info/RECORD
+#usr/lib/python3.10/site-packages/async_timeout-5.0.1.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/async_timeout-5.0.1.dist-info/licenses
+#usr/lib/python3.10/site-packages/async_timeout-5.0.1.dist-info/licenses/LICENSE
+#usr/lib/python3.10/site-packages/async_timeout-5.0.1.dist-info/top_level.txt
+#usr/lib/python3.10/site-packages/async_timeout-5.0.1.dist-info/zip-safe
+#usr/lib/python3.10/site-packages/async_timeout/__init__.py
+#usr/lib/python3.10/site-packages/async_timeout/py.typed
diff --git a/config/rootfiles/packages/python3-attrs b/config/rootfiles/common/python3-attrs
similarity index 100%
rename from config/rootfiles/packages/python3-attrs
rename to config/rootfiles/common/python3-attrs
diff --git a/config/rootfiles/common/python3-expandvars b/config/rootfiles/common/python3-expandvars
new file mode 100644
index 0000000000..d61bb76c99
--- /dev/null
+++ b/config/rootfiles/common/python3-expandvars
@@ -0,0 +1,7 @@
+#usr/lib/python3.10/site-packages/expandvars-1.1.2.dist-info
+#usr/lib/python3.10/site-packages/expandvars-1.1.2.dist-info/METADATA
+#usr/lib/python3.10/site-packages/expandvars-1.1.2.dist-info/RECORD
+#usr/lib/python3.10/site-packages/expandvars-1.1.2.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/expandvars-1.1.2.dist-info/licenses
+#usr/lib/python3.10/site-packages/expandvars-1.1.2.dist-info/licenses/LICENSE
+usr/lib/python3.10/site-packages/expandvars.py
diff --git a/config/rootfiles/common/python3-frozenlist b/config/rootfiles/common/python3-frozenlist
new file mode 100644
index 0000000000..863474e7c1
--- /dev/null
+++ b/config/rootfiles/common/python3-frozenlist
@@ -0,0 +1,13 @@
+usr/lib/python3.10/site-packages/frozenlist
+#usr/lib/python3.10/site-packages/frozenlist-1.8.0.dist-info
+#usr/lib/python3.10/site-packages/frozenlist-1.8.0.dist-info/METADATA
+#usr/lib/python3.10/site-packages/frozenlist-1.8.0.dist-info/RECORD
+#usr/lib/python3.10/site-packages/frozenlist-1.8.0.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/frozenlist-1.8.0.dist-info/licenses
+#usr/lib/python3.10/site-packages/frozenlist-1.8.0.dist-info/licenses/LICENSE
+#usr/lib/python3.10/site-packages/frozenlist-1.8.0.dist-info/top_level.txt
+#usr/lib/python3.10/site-packages/frozenlist/__init__.py
+#usr/lib/python3.10/site-packages/frozenlist/__init__.pyi
+#usr/lib/python3.10/site-packages/frozenlist/_frozenlist.cpython-310-xxxMACHINExxx-linux-gnu.so
+#usr/lib/python3.10/site-packages/frozenlist/_frozenlist.pyx
+#usr/lib/python3.10/site-packages/frozenlist/py.typed
diff --git a/config/rootfiles/packages/python3-idna b/config/rootfiles/common/python3-idna
similarity index 100%
rename from config/rootfiles/packages/python3-idna
rename to config/rootfiles/common/python3-idna
diff --git a/config/rootfiles/common/python3-multidict b/config/rootfiles/common/python3-multidict
new file mode 100644
index 0000000000..bda1146444
--- /dev/null
+++ b/config/rootfiles/common/python3-multidict
@@ -0,0 +1,13 @@
+usr/lib/python3.10/site-packages/multidict
+#usr/lib/python3.10/site-packages/multidict-6.7.1-py3.10.egg-info
+#usr/lib/python3.10/site-packages/multidict-6.7.1-py3.10.egg-info/PKG-INFO
+#usr/lib/python3.10/site-packages/multidict-6.7.1-py3.10.egg-info/SOURCES.txt
+#usr/lib/python3.10/site-packages/multidict-6.7.1-py3.10.egg-info/dependency_links.txt
+#usr/lib/python3.10/site-packages/multidict-6.7.1-py3.10.egg-info/requires.txt
+#usr/lib/python3.10/site-packages/multidict-6.7.1-py3.10.egg-info/top_level.txt
+#usr/lib/python3.10/site-packages/multidict/__init__.py
+#usr/lib/python3.10/site-packages/multidict/_abc.py
+#usr/lib/python3.10/site-packages/multidict/_compat.py
+#usr/lib/python3.10/site-packages/multidict/_multidict.cpython-310-xxxMACHINExxx-linux-gnu.so
+#usr/lib/python3.10/site-packages/multidict/_multidict_py.py
+#usr/lib/python3.10/site-packages/multidict/py.typed
diff --git a/config/rootfiles/common/python3-poetry-core b/config/rootfiles/common/python3-poetry-core
new file mode 100644
index 0000000000..c28c3cfee9
--- /dev/null
+++ b/config/rootfiles/common/python3-poetry-core
@@ -0,0 +1,204 @@
+#usr/lib/python3.10/site-packages/poetry
+#usr/lib/python3.10/site-packages/poetry/core
+#usr/lib/python3.10/site-packages/poetry/core/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/fastjsonschema
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/fastjsonschema/LICENSE
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/fastjsonschema/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/fastjsonschema/__main__.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/fastjsonschema/draft04.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/fastjsonschema/draft06.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/fastjsonschema/draft07.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/fastjsonschema/exceptions.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/fastjsonschema/generator.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/fastjsonschema/indent.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/fastjsonschema/ref_resolver.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/fastjsonschema/version.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/LICENSE
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/__pyinstaller
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/__pyinstaller/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/__pyinstaller/hook-lark.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/ast_utils.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/common.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/exceptions.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/grammar.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/grammars
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/grammars/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/grammars/common.lark
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/grammars/lark.lark
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/grammars/python.lark
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/grammars/unicode.lark
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/indenter.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/lark.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/lexer.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/load_grammar.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/parse_tree_builder.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/parser_frontends.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/parsers
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/parsers/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/parsers/cyk.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/parsers/earley.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/parsers/earley_common.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/parsers/earley_forest.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/parsers/grammar_analysis.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/parsers/lalr_analysis.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/parsers/lalr_interactive_parser.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/parsers/lalr_parser.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/parsers/lalr_parser_state.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/parsers/xearley.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/py.typed
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/reconstruct.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/tools
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/tools/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/tools/nearley.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/tools/serialize.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/tools/standalone.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/tree.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/tree_matcher.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/tree_templates.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/utils.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/lark/visitors.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/LICENSE
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/LICENSE.APACHE
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/LICENSE.BSD
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/_elffile.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/_manylinux.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/_musllinux.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/_parser.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/_structures.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/_tokenizer.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/dependency_groups.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/direct_url.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/errors.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/licenses
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/licenses/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/licenses/_spdx.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/markers.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/metadata.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/py.typed
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/pylock.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/requirements.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/specifiers.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/tags.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/utils.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/packaging/version.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/tomli
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/tomli/LICENSE
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/tomli/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/tomli/_parser.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/tomli/_re.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/tomli/_types.py
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/tomli/py.typed
+#usr/lib/python3.10/site-packages/poetry/core/_vendor/vendor.txt
+#usr/lib/python3.10/site-packages/poetry/core/constraints
+#usr/lib/python3.10/site-packages/poetry/core/constraints/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/generic
+#usr/lib/python3.10/site-packages/poetry/core/constraints/generic/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/generic/any_constraint.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/generic/base_constraint.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/generic/constraint.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/generic/empty_constraint.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/generic/multi_constraint.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/generic/parser.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/generic/union_constraint.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/version
+#usr/lib/python3.10/site-packages/poetry/core/constraints/version/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/version/empty_constraint.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/version/exceptions.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/version/parser.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/version/patterns.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/version/util.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/version/version.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/version/version_constraint.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/version/version_range.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/version/version_range_constraint.py
+#usr/lib/python3.10/site-packages/poetry/core/constraints/version/version_union.py
+#usr/lib/python3.10/site-packages/poetry/core/exceptions
+#usr/lib/python3.10/site-packages/poetry/core/exceptions/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/exceptions/base.py
+#usr/lib/python3.10/site-packages/poetry/core/factory.py
+#usr/lib/python3.10/site-packages/poetry/core/json
+#usr/lib/python3.10/site-packages/poetry/core/json/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/json/schemas
+#usr/lib/python3.10/site-packages/poetry/core/json/schemas/dependency-groups-schema.json
+#usr/lib/python3.10/site-packages/poetry/core/json/schemas/poetry-schema.json
+#usr/lib/python3.10/site-packages/poetry/core/json/schemas/project-schema.json
+#usr/lib/python3.10/site-packages/poetry/core/masonry
+#usr/lib/python3.10/site-packages/poetry/core/masonry/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/masonry/api.py
+#usr/lib/python3.10/site-packages/poetry/core/masonry/builders
+#usr/lib/python3.10/site-packages/poetry/core/masonry/builders/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/masonry/builders/builder.py
+#usr/lib/python3.10/site-packages/poetry/core/masonry/builders/sdist.py
+#usr/lib/python3.10/site-packages/poetry/core/masonry/builders/wheel.py
+#usr/lib/python3.10/site-packages/poetry/core/masonry/metadata.py
+#usr/lib/python3.10/site-packages/poetry/core/masonry/utils
+#usr/lib/python3.10/site-packages/poetry/core/masonry/utils/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/masonry/utils/helpers.py
+#usr/lib/python3.10/site-packages/poetry/core/masonry/utils/include.py
+#usr/lib/python3.10/site-packages/poetry/core/masonry/utils/module.py
+#usr/lib/python3.10/site-packages/poetry/core/masonry/utils/package_include.py
+#usr/lib/python3.10/site-packages/poetry/core/packages
+#usr/lib/python3.10/site-packages/poetry/core/packages/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/packages/dependency.py
+#usr/lib/python3.10/site-packages/poetry/core/packages/dependency_group.py
+#usr/lib/python3.10/site-packages/poetry/core/packages/directory_dependency.py
+#usr/lib/python3.10/site-packages/poetry/core/packages/file_dependency.py
+#usr/lib/python3.10/site-packages/poetry/core/packages/package.py
+#usr/lib/python3.10/site-packages/poetry/core/packages/path_dependency.py
+#usr/lib/python3.10/site-packages/poetry/core/packages/project_package.py
+#usr/lib/python3.10/site-packages/poetry/core/packages/specification.py
+#usr/lib/python3.10/site-packages/poetry/core/packages/url_dependency.py
+#usr/lib/python3.10/site-packages/poetry/core/packages/utils
+#usr/lib/python3.10/site-packages/poetry/core/packages/utils/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/packages/utils/link.py
+#usr/lib/python3.10/site-packages/poetry/core/packages/utils/utils.py
+#usr/lib/python3.10/site-packages/poetry/core/packages/vcs_dependency.py
+#usr/lib/python3.10/site-packages/poetry/core/poetry.py
+#usr/lib/python3.10/site-packages/poetry/core/py.typed
+#usr/lib/python3.10/site-packages/poetry/core/pyproject
+#usr/lib/python3.10/site-packages/poetry/core/pyproject/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/pyproject/exceptions.py
+#usr/lib/python3.10/site-packages/poetry/core/pyproject/tables.py
+#usr/lib/python3.10/site-packages/poetry/core/pyproject/toml.py
+#usr/lib/python3.10/site-packages/poetry/core/spdx
+#usr/lib/python3.10/site-packages/poetry/core/spdx/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/spdx/data
+#usr/lib/python3.10/site-packages/poetry/core/spdx/data/licenses.json
+#usr/lib/python3.10/site-packages/poetry/core/spdx/helpers.py
+#usr/lib/python3.10/site-packages/poetry/core/spdx/license.py
+#usr/lib/python3.10/site-packages/poetry/core/spdx/updater.py
+#usr/lib/python3.10/site-packages/poetry/core/utils
+#usr/lib/python3.10/site-packages/poetry/core/utils/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/utils/_compat.py
+#usr/lib/python3.10/site-packages/poetry/core/utils/helpers.py
+#usr/lib/python3.10/site-packages/poetry/core/utils/patterns.py
+#usr/lib/python3.10/site-packages/poetry/core/vcs
+#usr/lib/python3.10/site-packages/poetry/core/vcs/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/vcs/git.py
+#usr/lib/python3.10/site-packages/poetry/core/version
+#usr/lib/python3.10/site-packages/poetry/core/version/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/version/exceptions.py
+#usr/lib/python3.10/site-packages/poetry/core/version/grammars
+#usr/lib/python3.10/site-packages/poetry/core/version/grammars/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/version/grammars/markers.lark
+#usr/lib/python3.10/site-packages/poetry/core/version/grammars/pep508.lark
+#usr/lib/python3.10/site-packages/poetry/core/version/helpers.py
+#usr/lib/python3.10/site-packages/poetry/core/version/markers.py
+#usr/lib/python3.10/site-packages/poetry/core/version/parser.py
+#usr/lib/python3.10/site-packages/poetry/core/version/pep440
+#usr/lib/python3.10/site-packages/poetry/core/version/pep440/__init__.py
+#usr/lib/python3.10/site-packages/poetry/core/version/pep440/parser.py
+#usr/lib/python3.10/site-packages/poetry/core/version/pep440/segments.py
+#usr/lib/python3.10/site-packages/poetry/core/version/pep440/version.py
+#usr/lib/python3.10/site-packages/poetry/core/version/requirements.py
+#usr/lib/python3.10/site-packages/poetry_core-2.4.0.dist-info
+#usr/lib/python3.10/site-packages/poetry_core-2.4.0.dist-info/METADATA
+#usr/lib/python3.10/site-packages/poetry_core-2.4.0.dist-info/RECORD
+#usr/lib/python3.10/site-packages/poetry_core-2.4.0.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/poetry_core-2.4.0.dist-info/licenses
+#usr/lib/python3.10/site-packages/poetry_core-2.4.0.dist-info/licenses/LICENSE
diff --git a/config/rootfiles/common/python3-propcache b/config/rootfiles/common/python3-propcache
new file mode 100644
index 0000000000..dc4ed6387c
--- /dev/null
+++ b/config/rootfiles/common/python3-propcache
@@ -0,0 +1,16 @@
+usr/lib/python3.10/site-packages/propcache
+#usr/lib/python3.10/site-packages/propcache-0.5.2.dist-info
+#usr/lib/python3.10/site-packages/propcache-0.5.2.dist-info/METADATA
+#usr/lib/python3.10/site-packages/propcache-0.5.2.dist-info/RECORD
+#usr/lib/python3.10/site-packages/propcache-0.5.2.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/propcache-0.5.2.dist-info/licenses
+#usr/lib/python3.10/site-packages/propcache-0.5.2.dist-info/licenses/LICENSE
+#usr/lib/python3.10/site-packages/propcache-0.5.2.dist-info/licenses/NOTICE
+#usr/lib/python3.10/site-packages/propcache-0.5.2.dist-info/top_level.txt
+#usr/lib/python3.10/site-packages/propcache/__init__.py
+#usr/lib/python3.10/site-packages/propcache/_helpers.py
+#usr/lib/python3.10/site-packages/propcache/_helpers_c.cpython-310-xxxMACHINExxx-linux-gnu.so
+#usr/lib/python3.10/site-packages/propcache/_helpers_c.pyx
+#usr/lib/python3.10/site-packages/propcache/_helpers_py.py
+#usr/lib/python3.10/site-packages/propcache/api.py
+#usr/lib/python3.10/site-packages/propcache/py.typed
diff --git a/config/rootfiles/common/python3-setuptools b/config/rootfiles/common/python3-setuptools
index 7778cab1cb..3bbecb6064 100644
--- a/config/rootfiles/common/python3-setuptools
+++ b/config/rootfiles/common/python3-setuptools
@@ -1,37 +1,11 @@
-#usr/lib/python3.10/site-packages/pkg_resources/api_tests.txt
-#usr/lib/python3.10/site-packages/pkg_resources/py.typed
-#usr/lib/python3.10/site-packages/pkg_resources/tests
-#usr/lib/python3.10/site-packages/pkg_resources/tests/__init__.py
-#usr/lib/python3.10/site-packages/pkg_resources/tests/data
-#usr/lib/python3.10/site-packages/pkg_resources/tests/data/my-test-package-source
-#usr/lib/python3.10/site-packages/pkg_resources/tests/data/my-test-package-source/setup.cfg
-#usr/lib/python3.10/site-packages/pkg_resources/tests/data/my-test-package-source/setup.py
-#usr/lib/python3.10/site-packages/pkg_resources/tests/data/my-test-package-zip
-#usr/lib/python3.10/site-packages/pkg_resources/tests/data/my-test-package-zip/my-test-package.zip
-#usr/lib/python3.10/site-packages/pkg_resources/tests/data/my-test-package_unpacked-egg
-#usr/lib/python3.10/site-packages/pkg_resources/tests/data/my-test-package_unpacked-egg/my_test_package-1.0-py3.7.egg
-#usr/lib/python3.10/site-packages/pkg_resources/tests/data/my-test-package_unpacked-egg/my_test_package-1.0-py3.7.egg/EGG-INFO
-#usr/lib/python3.10/site-packages/pkg_resources/tests/data/my-test-package_unpacked-egg/my_test_package-1.0-py3.7.egg/EGG-INFO/PKG-INFO
-#usr/lib/python3.10/site-packages/pkg_resources/tests/data/my-test-package_unpacked-egg/my_test_package-1.0-py3.7.egg/EGG-INFO/SOURCES.txt
-#usr/lib/python3.10/site-packages/pkg_resources/tests/data/my-test-package_unpacked-egg/my_test_package-1.0-py3.7.egg/EGG-INFO/dependency_links.txt
-#usr/lib/python3.10/site-packages/pkg_resources/tests/data/my-test-package_unpacked-egg/my_test_package-1.0-py3.7.egg/EGG-INFO/top_level.txt
-#usr/lib/python3.10/site-packages/pkg_resources/tests/data/my-test-package_unpacked-egg/my_test_package-1.0-py3.7.egg/EGG-INFO/zip-safe
-#usr/lib/python3.10/site-packages/pkg_resources/tests/data/my-test-package_zipped-egg
-#usr/lib/python3.10/site-packages/pkg_resources/tests/data/my-test-package_zipped-egg/my_test_package-1.0-py3.7.egg
-#usr/lib/python3.10/site-packages/pkg_resources/tests/test_find_distributions.py
-#usr/lib/python3.10/site-packages/pkg_resources/tests/test_integration_zope_interface.py
-#usr/lib/python3.10/site-packages/pkg_resources/tests/test_markers.py
-#usr/lib/python3.10/site-packages/pkg_resources/tests/test_pkg_resources.py
-#usr/lib/python3.10/site-packages/pkg_resources/tests/test_resources.py
-#usr/lib/python3.10/site-packages/pkg_resources/tests/test_working_set.py
#usr/lib/python3.10/site-packages/setuptools
-#usr/lib/python3.10/site-packages/setuptools-80.9.0-py3.10.egg-info
-#usr/lib/python3.10/site-packages/setuptools-80.9.0-py3.10.egg-info/PKG-INFO
-#usr/lib/python3.10/site-packages/setuptools-80.9.0-py3.10.egg-info/SOURCES.txt
-#usr/lib/python3.10/site-packages/setuptools-80.9.0-py3.10.egg-info/dependency_links.txt
-#usr/lib/python3.10/site-packages/setuptools-80.9.0-py3.10.egg-info/entry_points.txt
-#usr/lib/python3.10/site-packages/setuptools-80.9.0-py3.10.egg-info/requires.txt
-#usr/lib/python3.10/site-packages/setuptools-80.9.0-py3.10.egg-info/top_level.txt
+#usr/lib/python3.10/site-packages/setuptools-82.0.1-py3.10.egg-info
+#usr/lib/python3.10/site-packages/setuptools-82.0.1-py3.10.egg-info/PKG-INFO
+#usr/lib/python3.10/site-packages/setuptools-82.0.1-py3.10.egg-info/SOURCES.txt
+#usr/lib/python3.10/site-packages/setuptools-82.0.1-py3.10.egg-info/dependency_links.txt
+#usr/lib/python3.10/site-packages/setuptools-82.0.1-py3.10.egg-info/entry_points.txt
+#usr/lib/python3.10/site-packages/setuptools-82.0.1-py3.10.egg-info/requires.txt
+#usr/lib/python3.10/site-packages/setuptools-82.0.1-py3.10.egg-info/top_level.txt
#usr/lib/python3.10/site-packages/setuptools/__init__.py
#usr/lib/python3.10/site-packages/setuptools/_core_metadata.py
#usr/lib/python3.10/site-packages/setuptools/_discovery.py
@@ -154,12 +128,14 @@
#usr/lib/python3.10/site-packages/setuptools/_shutil.py
#usr/lib/python3.10/site-packages/setuptools/_static.py
#usr/lib/python3.10/site-packages/setuptools/_vendor
+#usr/lib/python3.10/site-packages/setuptools/_vendor/.lock
#usr/lib/python3.10/site-packages/setuptools/_vendor/autocommand
#usr/lib/python3.10/site-packages/setuptools/_vendor/autocommand-2.2.2.dist-info
#usr/lib/python3.10/site-packages/setuptools/_vendor/autocommand-2.2.2.dist-info/INSTALLER
#usr/lib/python3.10/site-packages/setuptools/_vendor/autocommand-2.2.2.dist-info/LICENSE
#usr/lib/python3.10/site-packages/setuptools/_vendor/autocommand-2.2.2.dist-info/METADATA
#usr/lib/python3.10/site-packages/setuptools/_vendor/autocommand-2.2.2.dist-info/RECORD
+#usr/lib/python3.10/site-packages/setuptools/_vendor/autocommand-2.2.2.dist-info/REQUESTED
#usr/lib/python3.10/site-packages/setuptools/_vendor/autocommand-2.2.2.dist-info/WHEEL
#usr/lib/python3.10/site-packages/setuptools/_vendor/autocommand-2.2.2.dist-info/top_level.txt
#usr/lib/python3.10/site-packages/setuptools/_vendor/autocommand/__init__.py
@@ -185,14 +161,15 @@
#usr/lib/python3.10/site-packages/setuptools/_vendor/backports/tarfile/compat/__init__.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/backports/tarfile/compat/py38.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata
-#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata-8.0.0.dist-info
-#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata-8.0.0.dist-info/INSTALLER
-#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata-8.0.0.dist-info/LICENSE
-#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata-8.0.0.dist-info/METADATA
-#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata-8.0.0.dist-info/RECORD
-#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata-8.0.0.dist-info/REQUESTED
-#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata-8.0.0.dist-info/WHEEL
-#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata-8.0.0.dist-info/top_level.txt
+#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata-8.7.1.dist-info
+#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata-8.7.1.dist-info/INSTALLER
+#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata-8.7.1.dist-info/METADATA
+#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata-8.7.1.dist-info/RECORD
+#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata-8.7.1.dist-info/REQUESTED
+#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata-8.7.1.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata-8.7.1.dist-info/licenses
+#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata-8.7.1.dist-info/licenses/LICENSE
+#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata-8.7.1.dist-info/top_level.txt
#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata/__init__.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata/_adapters.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata/_collections.py
@@ -201,60 +178,25 @@
#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata/_itertools.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata/_meta.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata/_text.py
+#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata/_typing.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata/compat
#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata/compat/__init__.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata/compat/py311.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata/compat/py39.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata/diagnose.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/importlib_metadata/py.typed
-#usr/lib/python3.10/site-packages/setuptools/_vendor/inflect
-#usr/lib/python3.10/site-packages/setuptools/_vendor/inflect-7.3.1.dist-info
-#usr/lib/python3.10/site-packages/setuptools/_vendor/inflect-7.3.1.dist-info/INSTALLER
-#usr/lib/python3.10/site-packages/setuptools/_vendor/inflect-7.3.1.dist-info/LICENSE
-#usr/lib/python3.10/site-packages/setuptools/_vendor/inflect-7.3.1.dist-info/METADATA
-#usr/lib/python3.10/site-packages/setuptools/_vendor/inflect-7.3.1.dist-info/RECORD
-#usr/lib/python3.10/site-packages/setuptools/_vendor/inflect-7.3.1.dist-info/WHEEL
-#usr/lib/python3.10/site-packages/setuptools/_vendor/inflect-7.3.1.dist-info/top_level.txt
