Point 1 might be solved by using a hooks/live-script for the binary part which is the part after the chroot have been created.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Sep 26 2023
Sep 26 2023
PR created: https://github.com/vyos/vyos-build/pull/426
GitHub <noreply@github.com> committed rVYOSONEX58344bc76962: Merge pull request #2311 from vyos/mergify/bp/sagitta/pr-2308 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX254c2907525a: Merge pull request #2312 from c-po/rpki-fixes (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX13e9c9e85320: Merge pull request #2309 from vyos/mergify/bp/sagitta/pr-2302 (authored by Viacheslav).
Turned out to be little of a challenge do "just" strip all binaries (and libraries, modules etc).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX07dfc6216be7: firewall: T5160: Remove zone policy op-mode (authored by sarthurdev).
GitHub <noreply@github.com> committed rVYOSONEX6ffb104ada0a: Merge pull request #2308 from sarthurdev/fw_opmode (authored by c-po).
Also added flowtable as nothing needs to be sequenced in there either:
https://github.com/JeffWDH/vyos-1x/commit/ac22cc054d9c15af010c824ac9a05f5cc71fc954
I have not contributed code to this project before so let me know if I've missed conventions...
Just to be clear, the build I'm going from is just my own build of current to my own build of current -- it says 1.4 because I only changed the version string to 1.5 after this build went through since i'm the only one using my build :)
I just noticed that this still is a problem. Excerpt below from downloading an upgrade:
PR for 1.3 https://github.com/vyos/vyos-1x/pull/2310
In T5497#160905, @JeffWDH wrote:1.5-rolling-202309250022
Is there a reason why some global options and some address groups (not all) are included in the output? Seems unintentional to me.
Is there a reason why some global options and some address groups (not all) are included in the output? Seems unintentional to me.
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXecfb617e99dc: T5497: op-mode: Add generate firewall rule-resequence (authored by Viacheslav).
We have fwmark for policy local-route
But it is only for match mark and routing decision
vyos@vyos-lns# set policy local-route rule 100 Possible completions: + destination Destination address or prefix fwmark Match fwmark value inbound-interface Inbound Interface > set Packet modifications + source Source address or prefix
n.fort changed the status of T5616: Firewall mark - Add capabilities for matching firewall mark from Open to Confirmed.
Sep 25 2023
Sep 25 2023
Have to add Debian package "binutils" to make "strip" work within the chroot of livebuild.
This is an artifact of the remaining use in 1.3 of the legacy XorpConfigParser: the last use of that legacy piece was removed from 1.4 in Sep 2021, but is still called by 'vyatta_interface_rescan' in 1.3, so will be seen after changing MAC addresses if the config is not saved. A quick summary of the history is here and quoted below:
Implement hooks-script for livebuild that recursively go through following directories using "strip --strip-all" (syntax to be verified):
Shouldnt that be default for lb then in the vyos buildscripts and how does --debug affect things other than logging during build?
What is the "system update-check url" supposed to be once its implemented?
dmbaturin edited projects for T2640: Running VyOS inside Docker containers, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.4).
dmbaturin changed Issue type from feature to bug on T3070: Firewall going OOM, possible related to nftables migration.
dmbaturin changed Issue type from unspecified to feature on T5354: Add sshguard to protect against brut-forces for 1.3.
dmbaturin changed Issue type from unspecified to improvement on T5315: vrrp: add support for version 3.
dmbaturin changed the status of T4479: generate wireguard client command prompt has some error from Not Applicable to Invalid.
dmbaturin renamed T3546: Add support for running scripts on PPPoE server session events from Add pppoe-server CLI custom script feature to Add support for running scripts on PPPoE server session events.
dmbaturin set Issue type to feature on T3546: Add support for running scripts on PPPoE server session events.
dmbaturin renamed T5526: Clarify the error message when trying to set an interface as a BGP peer group using the wrong syntax from BGP peer-group - don't support add interfaces over peer neigborhs to Clarify the error message when trying to set an interface as a BGP peer group using the wrong syntax.
Note that is is the "--debug" flag that one wants in order to see the full mksquashfs command that is executed.
Sep 24 2023
Sep 24 2023
@stingalleman As mentioned above (and confirmed in discussions earlier this week), we've had few if any reports of issues with the udev approach, so we would be very interested to hear details of your case.
Not sure what to do on this one. The firewall is depending on conntrack module, which updates the conntrack related sysctls. It'd be the same if someone defines custom sysctls used by other conf scripts.
When will this bug be fixed? I am having a lot of issues with this.
Apachez closed T5511: Cleanup of unused directories (and files) in order to shrink image-size as Resolved.
Verified to be working as expected.