-#usr/lib/python3.10/site-packages/setuptools/_vendor/inflect/__init__.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/inflect/compat
-#usr/lib/python3.10/site-packages/setuptools/_vendor/inflect/compat/__init__.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/inflect/compat/py38.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/inflect/py.typed
#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.collections-5.1.0.dist-info
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.collections-5.1.0.dist-info/INSTALLER
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.collections-5.1.0.dist-info/LICENSE
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.collections-5.1.0.dist-info/METADATA
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.collections-5.1.0.dist-info/RECORD
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.collections-5.1.0.dist-info/REQUESTED
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.collections-5.1.0.dist-info/WHEEL
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.collections-5.1.0.dist-info/top_level.txt
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.context-5.3.0.dist-info
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.context-5.3.0.dist-info/INSTALLER
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.context-5.3.0.dist-info/LICENSE
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.context-5.3.0.dist-info/METADATA
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.context-5.3.0.dist-info/RECORD
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.context-5.3.0.dist-info/WHEEL
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.context-5.3.0.dist-info/top_level.txt
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.functools-4.0.1.dist-info
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.functools-4.0.1.dist-info/INSTALLER
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.functools-4.0.1.dist-info/LICENSE
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.functools-4.0.1.dist-info/METADATA
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.functools-4.0.1.dist-info/RECORD
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.functools-4.0.1.dist-info/WHEEL
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.functools-4.0.1.dist-info/top_level.txt
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.text-3.12.1.dist-info
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.text-3.12.1.dist-info/INSTALLER
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.text-3.12.1.dist-info/LICENSE
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.text-3.12.1.dist-info/METADATA
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.text-3.12.1.dist-info/RECORD
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.text-3.12.1.dist-info/REQUESTED
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.text-3.12.1.dist-info/WHEEL
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.text-3.12.1.dist-info/top_level.txt
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco/collections
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco/collections/__init__.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco/collections/py.typed
-#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco/context.py
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.text-4.0.0.dist-info
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.text-4.0.0.dist-info/INSTALLER
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.text-4.0.0.dist-info/LICENSE
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.text-4.0.0.dist-info/METADATA
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.text-4.0.0.dist-info/RECORD
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.text-4.0.0.dist-info/REQUESTED
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.text-4.0.0.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco.text-4.0.0.dist-info/top_level.txt
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco/context
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco/context/__init__.py
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco/context/py.typed
#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco/functools
#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco/functools/__init__.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco/functools/__init__.pyi
@@ -267,14 +209,33 @@
#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco/text/strip-prefix.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco/text/to-dvorak.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco/text/to-qwerty.py
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco_context-6.1.0.dist-info
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco_context-6.1.0.dist-info/INSTALLER
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco_context-6.1.0.dist-info/METADATA
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco_context-6.1.0.dist-info/RECORD
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco_context-6.1.0.dist-info/REQUESTED
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco_context-6.1.0.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco_context-6.1.0.dist-info/licenses
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco_context-6.1.0.dist-info/licenses/LICENSE
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco_context-6.1.0.dist-info/top_level.txt
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco_functools-4.4.0.dist-info
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco_functools-4.4.0.dist-info/INSTALLER
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco_functools-4.4.0.dist-info/METADATA
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco_functools-4.4.0.dist-info/RECORD
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco_functools-4.4.0.dist-info/REQUESTED
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco_functools-4.4.0.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco_functools-4.4.0.dist-info/licenses
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco_functools-4.4.0.dist-info/licenses/LICENSE
+#usr/lib/python3.10/site-packages/setuptools/_vendor/jaraco_functools-4.4.0.dist-info/top_level.txt
#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools
-#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools-10.3.0.dist-info
-#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools-10.3.0.dist-info/INSTALLER
-#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools-10.3.0.dist-info/LICENSE
-#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools-10.3.0.dist-info/METADATA
-#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools-10.3.0.dist-info/RECORD
-#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools-10.3.0.dist-info/REQUESTED
-#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools-10.3.0.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools-10.8.0.dist-info
+#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools-10.8.0.dist-info/INSTALLER
+#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools-10.8.0.dist-info/METADATA
+#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools-10.8.0.dist-info/RECORD
+#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools-10.8.0.dist-info/REQUESTED
+#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools-10.8.0.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools-10.8.0.dist-info/licenses
+#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools-10.8.0.dist-info/licenses/LICENSE
#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools/__init__.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools/__init__.pyi
#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools/more.py
@@ -283,15 +244,16 @@
#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools/recipes.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/more_itertools/recipes.pyi
#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging
-#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-24.2.dist-info
-#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-24.2.dist-info/INSTALLER
-#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-24.2.dist-info/LICENSE
-#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-24.2.dist-info/LICENSE.APACHE
-#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-24.2.dist-info/LICENSE.BSD
-#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-24.2.dist-info/METADATA
-#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-24.2.dist-info/RECORD
-#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-24.2.dist-info/REQUESTED
-#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-24.2.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-26.0.dist-info
+#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-26.0.dist-info/INSTALLER
+#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-26.0.dist-info/METADATA
+#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-26.0.dist-info/RECORD
+#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-26.0.dist-info/REQUESTED
+#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-26.0.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-26.0.dist-info/licenses
+#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-26.0.dist-info/licenses/LICENSE
+#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-26.0.dist-info/licenses/LICENSE.APACHE
+#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging-26.0.dist-info/licenses/LICENSE.BSD
#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/__init__.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/_elffile.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/_manylinux.py
@@ -305,20 +267,21 @@
#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/markers.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/metadata.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/py.typed
+#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/pylock.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/requirements.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/specifiers.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/tags.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/utils.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/version.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs
-#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs-4.2.2.dist-info
-#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs-4.2.2.dist-info/INSTALLER
-#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs-4.2.2.dist-info/METADATA
-#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs-4.2.2.dist-info/RECORD
-#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs-4.2.2.dist-info/REQUESTED
-#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs-4.2.2.dist-info/WHEEL
-#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs-4.2.2.dist-info/licenses
-#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs-4.2.2.dist-info/licenses/LICENSE
+#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs-4.4.0.dist-info
+#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs-4.4.0.dist-info/INSTALLER
+#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs-4.4.0.dist-info/METADATA
+#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs-4.4.0.dist-info/RECORD
+#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs-4.4.0.dist-info/REQUESTED
+#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs-4.4.0.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs-4.4.0.dist-info/licenses
+#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs-4.4.0.dist-info/licenses/LICENSE
#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs/__init__.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs/__main__.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs/android.py
@@ -329,105 +292,61 @@
#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs/version.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/platformdirs/windows.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli
-#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli-2.0.1.dist-info
-#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli-2.0.1.dist-info/INSTALLER
-#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli-2.0.1.dist-info/LICENSE
-#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli-2.0.1.dist-info/METADATA
-#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli-2.0.1.dist-info/RECORD
-#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli-2.0.1.dist-info/REQUESTED
-#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli-2.0.1.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli-2.4.0.dist-info
+#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli-2.4.0.dist-info/INSTALLER
+#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli-2.4.0.dist-info/METADATA
+#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli-2.4.0.dist-info/RECORD
+#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli-2.4.0.dist-info/REQUESTED
+#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli-2.4.0.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli-2.4.0.dist-info/licenses
+#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli-2.4.0.dist-info/licenses/LICENSE
#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli/__init__.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli/_parser.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli/_re.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli/_types.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/tomli/py.typed
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard-4.3.0.dist-info
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard-4.3.0.dist-info/INSTALLER
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard-4.3.0.dist-info/LICENSE
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard-4.3.0.dist-info/METADATA
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard-4.3.0.dist-info/RECORD
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard-4.3.0.dist-info/WHEEL
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard-4.3.0.dist-info/entry_points.txt
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard-4.3.0.dist-info/top_level.txt
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard/__init__.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard/_checkers.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard/_config.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard/_decorators.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard/_exceptions.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard/_functions.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard/_importhook.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard/_memo.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard/_pytest_plugin.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard/_suppression.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard/_transformer.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard/_union_transformer.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard/_utils.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typeguard/py.typed
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typing_extensions-4.12.2.dist-info
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typing_extensions-4.12.2.dist-info/INSTALLER
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typing_extensions-4.12.2.dist-info/LICENSE
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typing_extensions-4.12.2.dist-info/METADATA
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typing_extensions-4.12.2.dist-info/RECORD
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typing_extensions-4.12.2.dist-info/WHEEL
-#usr/lib/python3.10/site-packages/setuptools/_vendor/typing_extensions.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel-0.45.1.dist-info
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel-0.45.1.dist-info/INSTALLER
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel-0.45.1.dist-info/LICENSE.txt
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel-0.45.1.dist-info/METADATA
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel-0.45.1.dist-info/RECORD
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel-0.45.1.dist-info/REQUESTED
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel-0.45.1.dist-info/WHEEL
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel-0.45.1.dist-info/entry_points.txt
+#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel-0.46.3.dist-info
+#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel-0.46.3.dist-info/INSTALLER
+#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel-0.46.3.dist-info/METADATA
+#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel-0.46.3.dist-info/RECORD
+#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel-0.46.3.dist-info/REQUESTED
+#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel-0.46.3.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel-0.46.3.dist-info/entry_points.txt
+#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel-0.46.3.dist-info/licenses
+#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel-0.46.3.dist-info/licenses/LICENSE.txt
#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/__init__.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/__main__.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/_bdist_wheel.py
+#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/_commands
+#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/_commands/__init__.py
+#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/_commands/convert.py
+#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/_commands/pack.py
+#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/_commands/tags.py
+#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/_commands/unpack.py
+#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/_metadata.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/_setuptools_logging.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/bdist_wheel.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/cli
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/cli/__init__.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/cli/convert.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/cli/pack.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/cli/tags.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/cli/unpack.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/macosx_libfile.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/metadata.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/util.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/__init__.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging/LICENSE
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging/LICENSE.APACHE
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging/LICENSE.BSD
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging/__init__.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging/_elffile.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging/_manylinux.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging/_musllinux.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging/_parser.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging/_structures.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging/_tokenizer.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging/markers.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging/requirements.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging/specifiers.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging/tags.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging/utils.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/packaging/version.py
-#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/vendored/vendor.txt
#usr/lib/python3.10/site-packages/setuptools/_vendor/wheel/wheelfile.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp
-#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp-3.19.2.dist-info
-#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp-3.19.2.dist-info/INSTALLER
-#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp-3.19.2.dist-info/LICENSE
-#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp-3.19.2.dist-info/METADATA
-#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp-3.19.2.dist-info/RECORD
-#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp-3.19.2.dist-info/REQUESTED
-#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp-3.19.2.dist-info/WHEEL
-#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp-3.19.2.dist-info/top_level.txt
+#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp-3.23.0.dist-info
+#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp-3.23.0.dist-info/INSTALLER
+#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp-3.23.0.dist-info/METADATA
+#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp-3.23.0.dist-info/RECORD
+#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp-3.23.0.dist-info/REQUESTED
+#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp-3.23.0.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp-3.23.0.dist-info/licenses
+#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp-3.23.0.dist-info/licenses/LICENSE
+#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp-3.23.0.dist-info/top_level.txt
#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp/__init__.py
+#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp/_functools.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp/compat
#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp/compat/__init__.py
+#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp/compat/overlay.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp/compat/py310.py
+#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp/compat/py313.py
#usr/lib/python3.10/site-packages/setuptools/_vendor/zipp/glob.py
#usr/lib/python3.10/site-packages/setuptools/archive_util.py
#usr/lib/python3.10/site-packages/setuptools/build_meta.py
@@ -455,7 +374,6 @@
#usr/lib/python3.10/site-packages/setuptools/command/install_egg_info.py
#usr/lib/python3.10/site-packages/setuptools/command/install_lib.py
#usr/lib/python3.10/site-packages/setuptools/command/install_scripts.py
-#usr/lib/python3.10/site-packages/setuptools/command/launcher manifest.xml
#usr/lib/python3.10/site-packages/setuptools/command/rotate.py
#usr/lib/python3.10/site-packages/setuptools/command/saveopts.py
#usr/lib/python3.10/site-packages/setuptools/command/sdist.py
@@ -496,6 +414,7 @@
#usr/lib/python3.10/site-packages/setuptools/gui.exe
#usr/lib/python3.10/site-packages/setuptools/installer.py
#usr/lib/python3.10/site-packages/setuptools/launch.py
+#usr/lib/python3.10/site-packages/setuptools/launcher manifest.xml
#usr/lib/python3.10/site-packages/setuptools/logging.py
#usr/lib/python3.10/site-packages/setuptools/modified.py
#usr/lib/python3.10/site-packages/setuptools/monkey.py
diff --git a/config/rootfiles/common/python3-supervisor b/config/rootfiles/common/python3-supervisor
new file mode 100644
index 0000000000..e5ec6a4b27
--- /dev/null
+++ b/config/rootfiles/common/python3-supervisor
@@ -0,0 +1,128 @@
+usr/bin/echo_supervisord_conf
+usr/bin/pidproxy
+usr/bin/supervisorctl
+usr/bin/supervisord
+usr/lib/python3.10/site-packages/supervisor
+usr/lib/python3.10/site-packages/supervisor-4.3.0-py3.10.egg-info
+usr/lib/python3.10/site-packages/supervisor-4.3.0-py3.10.egg-info/PKG-INFO
+usr/lib/python3.10/site-packages/supervisor-4.3.0-py3.10.egg-info/SOURCES.txt
+usr/lib/python3.10/site-packages/supervisor-4.3.0-py3.10.egg-info/dependency_links.txt
+usr/lib/python3.10/site-packages/supervisor-4.3.0-py3.10.egg-info/entry_points.txt
+usr/lib/python3.10/site-packages/supervisor-4.3.0-py3.10.egg-info/not-zip-safe
+usr/lib/python3.10/site-packages/supervisor-4.3.0-py3.10.egg-info/requires.txt
+usr/lib/python3.10/site-packages/supervisor-4.3.0-py3.10.egg-info/top_level.txt
+#usr/lib/python3.10/site-packages/supervisor/__init__.py
+#usr/lib/python3.10/site-packages/supervisor/childutils.py
+#usr/lib/python3.10/site-packages/supervisor/compat.py
+#usr/lib/python3.10/site-packages/supervisor/confecho.py
+#usr/lib/python3.10/site-packages/supervisor/datatypes.py
+#usr/lib/python3.10/site-packages/supervisor/dispatchers.py
+#usr/lib/python3.10/site-packages/supervisor/events.py
+#usr/lib/python3.10/site-packages/supervisor/http.py
+#usr/lib/python3.10/site-packages/supervisor/http_client.py
+#usr/lib/python3.10/site-packages/supervisor/loggers.py
+#usr/lib/python3.10/site-packages/supervisor/medusa
+#usr/lib/python3.10/site-packages/supervisor/medusa/__init__.py
+#usr/lib/python3.10/site-packages/supervisor/medusa/asynchat_25.py
+#usr/lib/python3.10/site-packages/supervisor/medusa/asyncore_25.py
+#usr/lib/python3.10/site-packages/supervisor/medusa/auth_handler.py
+#usr/lib/python3.10/site-packages/supervisor/medusa/counter.py
+#usr/lib/python3.10/site-packages/supervisor/medusa/default_handler.py
+#usr/lib/python3.10/site-packages/supervisor/medusa/filesys.py
+#usr/lib/python3.10/site-packages/supervisor/medusa/http_date.py
+#usr/lib/python3.10/site-packages/supervisor/medusa/http_server.py
+#usr/lib/python3.10/site-packages/supervisor/medusa/logger.py
+#usr/lib/python3.10/site-packages/supervisor/medusa/producers.py
+#usr/lib/python3.10/site-packages/supervisor/medusa/util.py
+#usr/lib/python3.10/site-packages/supervisor/medusa/xmlrpc_handler.py
+#usr/lib/python3.10/site-packages/supervisor/options.py
+#usr/lib/python3.10/site-packages/supervisor/pidproxy.py
+#usr/lib/python3.10/site-packages/supervisor/poller.py
+#usr/lib/python3.10/site-packages/supervisor/process.py
+#usr/lib/python3.10/site-packages/supervisor/rpcinterface.py
+#usr/lib/python3.10/site-packages/supervisor/scripts
+#usr/lib/python3.10/site-packages/supervisor/scripts/loop_eventgen.py
+#usr/lib/python3.10/site-packages/supervisor/scripts/loop_listener.py
+#usr/lib/python3.10/site-packages/supervisor/scripts/sample_commevent.py
+#usr/lib/python3.10/site-packages/supervisor/scripts/sample_eventlistener.py
+#usr/lib/python3.10/site-packages/supervisor/scripts/sample_exiting_eventlistener.py
+#usr/lib/python3.10/site-packages/supervisor/skel
+#usr/lib/python3.10/site-packages/supervisor/skel/sample.conf
+#usr/lib/python3.10/site-packages/supervisor/socket_manager.py
+#usr/lib/python3.10/site-packages/supervisor/states.py
+#usr/lib/python3.10/site-packages/supervisor/supervisorctl.py
+#usr/lib/python3.10/site-packages/supervisor/supervisord.py
+#usr/lib/python3.10/site-packages/supervisor/templating.py
+#usr/lib/python3.10/site-packages/supervisor/tests
+#usr/lib/python3.10/site-packages/supervisor/tests/__init__.py
+#usr/lib/python3.10/site-packages/supervisor/tests/base.py
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/donothing.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/example
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/example/included.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/include.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-1054.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-1170a.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-1170b.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-1170c.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-1224.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-1231a.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-1231b.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-1231c.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-1298.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-1483a.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-1483b.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-1483c.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-1596.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-291a.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-550.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-565.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-638.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-663.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-664.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-733.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-835.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-836.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/issue-986.conf
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/listener.py
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/print_env.py
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/spew.py
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/test_1231.py
+#usr/lib/python3.10/site-packages/supervisor/tests/fixtures/unkillable_spew.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_childutils.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_confecho.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_datatypes.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_dispatchers.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_end_to_end.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_events.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_http.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_http_client.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_loggers.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_options.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_pidproxy.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_poller.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_process.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_rpcinterfaces.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_socket_manager.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_states.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_supervisorctl.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_supervisord.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_templating.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_web.py
+#usr/lib/python3.10/site-packages/supervisor/tests/test_xmlrpc.py
+#usr/lib/python3.10/site-packages/supervisor/ui
+#usr/lib/python3.10/site-packages/supervisor/ui/images
+#usr/lib/python3.10/site-packages/supervisor/ui/images/icon.png
+#usr/lib/python3.10/site-packages/supervisor/ui/images/rule.gif
+#usr/lib/python3.10/site-packages/supervisor/ui/images/state0.gif
+#usr/lib/python3.10/site-packages/supervisor/ui/images/state1.gif
+#usr/lib/python3.10/site-packages/supervisor/ui/images/state2.gif
+#usr/lib/python3.10/site-packages/supervisor/ui/images/state3.gif
+#usr/lib/python3.10/site-packages/supervisor/ui/images/supervisor.gif
+#usr/lib/python3.10/site-packages/supervisor/ui/status.html
+#usr/lib/python3.10/site-packages/supervisor/ui/stylesheets
+#usr/lib/python3.10/site-packages/supervisor/ui/stylesheets/supervisor.css
+#usr/lib/python3.10/site-packages/supervisor/ui/tail.html
+#usr/lib/python3.10/site-packages/supervisor/version.txt
+#usr/lib/python3.10/site-packages/supervisor/web.py
+#usr/lib/python3.10/site-packages/supervisor/xmlrpc.py
diff --git a/config/rootfiles/packages/python3-typing-extensions b/config/rootfiles/common/python3-typing-extensions
similarity index 100%
rename from config/rootfiles/packages/python3-typing-extensions
rename to config/rootfiles/common/python3-typing-extensions
diff --git a/config/rootfiles/common/python3-watchdog b/config/rootfiles/common/python3-watchdog
new file mode 100644
index 0000000000..506b512c30
--- /dev/null
+++ b/config/rootfiles/common/python3-watchdog
@@ -0,0 +1,41 @@
+usr/bin/watchmedo
+usr/lib/python3.10/site-packages/watchdog
+usr/lib/python3.10/site-packages/watchdog-6.0.0.dist-info
+usr/lib/python3.10/site-packages/watchdog-6.0.0.dist-info/METADATA
+usr/lib/python3.10/site-packages/watchdog-6.0.0.dist-info/RECORD
+usr/lib/python3.10/site-packages/watchdog-6.0.0.dist-info/WHEEL
+usr/lib/python3.10/site-packages/watchdog-6.0.0.dist-info/entry_points.txt
+usr/lib/python3.10/site-packages/watchdog-6.0.0.dist-info/licenses
+usr/lib/python3.10/site-packages/watchdog-6.0.0.dist-info/licenses/AUTHORS
+usr/lib/python3.10/site-packages/watchdog-6.0.0.dist-info/licenses/COPYING
+usr/lib/python3.10/site-packages/watchdog-6.0.0.dist-info/licenses/LICENSE
+usr/lib/python3.10/site-packages/watchdog-6.0.0.dist-info/top_level.txt
+#usr/lib/python3.10/site-packages/watchdog/__init__.py
+#usr/lib/python3.10/site-packages/watchdog/events.py
+#usr/lib/python3.10/site-packages/watchdog/observers
+#usr/lib/python3.10/site-packages/watchdog/observers/__init__.py
+#usr/lib/python3.10/site-packages/watchdog/observers/api.py
+#usr/lib/python3.10/site-packages/watchdog/observers/fsevents.py
+#usr/lib/python3.10/site-packages/watchdog/observers/fsevents2.py
+#usr/lib/python3.10/site-packages/watchdog/observers/inotify.py
+#usr/lib/python3.10/site-packages/watchdog/observers/inotify_buffer.py
+#usr/lib/python3.10/site-packages/watchdog/observers/inotify_c.py
+#usr/lib/python3.10/site-packages/watchdog/observers/kqueue.py
+#usr/lib/python3.10/site-packages/watchdog/observers/polling.py
+#usr/lib/python3.10/site-packages/watchdog/observers/read_directory_changes.py
+#usr/lib/python3.10/site-packages/watchdog/observers/winapi.py
+#usr/lib/python3.10/site-packages/watchdog/py.typed
+#usr/lib/python3.10/site-packages/watchdog/tricks
+#usr/lib/python3.10/site-packages/watchdog/tricks/__init__.py
+#usr/lib/python3.10/site-packages/watchdog/utils
+#usr/lib/python3.10/site-packages/watchdog/utils/__init__.py
+#usr/lib/python3.10/site-packages/watchdog/utils/bricks.py
+#usr/lib/python3.10/site-packages/watchdog/utils/delayed_queue.py
+#usr/lib/python3.10/site-packages/watchdog/utils/dirsnapshot.py
+#usr/lib/python3.10/site-packages/watchdog/utils/echo.py
+#usr/lib/python3.10/site-packages/watchdog/utils/event_debouncer.py
+#usr/lib/python3.10/site-packages/watchdog/utils/patterns.py
+#usr/lib/python3.10/site-packages/watchdog/utils/platform.py
+#usr/lib/python3.10/site-packages/watchdog/utils/process_watcher.py
+#usr/lib/python3.10/site-packages/watchdog/version.py
+#usr/lib/python3.10/site-packages/watchdog/watchmedo.py
diff --git a/config/rootfiles/packages/python3-yaml b/config/rootfiles/common/python3-yaml
similarity index 100%
rename from config/rootfiles/packages/python3-yaml
rename to config/rootfiles/common/python3-yaml
diff --git a/config/rootfiles/common/python3-yarl b/config/rootfiles/common/python3-yarl
new file mode 100644
index 0000000000..5639effeb9
--- /dev/null
+++ b/config/rootfiles/common/python3-yarl
@@ -0,0 +1,20 @@
+usr/lib/python3.10/site-packages/yarl
+#usr/lib/python3.10/site-packages/yarl-1.24.2.dist-info
+#usr/lib/python3.10/site-packages/yarl-1.24.2.dist-info/METADATA
+#usr/lib/python3.10/site-packages/yarl-1.24.2.dist-info/RECORD
+#usr/lib/python3.10/site-packages/yarl-1.24.2.dist-info/WHEEL
+#usr/lib/python3.10/site-packages/yarl-1.24.2.dist-info/licenses
+#usr/lib/python3.10/site-packages/yarl-1.24.2.dist-info/licenses/LICENSE
+#usr/lib/python3.10/site-packages/yarl-1.24.2.dist-info/licenses/NOTICE
+#usr/lib/python3.10/site-packages/yarl-1.24.2.dist-info/top_level.txt
+#usr/lib/python3.10/site-packages/yarl/__init__.py
+#usr/lib/python3.10/site-packages/yarl/_parse.py
+#usr/lib/python3.10/site-packages/yarl/_path.py
+#usr/lib/python3.10/site-packages/yarl/_query.py
+#usr/lib/python3.10/site-packages/yarl/_quoters.py
+#usr/lib/python3.10/site-packages/yarl/_quoting.py
+#usr/lib/python3.10/site-packages/yarl/_quoting_c.cpython-310-xxxMACHINExxx-linux-gnu.so
+#usr/lib/python3.10/site-packages/yarl/_quoting_c.pyx
+#usr/lib/python3.10/site-packages/yarl/_quoting_py.py
+#usr/lib/python3.10/site-packages/yarl/_url.py
+#usr/lib/python3.10/site-packages/yarl/py.typed
diff --git a/config/rootfiles/common/riscv64/initscripts b/config/rootfiles/common/riscv64/initscripts
index 09d19bc469..8773c09cce 100644
--- a/config/rootfiles/common/riscv64/initscripts
+++ b/config/rootfiles/common/riscv64/initscripts
@@ -30,6 +30,7 @@ etc/rc.d/init.d/functions
etc/rc.d/init.d/grub-btrfsd
etc/rc.d/init.d/halt
etc/rc.d/init.d/ipsec
+etc/rc.d/init.d/knot-resolver
etc/rc.d/init.d/leds
etc/rc.d/init.d/lldpd
etc/rc.d/init.d/localnet
@@ -91,7 +92,6 @@ etc/rc.d/init.d/sysklogd
etc/rc.d/init.d/template
etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry
-etc/rc.d/init.d/unbound
etc/rc.d/init.d/vnstat
etc/rc.d/init.d/waitdrives
etc/rc.d/init.d/wireguard
@@ -115,7 +115,7 @@ etc/rc.d/rc0.d/K79leds
etc/rc.d/rc0.d/K80network
etc/rc.d/rc0.d/K82wlanclient
etc/rc.d/rc0.d/K85messagebus
-etc/rc.d/rc0.d/K86unbound
+etc/rc.d/rc0.d/K86knot-resolver
etc/rc.d/rc0.d/K87acpid
etc/rc.d/rc0.d/K90sysklogd
etc/rc.d/rc0.d/S60sendsignals
@@ -126,7 +126,7 @@ etc/rc.d/rc0.d/S99halt
#etc/rc.d/rc3.d
etc/rc.d/rc3.d/S01vnstat
etc/rc.d/rc3.d/S10sysklogd
-etc/rc.d/rc3.d/S11unbound
+etc/rc.d/rc3.d/S11knot-resolver
etc/rc.d/rc3.d/S12acpid
etc/rc.d/rc3.d/S15fireinfo
etc/rc.d/rc3.d/S15messagebus
@@ -166,7 +166,7 @@ etc/rc.d/rc6.d/K79leds
etc/rc.d/rc6.d/K80network
etc/rc.d/rc6.d/K82wlanclient
etc/rc.d/rc6.d/K85messagebus
-etc/rc.d/rc6.d/K86unbound
+etc/rc.d/rc6.d/K86knot-resolver
etc/rc.d/rc6.d/K87acpid
etc/rc.d/rc6.d/K90sysklogd
etc/rc.d/rc6.d/S60sendsignals
diff --git a/config/rootfiles/common/riscv64/stage2 b/config/rootfiles/common/riscv64/stage2
index f9a3157f30..a9554741ab 100644
--- a/config/rootfiles/common/riscv64/stage2
+++ b/config/rootfiles/common/riscv64/stage2
@@ -110,6 +110,7 @@ usr/local/bin/update-ids-ruleset
usr/local/bin/update-ipblocklists
usr/local/bin/update-lang-cache
usr/local/bin/update-location-database
+usr/local/bin/update-rpzs
#usr/local/include
#usr/local/lib
#usr/local/sbin
diff --git a/config/rootfiles/common/riscv64/util-linux b/config/rootfiles/common/riscv64/util-linux
index d88e26fd20..eab4faba16 100644
--- a/config/rootfiles/common/riscv64/util-linux
+++ b/config/rootfiles/common/riscv64/util-linux
@@ -103,6 +103,7 @@ usr/bin/scriptlive
#usr/bin/scriptreplay
#usr/bin/setarch
usr/bin/setpgid
+usr/bin/setpriv
usr/bin/setsid
#usr/bin/setterm
#usr/bin/taskset
@@ -243,6 +244,7 @@ usr/sbin/rtcwake
#usr/share/bash-completion/completions/scriptreplay
#usr/share/bash-completion/completions/setarch
#usr/share/bash-completion/completions/setpgid
+#usr/share/bash-completion/completions/setpriv
#usr/share/bash-completion/completions/setsid
#usr/share/bash-completion/completions/setterm
#usr/share/bash-completion/completions/sfdisk
@@ -317,6 +319,7 @@ usr/sbin/rtcwake
#usr/share/man/man1/scriptlive.1
#usr/share/man/man1/scriptreplay.1
#usr/share/man/man1/setpgid.1
+#usr/share/man/man1/setpriv.1
#usr/share/man/man1/setsid.1
#usr/share/man/man1/setterm.1
#usr/share/man/man1/taskset.1
diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound
deleted file mode 100644
index 2fdf58b084..0000000000
--- a/config/rootfiles/common/unbound
+++ /dev/null
@@ -1,64 +0,0 @@
-etc/rc.d/init.d/unbound
-#etc/unbound
-etc/unbound/dhcp-leases.conf
-etc/unbound/forward.conf
-etc/unbound/icannbundle.pem
-etc/unbound/local.d
-etc/unbound/root.hints
-etc/unbound/unbound.conf
-#usr/include/unbound-event.h
-#usr/include/unbound.h
-#usr/lib/libunbound.la
-#usr/lib/libunbound.so
-usr/lib/libunbound.so.8
-usr/lib/libunbound.so.8.1.37
-#usr/lib/pkgconfig/libunbound.pc
-usr/sbin/unbound
-usr/sbin/unbound-anchor
-usr/sbin/unbound-checkconf
-usr/sbin/unbound-control
-usr/sbin/unbound-control-setup
-usr/sbin/unbound-dhcp-leases-bridge
-usr/sbin/unbound-dhcp-leases-client
-usr/sbin/unbound-host
-#usr/share/man/man1/unbound-host.1
-#usr/share/man/man3/libunbound.3
-#usr/share/man/man3/ub_cancel.3
-#usr/share/man/man3/ub_ctx.3
-#usr/share/man/man3/ub_ctx_add_ta.3
-#usr/share/man/man3/ub_ctx_add_ta_file.3
-#usr/share/man/man3/ub_ctx_async.3
-#usr/share/man/man3/ub_ctx_config.3
-#usr/share/man/man3/ub_ctx_create.3
-#usr/share/man/man3/ub_ctx_data_add.3
-#usr/share/man/man3/ub_ctx_data_remove.3
-#usr/share/man/man3/ub_ctx_debuglevel.3
-#usr/share/man/man3/ub_ctx_debugout.3
-#usr/share/man/man3/ub_ctx_delete.3
-#usr/share/man/man3/ub_ctx_get_option.3
-#usr/share/man/man3/ub_ctx_hosts.3
-#usr/share/man/man3/ub_ctx_print_local_zones.3
-#usr/share/man/man3/ub_ctx_resolvconf.3
-#usr/share/man/man3/ub_ctx_set_fwd.3
-#usr/share/man/man3/ub_ctx_set_option.3
-#usr/share/man/man3/ub_ctx_trustedkeys.3
-#usr/share/man/man3/ub_ctx_zone_add.3
-#usr/share/man/man3/ub_ctx_zone_remove.3
-#usr/share/man/man3/ub_fd.3
-#usr/share/man/man3/ub_poll.3
-#usr/share/man/man3/ub_process.3
-#usr/share/man/man3/ub_resolve.3
-#usr/share/man/man3/ub_resolve_async.3
-#usr/share/man/man3/ub_resolve_free.3
-#usr/share/man/man3/ub_result.3
-#usr/share/man/man3/ub_strerror.3
-#usr/share/man/man3/ub_wait.3
-#usr/share/man/man5/unbound.conf.5
-#usr/share/man/man8/unbound-anchor.8
-#usr/share/man/man8/unbound-checkconf.8
-#usr/share/man/man8/unbound-control-setup.8
-#usr/share/man/man8/unbound-control.8
-#usr/share/man/man8/unbound.8
-var/cache/unbound
-var/lib/unbound
-var/lib/unbound/root.key
diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts
index 09d19bc469..8773c09cce 100644
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -30,6 +30,7 @@ etc/rc.d/init.d/functions
etc/rc.d/init.d/grub-btrfsd
etc/rc.d/init.d/halt
etc/rc.d/init.d/ipsec
+etc/rc.d/init.d/knot-resolver
etc/rc.d/init.d/leds
etc/rc.d/init.d/lldpd
etc/rc.d/init.d/localnet
@@ -91,7 +92,6 @@ etc/rc.d/init.d/sysklogd
etc/rc.d/init.d/template
etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry
-etc/rc.d/init.d/unbound
etc/rc.d/init.d/vnstat
etc/rc.d/init.d/waitdrives
etc/rc.d/init.d/wireguard
@@ -115,7 +115,7 @@ etc/rc.d/rc0.d/K79leds
etc/rc.d/rc0.d/K80network
etc/rc.d/rc0.d/K82wlanclient
etc/rc.d/rc0.d/K85messagebus
-etc/rc.d/rc0.d/K86unbound
+etc/rc.d/rc0.d/K86knot-resolver
etc/rc.d/rc0.d/K87acpid
etc/rc.d/rc0.d/K90sysklogd
etc/rc.d/rc0.d/S60sendsignals
@@ -126,7 +126,7 @@ etc/rc.d/rc0.d/S99halt
#etc/rc.d/rc3.d
etc/rc.d/rc3.d/S01vnstat
etc/rc.d/rc3.d/S10sysklogd
-etc/rc.d/rc3.d/S11unbound
+etc/rc.d/rc3.d/S11knot-resolver
etc/rc.d/rc3.d/S12acpid
etc/rc.d/rc3.d/S15fireinfo
etc/rc.d/rc3.d/S15messagebus
@@ -166,7 +166,7 @@ etc/rc.d/rc6.d/K79leds
etc/rc.d/rc6.d/K80network
etc/rc.d/rc6.d/K82wlanclient
etc/rc.d/rc6.d/K85messagebus
-etc/rc.d/rc6.d/K86unbound
+etc/rc.d/rc6.d/K86knot-resolver
etc/rc.d/rc6.d/K87acpid
etc/rc.d/rc6.d/K90sysklogd
etc/rc.d/rc6.d/S60sendsignals
diff --git a/config/rootfiles/common/x86_64/stage2 b/config/rootfiles/common/x86_64/stage2
index dd1582343e..899850ecdf 100644
--- a/config/rootfiles/common/x86_64/stage2
+++ b/config/rootfiles/common/x86_64/stage2
@@ -109,6 +109,7 @@ usr/local/bin/update-ids-ruleset
usr/local/bin/update-ipblocklists
usr/local/bin/update-lang-cache
usr/local/bin/update-location-database
+usr/local/bin/update-rpzs
#usr/local/include
#usr/local/lib
#usr/local/sbin
diff --git a/config/rootfiles/common/x86_64/util-linux b/config/rootfiles/common/x86_64/util-linux
index 38191f1145..a27a17a1c4 100644
--- a/config/rootfiles/common/x86_64/util-linux
+++ b/config/rootfiles/common/x86_64/util-linux
@@ -104,6 +104,7 @@ usr/bin/scriptlive
#usr/bin/scriptreplay
#usr/bin/setarch
usr/bin/setpgid
+usr/bin/setpriv
usr/bin/setsid
#usr/bin/setterm
#usr/bin/taskset
@@ -245,6 +246,7 @@ usr/sbin/rtcwake
#usr/share/bash-completion/completions/scriptreplay
#usr/share/bash-completion/completions/setarch
#usr/share/bash-completion/completions/setpgid
+#usr/share/bash-completion/completions/setpriv
#usr/share/bash-completion/completions/setsid
#usr/share/bash-completion/completions/setterm
#usr/share/bash-completion/completions/sfdisk
@@ -319,6 +321,7 @@ usr/sbin/rtcwake
#usr/share/man/man1/scriptlive.1
#usr/share/man/man1/scriptreplay.1
#usr/share/man/man1/setpgid.1
+#usr/share/man/man1/setpriv.1
#usr/share/man/man1/setsid.1
#usr/share/man/man1/setterm.1
#usr/share/man/man1/taskset.1
diff --git a/config/rootfiles/common/zone-sync b/config/rootfiles/common/zone-sync
new file mode 100644
index 0000000000..1fda9eed78
--- /dev/null
+++ b/config/rootfiles/common/zone-sync
@@ -0,0 +1,4 @@
+usr/bin/zone-sync
+#usr/share/doc/zone-sync
+#usr/share/doc/zone-sync/COPYING
+#usr/share/doc/zone-sync/README
diff --git a/config/rootfiles/core/203/filelists/files b/config/rootfiles/core/203/filelists/files
index 4df3e2d0e4..11c0da4523 100644
--- a/config/rootfiles/core/203/filelists/files
+++ b/config/rootfiles/core/203/filelists/files
@@ -1,2 +1,22 @@
etc/rc.d/helper/aws-setup
+etc/rc.d/init.d/cleanfs
+etc/rc.d/init.d/dhcp
+etc/rc.d/init.d/firewall
+etc/rc.d/init.d/functions
+etc/rc.d/init.d/knot-resolver
+etc/rc.d/init.d/networking/red.up/25-update-dns-forwarders
+etc/rc.d/rc0.d/K86knot-resolver
+etc/rc.d/rc3.d/S11knot-resolver
+etc/rc.d/rc6.d/K86knot-resolver
+srv/web/ipfire/cgi-bin/dhcp.cgi
+srv/web/ipfire/cgi-bin/dns.cgi
+srv/web/ipfire/cgi-bin/dnsbl.cgi
+srv/web/ipfire/cgi-bin/dnsforward.cgi
+srv/web/ipfire/cgi-bin/hosts.cgi
+srv/web/ipfire/cgi-bin/services.cgi
+usr/local/bin/update-rpzs
+var/ipfire/backup/bin/backup.pl
+var/ipfire/backup/include
+var/ipfire/backup/exclude
var/ipfire/header.pl
+var/spool/cron/root.orig
diff --git a/config/rootfiles/core/203/filelists/knot b/config/rootfiles/core/203/filelists/knot
new file mode 120000
index 0000000000..28e96f8782
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/knot
@@ -0,0 +1 @@
+../../../common/knot
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/knot-resolver b/config/rootfiles/core/203/filelists/knot-resolver
new file mode 120000
index 0000000000..db15178a8e
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/knot-resolver
@@ -0,0 +1 @@
+../../../common/knot-resolver
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/lua-cqueues b/config/rootfiles/core/203/filelists/lua-cqueues
new file mode 120000
index 0000000000..1c585c5b3f
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/lua-cqueues
@@ -0,0 +1 @@
+../../../common/lua-cqueues
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/lua-csv b/config/rootfiles/core/203/filelists/lua-csv
new file mode 120000
index 0000000000..d72f9c9287
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/lua-csv
@@ -0,0 +1 @@
+../../../common/lua-csv
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/lua-sqlite3 b/config/rootfiles/core/203/filelists/lua-sqlite3
new file mode 120000
index 0000000000..6f30649dd6
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/lua-sqlite3
@@ -0,0 +1 @@
+../../../common/lua-sqlite3
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/luajit b/config/rootfiles/core/203/filelists/luajit
new file mode 120000
index 0000000000..502a4384ff
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/luajit
@@ -0,0 +1 @@
+../../../common/luajit
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/luarocks b/config/rootfiles/core/203/filelists/luarocks
new file mode 120000
index 0000000000..3317d1c221
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/luarocks
@@ -0,0 +1 @@
+../../../common/luarocks
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/misc-progs b/config/rootfiles/core/203/filelists/misc-progs
new file mode 120000
index 0000000000..7223cadddd
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/misc-progs
@@ -0,0 +1 @@
+../../../common/misc-progs
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/python3-Jinja2 b/config/rootfiles/core/203/filelists/python3-Jinja2
new file mode 120000
index 0000000000..b8b3ed6149
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/python3-Jinja2
@@ -0,0 +1 @@
+../../../common/python3-Jinja2
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/python3-MarkupSafe b/config/rootfiles/core/203/filelists/python3-MarkupSafe
new file mode 120000
index 0000000000..373a01865b
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/python3-MarkupSafe
@@ -0,0 +1 @@
+../../../common/python3-MarkupSafe
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/python3-aiohappyeyeballs b/config/rootfiles/core/203/filelists/python3-aiohappyeyeballs
new file mode 120000
index 0000000000..9d5afd6ca4
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/python3-aiohappyeyeballs
@@ -0,0 +1 @@
+../../../common/python3-aiohappyeyeballs
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/python3-aiohttp b/config/rootfiles/core/203/filelists/python3-aiohttp
new file mode 120000
index 0000000000..85465dbb70
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/python3-aiohttp
@@ -0,0 +1 @@
+../../../common/python3-aiohttp
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/python3-aiosignal b/config/rootfiles/core/203/filelists/python3-aiosignal
new file mode 120000
index 0000000000..7d0d2068c5
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/python3-aiosignal
@@ -0,0 +1 @@
+../../../common/python3-aiosignal
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/python3-async-timeout b/config/rootfiles/core/203/filelists/python3-async-timeout
new file mode 120000
index 0000000000..0988b00a3e
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/python3-async-timeout
@@ -0,0 +1 @@
+../../../common/python3-async-timeout
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/python3-attrs b/config/rootfiles/core/203/filelists/python3-attrs
new file mode 120000
index 0000000000..5048475ecf
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/python3-attrs
@@ -0,0 +1 @@
+../../../common/python3-attrs
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/python3-expandvars b/config/rootfiles/core/203/filelists/python3-expandvars
new file mode 120000
index 0000000000..5ddd484044
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/python3-expandvars
@@ -0,0 +1 @@
+../../../common/python3-expandvars
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/python3-frozenlist b/config/rootfiles/core/203/filelists/python3-frozenlist
new file mode 120000
index 0000000000..f6559b8a4d
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/python3-frozenlist
@@ -0,0 +1 @@
+../../../common/python3-frozenlist
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/python3-idna b/config/rootfiles/core/203/filelists/python3-idna
new file mode 120000
index 0000000000..54a2011a99
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/python3-idna
@@ -0,0 +1 @@
+../../../common/python3-idna
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/python3-multidict b/config/rootfiles/core/203/filelists/python3-multidict
new file mode 120000
index 0000000000..28a1f67f61
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/python3-multidict
@@ -0,0 +1 @@
+../../../common/python3-multidict
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/python3-poetry-core b/config/rootfiles/core/203/filelists/python3-poetry-core
new file mode 120000
index 0000000000..75ca3d15bd
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/python3-poetry-core
@@ -0,0 +1 @@
+../../../common/python3-poetry-core
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/python3-propcache b/config/rootfiles/core/203/filelists/python3-propcache
new file mode 120000
index 0000000000..c0ea0da666
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/python3-propcache
@@ -0,0 +1 @@
+../../../common/python3-propcache
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/python3-setuptools b/config/rootfiles/core/203/filelists/python3-setuptools
new file mode 120000
index 0000000000..26db0b44aa
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/python3-setuptools
@@ -0,0 +1 @@
+../../../common/python3-setuptools
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/python3-supervisor b/config/rootfiles/core/203/filelists/python3-supervisor
new file mode 120000
index 0000000000..94be79cf8f
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/python3-supervisor
@@ -0,0 +1 @@
+../../../common/python3-supervisor
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/python3-typing-extensions b/config/rootfiles/core/203/filelists/python3-typing-extensions
new file mode 120000
index 0000000000..b0cfa1ea3f
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/python3-typing-extensions
@@ -0,0 +1 @@
+../../../common/python3-typing-extensions
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/python3-watchdog b/config/rootfiles/core/203/filelists/python3-watchdog
new file mode 120000
index 0000000000..c7c2d0b257
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/python3-watchdog
@@ -0,0 +1 @@
+../../../common/python3-watchdog
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/python3-yaml b/config/rootfiles/core/203/filelists/python3-yaml
new file mode 120000
index 0000000000..1f0270a8c9
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/python3-yaml
@@ -0,0 +1 @@
+../../../common/python3-yaml
\ No newline at end of file
diff --git a/config/rootfiles/core/203/filelists/zone-sync b/config/rootfiles/core/203/filelists/zone-sync
new file mode 120000
index 0000000000..14f00b0c61
--- /dev/null
+++ b/config/rootfiles/core/203/filelists/zone-sync
@@ -0,0 +1 @@
+../../../common/zone-sync
\ No newline at end of file
diff --git a/config/rootfiles/core/203/update.sh b/config/rootfiles/core/203/update.sh
index 87ed06199f..d920c12a15 100644
--- a/config/rootfiles/core/203/update.sh
+++ b/config/rootfiles/core/203/update.sh
@@ -32,10 +32,58 @@ for (( i=1; i<=$core; i++ )); do
done
# Remove files
+rm -rfv \
+ /usr/lib/security/pam_cap.so
+
+# Remove dropped packages
+for package in python3-attrs python3-idna python3-typing-extensions \
+ python3-yaml; do \
+ if [ -e "/opt/pakfire/db/installed/meta-${package}" ]; then
+ stop_service "${package}"
+ for i in $(</opt/pakfire/db/rootfiles/${package}); do
+ rm -rfv "/${i}"
+ done
+ fi
+ rm -f "/opt/pakfire/db/installed/meta-${package}"
+ rm -f "/opt/pakfire/db/meta/meta-${package}"
+ rm -f "/opt/pakfire/db/rootfiles/${package}"
+done
+
+# Create Knot Resolver group
+if ! getent group knot-resolver &>/dev/null; then
+ groupadd -g 119 knot-resolver
+fi
+
+# Create Knot Resolver user
+if ! getent passwd knot-resolver &>/dev/null; then
+ useradd \
+ -c "Knot Resolver User" \
+ -d /var/empty \
+ -g knot-resolver \
+ -s /bin/false \
+ -u 119 \
+ knot-resolver
+fi
# Extract files
extract_files
+# Stop Unbound & start Knot Resolver
+/etc/init.d/unbound stop
+/etc/init.d/knot-resolver start
+
+# Remove Unbound
+rm -rfv \
+ /etc/rc.d/init.d/unbound \
+ /etc/rc.d/rc0.d/K86unbound \
+ /etc/rc.d/rc3.d/S11unbound \
+ /etc/rc.d/rc6.d/K86unbound \
+ /etc/unbound \
+ /usr/lib/libunbound.so.* \
+ /usr/sbin/unbound* \
+ /var/cache/unbound \
+ /var/lib/unbound
+
# Remove boost
rm -vf \
/usr/lib/libboost*.so.1.89.0
@@ -54,6 +102,9 @@ ldconfig
# Start services
+# Reload crontab
+fcrontab -z
+
# This update needs a reboot...
touch /var/run/need_reboot