@jestabro I havent verified it yet but then perhaps the buildscript for VyOS should be altered to include --verbose?
Verified through smoketests.
sarthurdev changed the status of T5614: Add conntrack helper matching on firewall from Open to In progress.
Apachez closed T5604: List of debian archives is out of date (non-free-firmware is missing) as Resolved.
Apachez added a comment to T5604: List of debian archives is out of date (non-free-firmware is missing).
Verified through smoketests.
sarthurdev changed the status of T5606: IPSec VPN: Allow multiple CAs certificates from In progress to Needs testing.
sarthurdev moved T5606: IPSec VPN: Allow multiple CAs certificates from Open to In Progress on the VyOS 1.5 Circinus board.
sarthurdev changed the status of T5606: IPSec VPN: Allow multiple CAs certificates from Open to In progress.
PR removing zone-policy op-mode: https://github.com/vyos/vyos-1x/pull/2304
sarthurdev changed the status of T5376: Conntrack FTP helper does not work properly from Confirmed to Needs testing.
sarthurdev changed the status of T5598: unknown parameter 'nf_conntrack_helper' ignored from Confirmed to Needs testing.
indrajitr updated the task description for T5612: Miscellaneous improvements and fixes for dynamic DNS configuration.
Sep 23 2023
Sep 23 2023
Viacheslav added a parent task for T2115: VyOS cannot load configs when running in a container: T5613: VyOS in container bugs.
Viacheslav added a project to T2115: VyOS cannot load configs when running in a container: VyOS 1.5 Circinus.
GitHub <noreply@github.com> committed rVYOSONEX734392fdff12: Merge pull request #2302 from sever-sever/T5497 (authored by Viacheslav).
Viacheslav changed the status of T5604: List of debian archives is out of date (non-free-firmware is missing) from Open to Needs testing.
Sep 22 2023
Sep 22 2023
indrajitr triaged T5612: Miscellaneous improvements and fixes for dynamic DNS configuration as Normal priority.
Op-mode command reduce
PR https://github.com/vyos/vyos-1x/pull/2302
vyos@r4:~$ show conf com | match firew set firewall ipv4 input filter default-action 'accept' set firewall ipv4 input filter rule 1 action 'accept' set firewall ipv4 input filter rule 1 description 'Allow loopback' set firewall ipv4 input filter rule 1 inbound-interface interface-name 'lo' set firewall ipv4 input filter rule 1 source address '127.0.0.0/8' set firewall ipv4 input filter rule 2 action 'accept' set firewall ipv4 input filter rule 2 description 'Allow established/related' set firewall ipv4 input filter rule 2 state established 'enable' set firewall ipv4 input filter rule 2 state related 'enable' set firewall ipv4 input filter rule 60 action 'accept' set firewall ipv4 input filter rule 60 description 'Allow SSH from trusted networks' set firewall ipv4 input filter rule 60 destination port '22' set firewall ipv4 input filter rule 60 protocol 'tcp' set firewall ipv4 input filter rule 10000 action 'drop' set firewall ipv4 input filter rule 10000 description 'Drop everything else' vyos@r4:~$ vyos@r4:~$ produce firewall rule-resequence start 10 step 10
jestabro moved T5607: Adjust RAID smoketest for non-deterministic SCSI device probing from Open to Finished on the VyOS 1.4 Sagitta board.
jestabro moved T5608: Rewrite add/delete raid member to Python and remove from vyatta-op from Open to Finished on the VyOS 1.4 Sagitta board.
jestabro closed T5608: Rewrite add/delete raid member to Python and remove from vyatta-op as Resolved.
jestabro closed T5608: Rewrite add/delete raid member to Python and remove from vyatta-op, a subtask of T5609: Add util to get drive device name from id, as Resolved.
jestabro moved T5609: Add util to get drive device name from id from Open to Finished on the VyOS 1.4 Sagitta board.
jestabro closed T5609: Add util to get drive device name from id, a subtask of T5607: Adjust RAID smoketest for non-deterministic SCSI device probing, as Resolved.
GitHub <noreply@github.com> committed rVYOSONEX90ce099f0653: Merge pull request #2301 from vyos/mergify/bp/sagitta/pr-2298 (authored by jestabro).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX7447b4ef6e6c: op-mode: raid: T5608: define add/delete raid member (authored by jestabro).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX4da9e2cf686a: op-mode: disk: T5609: add arg by-id to format disk (authored by jestabro).
Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEXb5edc618a442: vyos.utils: T5609: get disk device by partial id (authored by jestabro).
GitHub <noreply@github.com> committed rVYOSONEXe0ce69365f46: Merge pull request #2291 from vyos/mergify/bp/sagitta/pr-2284 (authored by c-po).