diff --git a/config/rootfiles/packages/aarch64/samba b/config/rootfiles/packages/aarch64/samba
index f1b997a871..cda6d85b74 100644
--- a/config/rootfiles/packages/aarch64/samba
+++ b/config/rootfiles/packages/aarch64/samba
@@ -1026,6 +1026,7 @@ usr/lib/samba/vfs/virusfilter.so
usr/lib/samba/vfs/widelinks.so
usr/lib/samba/vfs/worm.so
usr/lib/samba/vfs/xattr_tdb.so
+usr/lib/security
usr/lib/security/pam_winbind.so
#usr/libexec/samba
usr/libexec/samba/rpcd_classic
diff --git a/config/rootfiles/packages/observium-agent b/config/rootfiles/packages/observium-agent
index c9bded0b5a..744ca86268 100644
--- a/config/rootfiles/packages/observium-agent
+++ b/config/rootfiles/packages/observium-agent
@@ -12,7 +12,6 @@ usr/lib/observium_agent/scripts-available/nfsd
usr/lib/observium_agent/scripts-available/nginx
usr/lib/observium_agent/scripts-available/postfix_mailgraph
usr/lib/observium_agent/scripts-available/postfix_qshape
-usr/lib/observium_agent/scripts-available/unbound
usr/lib/observium_agent/scripts-available/vmwaretools
usr/lib/observium_agent/scripts-enabled
var/ipfire/backup/addons/includes/observium-agent
diff --git a/config/rootfiles/packages/python3-packaging b/config/rootfiles/packages/python3-packaging
index a45b3bb34e..7af64c39b6 100644
--- a/config/rootfiles/packages/python3-packaging
+++ b/config/rootfiles/packages/python3-packaging
@@ -1,9 +1,9 @@
usr/lib/python3.10/site-packages/packaging
-#usr/lib/python3.10/site-packages/packaging-24.2-py3.10.egg-info
-#usr/lib/python3.10/site-packages/packaging-24.2-py3.10.egg-info/PKG-INFO
-#usr/lib/python3.10/site-packages/packaging-24.2-py3.10.egg-info/SOURCES.txt
-#usr/lib/python3.10/site-packages/packaging-24.2-py3.10.egg-info/dependency_links.txt
-#usr/lib/python3.10/site-packages/packaging-24.2-py3.10.egg-info/top_level.txt
+usr/lib/python3.10/site-packages/packaging-26.0-py3.10.egg-info
+usr/lib/python3.10/site-packages/packaging-26.0-py3.10.egg-info/PKG-INFO
+usr/lib/python3.10/site-packages/packaging-26.0-py3.10.egg-info/SOURCES.txt
+usr/lib/python3.10/site-packages/packaging-26.0-py3.10.egg-info/dependency_links.txt
+usr/lib/python3.10/site-packages/packaging-26.0-py3.10.egg-info/top_level.txt
#usr/lib/python3.10/site-packages/packaging/__init__.py
#usr/lib/python3.10/site-packages/packaging/_elffile.py
#usr/lib/python3.10/site-packages/packaging/_manylinux.py
diff --git a/config/rootfiles/packages/riscv64/samba b/config/rootfiles/packages/riscv64/samba
index 17d2343434..e98e473cd6 100644
--- a/config/rootfiles/packages/riscv64/samba
+++ b/config/rootfiles/packages/riscv64/samba
@@ -1026,6 +1026,7 @@ usr/lib/samba/vfs/virusfilter.so
usr/lib/samba/vfs/widelinks.so
usr/lib/samba/vfs/worm.so
usr/lib/samba/vfs/xattr_tdb.so
+usr/lib/security
usr/lib/security/pam_winbind.so
#usr/libexec/samba
usr/libexec/samba/rpcd_classic
diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba
index 582ed8ebe4..0823fe881a 100644
--- a/config/rootfiles/packages/x86_64/samba
+++ b/config/rootfiles/packages/x86_64/samba
@@ -1026,6 +1026,7 @@ usr/lib/samba/vfs/virusfilter.so
usr/lib/samba/vfs/widelinks.so
usr/lib/samba/vfs/worm.so
usr/lib/samba/vfs/xattr_tdb.so
+usr/lib/security
usr/lib/security/pam_winbind.so
#usr/libexec/samba
usr/libexec/samba/rpcd_classic
diff --git a/config/unbound/icannbundle.pem b/config/unbound/icannbundle.pem
deleted file mode 100644
index d76ce0ba0e..0000000000
--- a/config/unbound/icannbundle.pem
+++ /dev/null
@@ -1,237 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
- Validity
- Not Before: Dec 23 04:19:12 2009 GMT
- Not After : Dec 18 04:19:12 2029 GMT
- Subject: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:a0:db:70:b8:4f:34:da:9c:d4:d0:7e:bb:ea:15:
- bc:e9:c9:11:2a:1f:61:2f:6a:b9:bd:3f:3d:76:a0:
- 9a:0a:f7:ee:93:6e:6e:55:53:84:8c:f2:2c:f1:82:
- 27:c8:0f:9a:cf:52:1b:54:da:28:d2:2c:30:8e:dd:
- fb:92:20:33:2d:d6:c8:f1:0e:10:21:88:71:fa:84:
- 22:4b:5d:47:56:16:7c:9b:9f:5d:c3:11:79:9c:14:
- e2:ff:c0:74:ac:dd:39:d7:e0:38:d8:b0:73:aa:fb:
- d1:db:84:af:52:22:a8:f6:d5:9b:94:f4:e6:5d:5e:
- e8:3f:87:90:0b:c7:1a:77:f5:2e:d3:8f:1a:ce:02:
- 1d:07:69:21:47:32:da:46:ae:00:4c:b6:a5:a2:9c:
- 39:c1:c0:4a:f6:d3:1c:ae:d3:6d:bb:c7:18:f0:7e:
- ed:f6:80:ce:d0:01:2e:89:de:12:ba:ee:11:cb:a6:
- 7a:d7:0d:7c:f3:08:8d:72:9d:bf:55:75:13:70:bb:
- 31:22:4a:cb:e8:c0:aa:a4:09:aa:36:68:40:60:74:
- 9d:e7:19:81:43:22:52:fe:c9:2b:52:0f:41:13:36:
- 09:72:65:95:cc:89:ae:6f:56:17:16:34:73:52:a3:
- 04:ed:bd:88:82:8a:eb:d7:dc:82:52:9c:06:e1:52:
- 85:41
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints: critical
- CA:TRUE
- X509v3 Key Usage: critical
- Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign
- X509v3 Subject Key Identifier:
- BA:52:E9:49:83:24:86:52:2F:C7:99:CD:FC:8D:6B:69:08:4D:C0:50
- Signature Algorithm: sha256WithRSAEncryption
- 0f:f1:e9:82:a2:0a:87:9f:2d:94:60:5a:b2:c0:4b:a1:2f:2b:
- 3b:47:d5:0a:99:86:38:b2:ec:c6:3b:89:e4:6e:07:cf:14:c7:
- c7:e8:cf:99:8f:aa:30:c3:19:70:b9:e6:6d:d6:3f:c8:68:26:
- b2:a0:a5:37:42:ca:d8:62:80:d1:a2:5a:48:2e:1f:85:3f:0c:
- 7b:c2:c7:94:11:5f:19:2a:95:ac:a0:3a:03:d8:91:5b:2e:0d:
- 9c:7c:1f:2e:fc:e9:44:e1:16:26:73:1c:45:4a:65:c1:83:4c:
- 90:f3:f2:28:42:df:db:c4:e7:04:12:18:62:43:5e:bc:1f:6c:
- 84:e6:bc:49:32:df:61:d7:99:ee:e4:90:52:7b:0a:c2:91:8a:
- 98:62:66:b1:c8:e0:b7:5a:b5:46:7c:76:71:54:8e:cc:a4:81:
- 5c:19:db:d2:6f:66:b5:bb:2b:ae:6b:c9:74:04:a8:24:de:e8:
- c5:d3:fc:2c:1c:d7:8f:db:6a:8d:c9:53:be:5d:50:73:ac:cf:
- 1f:93:c0:52:50:5b:a2:4f:fe:ad:65:36:17:46:d1:2d:e5:a2:
- 90:66:05:db:29:4e:5d:50:5d:e3:4f:da:a0:8f:f0:6b:e4:16:
- 70:dd:7f:f3:77:7d:b9:4e:f9:ec:c3:33:02:d7:e9:63:2f:31:
- e7:40:61:a4
------BEGIN CERTIFICATE-----
-MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO
-TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV
-BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX
-DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB
-MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb
-cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S
-G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg
-ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2
-paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7
-MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29
-iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B
-Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3
-DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH
-6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD
-2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h
-15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF
-0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg
-j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk
------END CERTIFICATE-----
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 11 (0xb)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
- Validity
- Not Before: Nov 8 23:39:47 2016 GMT
- Not After : Nov 6 23:39:47 2026 GMT
- Subject: O=ICANN, CN=ICANN EMAIL CA
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:d2:19:1e:22:69:33:f6:a4:d2:76:c5:80:11:75:
- 8e:d0:e8:6f:bf:89:f8:2a:6a:da:8a:85:28:40:ba:
- c5:23:5f:47:ed:72:e2:8e:d3:5c:c8:8a:3a:99:a9:
- 57:2c:0a:2b:22:f3:54:7b:8b:f7:8c:21:a2:50:01:
- 4f:8b:af:34:df:72:fc:78:31:d0:1d:eb:bc:9b:e6:
- fa:c1:84:d0:05:07:8a:74:53:a5:60:9e:eb:75:9e:
- a8:5d:32:c8:02:32:e4:bf:cb:97:9b:7a:fa:2c:f6:
- 6a:1d:b8:57:ad:e3:03:22:93:d0:f4:4f:a8:b8:01:
- db:82:33:98:b6:87:ed:3d:67:40:00:27:2e:d5:95:
- d2:ad:36:46:14:c6:17:79:65:7f:65:f3:88:80:65:
- 7c:22:67:08:23:3c:cf:a5:10:38:72:30:97:92:6f:
- 20:4a:ba:24:4c:4a:c8:4a:a5:dc:2a:44:a1:29:78:
- b4:9f:fe:84:ff:27:5b:3a:72:ea:31:c1:ad:06:22:
- d6:44:a0:4a:57:32:9c:f2:46:47:d0:89:6e:20:23:
- 2c:ea:b0:83:7e:c1:f3:ea:da:dd:e3:63:59:97:21:
- fa:1b:11:39:27:cf:82:8b:56:15:d4:36:92:0c:a5:
- 7e:80:e0:18:c9:50:08:42:0a:df:97:3c:9c:b8:0a:
- 4d:b1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints: critical
- CA:TRUE
- X509v3 Key Usage: critical
- Certificate Sign, CRL Sign
- X509v3 Authority Key Identifier:
- keyid:BA:52:E9:49:83:24:86:52:2F:C7:99:CD:FC:8D:6B:69:08:4D:C0:50
-
- X509v3 Subject Key Identifier:
- 7B:3F:BA:CE:A1:B3:A6:13:2E:5A:82:84:D4:D2:EA:A5:24:F1:CD:B4
- Signature Algorithm: sha256WithRSAEncryption
- 0e:8a:c9:ea:6f:9c:e9:23:b6:9c:a6:a4:c2:d1:b1:ee:25:18:
- 24:2b:79:d4:a8:f2:99:b9:5c:91:4d:e6:2b:32:2e:01:f5:87:
- 95:64:fc:6d:f1:87:fa:24:b4:43:4b:49:f3:84:54:44:eb:af:
- 41:ab:49:ab:c8:b7:32:6c:14:83:5b:d7:2c:41:f9:89:d5:c4:
- 2b:9a:55:c5:b6:ad:17:d5:4d:bc:41:58:56:72:0d:db:b7:7d:
- 57:c6:a2:9c:7e:6b:67:ae:26:f8:26:45:bb:c4:95:2e:ea:71:
- e3:b4:7a:69:95:a4:8a:80:f8:59:dc:88:6e:e1:a7:fc:bb:8e:
- b2:aa:a8:b6:1b:2f:2c:97:a5:12:d5:82:ae:a0:e8:a6:15:fd:
- d1:e0:5d:e4:84:b1:76:db:0a:e2:ca:58:2e:d3:df:48:4e:46:
- ac:c6:35:79:17:99:ce:e9:be:2c:e4:c2:50:ff:5b:96:15:cd:
- 64:ac:1b:db:fe:d2:ac:43:61:c8:5f:ee:24:b6:a4:3b:d2:ff:
- 0a:f4:0c:88:58:a1:9d:a4:c1:1f:6a:6c:67:90:98:e8:1f:5e:
- 2d:55:60:91:26:2a:b1:66:80:e4:e6:0e:05:2c:75:a9:ca:0b:
- e4:a0:8f:e1:47:a8:8f:61:5d:7c:ce:09:60:88:48:c3:46:bf:
- be:7e:36:be
------BEGIN CERTIFICATE-----
-MIIDZDCCAkygAwIBAgIBCzANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO
-TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV
-BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTE2MTEwODIzMzk0N1oX
-DTI2MTEwNjIzMzk0N1owKTEOMAwGA1UEChMFSUNBTk4xFzAVBgNVBAMTDklDQU5O
-IEVNQUlMIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hkeImkz
-9qTSdsWAEXWO0Ohvv4n4KmraioUoQLrFI19H7XLijtNcyIo6malXLAorIvNUe4v3
-jCGiUAFPi68033L8eDHQHeu8m+b6wYTQBQeKdFOlYJ7rdZ6oXTLIAjLkv8uXm3r6
-LPZqHbhXreMDIpPQ9E+ouAHbgjOYtoftPWdAACcu1ZXSrTZGFMYXeWV/ZfOIgGV8
-ImcIIzzPpRA4cjCXkm8gSrokTErISqXcKkShKXi0n/6E/ydbOnLqMcGtBiLWRKBK
-VzKc8kZH0IluICMs6rCDfsHz6trd42NZlyH6GxE5J8+Ci1YV1DaSDKV+gOAYyVAI
-QgrflzycuApNsQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwIBBjAfBgNVHSMEGDAWgBS6UulJgySGUi/Hmc38jWtpCE3AUDAdBgNVHQ4EFgQU
-ez+6zqGzphMuWoKE1NLqpSTxzbQwDQYJKoZIhvcNAQELBQADggEBAA6KyepvnOkj
-tpympMLRse4lGCQredSo8pm5XJFN5isyLgH1h5Vk/G3xh/oktENLSfOEVETrr0Gr
-SavItzJsFINb1yxB+YnVxCuaVcW2rRfVTbxBWFZyDdu3fVfGopx+a2euJvgmRbvE
-lS7qceO0emmVpIqA+FnciG7hp/y7jrKqqLYbLyyXpRLVgq6g6KYV/dHgXeSEsXbb
-CuLKWC7T30hORqzGNXkXmc7pvizkwlD/W5YVzWSsG9v+0qxDYchf7iS2pDvS/wr0
-DIhYoZ2kwR9qbGeQmOgfXi1VYJEmKrFmgOTmDgUsdanKC+Sgj+FHqI9hXXzOCWCI
-SMNGv75+Nr4=
------END CERTIFICATE-----
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 10 (0xa)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
- Validity
- Not Before: Nov 8 23:38:16 2016 GMT
- Not After : Nov 6 23:38:16 2026 GMT
- Subject: O=ICANN, CN=ICANN SSL CA
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:dd:c6:ab:bf:7c:66:9d:b3:2b:96:00:14:c7:60:
- 7a:8d:62:5b:26:4b:30:d7:b3:4c:82:69:c6:4d:4d:
- 73:f3:d4:91:21:5d:ab:35:f0:c8:04:0e:f4:a3:35:
- e2:e1:18:a9:98:12:03:58:f8:9f:eb:77:54:5b:89:
- 81:26:c9:aa:c2:f4:c9:0c:82:57:2a:5e:05:e9:61:
- 17:cc:19:18:71:eb:35:83:c1:86:9d:ec:f1:6b:ca:
- dd:a1:96:0b:95:d4:e1:0f:9e:24:6f:dc:3c:d0:28:
- 9e:f2:53:47:2b:a1:ad:32:03:c8:3f:0d:80:80:7d:
- f0:02:d2:6e:5a:2c:44:21:9b:09:50:15:3f:a1:3d:
- d3:c9:c8:24:e7:ea:4e:92:2f:94:90:2e:de:e7:68:
- f6:c6:b3:90:1f:bc:c9:7b:a2:65:d7:11:e9:8b:f0:
- 3a:5a:b7:17:07:df:69:e3:6e:b9:54:6a:8e:3a:aa:
- 94:7f:2c:0a:a1:ad:ba:b7:d9:60:62:27:a7:71:40:
- 3b:8e:b0:84:7b:b8:c8:67:ef:66:ba:3d:ac:c3:85:
- e5:86:bb:a7:9c:fd:b6:e1:c0:10:53:3d:d4:7e:1b:
- 09:e6:9f:22:5c:a7:27:09:7e:27:12:33:fa:df:9b:
- 20:2f:14:f7:17:c0:e4:1e:07:91:1f:f9:9a:cd:a8:
- e2:c5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints: critical
- CA:TRUE
- X509v3 Key Usage: critical
- Certificate Sign, CRL Sign
- X509v3 Authority Key Identifier:
- keyid:BA:52:E9:49:83:24:86:52:2F:C7:99:CD:FC:8D:6B:69:08:4D:C0:50
-
- X509v3 Subject Key Identifier:
- 6E:77:A8:40:10:4A:D8:9C:0C:F2:B7:5A:3A:A5:2F:79:4A:61:14:D8
- Signature Algorithm: sha256WithRSAEncryption
- 47:46:4f:c7:5f:46:e3:d1:dc:fc:2b:f8:fc:65:ce:36:b1:f4:
- 5f:ee:14:75:a3:d9:5f:de:75:4b:fa:7b:88:9f:10:8c:2e:97:
- cc:35:1b:ce:24:d3:36:60:95:d5:ae:11:b6:3f:8b:f4:12:69:
- 85:b5:3b:2a:b6:ab:7a:81:85:c2:55:57:ed:d0:b5:e7:4f:54:
- 37:51:24:c9:d5:07:3a:ef:b6:c5:1a:3e:14:29:a7:a6:f8:08:
- 2a:0b:26:79:f9:62:85:4a:e5:ea:90:ca:71:38:16:91:4e:7e:
- fd:e3:b3:f3:55:8f:5a:d0:86:cf:33:94:88:f1:90:99:cb:81:
- e2:81:92:68:2f:c3:61:d5:52:8d:e6:9a:5b:00:83:42:27:88:
- f6:d9:fa:d1:bc:bb:b0:bc:b5:14:0b:4e:1a:54:ef:fa:d6:9d:
- c4:0c:fc:ed:15:ab:21:4b:45:b5:d9:3b:ed:3c:d5:1e:2e:7a:
- 83:6f:24:45:d4:4c:b4:ef:60:43:18:d0:84:5d:16:7b:f5:50:
- 80:b1:a9:c2:8f:3b:c8:90:08:fd:aa:17:13:19:38:19:d1:8e:
- 85:7c:1e:57:16:8c:f9:8a:e8:29:25:38:cd:bb:55:8e:4a:6a:
- 6f:e5:7d:fc:d7:55:d6:ae:38:07:96:c1:97:ff:e5:2b:4f:99:
- 2d:70:f2:08
------BEGIN CERTIFICATE-----
-MIIDYjCCAkqgAwIBAgIBCjANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO
-TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV
-BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTE2MTEwODIzMzgxNloX
-DTI2MTEwNjIzMzgxNlowJzEOMAwGA1UEChMFSUNBTk4xFTATBgNVBAMTDElDQU5O
-IFNTTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3Gq798Zp2z
-K5YAFMdgeo1iWyZLMNezTIJpxk1Nc/PUkSFdqzXwyAQO9KM14uEYqZgSA1j4n+t3
-VFuJgSbJqsL0yQyCVypeBelhF8wZGHHrNYPBhp3s8WvK3aGWC5XU4Q+eJG/cPNAo
-nvJTRyuhrTIDyD8NgIB98ALSblosRCGbCVAVP6E908nIJOfqTpIvlJAu3udo9saz
-kB+8yXuiZdcR6YvwOlq3FwffaeNuuVRqjjqqlH8sCqGturfZYGInp3FAO46whHu4
-yGfvZro9rMOF5Ya7p5z9tuHAEFM91H4bCeafIlynJwl+JxIz+t+bIC8U9xfA5B4H
-kR/5ms2o4sUCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
-AQYwHwYDVR0jBBgwFoAUulLpSYMkhlIvx5nN/I1raQhNwFAwHQYDVR0OBBYEFG53
-qEAQSticDPK3WjqlL3lKYRTYMA0GCSqGSIb3DQEBCwUAA4IBAQBHRk/HX0bj0dz8
-K/j8Zc42sfRf7hR1o9lf3nVL+nuInxCMLpfMNRvOJNM2YJXVrhG2P4v0EmmFtTsq
-tqt6gYXCVVft0LXnT1Q3USTJ1Qc677bFGj4UKaem+AgqCyZ5+WKFSuXqkMpxOBaR
-Tn7947PzVY9a0IbPM5SI8ZCZy4HigZJoL8Nh1VKN5ppbAINCJ4j22frRvLuwvLUU
-C04aVO/61p3EDPztFashS0W12TvtPNUeLnqDbyRF1Ey072BDGNCEXRZ79VCAsanC
-jzvIkAj9qhcTGTgZ0Y6FfB5XFoz5iugpJTjNu1WOSmpv5X3811XWrjgHlsGX/+Ur
-T5ktcPII
------END CERTIFICATE-----
diff --git a/config/unbound/root.hints b/config/unbound/root.hints
deleted file mode 100644
index abd2b4f8be..0000000000
--- a/config/unbound/root.hints
+++ /dev/null
@@ -1,92 +0,0 @@
-; This file holds the information on root name servers needed to
-; initialize cache of Internet domain name servers
-; (e.g. reference this file in the "cache . <file>"
-; configuration file of BIND domain name servers).
-;
-; This file is made available by InterNIC
-; under anonymous FTP as
-; file /domain/named.cache
-; on server FTP.INTERNIC.NET
-; -OR- RS.INTERNIC.NET
-;
-; last update: December 18, 2024
-; related version of root zone: 2024121801
-;
-; FORMERLY NS.INTERNIC.NET
-;
-. 3600000 NS A.ROOT-SERVERS.NET.
-A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
-A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
-;
-; FORMERLY NS1.ISI.EDU
-;
-. 3600000 NS B.ROOT-SERVERS.NET.
-B.ROOT-SERVERS.NET. 3600000 A 170.247.170.2
-B.ROOT-SERVERS.NET. 3600000 AAAA 2801:1b8:10::b
-;
-; FORMERLY C.PSI.NET
-;
-. 3600000 NS C.ROOT-SERVERS.NET.
-C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
-C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
-;
-; FORMERLY TERP.UMD.EDU
-;
-. 3600000 NS D.ROOT-SERVERS.NET.
-D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
-D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
-;
-; FORMERLY NS.NASA.GOV
-;
-. 3600000 NS E.ROOT-SERVERS.NET.
-E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
-E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
-;
-; FORMERLY NS.ISC.ORG
-;
-. 3600000 NS F.ROOT-SERVERS.NET.
-F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
-F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
-;
-; FORMERLY NS.NIC.DDN.MIL
-;
-. 3600000 NS G.ROOT-SERVERS.NET.
-G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
-G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
-;
-; FORMERLY AOS.ARL.ARMY.MIL
-;
-. 3600000 NS H.ROOT-SERVERS.NET.
-H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
-H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
-;
-; FORMERLY NIC.NORDU.NET
-;
-. 3600000 NS I.ROOT-SERVERS.NET.
-I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
-I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
-;
-; OPERATED BY VERISIGN, INC.
-;
-. 3600000 NS J.ROOT-SERVERS.NET.
-J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
-J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
-;
-; OPERATED BY RIPE NCC
-;
-. 3600000 NS K.ROOT-SERVERS.NET.
-K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
-K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
-;
-; OPERATED BY ICANN
-;
-. 3600000 NS L.ROOT-SERVERS.NET.
-L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
-L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
-;
-; OPERATED BY WIDE
-;
-. 3600000 NS M.ROOT-SERVERS.NET.
-M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
-M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
-; End of file
\ No newline at end of file
diff --git a/config/unbound/root.key b/config/unbound/root.key
deleted file mode 100644
index 3d1fb4b95a..0000000000
--- a/config/unbound/root.key
+++ /dev/null
@@ -1,2 +0,0 @@
-. 172800 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b}
-. 172800 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b}
diff --git a/config/unbound/unbound-dhcp-leases-bridge b/config/unbound/unbound-dhcp-leases-bridge
deleted file mode 100644
index 4a6f9587f8..0000000000
--- a/config/unbound/unbound-dhcp-leases-bridge
+++ /dev/null
@@ -1,892 +0,0 @@
-#!/usr/bin/python3
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2016 Michael Tremer #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-import argparse
-import datetime
-import daemon
-import filecmp
-import functools
-import ipaddress
-import logging
-import logging.handlers
-import os
-import queue
-import re
-import signal
-import socket
-import stat
-import subprocess
-import sys
-import tempfile
-import threading
-
-LOCAL_TTL = 60
-
-log = logging.getLogger("dhcp")
-log.setLevel(logging.DEBUG)
-
-def setup_logging(daemon=True, loglevel=logging.INFO):
- log.setLevel(loglevel)
-
- # Log to syslog by default
- handler = logging.handlers.SysLogHandler(address="/dev/log", facility="daemon")
- log.addHandler(handler)
-
- # Format everything
- formatter = logging.Formatter("%(name)s[%(process)d]: %(message)s")
- handler.setFormatter(formatter)
-
- handler.setLevel(loglevel)
-
- # If we are running in foreground, we should write everything to the console, too
- if not daemon:
- handler = logging.StreamHandler()
- log.addHandler(handler)
-
- handler.setLevel(loglevel)
-
- return log
-
-class UnboundDHCPLeasesBridge(object):
- def __init__(self, dhcp_leases_file, fix_leases_file, unbound_leases_file, hosts_file, socket_path):
- self.leases_file = dhcp_leases_file
- self.fix_leases_file = fix_leases_file
- self.hosts_file = hosts_file
- self.socket_path = socket_path
-
- self.socket = None
-
- # Store all known leases
- self.leases = set()
-
- # Create a queue for all received events
- self.queue = queue.Queue()
-
- # Initialize the worker
- self.worker = Worker(self.queue, callback=self._handle_message)
-
- # Initialize the watcher
- self.watcher = Watcher(reload=self.reload)
-
- self.unbound = UnboundConfigWriter(unbound_leases_file)
-
- def run(self):
- log.info("Unbound DHCP Leases Bridge started on %s" % self.leases_file)
-
- # Launch the worker
- self.worker.start()
-
- # Launch the watcher
- self.watcher.start()
-
- # Open the server socket
- self.socket = self._open_socket(self.socket_path)
-
- while True:
- # Accept any incoming connections
- try:
- conn, peer = self.socket.accept()
- except OSError as e:
- break
-
- try:
- # Receive what the client is sending
- data, ancillary_data, flags, address = conn.recvmsg(4096)
-
- # Log that we have received some data
- log.debug("Received message of %s byte(s)" % len(data))
-
- # Decode the data
- message = self._decode_message(data)
-
- # Add the message to the queue
- self.queue.put(message)
-
- conn.send(b"OK\n")
-
- # Send ERROR to the client if something went wrong
- except Exception as e:
- log.error("Could not handle message: %s" % e)
-
- conn.send(b"ERROR\n")
- continue
-
- # Close the connection
- finally:
- conn.close()
-
- # Terminate the worker
- self.queue.put(None)
-
- # Terminate the watcher
- self.watcher.terminate()
-
- # Wait for the worker and watcher to finish
- self.worker.join()
- self.watcher.join()
-
- log.info("Unbound DHCP Leases Bridge terminated")
-
- def _open_socket(self, path):
- # Allocate a new socket
- s = socket.socket(family=socket.AF_UNIX, type=socket.SOCK_STREAM)
-
- # Unlink any old sockets
- try:
- os.unlink(path)
- except FileNotFoundError as e:
- pass
-
- # Bind the socket
- try:
- s.bind(self.socket_path)
- except OSError as e:
- log.error("Could not open socket at %s: %s" % (path, e))
-
- raise SystemExit(1) from e
-
- # Listen
- s.listen(128)
-
- return s
-
- def _decode_message(self, data):
- message = {}
-
- for line in data.splitlines():
- # Skip empty lines
- if not line:
- continue
-
- # Try to decode the line
- try:
- line = line.decode()
- except UnicodeError as e:
- log.error("Could not decode %r: %s" % (line, e))
-
- raise e
-
- # Split the line
- key, _, value = line.partition("=")
-
- # Skip the line if it does not have a value
- if not _:
- raise ValueError("No value given")
-
- # Store the attributes
- message[key] = value
-
- return message
-
- def _handle_message(self, message):
- log.debug("Handling message:")
- for key in message:
- log.debug(" %-20s = %s" % (key, message[key]))
-
- # Extract the event type
- event = message.get("EVENT")
-
- # Check if event is set
- if not event:
- raise ValueError("The message does not have EVENT set")
-
- # COMMIT
- elif event == "commit":
- address = message.get("ADDRESS")
- name = message.get("NAME")
-
- # Find the old lease
- old_lease = self._find_lease(address)
-
- # Don't update fixed leases as they might clear the hostname
- if old_lease and old_lease.fixed:
- log.debug("Won't update fixed lease %s" % old_lease)
- return
-
- # Create a new lease
- lease = Lease(address, {
- "client-hostname" : name,
- })
- self._add_lease(lease)
-
- # Can we skip the update?
- if old_lease:
- if lease.rrset == old_lease.rrset:
- log.debug("Won't update %s as nothing has changed" % lease)
- return
-
- # Remove the old lease first
- self.unbound.remove_lease(old_lease)
- self._remove_lease(old_lease)
-
- # Apply the lease
- self.unbound.apply_lease(lease)
-
- # RELEASE/EXPIRY
- elif event in ("release", "expiry"):
- address = message.get("ADDRESS")
-
- # Find the lease
- lease = self._find_lease(address)
-
- if not lease:
- log.warning("Could not find lease for %s" % address)
- return
-
- # Remove the lease
- self.unbound.remove_lease(lease)
- self._remove_lease(lease)
-
- # Raise an error if the event is not supported
- else:
- raise ValueError("Unsupported event: %s" % event)
-
- def update_dhcp_leases(self):
- # Drop all known leases
- self.leases.clear()
-
- # Add all dynamic leases
- for lease in DHCPLeases(self.leases_file):
- self._add_lease(lease)
-
- # Add all static leases
- for lease in FixLeases(self.fix_leases_file):
- self._add_lease(lease)
-
- # Dump leases
- if self.leases:
- log.debug("DHCP Leases:")
- for lease in self.leases:
- log.debug(" %s:" % lease.fqdn)
- log.debug(" Start: %s" % lease.time_starts)
- log.debug(" End : %s" % lease.time_ends)
- if lease.has_expired():
- log.debug(" Expired")
-
- self.unbound.update_dhcp_leases([l for l in self.leases if not l.has_expired()])
-
- def _add_lease(self, lease):
- # Skip leases without a FQDN
- if not lease.fqdn:
- log.debug("Skipping lease without a FQDN: %s" % lease)
- return
-
- # Skip any leases that also are a static host
- elif lease.fqdn in self.hosts:
- log.debug("Skipping lease for which a static host exists: %s" % lease)
- return
-
- # Don't add expired leases
- elif lease.has_expired():
- log.debug("Skipping expired lease: %s" % lease)
- return
-
- # Remove any previous leases
- self._remove_lease(lease)
-
- # Store the lease
- self.leases.add(lease)
-
- def _find_lease(self, ipaddr):
- """
- Returns the lease with the specified IP address
- """
- if not isinstance(ipaddr, ipaddress.IPv4Address):
- ipaddr = ipaddress.IPv4Address(ipaddr)
-
- for lease in self.leases:
- if lease.ipaddr == ipaddr:
- return lease
-
- def _remove_lease(self, lease):
- try:
- self.leases.remove(lease)
- except KeyError:
- pass
-
- def read_static_hosts(self):
- log.info("Reading static hosts from %s" % self.hosts_file)
-
- hosts = {}
- with open(self.hosts_file) as f:
- for line in f.readlines():
- line = line.rstrip()
-
- try:
- enabled, ipaddr, hostname, domainname, generateptr = line.split(",")
- except:
- log.warning("Could not parse line: %s" % line)
- continue
-
- # Skip any disabled entries
- if not enabled == "on":
- continue
-
- if hostname and domainname:
- fqdn = "%s.%s" % (hostname, domainname)
- elif hostname:
- fqdn = hostname
- elif domainname:
- fqdn = domainname
-
- try:
- hosts[fqdn].append(ipaddr)
- hosts[fqdn].sort()
- except KeyError:
- hosts[fqdn] = [ipaddr,]
-
- # Dump everything in the logs
- log.debug("Static hosts:")
- for name in hosts:
- log.debug(" %-20s : %s" % (name, ", ".join(hosts[name])))
-
- return hosts
-
- def reload(self, *args, **kwargs):
- # Read all static hosts
- self.hosts = self.read_static_hosts()
-
- # Unconditionally update all leases and reload Unbound
- self.update_dhcp_leases()
-
- def terminate(self, *args, **kwargs):
- # Close the socket
- if self.socket:
- self.socket.close()
-
-
-class Watcher(threading.Thread):
- """
- Watches if Unbound is still running.
- """
- def __init__(self, reload, *args, **kwargs):
- super().__init__(*args, **kwargs)
-
- self.reload = reload
-
- # Set to true if this thread should be terminated
- self._terminated = threading.Event()
-
- def run(self):
- log.debug("Watcher launched")
-
- pidfd = None
-
- while True:
- # One iteration takes 30 seconds unless we don't know the process
- # when we try to find it once a second.
- if self._terminated.wait(30 if pidfd else 1):
- break
-
- # Fetch a PIDFD for Unbound
- if pidfd is None:
- pidfd = self._get_pidfd()
-
- # If we could not acquire a PIDFD, we will try again soon...
- if not pidfd:
- log.warning("Cannot find Unbound...")
- continue
-
- # Since Unbound has been restarted, we need to reload it all...
- self.reload()
-
- log.debug("Checking if Unbound is still alive...")
-
- # Send the process a signal
- try:
- signal.pidfd_send_signal(pidfd, signal.SIG_DFL)
-
- # If the process has died, we land here and will have to wait until Unbound
- # has come back and reload it...
- except ProcessLookupError as e:
- log.error("Unbound has died")
-
- # Reset the PIDFD
- pidfd = None
-
- else:
- log.debug("Unbound is alive")
-
- log.debug("Watcher terminated")
-
- def terminate(self):
- """
- Called to signal this thread to terminate
- """
- self._terminated.set()
-
- def _get_pidfd(self):
- """
- Returns a PIDFD for unbound if it is running, otherwise None.
- """
- # Try to find the PID
- pid = pidof("unbound")
-
- if pid:
- log.debug("Unbound is running as PID %s" % pid)
-
- # Open a PIDFD
- pidfd = os.pidfd_open(pid)
-
- log.debug("Acquired PIDFD %s for PID %s" % (pidfd, pid))
-
- return pidfd
-
-
-class Worker(threading.Thread):
- """
- The worker is launched in a separate thread
- which allows us to perform some tasks asynchronously.
- """
- def __init__(self, queue, callback):
- super().__init__()
-
- self.queue = queue
- self.callback = callback
-
- def run(self):
- log.debug("Worker %s launched" % self.native_id)
-
- while True:
- message = self.queue.get()
-
- # If the message is None, we have to quit
- if message is None:
- break
-
- # Call the callback
- try:
- self.callback(message)
- except Exception as e:
- log.error("Callback failed: %s" % e, exc_info=True)
-
- log.debug("Worker %s terminated" % self.native_id)
-
-
-class DHCPLeases(object):
- regex_leaseblock = re.compile(r"lease (?P<ipaddr>\d+\.\d+\.\d+\.\d+) {(?P<config>[\s\S]+?)\n}")
-
- def __init__(self, path):
- self.path = path
-
- self._leases = self._parse()
-
- def __iter__(self):
- return iter(self._leases)
-
- def _parse(self):
- log.info("Reading DHCP leases from %s" % self.path)
-
- leases = []
-
- with open(self.path) as f:
- # Read entire leases file
- data = f.read()
-
- for match in self.regex_leaseblock.finditer(data):
- block = match.groupdict()
-
- ipaddr = block.get("ipaddr")
- config = block.get("config")
-
- properties = self._parse_block(config)
-
- # Skip any abandoned leases
- if not "hardware" in properties:
- continue
-
- # Skip inactive leases
- elif not properties.get("binding", "state active"):
- continue
-
- lease = Lease(ipaddr, properties)
- leases.append(lease)
-
- return leases
-
- def _parse_block(self, block):
- properties = {}
-
- for line in block.splitlines():
- if not line:
- continue
-
- # Remove trailing ; from line
- if line.endswith(";"):
- line = line[:-1]
-
- # Invalid line if it doesn't end with ;
- else:
- continue
-
- # Remove any leading whitespace
- line = line.lstrip()
-
- # We skip all options and sets
- if line.startswith("option") or line.startswith("set"):
- continue
-
- # Split by first space
- key, val = line.split(" ", 1)
- properties[key] = val
-
- return properties
-
-
-class FixLeases(object):
- def __init__(self, path):
- self.path = path
-
- self._leases = self._parse()
-
- def __iter__(self):
- return iter(self._leases)
-
- def _parse(self):
- log.info("Reading fix leases from %s" % self.path)
-
- now = datetime.datetime.utcnow()
-
- leases = []
-
- with open(self.path) as f:
- for line in f.readlines():
- line = line.rstrip()
-
- try:
- hwaddr, ipaddr, enabled, a, b, c, hostname = line.split(",")
- except ValueError:
- log.warning("Could not parse line: %s" % line)
- continue
-
- # Skip any disabled leases
- if not enabled == "on":
- continue
-
- l = Lease(ipaddr, {
- "binding" : "state active",
- "client-hostname" : hostname,
- "starts" : now.strftime("%w %Y/%m/%d %H:%M:%S"),
- "ends" : "never",
- }, fixed=True)
- leases.append(l)
-
- return leases
-
-
-class Lease(object):
- def __init__(self, ipaddr, properties, fixed=False):
- if not isinstance(ipaddr, ipaddress.IPv4Address):
- ipaddr = ipaddress.IPv4Address(ipaddr)
-
- self.ipaddr = ipaddr
- self._properties = properties
- self.fixed = fixed
-
- def __repr__(self):
- return "<%s for %s (%s)>" % (self.__class__.__name__, self.ipaddr, self.hostname)
-
- def __eq__(self, other):
- if isinstance(other, self.__class__):
- return self.ipaddr == other.ipaddr
-
- return NotImplemented
-
- def __gt__(self, other):
- if isinstance(other, self.__class__):
- if not self.ipaddr == other.ipaddr:
- return NotImplemented
-
- return self.time_starts > other.time_starts
-
- return NotImplemented
-
- def __hash__(self):
- return hash(self.ipaddr)
-
- @property
- def hostname(self):
- hostname = self._properties.get("client-hostname")
-
- if hostname is None:
- return
-
- # Remove any ""
- hostname = hostname.replace("\"", "")
-
- # Only return valid hostnames
- m = re.match(r"^[A-Z0-9\-]{1,63}$", hostname, re.I)
- if m:
- return hostname
-
- @property
- def domain(self):
- # Load ethernet settings
- ethernet_settings = self.read_settings("/var/ipfire/ethernet/settings")
-
- # Load DHCP settings
- dhcp_settings = self.read_settings("/var/ipfire/dhcp/settings")
-
- subnets = {}
- for zone in ("GREEN", "BLUE"):
- if not dhcp_settings.get("ENABLE_%s" % zone) == "on":
- continue
-
- netaddr = ethernet_settings.get("%s_NETADDRESS" % zone)
- submask = ethernet_settings.get("%s_NETMASK" % zone)
-
- subnet = ipaddress.ip_network("%s/%s" % (netaddr, submask))
- domain = dhcp_settings.get("DOMAIN_NAME_%s" % zone)
-
- subnets[subnet] = domain
-
- address = ipaddress.ip_address(self.ipaddr)
-
- for subnet in subnets:
- if address in subnet:
- return subnets[subnet]
-
- # Load main settings
- settings = self.read_settings("/var/ipfire/main/settings")
-
- # Fall back to the host domain if no match could be found
- return settings.get("DOMAINNAME", "localdomain")
-
- @staticmethod
- @functools.cache
- def read_settings(filename):
- settings = {}
-
- with open(filename) as f:
- for line in f.readlines():
- # Remove line-breaks
- line = line.rstrip()
-
- k, v = line.split("=", 1)
- settings[k] = v
-
- return settings
-
- @property
- def fqdn(self):
- if self.hostname:
- return "%s.%s" % (self.hostname, self.domain)
-
- @staticmethod
- def _parse_time(s):
- return datetime.datetime.strptime(s, "%w %Y/%m/%d %H:%M:%S")
-
- @property
- def time_starts(self):
- starts = self._properties.get("starts")
-
- if starts:
- return self._parse_time(starts)
-
- @property
- def time_ends(self):
- ends = self._properties.get("ends")
-
- if not ends or ends == "never":
- return
-
- return self._parse_time(ends)
-
- def has_expired(self):
- if not self.time_starts:
- return
-
- if not self.time_ends:
- return self.time_starts > datetime.datetime.utcnow()
-
- return not self.time_starts < datetime.datetime.utcnow() < self.time_ends
-
- @property
- def rrset(self):
- # If the lease does not have a valid FQDN, we cannot create any RRs
- if self.fqdn is None:
- return []
-
- return [
- # Forward record
- (self.fqdn, "%s" % LOCAL_TTL, "IN A", "%s" % self.ipaddr),
-
- # Reverse record
- (self.ipaddr.reverse_pointer, "%s" % LOCAL_TTL,
- "IN PTR", self.fqdn),
- ]
-
-
-class UnboundConfigWriter(object):
- def __init__(self, path):
- self.path = path
-
- def update_dhcp_leases(self, leases):
- # Write out all leases
- if self.write_dhcp_leases(leases):
- log.debug("Reloading Unbound...")
-
- # Reload the configuration without dropping the cache
- self._control("reload_keep_cache")
-
- def write_dhcp_leases(self, leases):
- log.debug("Writing DHCP leases...")
-
- with tempfile.NamedTemporaryFile(mode="w") as f:
- for l in sorted(leases, key=lambda x: x.ipaddr):
- for rr in l.rrset:
- f.write("local-data: \"%s\"\n" % " ".join(rr))
-
- # Flush the file
- f.flush()
-
- # Compare if the new leases file has changed from the previous version
- try:
- if filecmp.cmp(f.name, self.path, shallow=False):
- log.debug("The generated leases file has not changed")
-
- return False
-
- # Remove the old file
- os.unlink(self.path)
-
- # If the previous file did not exist, just keep falling through
- except FileNotFoundError:
- pass
-
- # Make file readable for everyone
- os.fchmod(f.fileno(), stat.S_IRUSR|stat.S_IWUSR|stat.S_IRGRP|stat.S_IROTH)
-
- # Move the file to its destination
- os.link(f.name, self.path)
-
- return True
-
- def _control(self, *args):
- command = ["unbound-control"]
- command.extend(args)
-
- # Log what we are doing
- log.debug("Running %s" % " ".join(command))
-
- try:
- subprocess.check_output(command)
-
- # Log any errors
- except subprocess.CalledProcessError as e:
- log.critical("Could not run %s, error code: %s: %s" % (
- " ".join(command), e.returncode, e.output))
-
- raise e
-
- def apply_lease(self, lease):
- """
- This method takes a lease and updates Unbound at runtime.
- """
- log.debug("Applying lease %s" % lease)
-
- for rr in lease.rrset:
- log.debug("Adding new record %s" % " ".join(rr))
-
- self._control("local_data", *rr)
-
- def remove_lease(self, lease):
- """
- This method takes a lease and removes it from Unbound at runtime.
- """
- log.debug("Removing lease %s" % lease)
-
- for name, ttl, type, content in lease.rrset:
- log.debug("Removing records for %s" % name)
-
- self._control("local_data_remove", name)
-
-
-def pidof(program):
- """
- Returns the first PID of the given program.
- """
- try:
- output = subprocess.check_output(["pidof", program])
- except subprocess.CalledProcessError as e:
- return
-
- # Convert to string
- output = output.decode()
-
- # Return the first PID
- for pid in output.split():
- try:
- pid = int(pid)
- except ValueError:
- continue
-
- return pid
-
-
-if __name__ == "__main__":
- parser = argparse.ArgumentParser(description="Bridge for DHCP Leases and Unbound DNS")
-
- # Daemon Stuff
- parser.add_argument("--daemon", "-d", action="store_true",
- help="Launch as daemon in background")
- parser.add_argument("--verbose", "-v", action="count", help="Be more verbose")
-
- # Paths
- parser.add_argument("--dhcp-leases", default="/var/state/dhcp/dhcpd.leases",
- metavar="PATH", help="Path to the DHCPd leases file")
- parser.add_argument("--unbound-leases", default="/etc/unbound/dhcp-leases.conf",
- metavar="PATH", help="Path to the unbound configuration file")
- parser.add_argument("--fix-leases", default="/var/ipfire/dhcp/fixleases",
- metavar="PATH", help="Path to the fix leases file")
- parser.add_argument("--hosts", default="/var/ipfire/main/hosts",
- metavar="PATH", help="Path to static hosts file")
- parser.add_argument("--socket-path", default="/var/run/unbound-dhcp-leases-bridge.sock",
- metavar="PATH", help="Socket Path",
- )
-
- # Parse command line arguments
- args = parser.parse_args()
-
- # Setup logging
- loglevel = logging.WARN
-
- if args.verbose:
- if args.verbose == 1:
- loglevel = logging.INFO
- elif args.verbose >= 2:
- loglevel = logging.DEBUG
-
- bridge = UnboundDHCPLeasesBridge(args.dhcp_leases, args.fix_leases,
- args.unbound_leases, args.hosts, socket_path=args.socket_path)
-
- with daemon.DaemonContext(
- detach_process=args.daemon,
- stderr=None if args.daemon else sys.stderr,
- signal_map = {
- signal.SIGHUP : bridge.reload,
- signal.SIGINT : bridge.terminate,
- signal.SIGTERM : bridge.terminate,
- },
- ) as daemon:
- setup_logging(daemon=args.daemon, loglevel=loglevel)
-
- bridge.run()
diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
deleted file mode 100644
index 7781f7d6b8..0000000000
--- a/config/unbound/unbound.conf
+++ /dev/null
@@ -1,86 +0,0 @@
-#
-# Unbound configuration file for IPFire
-#
-# The full documentation is available at:
-# https://nlnetlabs.nl/documentation/unbound/unbound.conf/
-#
-
-server:
- # Common Server Options
- chroot: ""
- directory: "/etc/unbound"
- username: "unbound"
- do-ip6: no
-
- # Modules
- module-config: "respip validator iterator"
-
- # System Tuning
- include: "/etc/unbound/tuning.conf"
-
- # Logging Options
- use-syslog: yes
- log-time-ascii: yes
-
- # Unbound Statistics
- statistics-interval: 86400
- extended-statistics: yes
-
- # Prefetching
- prefetch: yes
- prefetch-key: yes
-
- # Privacy Options
- hide-identity: yes
- hide-version: yes
-
- # DNSSEC
- auto-trust-anchor-file: "/var/lib/unbound/root.key"
- val-log-level: 1
- log-servfail: yes
-
- # Hardening Options
- harden-large-queries: yes
- harden-referral-path: yes
-
- # TLS
- tls-cert-bundle: /etc/ssl/certs/ca-bundle.crt
-
- # Harden against DNS cache poisoning
- unwanted-reply-threshold: 1000000
-
- # Listen on all interfaces
- interface-automatic: yes
- interface: 0.0.0.0
-
- # Allow access from everywhere
- access-control: 0.0.0.0/0 allow
-
- # Timeout behaviour
- infra-keep-probing: yes
-
- # Bootstrap root servers
- root-hints: "/etc/unbound/root.hints"
-
- # Include DHCP leases
- include: "/etc/unbound/dhcp-leases.conf"
-
- # Include hosts
- include: "/etc/unbound/hosts.conf"
-
- # Include any forward zones
- include: "/etc/unbound/forward.conf"
-
- # Include the Safe Search configuration
- include: "/etc/unbound/safesearch.conf"
-
- # Include the DNSBL configuration
- include: "/etc/unbound/dnsbl.conf"
-
-remote-control:
- control-enable: yes
- control-use-cert: no
- control-interface: 127.0.0.1
-
-# Import any local configurations
-include: "/etc/unbound/local.d/*.conf"
diff --git a/config/zabbix_agentd/ipfire_services.pl b/config/zabbix_agentd/ipfire_services.pl
index 7d7c8e6095..a51b22fed5 100755
--- a/config/zabbix_agentd/ipfire_services.pl
+++ b/config/zabbix_agentd/ipfire_services.pl
@@ -58,7 +58,7 @@ my %services = (
# DNS Proxy
'DNS Proxy Server' => {
- "process" => "unbound",
+ "process" => "kresd",
},
# Syslog
diff --git a/doc/language_issues.de b/doc/language_issues.de
index 2930f02caf..7679899e18 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -256,6 +256,7 @@ WARNING: translation string unused: dns error 1
WARNING: translation string unused: dns header
WARNING: translation string unused: dns list
WARNING: translation string unused: dns menu
+WARNING: translation string unused: dns mode for qname minimisation
WARNING: translation string unused: dns new 0
WARNING: translation string unused: dns new 1
WARNING: translation string unused: dns saved
@@ -786,8 +787,10 @@ WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
+WARNING: translation string unused: standard
WARNING: translation string unused: start ovpn server
WARNING: translation string unused: stop ovpn server
+WARNING: translation string unused: strict
WARNING: translation string unused: subject test
WARNING: translation string unused: subject warn
WARNING: translation string unused: subnet
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 109dc0f398..86363007d0 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -612,7 +612,6 @@ WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dange
WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
WARNING: untranslated string: dns isp nameservers and tls not allowed = ISP-assigned DNS servers and TLS cannot be used at the same time.
-WARNING: untranslated string: dns mode for qname minimisation = QNAME Minimisation
WARNING: untranslated string: dns no address given = No IP Address given.
WARNING: untranslated string: dns no tls hostname given = No TLS hostname given.
WARNING: untranslated string: dns proxy server = DNS Proxy Server
@@ -1736,7 +1735,6 @@ WARNING: untranslated string: ssh tempstart15 = Stop SSH Daemon in 15 minutes
WARNING: untranslated string: ssh tempstart30 = Stop SSH Daemon in 30 minutes
WARNING: untranslated string: ssh username = Username
WARNING: untranslated string: sstraffic = Net-Traffic
-WARNING: untranslated string: standard = Standard
WARNING: untranslated string: standard login script = Standard login script
WARNING: untranslated string: start = Start
WARNING: untranslated string: start address = Start address:
@@ -1749,7 +1747,6 @@ WARNING: untranslated string: status ovpn = OpenVPN
WARNING: untranslated string: std classes = Standardclasses
WARNING: untranslated string: stop = Stop
WARNING: untranslated string: stopped = STOPPED
-WARNING: untranslated string: strict = Strict
WARNING: untranslated string: subject = Subject
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: subscription code = Subscription code
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 0038f162fd..1f6839ae6c 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -281,6 +281,7 @@ WARNING: translation string unused: dns error 1
WARNING: translation string unused: dns header
WARNING: translation string unused: dns list
WARNING: translation string unused: dns menu
+WARNING: translation string unused: dns mode for qname minimisation
WARNING: translation string unused: dns new 0
WARNING: translation string unused: dns new 1
WARNING: translation string unused: dns saved
@@ -825,8 +826,10 @@ WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
+WARNING: translation string unused: standard
WARNING: translation string unused: start ovpn server
WARNING: translation string unused: stop ovpn server
+WARNING: translation string unused: strict
WARNING: translation string unused: subject test
WARNING: translation string unused: subject warn
WARNING: translation string unused: subnet
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index a00b1c6466..6c280f1316 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -281,6 +281,7 @@ WARNING: translation string unused: dns error 1
WARNING: translation string unused: dns header
WARNING: translation string unused: dns list
WARNING: translation string unused: dns menu
+WARNING: translation string unused: dns mode for qname minimisation
WARNING: translation string unused: dns new 0
WARNING: translation string unused: dns new 1
WARNING: translation string unused: dns saved
@@ -815,8 +816,10 @@ WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
+WARNING: translation string unused: standard
WARNING: translation string unused: start ovpn server
WARNING: translation string unused: stop ovpn server
+WARNING: translation string unused: strict
WARNING: translation string unused: subject test
WARNING: translation string unused: subject warn
WARNING: translation string unused: subnet
diff --git a/doc/language_issues.it b/doc/language_issues.it
index fd5542e1fd..1a7e094f9e 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1040,7 +1040,6 @@ WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dange
WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
WARNING: untranslated string: dns isp nameservers and tls not allowed = ISP-assigned DNS servers and TLS cannot be used at the same time.
-WARNING: untranslated string: dns mode for qname minimisation = QNAME Minimisation
WARNING: untranslated string: dns no address given = No IP Address given.
WARNING: untranslated string: dns no tls hostname given = No TLS hostname given.
WARNING: untranslated string: dns recursor mode = Recursor Mode
@@ -1410,8 +1409,6 @@ WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
-WARNING: untranslated string: standard = Standard
-WARNING: untranslated string: strict = Strict
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: subscription code = Subscription code
WARNING: untranslated string: system is offline = The system is offline.
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 94750b660c..1d15a90f97 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1039,7 +1039,6 @@ WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dange
WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
WARNING: untranslated string: dns isp nameservers and tls not allowed = ISP-assigned DNS servers and TLS cannot be used at the same time.
-WARNING: untranslated string: dns mode for qname minimisation = QNAME Minimisation
WARNING: untranslated string: dns no address given = No IP Address given.
WARNING: untranslated string: dns no tls hostname given = No TLS hostname given.
WARNING: untranslated string: dns recursor mode = Recursor Mode
@@ -1431,8 +1430,6 @@ WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
-WARNING: untranslated string: standard = Standard
-WARNING: untranslated string: strict = Strict
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: subscription code = Subscription code
WARNING: untranslated string: system is offline = The system is offline.
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index a0556cf957..01872ce2d6 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -995,7 +995,6 @@ WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dange
WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
WARNING: untranslated string: dns isp nameservers and tls not allowed = ISP-assigned DNS servers and TLS cannot be used at the same time.
-WARNING: untranslated string: dns mode for qname minimisation = QNAME Minimisation
WARNING: untranslated string: dns no address given = No IP Address given.
WARNING: untranslated string: dns no tls hostname given = No TLS hostname given.
WARNING: untranslated string: dns recursor mode = Recursor Mode
@@ -1594,9 +1593,7 @@ WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
-WARNING: untranslated string: standard = Standard
WARNING: untranslated string: static routes = Static Routes
-WARNING: untranslated string: strict = Strict
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: subscription code = Subscription code
WARNING: untranslated string: support donation = Support the IPFire project with your donation
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 6d233a7760..031002dd46 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -993,7 +993,6 @@ WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dange
WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
WARNING: untranslated string: dns isp nameservers and tls not allowed = ISP-assigned DNS servers and TLS cannot be used at the same time.
-WARNING: untranslated string: dns mode for qname minimisation = QNAME Minimisation
WARNING: untranslated string: dns no address given = No IP Address given.
WARNING: untranslated string: dns no tls hostname given = No TLS hostname given.
WARNING: untranslated string: dns recursor mode = Recursor Mode
@@ -1593,9 +1592,7 @@ WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
-WARNING: untranslated string: standard = Standard
WARNING: untranslated string: static routes = Static Routes
-WARNING: untranslated string: strict = Strict
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: subscription code = Subscription code
WARNING: untranslated string: support donation = Support the IPFire project with your donation
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 622d52bb5c..c7d298c76e 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -1021,7 +1021,6 @@ WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dange
WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
WARNING: untranslated string: dns isp nameservers and tls not allowed = ISP-assigned DNS servers and TLS cannot be used at the same time.
-WARNING: untranslated string: dns mode for qname minimisation = QNAME Minimisation
WARNING: untranslated string: dns no address given = No IP Address given.
WARNING: untranslated string: dns no tls hostname given = No TLS hostname given.
WARNING: untranslated string: dns recursor mode = Recursor Mode
@@ -1318,8 +1317,6 @@ WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
-WARNING: untranslated string: standard = Standard
-WARNING: untranslated string: strict = Strict
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: subscription code = Subscription code
WARNING: untranslated string: system is offline = The system is offline.
diff --git a/doc/language_issues.tw b/doc/language_issues.tw
index cf7d0163ee..be1158f7a2 100644
--- a/doc/language_issues.tw
+++ b/doc/language_issues.tw
@@ -283,6 +283,7 @@ WARNING: translation string unused: dns error 1
WARNING: translation string unused: dns header
WARNING: translation string unused: dns list
WARNING: translation string unused: dns menu
+WARNING: translation string unused: dns mode for qname minimisation
WARNING: translation string unused: dns new 0
WARNING: translation string unused: dns new 1
WARNING: translation string unused: dns saved
@@ -830,8 +831,10 @@ WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
+WARNING: translation string unused: standard
WARNING: translation string unused: start ovpn server
WARNING: translation string unused: stop ovpn server
+WARNING: translation string unused: strict
WARNING: translation string unused: subject test
WARNING: translation string unused: subject warn
WARNING: translation string unused: subnet
diff --git a/doc/language_issues.zh b/doc/language_issues.zh
index cf7d0163ee..be1158f7a2 100644
--- a/doc/language_issues.zh
+++ b/doc/language_issues.zh
@@ -283,6 +283,7 @@ WARNING: translation string unused: dns error 1
WARNING: translation string unused: dns header
WARNING: translation string unused: dns list
WARNING: translation string unused: dns menu
+WARNING: translation string unused: dns mode for qname minimisation
WARNING: translation string unused: dns new 0
WARNING: translation string unused: dns new 1
WARNING: translation string unused: dns saved
@@ -830,8 +831,10 @@ WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
+WARNING: translation string unused: standard
WARNING: translation string unused: start ovpn server
WARNING: translation string unused: stop ovpn server
+WARNING: translation string unused: strict
WARNING: translation string unused: subject test
WARNING: translation string unused: subject warn
WARNING: translation string unused: subnet
diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi
index 83cd809656..37c1bf7151 100644
--- a/html/cgi-bin/dhcp.cgi
+++ b/html/cgi-bin/dhcp.cgi
@@ -1381,13 +1381,17 @@ on commit {
"ADDRESS=",
binary-to-ascii(10, 8, ".", leased-address)
);
- set ClientName = concat(
- "NAME=",
+ set ClientHostName = concat(
+ "HOSTNAME=",
pick-first-value(option host-name, config-option-host-name, client-name, "")
);
+ set ClientDomainName = concat(
+ "DOMAINNAME=",
+ pick-first-value(config-option domain-name, "")
+ );
- if (ClientName != "") {
- execute("/usr/sbin/unbound-dhcp-leases-client", "commit", ClientAddress, ClientName);
+ if (ClientHostName != "") {
+ execute("/usr/sbin/dhcp-lease", "commit", ClientAddress, ClientHostName, ClientDomainName);
}
}
@@ -1396,13 +1400,17 @@ on release {
"ADDRESS=",
binary-to-ascii(10, 8, ".", leased-address)
);
- set ClientName = concat(
- "NAME=",
+ set ClientHostName = concat(
+ "HOSTNAME=",
pick-first-value(option host-name, config-option-host-name, client-name, "")
);
+ set ClientDomainName = concat(
+ "DOMAINNAME=",
+ pick-first-value(config-option domain-name, "")
+ );
- if (ClientName != "") {
- execute("/usr/sbin/unbound-dhcp-leases-client", "release", ClientAddress, ClientName);
+ if (ClientHostName != "") {
+ execute("/usr/sbin/dhcp-lease", "release", ClientAddress, ClientHostName, ClientDomainName);
}
}
@@ -1412,7 +1420,7 @@ on expiry {
binary-to-ascii(10, 8, ".", leased-address)
);
- execute("/usr/sbin/unbound-dhcp-leases-client", "expiry", ClientAddress);
+ execute("/usr/sbin/dhcp-lease", "expiry", ClientAddress);
}
EOF
diff --git a/html/cgi-bin/dns.cgi b/html/cgi-bin/dns.cgi
index e99b2f0782..bb37354c7e 100644
--- a/html/cgi-bin/dns.cgi
+++ b/html/cgi-bin/dns.cgi
@@ -105,6 +105,9 @@ if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) {
# Call function to handle unbound restart, etc.
&_handle_unbound_and_more()
}
+
+ # Reload DNS
+ &General::system("/usr/local/bin/dnsctrl", "reload");
}
###
@@ -326,10 +329,6 @@ $selected{'PROTO'}{'TLS'} = '';
$selected{'PROTO'}{'TCP'} = '';
$selected{'PROTO'}{$settings{'PROTO'}} = "selected='selected'";
-$selected{'QNAME_MIN'}{'standard'} = '';
-$selected{'QNAME_MIN'}{'strict'} = '';
-$selected{'QNAME_MIN'}{$settings{'QNAME_MIN'}} = "selected='selected'";
-
# Display nameserver and configuration sections.
&show_nameservers();
&show_general_dns_configuration();
@@ -408,19 +407,6 @@ sub show_general_dns_configuration () {
</td>
</tr>
- <tr>
- <td width="33%">
- $Lang::tr{'dns mode for qname minimisation'}
- </td>
-
- <td>
- <select name="QNAME_MIN">
- <option value="standard" $selected{'QNAME_MIN'}{'standard'}>$Lang::tr{'standard'}</option>
- <option value="strict" $selected{'QNAME_MIN'}{'strict'}>$Lang::tr{'strict'}</option>
- </select>
- </td>
- </tr>
-
<tr>
<td colspan="2" align="right">
<input type="submit" name="GENERAL" value="$Lang::tr{'save'}">
@@ -853,8 +839,6 @@ sub _handle_unbound_and_more () {
# Call suricatactrl to perform a reload.
&IDS::call_suricatactrl("restart");
}
- # Restart unbound
- &General::system('/usr/local/bin/unboundctrl', 'reload');
}
# Check if the system is online (RED is connected).
diff --git a/html/cgi-bin/dnsbl.cgi b/html/cgi-bin/dnsbl.cgi
index c2f48381eb..2a7cd8805c 100644
--- a/html/cgi-bin/dnsbl.cgi
+++ b/html/cgi-bin/dnsbl.cgi
@@ -107,8 +107,8 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") {
# Write config hash.
&writesettings("$settings_file", \%tmphash);
- # Reload Unbound
- &General::system("/usr/local/bin/unboundctrl", "reload");
+ # Reload DNS
+ &General::system("/usr/local/bin/dnsctrl", "reload");
# Save changed zone ACL
} elsif ($cgiparams{'ACTION'} eq "$Lang::tr{'update'}") {
@@ -164,8 +164,8 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") {
# Write the new ACL settings to settings file.
&writesettings("$settings_file", \%tmphash);
- # Reload Unbound
- &General::system("/usr/local/bin/unboundctrl", "reload");
+ # Reload DNS
+ &General::system("/usr/local/bin/dnsctrl", "reload");
}
# Save changed custom domains to allow or block
@@ -249,8 +249,8 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") {
# Save the domains
&writesettings("$custom_domains_file", \%tmp);
- # Reload Unbound
- &General::system("/usr/local/bin/unboundctrl", "reload");
+ # Reload DNS
+ &General::system("/usr/local/bin/dnsctrl", "reload");
}
}
diff --git a/html/cgi-bin/dnsforward.cgi b/html/cgi-bin/dnsforward.cgi
index d5a46b6755..99f08fd51f 100644
--- a/html/cgi-bin/dnsforward.cgi
+++ b/html/cgi-bin/dnsforward.cgi
@@ -123,8 +123,9 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})
$cgiparams{'ID'} = $cgiparams{'EDITING'};
}
}
- # Restart unbound
- &General::system('/usr/local/bin/unboundctrl', 'reload');
+
+ # Reload DNS
+ &General::system("/usr/local/bin/dnsctrl", "reload");
}
###
@@ -141,8 +142,9 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'})
unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
}
close(FILE);
- # Restart unbound.
- &General::system('/usr/local/bin/unboundctrl', 'reload');
+
+ # Reload DNS
+ &General::system("/usr/local/bin/dnsctrl", "reload");
}
###
@@ -168,8 +170,9 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'})
}
}
close(FILE);
- # Restart unbound.
- &General::system('/usr/local/bin/unboundctrl', 'reload');
+
+ # Reload DNS
+ &General::system("/usr/local/bin/dnsctrl", "reload");
}
###
diff --git a/html/cgi-bin/hosts.cgi b/html/cgi-bin/hosts.cgi
index c06af91e72..e5558f949d 100644
--- a/html/cgi-bin/hosts.cgi
+++ b/html/cgi-bin/hosts.cgi
@@ -488,5 +488,7 @@ sub SortDataFile
#
sub BuildConfiguration {
&General::system('/usr/local/bin/rebuildhosts');
- &General::system('/usr/local/bin/unboundctrl', 'reload');
+
+ # Reload DNS
+ &General::system("/usr/local/bin/dnsctrl", "reload");
}
diff --git a/html/cgi-bin/services.cgi b/html/cgi-bin/services.cgi
index 428ad074f9..da15ca7b8a 100644
--- a/html/cgi-bin/services.cgi
+++ b/html/cgi-bin/services.cgi
@@ -73,7 +73,7 @@ $querry[1] = 'hour' unless defined $querry[1];
# DNS Proxy
$Lang::tr{'dns proxy server'} => {
- "process" => "unbound",
+ "process" => "kresd",
},
# Syslog
diff --git a/lfs/aws-cli b/lfs/aws-cli
index 4c97b90b1b..eca4556683 100644
--- a/lfs/aws-cli
+++ b/lfs/aws-cli
@@ -34,9 +34,9 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = aws-cli
-PAK_VER = 11
+PAK_VER = 12
-DEPS = python3-botocore python3-colorama python3-docutils python3-pyasn1 python3-rsa python3-s3transfer python3-six python3-yaml
+DEPS = python3-botocore python3-colorama python3-docutils python3-pyasn1 python3-rsa python3-s3transfer python3-six
SERVICES =
diff --git a/lfs/gnutls b/lfs/gnutls
index ac2afb3613..58226b7ab5 100644
--- a/lfs/gnutls
+++ b/lfs/gnutls
@@ -73,7 +73,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && ./configure \
--prefix=/usr \
--without-p11-kit \
- --disable-openssl-compatibility
+ --disable-openssl-compatibility \
+ --with-default-trust-store-file=/etc/ssl/certs/ca-bundle.crt
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
diff --git a/lfs/initscripts b/lfs/initscripts
index d2ef7ef854..cadd270e79 100644
--- a/lfs/initscripts
+++ b/lfs/initscripts
@@ -109,7 +109,7 @@ $(TARGET) :
ln -sf ../init.d/network /etc/rc.d/rc0.d/K80network
ln -sf ../init.d/wlanclient /etc/rc.d/rc0.d/K82wlanclient
ln -sf ../init.d/messagebus /etc/rc.d/rc0.d/K85messagebus
- ln -sf ../init.d/unbound /etc/rc.d/rc0.d/K86unbound
+ ln -sf ../init.d/knot-resolver /etc/rc.d/rc0.d/K86knot-resolver
ln -sf ../init.d/sysklogd /etc/rc.d/rc0.d/K90sysklogd
ln -sf ../init.d/sendsignals /etc/rc.d/rc0.d/S60sendsignals
ln -sf ../init.d/localnet /etc/rc.d/rc0.d/S70localnet
@@ -119,7 +119,7 @@ $(TARGET) :
ln -sf ../init.d/vnstat /etc/rc.d/rc3.d/S01vnstat
ln -sf ../init.d/sysklogd /etc/rc.d/rc3.d/S10sysklogd
- ln -sf ../init.d/unbound /etc/rc.d/rc3.d/S11unbound
+ ln -sf ../init.d/knot-resolver /etc/rc.d/rc3.d/S11knot-resolver
ln -sf ../init.d/fireinfo /etc/rc.d/rc3.d/S15fireinfo
ln -sf ../init.d/messagebus /etc/rc.d/rc3.d/S15messagebus
ln -sf ../init.d/cpufreq /etc/rc.d/rc3.d/S18cpufreq
@@ -158,7 +158,7 @@ $(TARGET) :
ln -sf ../init.d/network /etc/rc.d/rc6.d/K80network
ln -sf ../init.d/wlanclient /etc/rc.d/rc6.d/K82wlanclient
ln -sf ../init.d/messagebus /etc/rc.d/rc6.d/K85messagebus
- ln -sf ../init.d/unbound /etc/rc.d/rc6.d/K86unbound
+ ln -sf ../init.d/knot-resolver /etc/rc.d/rc6.d/K86knot-resolver
ln -sf ../init.d/sysklogd /etc/rc.d/rc6.d/K90sysklogd
ln -sf ../init.d/sendsignals /etc/rc.d/rc6.d/S60sendsignals
ln -sf ../init.d/mountfs /etc/rc.d/rc6.d/S70mountfs
diff --git a/lfs/knot b/lfs/knot
index 63bb5d264d..fee499ceed 100644
--- a/lfs/knot
+++ b/lfs/knot
@@ -74,15 +74,14 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --enable-static=no \
- --disable-fastparser \
- --disable-daemon \
- --disable-modules \
- --enable-maxminddb=no \
- --disable-documentation
- cd $(DIR_APP)/src && make $(MAKETUNING) kdig
- cd $(DIR_APP)/src/.libs && cp -av kdig /usr/bin
- cd $(DIR_APP)/src/.libs && cp -av lib* /usr/lib
+ --prefix=/usr \
+ --enable-static=no \
+ --disable-fastparser \
+ --disable-daemon \
+ --disable-modules \
+ --enable-maxminddb=no \
+ --disable-documentation
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/lfs/knot-resolver b/lfs/knot-resolver
new file mode 100644
index 0000000000..3073555c78
--- /dev/null
+++ b/lfs/knot-resolver
@@ -0,0 +1,113 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 6.3.0
+
+THISAPP = knot-resolver-$(VER)
+DL_FILE = $(THISAPP).tar.xz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 5745be9d031d58e7a9175d29307fb7453b76a6ef65a3b9970b9e5c256a38b2f13e5f4eb5bd126c44e4263b5dbebef2f5addf9c495c80e4a8d4ebe5c2169c0a9c
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ $(UPDATE_AUTOMAKE)
+ cd $(DIR_APP) && meson setup \
+ --prefix=/usr \
+ -Duser=knot-resolver \
+ -Dgroup=knot-resolver \
+ -Dkeyfile_default="/var/lib/knot-resolver/root.keys" \
+ -Dinstall_root_keys=enabled \
+ -Dquic=disabled \
+ builddir/
+
+ # Compile kresd
+ cd $(DIR_APP) && ninja -C builddir/ $(MAKETUNING)
+
+ # Build Python components
+ cd $(DIR_APP) && python3 setup.py build
+
+ # Install everything
+ cd $(DIR_APP) && ninja -C builddir/ install
+ cd $(DIR_APP) && python3 setup.py install --root=/
+
+ # Install our configuration helper script
+ install -v -m 644 $(DIR_SRC)/config/knot-resolver/config.lua \
+ /usr/lib/knot-resolver/config.lua
+
+ # Install the leases module
+ install -v -m 644 $(DIR_SRC)/config/knot-resolver/leases.lua \
+ /usr/lib/knot-resolver/kres_modules/leases.lua
+
+ # Install the DHCP leases helper script
+ install -v -m 755 $(DIR_SRC)/config/knot-resolver/dhcp-lease \
+ /usr/sbin/dhcp-lease
+
+ # Create cache directory
+ -mkdir -pv /var/cache/knot-resolver
+ chown knot-resolver:knot-resolver /var/cache/knot-resolver
+
+ # Allow kresd to bind to ports even though it is not running as root
+ setcap "cap_net_bind_service=+ep" /usr/sbin/kresd
+
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/lua-cqueues b/lfs/lua-cqueues
new file mode 100644
index 0000000000..244f0984c6
--- /dev/null
+++ b/lfs/lua-cqueues
@@ -0,0 +1,79 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 20200726
+
+THISAPP = cqueues-rel-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 2e8da34d4818e96d6872d0e544ff39465f4b55527146dd0003a80a4f11be34601fc34a123a8bd7535f3437afb4825ab9995d63141991c0b4c520c365decbaf37
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && make prefix=/usr libdir=/usr/lib $(MAKETUNING)
+ cd $(DIR_APP) && make install prefix=/usr libdir=/usr/lib
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/lua-csv b/lfs/lua-csv
new file mode 100644
index 0000000000..ce11519040
--- /dev/null
+++ b/lfs/lua-csv
@@ -0,0 +1,86 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1
+
+THISAPP = lua-csv-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+# Get the API version of luajit
+LUAJIT_API = $(shell echo `luajit -e print\(_VERSION\) | cut -d " " -f 2`)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 66424cbb38a41ef673665a639b2c190a58ae65f722cfddedcd1dcc19c0bc8f4733dedd00f159c0982b5f391938fb889914673a1dd95238317c8acbea22824b7c
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && make install
+
+ # Create module folder for luajit api and install the module.
+ cd $(DIR_APP) && mkdir -pv /usr/share/lua/$(LUAJIT_API)
+ cd $(DIR_APP) && cp -avf lua/csv.lua /usr/share/lua/$(LUAJIT_API)/
+
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/lua-sqlite3 b/lfs/lua-sqlite3
new file mode 100644
index 0000000000..e0813e8ea6
--- /dev/null
+++ b/lfs/lua-sqlite3
@@ -0,0 +1,78 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = v097
+
+THISAPP = lsqlite3_$(VER)
+DL_FILE = $(THISAPP).zip
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 4e7e7a5e72bbea3b2d90c3ff9caa7fab60db4fcd1c78363ac6d8b0b6f8ddf2fd511c8470c486ed91bce05741e9c471c59bf6c26516474a252c47d0eb068eeff7
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && unzip $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && luarocks make lsqlite3-0.9.7-1.rockspec
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/luajit b/lfs/luajit
new file mode 100644
index 0000000000..54f912b24b
--- /dev/null
+++ b/lfs/luajit
@@ -0,0 +1,88 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+# LuaJIT no longer tags releases:
+# https://github.com/LuaJIT/LuaJIT/issues/665#issuecomment-784452583
+
+VER = 2.1.0-beta3
+COMMIT = a04480e
+
+THISAPP = luajit-$(VER)
+DL_FILE = $(COMMIT).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/luajit-2.0-$(COMMIT)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = dcb9d228741504b1c5f99ccee21a7c13ce0bdb2381122f8ba94208f2ec6a04b90ac88d752887c341e5fec06d8bc39fbcbdc6c13f5346b2312189605fd5cc0773
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && make amalg \
+ PREFIX="/usr" BUILDMODE=dynamic Q= TARGET_STRIP=" @:" \
+ CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" $(MAKETUNING)
+ cd $(DIR_APP) && make install \
+ PREFIX="/usr" \
+ INSTALL_BIN="/usr/bin" \
+ INSTALL_LIB="/usr/lib" \
+ INSTALL_SHARE="/usr/share" \
+ INSTALL_DEFINC="/usr/include/luajit-2.1"
+ ln -svf luajit-2.1.0-beta3 "/usr/bin/luajit"
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/luarocks b/lfs/luarocks
new file mode 100644
index 0000000000..7655de2e88
--- /dev/null
+++ b/lfs/luarocks
@@ -0,0 +1,79 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 3.13.0
+
+THISAPP = luarocks-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 204e7898381d5cc46608b4611270730f14004e283aadb749f439b22111ecd6e0b6287b75f296703a3e9029f934b135bbc74d2b209177dd84382d9f9ad735f5c2
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --lua-version=5.1
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/observium-agent b/lfs/observium-agent
index bbf3bfcdaa..20982467cd 100644
--- a/lfs/observium-agent
+++ b/lfs/observium-agent
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/observium
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = observium-agent
-PAK_VER = 3
+PAK_VER = 4
DEPS = xinetd
@@ -93,7 +93,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
# Install modules
mkdir -pv /usr/lib/observium_agent/scripts-{available,enabled}
- install -m 755 $(DIR_APP)/scripts/agent-local/{apache,dmi,ksm,lmsensors,nfs,nfsd,nginx,postfix_mailgraph,postfix_qshape,unbound,vmwaretools} \
+ install -m 755 $(DIR_APP)/scripts/agent-local/{apache,dmi,ksm,lmsensors,nfs,nfsd,nginx,postfix_mailgraph,postfix_qshape,vmwaretools} \
/usr/lib/observium_agent/scripts-available/
# Backup
diff --git a/lfs/python3-aiohappyeyeballs b/lfs/python3-aiohappyeyeballs
new file mode 100644
index 0000000000..325c00cd7d
--- /dev/null
+++ b/lfs/python3-aiohappyeyeballs
@@ -0,0 +1,79 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 2.6.1
+
+THISAPP = aiohappyeyeballs-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = e3cb3d7366267dca4a7c82615c3482db175326d4fbaa2ad1ca249ef72e9b515129e988fa82f5ae1c4d2585022e17ec9a25b936252cd67a7ce8d3ff571071ae44
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && python3 -m build --wheel --no-isolation
+ cd $(DIR_APP) && python3 -m install --destdir=/ dist/*.whl
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/python3-aiohttp b/lfs/python3-aiohttp
new file mode 100644
index 0000000000..a304336685
--- /dev/null
+++ b/lfs/python3-aiohttp
@@ -0,0 +1,80 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 3.13.5
+
+THISAPP = aiohttp-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 33b8f7f977a429fcd14401042f0be88c4cf6879e2f991783c28bf26d2eaefb4ebeab64edfa4bd34f239c50574b3d5c5adb64b651716c8b7dc1fa4a41ca211d99
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && sed -i "/Programming Language :: Python :: 3.14/d" pyproject.toml
+ cd $(DIR_APP) && python3 setup.py build
+ cd $(DIR_APP) && python3 setup.py install --root=/
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/python3-aiosignal b/lfs/python3-aiosignal
new file mode 100644
index 0000000000..086c2ae4d7
--- /dev/null
+++ b/lfs/python3-aiosignal
@@ -0,0 +1,79 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.4.0
+
+THISAPP = aiosignal-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 38efed0839612b2aa8c4250a0cbc5c35e10e9b2ec4afccd66902172908db57a73628b3e00b306b2ea066b0b26867f753103f94ea78c04a8537334b50b4776ebf
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && python3 -m build --wheel --no-isolation
+ cd $(DIR_APP) && python3 -m install --destdir=/ dist/*.whl
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/python3-async-timeout b/lfs/python3-async-timeout
new file mode 100644
index 0000000000..094d648b1b
--- /dev/null
+++ b/lfs/python3-async-timeout
@@ -0,0 +1,82 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 5.0.1
+
+# This package has essentially been upstreamed into Python 3.11+ and can be
+# dropped as soon as we manage to upgrade.
+
+THISAPP = async_timeout-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = cfc1d36d6627351308b91bc6c08030d1a9dbb9e09373bd13bc942884c6e5f7624aff30140d80c64cd9e99a4fd9ceb0cbdf8d5c14bb15c9b7615da9485d165520
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && python3 -m build --wheel --no-isolation
+ cd $(DIR_APP) && python3 -m install --destdir=/ dist/*.whl
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/python3-attrs b/lfs/python3-attrs
index 03a809a27e..946dd62a32 100644
--- a/lfs/python3-attrs
+++ b/lfs/python3-attrs
@@ -25,19 +25,12 @@
include Config
VER = 23.2.0
-SUMMARY = Classes Without Boilerplate
THISAPP = attrs-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
-PROG = python3-attrs
-PAK_VER = 3
-
-DEPS =
-
-SERVICES =
###############################################################################
# Top-level Rules
@@ -57,9 +50,6 @@ download :$(patsubst %,$(DIR_DL)/%,$(objects))
b2 : $(subst %,%_BLAKE2,$(objects))
-dist:
- @$(PAK)
-
###############################################################################
# Downloading, checking, b2sum
###############################################################################
diff --git a/lfs/python3-expandvars b/lfs/python3-expandvars
new file mode 100644
index 0000000000..dffc99860b
--- /dev/null
+++ b/lfs/python3-expandvars
@@ -0,0 +1,79 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.1.2
+
+THISAPP = expandvars-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = b1d2ec3cdf18d1406d74ae9d325a153d21d1cb0a94bcc249b641741cc8290617de1a5ce1194f12fa083f7c6f1400bf259f3b17b13745379900e5f6788467aaf7
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && python3 -m build --wheel --no-isolation
+ cd $(DIR_APP) && python3 -m install --destdir=/ dist/*.whl
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/python3-frozenlist b/lfs/python3-frozenlist
new file mode 100644
index 0000000000..48ea704326
--- /dev/null
+++ b/lfs/python3-frozenlist
@@ -0,0 +1,79 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.8.0
+
+THISAPP = frozenlist-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = a50fedafe59a6277447abe574ae8980ea8c0dae4bed06e0c317d20351ace3ef6ac8015da08b2383541dd421899aad17d1a09c5d0e9d693fca21eb42b3ac071a5
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && python3 -m build --wheel --no-isolation
+ cd $(DIR_APP) && python3 -m install --destdir=/ dist/*.whl
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/python3-idna b/lfs/python3-idna
index 0c26c6a032..69f951f23c 100644
--- a/lfs/python3-idna
+++ b/lfs/python3-idna
@@ -31,10 +31,6 @@ DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
-PROG = python3-idna
-PAK_VER = 2
-
-DEPS =
###############################################################################
# Top-level Rules
@@ -54,9 +50,6 @@ download :$(patsubst %,$(DIR_DL)/%,$(objects))
b2 : $(subst %,%_BLAKE2,$(objects))
-dist:
- @$(PAK)
-
###############################################################################
# Downloading, checking, b2sum
###############################################################################
diff --git a/lfs/python3-multidict b/lfs/python3-multidict
new file mode 100644
index 0000000000..7bcc71bc86
--- /dev/null
+++ b/lfs/python3-multidict
@@ -0,0 +1,79 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 6.7.1
+
+THISAPP = multidict-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 0603dcee6f54ce2523aecca14fda37f26aa3017ab9821032f55e7cefdb7eb7b379f4b6bb24ca2c5fab24577339c51bb842eb5c1ecdd390015ecc6ce6b90c041c
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && python3 setup.py build
+ cd $(DIR_APP) && python3 setup.py install --root=/
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/python3-poetry-core b/lfs/python3-poetry-core
new file mode 100644
index 0000000000..339cb4d1e3
--- /dev/null
+++ b/lfs/python3-poetry-core
@@ -0,0 +1,79 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 2.4.0
+
+THISAPP = poetry_core-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 0f3ca81d311a8421759c1a99189b320f3a1506b9afb788454e1ac8e44d5467bb8b4d3fb00aec90cff8d896f0d704ab199a0d176a178c964072799934a54789ac
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && python3 -m build --wheel --no-isolation
+ cd $(DIR_APP) && python3 -m install --destdir=/ dist/*.whl
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/python3-propcache b/lfs/python3-propcache
new file mode 100644
index 0000000000..58868bbedd
--- /dev/null
+++ b/lfs/python3-propcache
@@ -0,0 +1,79 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 0.5.2
+
+THISAPP = propcache-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 53b0a36724277bbe1b08e4fe9b6bf7b32933fbb52b5c4fa3477b3fba1d021875f9311cb4abc020989a40c3482707b0e9e3b40669b9d219334b10b0303dfbfbe9
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && python3 -m build --wheel --no-isolation
+ cd $(DIR_APP) && python3 -m install --destdir=/ dist/*.whl
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/python3-requests b/lfs/python3-requests
index 6f4b4dd6f7..e1816ede29 100644
--- a/lfs/python3-requests
+++ b/lfs/python3-requests
@@ -32,9 +32,9 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = python3-requests
-PAK_VER = 2
+PAK_VER = 3
-DEPS = python3-certifi python3-charset-normalizer python3-idna
+DEPS = python3-certifi python3-charset-normalizer
###############################################################################
# Top-level Rules
diff --git a/lfs/python3-setuptools b/lfs/python3-setuptools
index 05e702a7e2..d83cf8093c 100644
--- a/lfs/python3-setuptools
+++ b/lfs/python3-setuptools
@@ -24,7 +24,7 @@
include Config
-VER = 80.9.0
+VER = 82.0.1
THISAPP = setuptools-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = ab367912eec92b0d1251916d09c1dd2e311767eec87225beaff870dff923b47ba1732d2f7393b7d9e55d1ff1249c612e4403019e0021048951f9fc3b775c04c9
+$(DL_FILE)_BLAKE2 = d7f6eaf62ec66355b65642bc20a7a549e167dd6d1c0cdb15926b6644a23cab7737d713cd9418e0cc09161eb0bff53ffd0b8781c96d9203717077121c1e3cc0d5
install : $(TARGET)
diff --git a/lfs/python3-supervisor b/lfs/python3-supervisor
new file mode 100644
index 0000000000..cb2271a2c8
--- /dev/null
+++ b/lfs/python3-supervisor
@@ -0,0 +1,79 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 4.3.0
+
+THISAPP = supervisor-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 16fe4f09b1fdbc9b18c67ba1d68425772fbfadc5417b39926dbbad55aca833c082566c924baa5fa9d1accc8ce518da23751d69fcd2c685ead5be57f42108a633
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && python3 setup.py build
+ cd $(DIR_APP) && python3 setup.py install --root=/
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/python3-trio b/lfs/python3-trio
index 9a4f833afe..d6e96a6a6b 100644
--- a/lfs/python3-trio
+++ b/lfs/python3-trio
@@ -33,9 +33,9 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = python3-trio
-PAK_VER = 4
+PAK_VER = 6
-DEPS = python3-async_generator python3-attrs python3-sniffio python3-sortedcontainers python3-outcome python3-idna python3-exceptiongroup
+DEPS = python3-async_generator python3-sniffio python3-sortedcontainers python3-outcome python3-exceptiongroup
SERVICES =
diff --git a/lfs/python3-typing-extensions b/lfs/python3-typing-extensions
index 3d853ff8b3..bac55d3441 100644
--- a/lfs/python3-typing-extensions
+++ b/lfs/python3-typing-extensions
@@ -31,8 +31,6 @@ DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
-PROG = python3-typing-extensions
-PAK_VER = 3
###############################################################################
# Top-level Rules
@@ -52,9 +50,6 @@ download :$(patsubst %,$(DIR_DL)/%,$(objects))
b2 : $(subst %,%_BLAKE2,$(objects))
-dist:
- @$(PAK)
-
###############################################################################
# Downloading, checking, b2sum
###############################################################################
diff --git a/lfs/python3-watchdog b/lfs/python3-watchdog
new file mode 100644
index 0000000000..7ada1e45d8
--- /dev/null
+++ b/lfs/python3-watchdog
@@ -0,0 +1,79 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 6.0.0
+
+THISAPP = watchdog-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 739568453f437d70ec401437b1fdfe76f4ef9155a98f5d1e885f9371999b1d5b5a31f1d0e8a5f3bfd0558009e655da1055cbc203e4bbeff4b5af9ed56c4d8302
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && python3 -m build --wheel --no-isolation
+ cd $(DIR_APP) && python3 -m install --destdir=/ dist/*.whl
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/python3-yaml b/lfs/python3-yaml
index 5f425d0473..920a7f956a 100644
--- a/lfs/python3-yaml
+++ b/lfs/python3-yaml
@@ -25,19 +25,12 @@
include Config
VER = 6.0.3
-SUMMARY = YAML parser and emitter for Python
THISAPP = pyyaml-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
-PROG = python3-yaml
-PAK_VER = 4
-
-DEPS =
-
-SERVICES =
###############################################################################
# Top-level Rules
@@ -57,9 +50,6 @@ download :$(patsubst %,$(DIR_DL)/%,$(objects))
b2 : $(subst %,%_BLAKE2,$(objects))
-dist:
- @$(PAK)
-
###############################################################################
# Downloading, checking, b2sum
###############################################################################
diff --git a/lfs/python3-yarl b/lfs/python3-yarl
new file mode 100644
index 0000000000..3174c28c60
--- /dev/null
+++ b/lfs/python3-yarl
@@ -0,0 +1,79 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.24.2
+
+THISAPP = yarl-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 24307407fe04c59e33a34bc4c8a529f47966328a592134fc7af3c8fe7170404f5bc7cf0886c05b6d26fae62e7f42470491e92161d71ceb6757998f13a9724942
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && python3 -m build --wheel --no-isolation
+ cd $(DIR_APP) && python3 -m install --destdir=/ dist/*.whl
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/util-linux b/lfs/util-linux
index dfe5bf11b0..cf551f9c22 100644
--- a/lfs/util-linux
+++ b/lfs/util-linux
@@ -83,7 +83,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
--disable-login \
--disable-nologin \
--disable-su \
- --disable-setpriv \
--disable-runuser \
--disable-pylibmount \
--disable-liblastlog2 \
diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
index 124f60ac04..9f0d65c785 100644
--- a/lfs/zabbix_agentd
+++ b/lfs/zabbix_agentd
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = zabbix_agentd
-PAK_VER = 21
+PAK_VER = 22
DEPS = fping
diff --git a/lfs/unbound b/lfs/zone-sync
similarity index 66%
rename from lfs/unbound
rename to lfs/zone-sync
index 5bbeee66bf..7dbc97459a 100644
--- a/lfs/unbound
+++ b/lfs/zone-sync
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,9 +24,9 @@
include Config
-VER = 1.25.1
+VER = 0.0.1
-THISAPP = unbound-$(VER)
+THISAPP = zone-sync-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = da9818a14a540bf2d674f504a38da711cfead20af2c6f987aab74094b441ef31586f28608432d2369b2223b3287290f450218466654c71626e33df74da557f18
+$(DL_FILE)_BLAKE2 = 6aa25791a373e3282eead087804ccf89d1493801e745165a9d12c0ce531c40fcad6eaf122643e2b118c99eefe8ab06c6f73e870ba0e268aa1c49cb7289068d97
install : $(TARGET)
@@ -70,54 +70,12 @@ $(subst %,%_BLAKE2,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
-
cd $(DIR_APP) && \
./configure \
--prefix=/usr \
--sysconfdir=/etc \
- --with-pidfile=/var/run/unbound.pid \
- --with-rootkey-file=/var/lib/unbound/root.key \
- --disable-static \
- --with-libevent \
- --enable-event-api \
- --enable-tfo-client \
- --enable-tfo-server \
- --enable-ipset \
- --with-libmnl \
- ac_cv_func_getentropy=no
-
+ --localstatedir=/var
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
-
- # Install configuration
- install -v -m 644 $(DIR_SRC)/config/unbound/unbound.conf \
- /etc/unbound/unbound.conf
- touch /etc/unbound/{dhcp-leases,forward}.conf
- -mkdir -pv /etc/unbound/local.d
-
- # Install root hints
- install -v -m 644 $(DIR_SRC)/config/unbound/root.hints \
- /etc/unbound/root.hints
-
- # Install DHCP leases bridge
- install -v -m 755 $(DIR_SRC)/config/unbound/unbound-dhcp-leases-bridge \
- /usr/sbin/unbound-dhcp-leases-bridge
- install -v -m 755 $(DIR_SRC)/config/unbound/unbound-dhcp-leases-client \
- /usr/sbin/unbound-dhcp-leases-client
-
- # Install key
- -mkdir -pv /var/lib/unbound
- install -v -m 644 $(DIR_SRC)/config/unbound/root.key \
- /var/lib/unbound/root.key
- chown -Rv unbound:unbound /var/lib/unbound
-
- # Ship ICANN's certificates to validate DNS trust anchors
- install -v -m 644 $(DIR_SRC)/config/unbound/icannbundle.pem \
- /etc/unbound/icannbundle.pem
-
- # Install the cache directory
- -mkdir -pv /var/cache/unbound
- chown unbound:unbound /var/cache/unbound
-
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 4f167ee653..b7fe2869df 100755
--- a/make.sh
+++ b/make.sh
@@ -1499,6 +1499,8 @@ build_system() {
lfsmake2 --enable-toolchain sysvinit
lfsmake2 --enable-toolchain tar
lfsmake2 --enable-toolchain texinfo
+ lfsmake2 --enable-toolchain libcap
+ lfsmake2 --enable-toolchain libcap-ng
lfsmake2 --enable-toolchain util-linux
lfsmake2 --enable-toolchain vim
lfsmake2 --enable-toolchain e2fsprogs
@@ -1533,12 +1535,11 @@ build_system() {
lfsmake2 python3-docutils
lfsmake2 python3-flit
lfsmake2 python3-more_itertools
+ lfsmake2 python3-poetry-core
lfsmake2 cython
lfsmake2 ninja
lfsmake2 meson
lfsmake2 pam
- lfsmake2 libcap
- lfsmake2 libcap-ng
lfsmake2 libpcap
lfsmake2 ppp
lfsmake2 pptp
@@ -1586,13 +1587,13 @@ build_system() {
lfsmake2 libevent2
lfsmake2 apr
lfsmake2 aprutil
- lfsmake2 unbound
lfsmake2 libtasn1
lfsmake2 libunistring
lfsmake2 gnutls
lfsmake2 libuv
lfsmake2 liburcu
lfsmake2 bind
+ lfsmake2 zone-sync
lfsmake2 dhcp
lfsmake2 dhcpcd
lfsmake2 boost
@@ -2089,6 +2090,11 @@ build_system() {
lfsmake2 tmux
lfsmake2 perl-Text-CSV_XS
lfsmake2 lua
+ lfsmake2 luajit
+ lfsmake2 luarocks
+ lfsmake2 lua-cqueues
+ lfsmake2 lua-csv
+ lfsmake2 lua-sqlite3
lfsmake2 haproxy
lfsmake2 ipset
lfsmake2 dnsdist
@@ -2120,7 +2126,19 @@ build_system() {
lfsmake2 nqptp
lfsmake2 shairport-sync
lfsmake2 borgbackup
+ lfsmake2 python3-multidict
+ lfsmake2 python3-expandvars
+ lfsmake2 python3-propcache
+ lfsmake2 python3-yarl
+ lfsmake2 python3-async-timeout
+ lfsmake2 python3-aiohappyeyeballs
+ lfsmake2 python3-aiosignal
+ lfsmake2 python3-frozenlist
+ lfsmake2 python3-aiohttp
+ lfsmake2 python3-supervisor
+ lfsmake2 python3-watchdog
lfsmake2 knot
+ lfsmake2 knot-resolver
lfsmake2 spectre-meltdown-checker
lfsmake2 zabbix_agentd
lfsmake2 flashrom
diff --git a/src/initscripts/networking/red.up/25-update-dns-forwarders b/src/initscripts/networking/red.up/25-update-dns-forwarders
index cdae7781ff..4b273231b8 100644
--- a/src/initscripts/networking/red.up/25-update-dns-forwarders
+++ b/src/initscripts/networking/red.up/25-update-dns-forwarders
@@ -1,4 +1,4 @@
#!/bin/bash
-# Update DNS forwarders
-exec /etc/init.d/unbound update-forwarders
+# Reload DNS
+exec /etc/init.d/knot-resolver reload
diff --git a/src/initscripts/system/cleanfs b/src/initscripts/system/cleanfs
index e033c60670..e03227096a 100644
--- a/src/initscripts/system/cleanfs
+++ b/src/initscripts/system/cleanfs
@@ -114,6 +114,10 @@ case "${1}" in
if [ ! -e /var/log/vnstat ]; then
mkdir -p /var/log/vnstat
fi
+ if ! [ -d "/var/run/knot-resolver" ]; then
+ mkdir -p /var/run/knot-resolver
+ chown knot-resolver:knot-resolver /var/run/knot-resolver
+ fi
boot_mesg -n "Cleaning file systems:" ${INFO}
boot_mesg -n " /tmp" ${NORMAL}
diff --git a/src/initscripts/system/dhcp b/src/initscripts/system/dhcp
index 05c809cabd..735f7c57bb 100644
--- a/src/initscripts/system/dhcp
+++ b/src/initscripts/system/dhcp
@@ -54,12 +54,6 @@ case "$1" in
boot_mesg "Starting DHCP Server..."
loadproc -f /usr/sbin/dhcpd -q ${LISTEN_INTERFACES}
- # Start Unbound DHCP Lease Bridge unless RFC2136 is used
- if [ "${DNS_UPDATE_ENABLED}" != on ]; then
- boot_mesg "Starting Unbound DHCP Leases Bridge..."
- loadproc /usr/sbin/unbound-dhcp-leases-bridge -d
- fi
-
(sleep 5 && chmod 644 /var/run/dhcpd.pid) & # Fix because silly dhcpd creates its pid with mode 640
;;
@@ -75,9 +69,6 @@ case "$1" in
rm -f /var/run/dhcpd.pid > /dev/null 2>&1
echo_ok;
fi
-
- boot_mesg "Stopping Unbound DHCP Leases Bridge..."
- killproc /usr/sbin/unbound-dhcp-leases-bridge
;;
reload)
@@ -93,7 +84,6 @@ case "$1" in
status)
statusproc /usr/sbin/dhcpd
- statusproc /usr/sbin/unbound-dhcp-leases-bridge
;;
*)
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 55b14957cd..c7642282f6 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -436,8 +436,8 @@ iptables_init() {
# run captivectrl
/usr/local/bin/captivectrl
- # Grant Unbound access
- iptables -A LOCAL_OUTPUT -m owner --uid-owner unbound -j ACCEPT
+ # Grant Knot Resolver access
+ iptables -A LOCAL_OUTPUT -m owner --uid-owner knot-resolver -j ACCEPT
# If a Tor relay is enabled apply firewall rules
if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_PORT}" ]; then
diff --git a/src/initscripts/system/functions b/src/initscripts/system/functions
index 52c3545e58..c9e23705c3 100644
--- a/src/initscripts/system/functions
+++ b/src/initscripts/system/functions
@@ -416,13 +416,14 @@ getpids()
}
#*******************************************************************************
-# Function - loadproc [-f] [-n nicelevel] [-p pidfile] pathname [args]
+# Function - loadproc [-f] [-n nicelevel] [-p pidfile] [-u user] pathname [args]
#
# Purpose: This runs the specified program as a daemon
#
# Inputs: -f, run the program even if it is already running
# -n nicelevel, specifies a nice level. See nice(1).
# -p pidfile, uses the specified pidfile
+# -u user, starts the process as the user
# pathname, pathname to the specified program
# args, arguments to pass to specified program
#
@@ -446,6 +447,7 @@ loadproc()
local pidfile=""
local forcestart=""
local nicelevel=""
+ local user
local pid
# This will ensure compatibility with previous LFS Bootscripts
@@ -472,6 +474,10 @@ loadproc()
pidfile="${2}"
shift 2
;;
+ -u)
+ user="${2}"
+ shift 2
+ ;;
-*)
log_failure_msg "Unknown Option: ${1}"
return 2 #invalid or excess argument(s)
@@ -514,6 +520,11 @@ loadproc()
local cmd=( "${@}" )
+ # Start as a different user
+ if [ -n "${user}" ]; then
+ cmd=( "setpriv" "--reuid=${user}" "--init-groups" "--" "$@" )
+ fi
+
if [ -n "${nicelevel}" ]; then
cmd="nice -n "${nicelevel}" ${cmd}"
fi
diff --git a/config/unbound/unbound-dhcp-leases-client b/src/initscripts/system/knot-resolver
similarity index 62%
rename from config/unbound/unbound-dhcp-leases-client
rename to src/initscripts/system/knot-resolver
index b1b6291d95..980a095f37 100644
--- a/config/unbound/unbound-dhcp-leases-client
+++ b/src/initscripts/system/knot-resolver
@@ -1,8 +1,8 @@
-#!/bin/bash
+#!/bin/sh
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2016 Michael Tremer #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -19,57 +19,44 @@
# #
###############################################################################
-SOCKET="/var/run/unbound-dhcp-leases-bridge.sock"
-
-main() {
- local event="${1}"
- shift
-
- # Check if we have received an event
- if [ -z "${event}" ]; then
- echo "${0}: Missing event" >&2
- return 2
- fi
-
- # Check if the socket exists
- if [ ! -S "${SOCKET}" ]; then
- echo "${0}: ${SOCKET} does not exist" >&2
- return 1
- fi
-
- # Connect to the socket
- coproc NC { nc -U "${SOCKET}"; }
-
- local arg
- local response
-
- # Send the message
- {
- # Send the event
- echo "EVENT=${event}"
-
- # Send all arguments
- for arg in $@; do
- echo "${arg}"
- done
- } >&"${NC[1]}"
-
- # Close the input part of the connection
- exec {NC[1]}>&-
-
- # Capture the response
- read response <&"${NC[0]}"
-
- case "${response}" in
- OK)
- return 0
- ;;
-
- *)
- echo "${response}" >&2
- return 1
- ;;
- esac
-}
-
-main "$@" || exit $?
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+PIDFILE="/var/run/knot-resolver.pid"
+
+case "${1}" in
+ start)
+ # Increase the number of open file descriptors
+ ulimit -n 524288
+
+ boot_mesg "Starting Knot Resolver Daemon..."
+ loadproc -u knot-resolver -b -f \
+ /usr/bin/knot-resolver \
+ -c /etc/knot-resolver/config.yaml
+ ;;
+
+ stop)
+ boot_mesg "Stopping Knot Resolver Daemon..."
+ killproc /usr/bin/knot-resolver
+ ;;
+
+ reload)
+ /usr/bin/kresctl \
+ --config=/etc/knot-resolver/config.yaml reload
+ ;;
+
+ restart)
+ ${0} stop
+ sleep 1
+ ${0} start
+ ;;
+
+ status)
+ statusproc /usr/bin/knot-resolver
+ ;;
+
+ *)
+ echo "Usage: ${0} {start|stop|reload|restart|status}"
+ exit 1
+ ;;
+esac
diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
deleted file mode 100644
index 2be3b81f1e..0000000000
--- a/src/initscripts/system/unbound
+++ /dev/null
@@ -1,1040 +0,0 @@
-#!/bin/sh
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-. /etc/sysconfig/rc
-. ${rc_functions}
-. /etc/init.d/networking/functions.network
-
-# Cache any local zones for 60 seconds
-LOCAL_TTL=60
-
-# Load configuration
-eval $(/usr/local/bin/readhash /var/ipfire/dns/settings)
-
-ip_address_revptr() {
- local addr=${1}
-
- local a1 a2 a3 a4
- IFS=. read -r a1 a2 a3 a4 <<< ${addr}
-
- echo "${a4}.${a3}.${a2}.${a1}.in-addr.arpa"
-}
-
-read_name_servers() {
- # Read name servers from ISP
- if [ "${USE_ISP_NAMESERVERS}" = "on" -a "${PROTO}" != "TLS" ]; then
- local i
- for i in 1 2; do
- echo "$(</var/run/dns${i})"
- done 2>/dev/null
- fi
-
- # Read configured name servers
- local id address tls_hostname enabled remark
- while IFS="," read -r id address tls_hostname enabled remark; do
- [ "${enabled}" != "enabled" ] && continue
-
- if [ "${PROTO}" = "TLS" ]; then
- if [ -n "${tls_hostname}" ]; then
- echo "${address}@853#${tls_hostname}"
- fi
- else
- echo "${address}"
- fi
- done < /var/ipfire/dns/servers
-}
-
-config_header() {
- echo "# This file is automatically generated and any changes"
- echo "# will be overwritten. DO NOT EDIT!"
- echo
-}
-
-write_hosts_conf() {
- (
- config_header
-
- # Make own hostname resolveable
- # 1.1.1.1 is reserved for unused green, skip this
- if [ -n "${GREEN_ADDRESS}" -a "${GREEN_ADDRESS}" != "1.1.1.1" ]; then
- echo "local-data: \"${HOSTNAME} ${LOCAL_TTL} IN A ${GREEN_ADDRESS}\""
- fi
-
- local address
- for address in ${GREEN_ADDRESS} ${BLUE_ADDRESS} ${ORANGE_ADDRESS}; do
- [ -n "${address}" ] || continue
- [ "${address}" = "1.1.1.1" ] && continue
-
- address=$(ip_address_revptr ${address})
- echo "local-data: \"${address} ${LOCAL_TTL} IN PTR ${HOSTNAME}\""
- done
-
- local enabled address hostname domainname generateptr
-
- # Find all unique domain names
- while IFS="," read -r enabled address hostname domainname generateptr; do
- [ "${enabled}" = "on" ] || continue
-
- # Skip empty domainnames
- [ "${domainname}" = "" ] && continue
-
- echo "local-zone: ${domainname} transparent"
- done < /var/ipfire/main/hosts | sort -u
-
- # Add all hosts
- while IFS="," read -r enabled address hostname domainname generateptr; do
- [ "${enabled}" = "on" ] || continue
-
- # Build FQDN
- local fqdn="${hostname}.${domainname}"
- echo "local-data: \"${fqdn} ${LOCAL_TTL} IN A ${address}\""
-
- # Skip reverse resolution if the address equals the GREEN address
- [ "${address}" = "${GREEN_ADDRESS}" ] && continue
-
- # Skip reverse resolution if user requested not to do so
- [ "${generateptr}" = "off" ] && continue
-
- # Add RDNS
- address=$(ip_address_revptr ${address})
- echo "local-data: \"${address} ${LOCAL_TTL} IN PTR ${fqdn}\""
- done < /var/ipfire/main/hosts
- ) > /etc/unbound/hosts.conf
-}
-
-write_forward_conf() {
- (
- config_header
-
- # Enable strict QNAME minimisation
- if [ "${QNAME_MIN}" = "strict" ]; then
- echo "server:"
- echo " qname-minimisation-strict: yes"
- echo
- fi
-
- # Force using TCP for upstream servers only
- if [ "${PROTO}" = "TCP" ]; then
- echo "# Force using TCP for upstream servers only"
- echo "server:"
- echo " tcp-upstream: yes"
- echo
- fi
-
- local insecure_zones=""
-
- local enabled zone server servers remark disable_dnssec rest
- while IFS="," read -r enabled zone servers remark disable_dnssec rest; do
- # Line must be enabled.
- [ "${enabled}" = "on" ] || continue
-
- # Zones that end with .local are commonly used for internal
- # zones and therefore not signed
- case "${zone}" in
- *.local)
- insecure_zones="${insecure_zones} ${zone}"
- ;;
- *)
- if [ "${disable_dnssec}" = "on" ]; then
- insecure_zones="${insecure_zones} ${zone}"
- fi
- ;;
- esac
-
- echo "stub-zone:"
- echo " name: ${zone}"
- for server in ${servers//|/ }; do
- if [[ ${server} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
- echo " stub-addr: ${server}"
- else
- echo " stub-host: ${server}"
- fi
- done
- echo
-
- # Make all reverse lookup zones transparent
- case "${zone}" in
- *.in-addr.arpa)
- echo "server:"
- echo " local-zone: \"${zone}\" transparent"
- echo
- ;;
- esac
- done < /var/ipfire/dnsforward/config
-
- if [ -n "${insecure_zones}" ]; then
- echo "server:"
-
- for zone in ${insecure_zones}; do
- echo " domain-insecure: ${zone}"
- done
- fi
-
- # Read name servers.
- nameservers=$(read_name_servers)
-
- # Only write forward zones if any nameservers are configured.
- #
- # Otherwise fall-back into recursor mode.
- if [ -n "${nameservers}" ]; then
-
- echo "forward-zone:"
- echo " name: \".\""
-
- # Force using TLS only
- if [ "${PROTO}" = "TLS" ]; then
- echo " forward-tls-upstream: yes"
- fi
-
- # Add upstream name servers
- local ns
- for ns in ${nameservers}; do
- echo " forward-addr: ${ns}"
- done
- fi
-
- ) > /etc/unbound/forward.conf
-}
-
-write_dnsbl_zones() {
- # Attributes from dnsbl.json
- local name
- local zone
- local primary
-
- # Attributes from the settings
- local _zone
- local enabled
- local comment
- local enabled_zones
- local custom_acl
- local rest
-
- # Nothing to do if there is no configuration
- if [ ! -r "/var/ipfire/dns/dnsbl" ]; then
- return 0
- fi
-
- # Collect all networks
- local -A networks=()
-
- while IFS=$'\t' read -r name zone primary; do
- while IFS=$',' read -r _zone enabled comment enabled_zones custom_acls rest; do
- # Skip if we are looking at the wrong list
- [ "${zone}" = "${_zone}" ] || continue
-
- # We are done if the list is not enabled
- [ "${enabled}" = "on" ] || break
-
- # Write the zone
- if ! write_dnsbl_zone "${zone}" "${primary}"; then
- return 1
- fi
-
- # Nothing more to do if there are no ACLs set
- if [ -z "${enabled_zones}" -a -z "${custom_acls}" ]; then
- continue
- fi
-
- # Limit to specific zones
- if [ -n "${enabled_zones}" ]; then
- IFS='|' read -r -a enabled_zones <<< "${enabled_zones}"
-
- if ! add_dnsbl_acl "${zone}" "${enabled_zones[@]}"; then
- return 1
- fi
- fi
-
- # Add any custom ACL
- if [ -n "${custom_acls}" ]; then
- IFS='|' read -r -a custom_acls <<< "${custom_acls}"
-
- local custom_acl
- for custom_acl in ${custom_acls[@]}; do
- networks["${custom_acl}"]+=" ${zone}"
- done
- fi
- done < /var/ipfire/dns/dnsbl
- done <<< "$(jq -r '.[] | [.name, .zone, .primary] | @tsv' /var/ipfire/dns/dnsbl.json)"
-
- # Emit all ACLs
- if [ -n "${networks[*]}" ]; then
- local network
-
- echo "# Write the ACL"
- echo "server:"
-
- for network in "${!networks[@]}"; do
- echo " access-control-tag: ${network} \"${networks[${network}]:1}\""
- done
- fi
-
- return 0
-}
-
-write_custom_zone() {
- local domain
- local status
- local rest
-
- # Do nothing if there are no domains on the list
- if [ ! -s "/var/ipfire/dns/custom_domains" ]; then
- return 0
- fi
-
- # Create the origin
- echo "\$ORIGIN _custom.rpz.local."
-
- # Add all domains
- while IFS=$',' read -r domain status rest; do
- local policy
-
- # Check status
- case "${status}" in
- allowed)
- policy="rpz-passthru."
- ;;
- blocked)
- policy="."
- ;;
-
- # Ignore anything else
- *)
- continue
- ;;
- esac
-
- echo "${domain} CNAME ${policy}"
- echo "*.${domain} CNAME ${policy}"
- done < /var/ipfire/dns/custom_domains
-}
-
-write_dnsbl_zone() {
- local name="${1}"
- local primary="${2}"
-
- cat <<EOF
-server:
- define-tag: "${name}"
-
-# Request Policy Zone ${zone}
-rpz:
- # The name of the RPZ authority zone
- name: ${zone}
- primary: ${primary}
-
- # Cache the content and refresh automatically
- zonefile: /var/cache/unbound/${zone}.zone
-
- # Log all matches
- rpz-log: yes
- rpz-log-name: ${zone}
-
-EOF
-
- # If any ACLs are defined, add the tag
- if [ -n "${enabled_zones}" -o -n "${custom_acls}" ]; then
- echo " # Tags"
- echo " tags: ${zone}"
- echo
- fi
-
- return 0
-}
-
-add_dnsbl_acl() {
- local tag="${1}"
- shift
-
- local zone
- for zone in $@; do
- case "${zone}" in
- GREEN)
- # Check if the zone is configured
- if [ -z "${GREEN_NETADDRESS}" -o -z "${GREEN_NETMASK}" ]; then
- continue
- fi
-
- # Convert the netmask to prefix
- local prefix="$(network_get_prefix "${GREEN_NETMASK}")"
-
- local network="${GREEN_NETADDRESS}/${prefix}"
- ;;
- BLUE)
- # Check if the zone is configured
- if [ -z "${BLUE_NETADDRESS}" -o -z "${BLUE_NETMASK}" ]; then
- continue
- fi
-
- # Convert the netmask to prefix
- local prefix="$(network_get_prefix "${BLUE_NETMASK}")"
-
- local network="${BLUE_NETADDRESS}/${prefix}"
- ;;
- ORANGE)
- # Check if the zone is configured
- if [ -z "${ORANGE_NETADDRESS}" -o -z "${ORANGE_NETMASK}" ]; then
- continue
- fi
-
- # Convert the netmask to prefix
- local prefix="$(network_get_prefix "${ORANGE_NETMASK}")"
-
- local network="${ORANGE_NETADDRESS}/${prefix}"
- ;;
-
- # Skip any unknown zones
- *)
- continue
- ;;
- esac
-
- # Append to the network slot
- networks["${network}"]+=" ${tag}"
- done
-}
-
-write_dnsbl_conf() {
- # Write our custom zone
- write_custom_zone > /etc/unbound/custom.zone
-
- (
- # Write the header
- config_header
-
- # Add the custom RPZ zone
- if [ -s "/etc/unbound/custom.zone" ]; then
- cat <<EOF
-# Custom RPZ zone
-rpz:
- name: _custom.rpz.local
- zonefile: /etc/unbound/custom.zone
-
- # Log all matches
- rpz-log: yes
- rpz-log-name: custom
-
-EOF
- fi
-
- # Write all zones
- write_dnsbl_zones
- ) > /etc/unbound/dnsbl.conf
-
-}
-
-write_tuning_conf() {
- # https://www.unbound.net/documentation/howto_optimise.html
-
- # Determine number of online processors
- local processors=$(getconf _NPROCESSORS_ONLN)
-
- # Determine amount of system memory
- local mem=$(get_memory_amount)
-
- # In the worst case scenario, unbound can use double the
- # amount of memory allocated to a cache due to malloc overhead
-
- # Even larger systems with more than 8GB of RAM
- if [ ${mem} -ge 8192 ]; then
- mem=1024
-
- # Extra large systems with more than 4GB of RAM
- elif [ ${mem} -ge 4096 ]; then
- mem=512
-
- # Large systems with more than 2GB of RAM
- elif [ ${mem} -ge 2048 ]; then
- mem=256
-
- # Medium systems with more than 1GB of RAM
- elif [ ${mem} -ge 1024 ]; then
- mem=128
-
- # Small systems with less than 256MB of RAM
- elif [ ${mem} -le 256 ]; then
- mem=16
-
- # Everything else
- else
- mem=64
- fi
-
- (
- config_header
-
- # We run one thread per processor
- echo "num-threads: ${processors}"
- echo "so-reuseport: yes"
-
- # Slice up the cache
- echo "rrset-cache-size: $(( ${mem} / 2 ))m"
- echo "msg-cache-size: $(( ${mem} / 4 ))m"
- echo "key-cache-size: $(( ${mem} / 4 ))m"
-
- # Increase parallel queries
- echo "outgoing-range: 8192"
- echo "num-queries-per-thread: 4096"
-
- # Use larger send/receive buffers
- echo "so-sndbuf: 4m"
- echo "so-rcvbuf: 4m"
- ) > /etc/unbound/tuning.conf
-}
-
-get_memory_amount() {
- local key val unit
-
- while read -r key val unit; do
- case "${key}" in
- MemTotal:*)
- # Convert to MB
- echo "$(( ${val} / 1024 ))"
- break
- ;;
- esac
- done < /proc/meminfo
-}
-
-fix_time_if_dns_fails() {
- # If DNS is working, everything is fine
- if resolve "0.ipfire.pool.ntp.org" &>/dev/null || \
- resolve "1.ipfire.pool.ntp.org" &>/dev/null ; then
- return 0
- fi
-
- # Try to sync time with a known time server
- boot_mesg "DNS not functioning... Trying to sync time with time.ipfire.org (81.3.27.46)..."
- loadproc /usr/local/bin/settime 81.3.27.46
-}
-
-resolve() {
- local hostname="${1}"
- local found=1
-
- local answer
- for answer in $(dig +short A "${hostname}"); do
- # Filter out non-IP addresses
- if [[ ! "${answer}" =~ \.$ ]]; then
- found=0
- echo "${answer}"
- fi
- done
-
- return ${found}
-}
-
-write_safesearch_conf() {
- local -A domains=(
- # Google
- [google.ac]="forcesafesearch.google.com"
- [www.google.ac]="forcesafesearch.google.com"
- [google.ad]="forcesafesearch.google.com"
- [www.google.ad]="forcesafesearch.google.com"
- [google.ae]="forcesafesearch.google.com"
- [www.google.ae]="forcesafesearch.google.com"
- [google.al]="forcesafesearch.google.com"
- [www.google.al]="forcesafesearch.google.com"
- [google.am]="forcesafesearch.google.com"
- [www.google.am]="forcesafesearch.google.com"
- [google.as]="forcesafesearch.google.com"
- [www.google.as]="forcesafesearch.google.com"
- [google.at]="forcesafesearch.google.com"
- [www.google.at]="forcesafesearch.google.com"
- [google.az]="forcesafesearch.google.com"
- [www.google.az]="forcesafesearch.google.com"
- [google.ba]="forcesafesearch.google.com"
- [www.google.ba]="forcesafesearch.google.com"
- [google.be]="forcesafesearch.google.com"
- [www.google.be]="forcesafesearch.google.com"
- [google.bf]="forcesafesearch.google.com"
- [www.google.bf]="forcesafesearch.google.com"
- [google.bg]="forcesafesearch.google.com"
- [www.google.bg]="forcesafesearch.google.com"
- [google.bi]="forcesafesearch.google.com"
- [www.google.bi]="forcesafesearch.google.com"
- [google.bj]="forcesafesearch.google.com"
- [www.google.bj]="forcesafesearch.google.com"
- [google.bs]="forcesafesearch.google.com"
- [www.google.bs]="forcesafesearch.google.com"
- [google.bt]="forcesafesearch.google.com"
- [www.google.bt]="forcesafesearch.google.com"
- [google.by]="forcesafesearch.google.com"
- [www.google.by]="forcesafesearch.google.com"
- [google.ca]="forcesafesearch.google.com"
- [www.google.ca]="forcesafesearch.google.com"
- [google.cd]="forcesafesearch.google.com"
- [www.google.cd]="forcesafesearch.google.com"
- [google.cf]="forcesafesearch.google.com"
- [www.google.cf]="forcesafesearch.google.com"
- [google.cg]="forcesafesearch.google.com"
- [www.google.cg]="forcesafesearch.google.com"
- [google.ch]="forcesafesearch.google.com"
- [www.google.ch]="forcesafesearch.google.com"
- [google.ci]="forcesafesearch.google.com"
- [www.google.ci]="forcesafesearch.google.com"
- [google.cl]="forcesafesearch.google.com"
- [www.google.cl]="forcesafesearch.google.com"
- [google.cm]="forcesafesearch.google.com"
- [www.google.cm]="forcesafesearch.google.com"
- [google.co.ao]="forcesafesearch.google.com"
- [www.google.co.ao]="forcesafesearch.google.com"
- [google.co.bw]="forcesafesearch.google.com"
- [www.google.co.bw]="forcesafesearch.google.com"
- [google.co.ck]="forcesafesearch.google.com"
- [www.google.co.ck]="forcesafesearch.google.com"
- [google.co.cr]="forcesafesearch.google.com"
- [www.google.co.cr]="forcesafesearch.google.com"
- [google.co.id]="forcesafesearch.google.com"
- [www.google.co.id]="forcesafesearch.google.com"
- [google.co.il]="forcesafesearch.google.com"
- [www.google.co.il]="forcesafesearch.google.com"
- [google.co.in]="forcesafesearch.google.com"
- [www.google.co.in]="forcesafesearch.google.com"
- [google.co.jp]="forcesafesearch.google.com"
- [www.google.co.jp]="forcesafesearch.google.com"
- [google.co.ke]="forcesafesearch.google.com"
- [www.google.co.ke]="forcesafesearch.google.com"
- [google.co.kr]="forcesafesearch.google.com"
- [www.google.co.kr]="forcesafesearch.google.com"
- [google.co.ls]="forcesafesearch.google.com"
- [www.google.co.ls]="forcesafesearch.google.com"
- [google.co.ma]="forcesafesearch.google.com"
- [www.google.co.ma]="forcesafesearch.google.com"
- [google.co.mz]="forcesafesearch.google.com"
- [www.google.co.mz]="forcesafesearch.google.com"
- [google.co.nz]="forcesafesearch.google.com"
- [www.google.co.nz]="forcesafesearch.google.com"
- [google.co.th]="forcesafesearch.google.com"
- [www.google.co.th]="forcesafesearch.google.com"
- [google.co.tz]="forcesafesearch.google.com"
- [www.google.co.tz]="forcesafesearch.google.com"
- [google.co.ug]="forcesafesearch.google.com"
- [www.google.co.ug]="forcesafesearch.google.com"
- [google.co.uk]="forcesafesearch.google.com"
- [www.google.co.uk]="forcesafesearch.google.com"
- [google.co.uz]="forcesafesearch.google.com"
- [www.google.co.uz]="forcesafesearch.google.com"
- [google.co.ve]="forcesafesearch.google.com"
- [www.google.co.ve]="forcesafesearch.google.com"
- [google.co.vi]="forcesafesearch.google.com"
- [www.google.co.vi]="forcesafesearch.google.com"
- [google.co.za]="forcesafesearch.google.com"
- [www.google.co.za]="forcesafesearch.google.com"
- [google.co.zm]="forcesafesearch.google.com"
- [www.google.co.zm]="forcesafesearch.google.com"
- [google.co.zw]="forcesafesearch.google.com"
- [www.google.co.zw]="forcesafesearch.google.com"
- [google.com]="forcesafesearch.google.com"
- [www.google.com]="forcesafesearch.google.com"
- [google.com.af]="forcesafesearch.google.com"
- [www.google.com.af]="forcesafesearch.google.com"
- [google.com.ag]="forcesafesearch.google.com"
- [www.google.com.ag]="forcesafesearch.google.com"
- [google.com.ai]="forcesafesearch.google.com"
- [www.google.com.ai]="forcesafesearch.google.com"
- [google.com.ar]="forcesafesearch.google.com"
- [www.google.com.ar]="forcesafesearch.google.com"
- [google.com.au]="forcesafesearch.google.com"
- [www.google.com.au]="forcesafesearch.google.com"
- [google.com.bd]="forcesafesearch.google.com"
- [www.google.com.bd]="forcesafesearch.google.com"
- [google.com.bh]="forcesafesearch.google.com"
- [www.google.com.bh]="forcesafesearch.google.com"
- [google.com.bn]="forcesafesearch.google.com"
- [www.google.com.bn]="forcesafesearch.google.com"
- [google.com.bo]="forcesafesearch.google.com"
- [www.google.com.bo]="forcesafesearch.google.com"
- [google.com.br]="forcesafesearch.google.com"
- [www.google.com.br]="forcesafesearch.google.com"
- [google.com.bz]="forcesafesearch.google.com"
- [www.google.com.bz]="forcesafesearch.google.com"
- [google.com.co]="forcesafesearch.google.com"
- [www.google.com.co]="forcesafesearch.google.com"
- [google.com.cu]="forcesafesearch.google.com"
- [www.google.com.cu]="forcesafesearch.google.com"
- [google.com.cy]="forcesafesearch.google.com"
- [www.google.com.cy]="forcesafesearch.google.com"
- [google.com.do]="forcesafesearch.google.com"
- [www.google.com.do]="forcesafesearch.google.com"
- [google.com.ec]="forcesafesearch.google.com"
- [www.google.com.ec]="forcesafesearch.google.com"
- [google.com.eg]="forcesafesearch.google.com"
- [www.google.com.eg]="forcesafesearch.google.com"
- [google.com.et]="forcesafesearch.google.com"
- [www.google.com.et]="forcesafesearch.google.com"
- [google.com.fj]="forcesafesearch.google.com"
- [www.google.com.fj]="forcesafesearch.google.com"
- [google.com.gh]="forcesafesearch.google.com"
- [www.google.com.gh]="forcesafesearch.google.com"
- [google.com.gi]="forcesafesearch.google.com"
- [www.google.com.gi]="forcesafesearch.google.com"
- [google.com.gt]="forcesafesearch.google.com"
- [www.google.com.gt]="forcesafesearch.google.com"
- [google.com.hk]="forcesafesearch.google.com"
- [www.google.com.hk]="forcesafesearch.google.com"
- [google.com.jm]="forcesafesearch.google.com"
- [www.google.com.jm]="forcesafesearch.google.com"
- [google.com.kh]="forcesafesearch.google.com"
- [www.google.com.kh]="forcesafesearch.google.com"
- [google.com.kw]="forcesafesearch.google.com"
- [www.google.com.kw]="forcesafesearch.google.com"
- [google.com.lb]="forcesafesearch.google.com"
- [www.google.com.lb]="forcesafesearch.google.com"
- [google.com.ly]="forcesafesearch.google.com"
- [www.google.com.ly]="forcesafesearch.google.com"
- [google.com.mm]="forcesafesearch.google.com"
- [www.google.com.mm]="forcesafesearch.google.com"
- [google.com.mt]="forcesafesearch.google.com"
- [www.google.com.mt]="forcesafesearch.google.com"
- [google.com.mx]="forcesafesearch.google.com"
- [www.google.com.mx]="forcesafesearch.google.com"
- [google.com.my]="forcesafesearch.google.com"
- [www.google.com.my]="forcesafesearch.google.com"
- [google.com.na]="forcesafesearch.google.com"
- [www.google.com.na]="forcesafesearch.google.com"
- [google.com.ng]="forcesafesearch.google.com"
- [www.google.com.ng]="forcesafesearch.google.com"
- [google.ng]="forcesafesearch.google.com"
- [www.google.ng]="forcesafesearch.google.com"
- [google.com.nf]="forcesafesearch.google.com"
- [www.google.com.nf]="forcesafesearch.google.com"
- [google.com.ni]="forcesafesearch.google.com"
- [www.google.com.ni]="forcesafesearch.google.com"
- [google.com.np]="forcesafesearch.google.com"
- [www.google.com.np]="forcesafesearch.google.com"
- [google.com.om]="forcesafesearch.google.com"
- [www.google.com.om]="forcesafesearch.google.com"
- [google.com.pa]="forcesafesearch.google.com"
- [www.google.com.pa]="forcesafesearch.google.com"
- [google.com.pe]="forcesafesearch.google.com"
- [www.google.com.pe]="forcesafesearch.google.com"
- [google.com.pg]="forcesafesearch.google.com"
- [www.google.com.pg]="forcesafesearch.google.com"
- [google.com.ph]="forcesafesearch.google.com"
- [www.google.com.ph]="forcesafesearch.google.com"
- [google.com.pk]="forcesafesearch.google.com"
- [www.google.com.pk]="forcesafesearch.google.com"
- [google.com.pr]="forcesafesearch.google.com"
- [www.google.com.pr]="forcesafesearch.google.com"
- [google.com.py]="forcesafesearch.google.com"
- [www.google.com.py]="forcesafesearch.google.com"
- [google.com.qa]="forcesafesearch.google.com"
- [www.google.com.qa]="forcesafesearch.google.com"
- [google.com.sa]="forcesafesearch.google.com"
- [www.google.com.sa]="forcesafesearch.google.com"
- [google.com.sb]="forcesafesearch.google.com"
- [www.google.com.sb]="forcesafesearch.google.com"
- [google.com.sg]="forcesafesearch.google.com"
- [www.google.com.sg]="forcesafesearch.google.com"
- [google.com.sl]="forcesafesearch.google.com"
- [www.google.com.sl]="forcesafesearch.google.com"
- [google.com.sv]="forcesafesearch.google.com"
- [www.google.com.sv]="forcesafesearch.google.com"
- [google.com.tj]="forcesafesearch.google.com"
- [www.google.com.tj]="forcesafesearch.google.com"
- [google.com.tr]="forcesafesearch.google.com"
- [www.google.com.tr]="forcesafesearch.google.com"
- [google.com.tw]="forcesafesearch.google.com"
- [www.google.com.tw]="forcesafesearch.google.com"
- [google.com.ua]="forcesafesearch.google.com"
- [www.google.com.ua]="forcesafesearch.google.com"
- [google.com.uy]="forcesafesearch.google.com"
- [www.google.com.uy]="forcesafesearch.google.com"
- [google.com.vc]="forcesafesearch.google.com"
- [www.google.com.vc]="forcesafesearch.google.com"
- [google.com.vn]="forcesafesearch.google.com"
- [www.google.com.vn]="forcesafesearch.google.com"
- [google.cat]="forcesafesearch.google.com"
- [www.google.cat]="forcesafesearch.google.com"
- [google.cn]="forcesafesearch.google.com"
- [www.google.cn]="forcesafesearch.google.com"
- [google.cv]="forcesafesearch.google.com"
- [www.google.cv]="forcesafesearch.google.com"
- [google.cz]="forcesafesearch.google.com"
- [www.google.cz]="forcesafesearch.google.com"
- [google.de]="forcesafesearch.google.com"
- [www.google.de]="forcesafesearch.google.com"
- [google.dj]="forcesafesearch.google.com"
- [www.google.dj]="forcesafesearch.google.com"
- [google.dk]="forcesafesearch.google.com"
- [www.google.dk]="forcesafesearch.google.com"
- [google.dm]="forcesafesearch.google.com"
- [www.google.dm]="forcesafesearch.google.com"
- [google.dz]="forcesafesearch.google.com"
- [www.google.dz]="forcesafesearch.google.com"
- [google.ee]="forcesafesearch.google.com"
- [www.google.ee]="forcesafesearch.google.com"
- [google.es]="forcesafesearch.google.com"
- [www.google.es]="forcesafesearch.google.com"
- [google.fi]="forcesafesearch.google.com"
- [www.google.fi]="forcesafesearch.google.com"
- [google.fm]="forcesafesearch.google.com"
- [www.google.fm]="forcesafesearch.google.com"
- [google.fr]="forcesafesearch.google.com"
- [www.google.fr]="forcesafesearch.google.com"
- [google.ga]="forcesafesearch.google.com"
- [www.google.ga]="forcesafesearch.google.com"
- [google.ge]="forcesafesearch.google.com"
- [www.google.ge]="forcesafesearch.google.com"
- [google.gg]="forcesafesearch.google.com"
- [www.google.gg]="forcesafesearch.google.com"
- [google.gl]="forcesafesearch.google.com"
- [www.google.gl]="forcesafesearch.google.com"
- [google.gm]="forcesafesearch.google.com"
- [www.google.gm]="forcesafesearch.google.com"
- [google.gp]="forcesafesearch.google.com"
- [www.google.gp]="forcesafesearch.google.com"
- [google.gr]="forcesafesearch.google.com"
- [www.google.gr]="forcesafesearch.google.com"
- [google.gy]="forcesafesearch.google.com"
- [www.google.gy]="forcesafesearch.google.com"
- [google.hn]="forcesafesearch.google.com"
- [www.google.hn]="forcesafesearch.google.com"
- [google.hr]="forcesafesearch.google.com"
- [www.google.hr]="forcesafesearch.google.com"
- [google.ht]="forcesafesearch.google.com"
- [www.google.ht]="forcesafesearch.google.com"
- [google.hu]="forcesafesearch.google.com"
- [www.google.hu]="forcesafesearch.google.com"
- [google.ie]="forcesafesearch.google.com"
- [www.google.ie]="forcesafesearch.google.com"
- [google.im]="forcesafesearch.google.com"
- [www.google.im]="forcesafesearch.google.com"
- [google.iq]="forcesafesearch.google.com"
- [www.google.iq]="forcesafesearch.google.com"
- [google.is]="forcesafesearch.google.com"
- [www.google.is]="forcesafesearch.google.com"
- [google.it]="forcesafesearch.google.com"
- [www.google.it]="forcesafesearch.google.com"
- [google.je]="forcesafesearch.google.com"
- [www.google.je]="forcesafesearch.google.com"
- [google.jo]="forcesafesearch.google.com"
- [www.google.jo]="forcesafesearch.google.com"
- [google.kg]="forcesafesearch.google.com"
- [www.google.kg]="forcesafesearch.google.com"
- [google.ki]="forcesafesearch.google.com"
- [www.google.ki]="forcesafesearch.google.com"
- [google.kz]="forcesafesearch.google.com"
- [www.google.kz]="forcesafesearch.google.com"
- [google.la]="forcesafesearch.google.com"
- [www.google.la]="forcesafesearch.google.com"
- [google.li]="forcesafesearch.google.com"
- [www.google.li]="forcesafesearch.google.com"
- [google.lk]="forcesafesearch.google.com"
- [www.google.lk]="forcesafesearch.google.com"
- [google.lt]="forcesafesearch.google.com"
- [www.google.lt]="forcesafesearch.google.com"
- [google.lu]="forcesafesearch.google.com"
- [www.google.lu]="forcesafesearch.google.com"
- [google.lv]="forcesafesearch.google.com"
- [www.google.lv]="forcesafesearch.google.com"
- [google.md]="forcesafesearch.google.com"
- [www.google.md]="forcesafesearch.google.com"
- [google.me]="forcesafesearch.google.com"
- [www.google.me]="forcesafesearch.google.com"
- [google.mg]="forcesafesearch.google.com"
- [www.google.mg]="forcesafesearch.google.com"
- [google.mk]="forcesafesearch.google.com"
- [www.google.mk]="forcesafesearch.google.com"
- [google.ml]="forcesafesearch.google.com"
- [www.google.ml]="forcesafesearch.google.com"
- [google.mn]="forcesafesearch.google.com"
- [www.google.mn]="forcesafesearch.google.com"
- [google.ms]="forcesafesearch.google.com"
- [www.google.ms]="forcesafesearch.google.com"
- [google.mu]="forcesafesearch.google.com"
- [www.google.mu]="forcesafesearch.google.com"
- [google.mv]="forcesafesearch.google.com"
- [www.google.mv]="forcesafesearch.google.com"
- [google.mw]="forcesafesearch.google.com"
- [www.google.mw]="forcesafesearch.google.com"
- [google.ne]="forcesafesearch.google.com"
- [www.google.ne]="forcesafesearch.google.com"
- [google.nl]="forcesafesearch.google.com"
- [www.google.nl]="forcesafesearch.google.com"
- [google.no]="forcesafesearch.google.com"
- [www.google.no]="forcesafesearch.google.com"
- [google.nr]="forcesafesearch.google.com"
- [www.google.nr]="forcesafesearch.google.com"
- [google.nu]="forcesafesearch.google.com"
- [www.google.nu]="forcesafesearch.google.com"
- [google.pl]="forcesafesearch.google.com"
- [www.google.pl]="forcesafesearch.google.com"
- [google.pn]="forcesafesearch.google.com"
- [www.google.pn]="forcesafesearch.google.com"
- [google.ps]="forcesafesearch.google.com"
- [www.google.ps]="forcesafesearch.google.com"
- [google.pt]="forcesafesearch.google.com"
- [www.google.pt]="forcesafesearch.google.com"
- [google.ro]="forcesafesearch.google.com"
- [www.google.ro]="forcesafesearch.google.com"
- [google.rs]="forcesafesearch.google.com"
- [www.google.rs]="forcesafesearch.google.com"
- [google.ru]="forcesafesearch.google.com"
- [www.google.ru]="forcesafesearch.google.com"
- [google.rw]="forcesafesearch.google.com"
- [www.google.rw]="forcesafesearch.google.com"
- [google.sc]="forcesafesearch.google.com"
- [www.google.sc]="forcesafesearch.google.com"
- [google.se]="forcesafesearch.google.com"
- [www.google.se]="forcesafesearch.google.com"
- [google.sh]="forcesafesearch.google.com"
- [www.google.sh]="forcesafesearch.google.com"
- [google.si]="forcesafesearch.google.com"
- [www.google.si]="forcesafesearch.google.com"
- [google.sk]="forcesafesearch.google.com"
- [www.google.sk]="forcesafesearch.google.com"
- [google.sm]="forcesafesearch.google.com"
- [www.google.sm]="forcesafesearch.google.com"
- [google.sn]="forcesafesearch.google.com"
- [www.google.sn]="forcesafesearch.google.com"
- [google.so]="forcesafesearch.google.com"
- [www.google.so]="forcesafesearch.google.com"
- [google.sr]="forcesafesearch.google.com"
- [www.google.sr]="forcesafesearch.google.com"
- [google.st]="forcesafesearch.google.com"
- [www.google.st]="forcesafesearch.google.com"
- [google.td]="forcesafesearch.google.com"
- [www.google.td]="forcesafesearch.google.com"
- [google.tg]="forcesafesearch.google.com"
- [www.google.tg]="forcesafesearch.google.com"
- [google.tk]="forcesafesearch.google.com"
- [www.google.tk]="forcesafesearch.google.com"
- [google.tl]="forcesafesearch.google.com"
- [www.google.tl]="forcesafesearch.google.com"
- [google.tm]="forcesafesearch.google.com"
- [www.google.tm]="forcesafesearch.google.com"
- [google.tn]="forcesafesearch.google.com"
- [www.google.tn]="forcesafesearch.google.com"
- [google.to]="forcesafesearch.google.com"
- [www.google.to]="forcesafesearch.google.com"
- [google.tt]="forcesafesearch.google.com"
- [www.google.tt]="forcesafesearch.google.com"
- [google.vg]="forcesafesearch.google.com"
- [www.google.vg]="forcesafesearch.google.com"
- [google.vu]="forcesafesearch.google.com"
- [www.google.vu]="forcesafesearch.google.com"
- [google.ws]="forcesafesearch.google.com"
- [www.google.ws]="forcesafesearch.google.com"
-
- # Bing
- [bing.com]="strict.bing.com"
- [www.bing.com]="strict.bing.com"
-
- # DuckDuckGo
- [duckduckgo.com]="safe.duckduckgo.com"
- [www.duckduckgo.com]="safe.duckduckgo.com"
-
- # Yandex
- [yandex.com]="familysearch.yandex.com"
- [www.yandex.com]="familysearch.yandex.com"
- [yandex.ru]="familysearch.yandex.ru"
- [www.yandex.ru]="familysearch.yandex.ru"
- )
-
- # Filter YouTube?
- if [ "${ENABLE_SAFE_SEARCH_YOUTUBE}" = "on" ]; then
- domains[youtube.com]="restrictmoderate.youtube.com"
- domains[www.youtube.com]="restrictmoderate.youtube.com"
- fi
-
- (
- # Write the header
- config_header
-
- # Nothing to do if safe search is not enabled
- if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then
- exit 0
- fi
-
- # We are writing server configuration
- echo "server:"
-
- # Write all domains
- for domain in "${!domains[@]}"; do
- echo " local-zone: \"${domain}\" redirect"
- echo " local-data: \"${domain} CNAME ${domains[${domain}]}.\""
- done
- ) > /etc/unbound/safesearch.conf
-}
-
-case "$1" in
- start)
- # Print a nicer messagen when unbound is already running
- if pidofproc -s unbound; then
- statusproc /usr/sbin/unbound
- exit 0
- fi
-
- # Update configuration files
- write_tuning_conf
- write_hosts_conf
- write_forward_conf
- write_dnsbl_conf
- write_safesearch_conf
-
- boot_mesg "Starting Unbound DNS Proxy..."
- loadproc /usr/sbin/unbound || exit $?
- ;;
-
- stop)
- boot_mesg "Stopping Unbound DNS Proxy..."
- killproc /usr/sbin/unbound
- ;;
-
- restart)
- $0 stop
- sleep 1
- $0 start
- ;;
- reload|update-forwarders)
- # Update configuration files
- write_forward_conf
- write_hosts_conf
- write_dnsbl_conf
- write_safesearch_conf
-
- # Call unbound-control and perform the reload
- /usr/sbin/unbound-control -q fast_reload
-
- # Dummy Resolve to wait for unbound
- resolve "ping.ipfire.org" &>/dev/null
-
- if [ "$1" = "update-forwarders" ]; then
- # Make sure DNS works at this point
- fix_time_if_dns_fails
- fi
- ;;
-
- status)
- statusproc /usr/sbin/unbound
- ;;
-
- resolve)
- resolve "${2}" || exit $?
- ;;
-
- *)
- echo "Usage: $0 {start|stop|restart|reload|status|resolve|update-forwarders}"
- exit 1
- ;;
-esac
diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile
index 4c994638a8..6229c8b17d 100644
--- a/src/misc-progs/Makefile
+++ b/src/misc-progs/Makefile
@@ -31,8 +31,8 @@ SUID_PROGS = squidctrl sshctrl ipfirereboot \
redctrl syslogdctrl extrahdctrl sambactrl \
smartctrl clamavctrl addonctrl pakfire wlanapctrl \
setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
- getconntracktable wirelessclient torctrl ddnsctrl unboundctrl \
- captivectrl wireguardctrl lldpdctrl
+ getconntracktable wirelessclient torctrl ddnsctrl \
+ captivectrl wireguardctrl lldpdctrl dnsctrl
OBJS = $(patsubst %,%.o,$(PROGS) $(SUID_PROGS))
diff --git a/src/misc-progs/dnsctrl.c b/src/misc-progs/dnsctrl.c
new file mode 100644
index 0000000000..8f49551168
--- /dev/null
+++ b/src/misc-progs/dnsctrl.c
@@ -0,0 +1,34 @@
+/* This file is part of the IPFire Firewall.
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence. See the file COPYING for details.
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "setuid.h"
+
+int main(int argc, char** argv) {
+ // Become root
+ if (!initsetuid())
+ exit(1);
+
+ // Check if we have enough arguments
+ if (argc < 2) {
+ fprintf(stderr, "\nNot enough arguments.\n\n");
+ exit(1);
+ }
+
+ if (strcmp(argv[1], "reload") == 0) {
+ char* args[] = {
+ "reload", NULL,
+ };
+
+ return run("/etc/rc.d/init.d/knot-resolver", args);
+ }
+
+ fprintf(stderr, "Invalid command\n");
+ exit(1);
+}
diff --git a/src/misc-progs/unboundctrl.c b/src/misc-progs/unboundctrl.c
deleted file mode 100644
index 86c6ac42b9..0000000000
--- a/src/misc-progs/unboundctrl.c
+++ /dev/null
@@ -1,36 +0,0 @@
-/* This file is part of the IPFire Firewall.
- *
- * This program is distributed under the terms of the GNU General Public
- * Licence. See the file COPYING for details.
- *
- */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <fcntl.h>
-#include "setuid.h"
-
-int main(int argc, char *argv[]) {
-
- if (!(initsetuid()))
- exit(1);
-
- if (argc < 2) {
- fprintf(stderr, "\nNo argument given.\n\nunboundctrl restart|reload\n\n");
- exit(1);
- }
-
- if (strcmp(argv[1], "restart") == 0) {
- safe_system("/etc/rc.d/init.d/unbound restart");
- } else if (strcmp(argv[1], "reload") == 0) {
- safe_system("/etc/rc.d/init.d/unbound reload");
- } else {
- fprintf(stderr, "\nBad argument given.\n\nunboundctrl restart|reload\n\n");
- exit(1);
- }
-
- return 0;
-}
diff --git a/src/scripts/update-rpzs b/src/scripts/update-rpzs
new file mode 100644
index 0000000000..51a29b3059
--- /dev/null
+++ b/src/scripts/update-rpzs
@@ -0,0 +1,86 @@
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - An Open Source Firewall #
+# Copyright (C) 2026 - IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+readonly SYNC_PATH="/var/cache/knot-resolver/rpzs"
+
+readonly ZONE_SYNC_ARGS=(
+ # Be quiet
+ "--quiet"
+
+ # Output Path
+ "--path=${SYNC_PATH}"
+
+ # Always use TLS
+ "--secure"
+)
+
+main() {
+ local name
+ local primary
+ local zone
+ local _zone
+ local enabled
+ local rest
+ local failed=0
+
+ local -A primaries=()
+ local -A all_zones=()
+
+ while IFS=$'\t' read -r name zone primary; do
+ while IFS=$',' read -r _zone enabled rest; do
+ # Skip if we are looking at the wrong list
+ [ "${zone}" = "${_zone}" ] || continue
+
+ # We are done if the list is not enabled
+ [ "${enabled}" = "on" ] || break
+
+ # Store the enabled zone with their primary
+ all_zones["${zone}"]="${primary}"
+
+ # Collect a list of all unique primaries
+ primaries["${primary}"]=1
+ done < /var/ipfire/dns/dnsbl
+ done <<< "$(jq -r '.[] | [.name, .zone, .primary] | @tsv' /var/ipfire/dns/dnsbl.json)"
+
+ # Walk through all primaries
+ for primary in "${!primaries[@]}"; do
+ local zones=()
+
+ # Collect all zones that match this primary
+ for zone in "${!all_zones[@]}"; do
+ if [ "${all_zones["${zone}"]}" = "${primary}" ]; then
+ zones+=( "${zone}" )
+ fi
+ done
+
+ # Run the sync
+ zone-sync "${ZONE_SYNC_ARGS[@]}" --primary="${primary}" "${zones[@]}" || failed=$?
+ done
+
+ # Reload DNS if things went well
+ if [ ${failed} -eq 0 ]; then
+ /usr/local/bin/dnsctrl reload
+ fi
+
+ return ${failed}
+}
+
+main "$@" || exit $?
diff --git a/src/setup/networking.c b/src/setup/networking.c
index 98018b7f6f..61968b284e 100644
--- a/src/setup/networking.c
+++ b/src/setup/networking.c
@@ -103,8 +103,6 @@ int handlenetworking(void)
runcommandwithstatus("/etc/rc.d/init.d/network start",
_("Networking"), _("Restarting network..."), NULL);
- runcommandwithstatus("/etc/rc.d/init.d/unbound restart",
- _("Networking"), _("Restarting unbound..."), NULL);
}
} else {
rename_nics();
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-05-21 18:38 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-05-21 18:38 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. ebe438926d76400a83ee822ef5911b2a7c69c03e Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox