Page MenuHomeVyOS Platform
People jestabro

jestabro (John Estabrook)
User

Projects (11)
View All

User Details

User Since
Apr 12 2019, 4:27 PM (354 w, 4 d)

Recent Activity
View All

Fri, Jan 23

jestabro assigned T7090: HTTP API upstream task timeout (504 Gateway Timeout ) to o.kuchmystyi.
Fri, Jan 23, 9:04 PM · VyOS 1.5 Circinus, VyOS Rolling, VyOS 1.4 Sagitta

Fri, Jan 16

jestabro added a comment to T8185: config.boot.default path inconsistency between cloud-init and build system causes flavor-defined configs to be ignored.

PR:
https://github.com/vyos/vyos-build/pull/1103

Fri, Jan 16, 9:44 PM · VyOS Rolling
jestabro committed rVYOSONEX5943564e6373: T8156: T8157: T8164: update commit hash for completion and other fixes.
Fri, Jan 16, 7:06 PM
jestabro added a comment to T8185: config.boot.default path inconsistency between cloud-init and build system causes flavor-defined configs to be ignored.

There is a straightforward solution here, which requires adjusting the image flavor build tools to respect the changes of https://vyos.dev/T6006, which resolved long-standing issues of migration and config initialization.
In short, after T6006:

  • the file /usr/share/vyos/config.boot.defult is the build-time source of truth --- the flavor build system should install any flavor-defined config.boot.default at that location
  • both /opt/vyatta/etc/config.boot.default and /opt/vyatta/etc/config/config.boot are installed on first boot, at different stages of gathering system-specific information in vyos-router (component version information, respectively, migration and activation updates)
Fri, Jan 16, 6:05 PM · VyOS Rolling

Thu, Jan 15

jestabro claimed T8185: config.boot.default path inconsistency between cloud-init and build system causes flavor-defined configs to be ignored.
Thu, Jan 15, 8:08 PM · VyOS Rolling
jestabro triaged T8179: [SECURITY][API][Rolling] Authenticated user can execute arbitrary OS commands via built-in API path injection as Normal priority.
Thu, Jan 15, 2:01 AM · VyOS Rolling
jestabro added a comment to T8179: [SECURITY][API][Rolling] Authenticated user can execute arbitrary OS commands via built-in API path injection.

@AnNK6 thank you for the report and details. The fact is that until privilege separation is implemented (https://vyos.dev/T7583), authentication allows sudo privileges implicitly (via the config system) if not explicitly. In that sense the issue is mooted until the work on the op-mode runner and related is complete, but be assured that alongside the work in T7583 and related, a general audit of shell escape mechanisms is ongoing in preparation; your report is quite useful for that current work. That being said, my quick test of the above against a local KVM system gives a different result (below), so I will need to take a closer look to reproduce.

Thu, Jan 15, 1:53 AM · VyOS Rolling

Wed, Jan 14

jestabro claimed T8177: The installer reports that there are unsaved changes on upgrade.
Wed, Jan 14, 9:58 PM · VyOS 1.4 Sagitta (1.4.0)
jestabro added a comment to T8177: The installer reports that there are unsaved changes on upgrade.

Note that for 1.4.x there may be a separate cause of the false positive due to the older migration system (revised in 1.5); this is under investigation.

Wed, Jan 14, 9:56 PM · VyOS 1.4 Sagitta (1.4.0)
jestabro added a comment to T8177: The installer reports that there are unsaved changes on upgrade.

Note that this was fixed in https://vyos.dev/T7319 and backported for inclusion in 1.4.4. However, it will necessarily only apply to any upgrades from that version forward, e.g. 1.4.4 -> 1.4.5

Wed, Jan 14, 2:33 PM · VyOS 1.4 Sagitta (1.4.0)

Mon, Jan 12

jestabro added a comment to T8164: Add completion help to vyconf get completion env.

PR:
https://github.com/vyos/vyos1x-config/pull/64

Mon, Jan 12, 9:57 PM · VyOS Rolling
jestabro added a parent task for T8173: vyos1x-config: replace open_process_in with open_process_args_*: T8164: Add completion help to vyconf get completion env.
Mon, Jan 12, 9:25 PM · VyOS Rolling
jestabro added a subtask for T8164: Add completion help to vyconf get completion env: T8173: vyos1x-config: replace open_process_in with open_process_args_*.
Mon, Jan 12, 9:25 PM · VyOS Rolling
jestabro created T8173: vyos1x-config: replace open_process_in with open_process_args_*.
Mon, Jan 12, 9:25 PM · VyOS Rolling

Thu, Jan 8

jestabro updated the task description for T8164: Add completion help to vyconf get completion env.
Thu, Jan 8, 6:38 PM · VyOS Rolling
jestabro added a subtask for T8061: Add analogue of cli-shell-api getCompletionEnv: T8164: Add completion help to vyconf get completion env.
Thu, Jan 8, 6:36 PM · VyOS Rolling
jestabro added a parent task for T8164: Add completion help to vyconf get completion env: T8061: Add analogue of cli-shell-api getCompletionEnv.
Thu, Jan 8, 6:36 PM · VyOS Rolling
jestabro created T8164: Add completion help to vyconf get completion env.
Thu, Jan 8, 6:36 PM · VyOS Rolling

Wed, Jan 7

jestabro updated the task description for T8157: In the absence of an XML valueHelp element, use the help element for vyconf analogue of completion.
Wed, Jan 7, 3:13 PM · VyOS Rolling

Tue, Jan 6

jestabro renamed T8157: In the absence of an XML valueHelp element, use the help element for vyconf analogue of completion from In the absence of a valueHelp, use the help element for vyconf analogue of completion to In the absence of an XML valueHelp element, use the help element for vyconf analogue of completion.
Tue, Jan 6, 10:58 PM · VyOS Rolling
jestabro added a subtask for T8061: Add analogue of cli-shell-api getCompletionEnv: T8157: In the absence of an XML valueHelp element, use the help element for vyconf analogue of completion.
Tue, Jan 6, 10:52 PM · VyOS Rolling
jestabro added a parent task for T8157: In the absence of an XML valueHelp element, use the help element for vyconf analogue of completion: T8061: Add analogue of cli-shell-api getCompletionEnv.
Tue, Jan 6, 10:52 PM · VyOS Rolling
jestabro created T8157: In the absence of an XML valueHelp element, use the help element for vyconf analogue of completion.
Tue, Jan 6, 10:52 PM · VyOS Rolling
jestabro added a parent task for T8156: Fix misplaced check in vyconf analogue of get completion env: T8061: Add analogue of cli-shell-api getCompletionEnv.
Tue, Jan 6, 7:32 PM · VyOS Rolling
jestabro added a subtask for T8061: Add analogue of cli-shell-api getCompletionEnv: T8156: Fix misplaced check in vyconf analogue of get completion env.
Tue, Jan 6, 7:32 PM · VyOS Rolling
jestabro renamed T8156: Fix misplaced check in vyconf analogue of get completion env from Add misplaced check in vyconf analogue of get completion env to Fix misplaced check in vyconf analogue of get completion env.
Tue, Jan 6, 7:31 PM · VyOS Rolling
jestabro renamed T8156: Fix misplaced check in vyconf analogue of get completion env from Add missing check in vyconf analogue of get completion env to Add misplaced check in vyconf analogue of get completion env.
Tue, Jan 6, 7:26 PM · VyOS Rolling
jestabro created T8156: Fix misplaced check in vyconf analogue of get completion env.
Tue, Jan 6, 7:15 PM · VyOS Rolling

Mon, Jan 5

jestabro added a comment to T6625: Firewall group size limit API.

This is due to a hardcoded limit on the size of the underlying unionfs file in vyatta-cfg: as the value was set rather arbitrarily, we will increase the limit from 2^18 to 2^20. Note that limit is encountered irrespective of the use of the http api.

Mon, Jan 5, 2:06 PM · VyOS Rolling, Bugs

Fri, Jan 2

jestabro closed T8061: Add analogue of cli-shell-api getCompletionEnv as Resolved.
Fri, Jan 2, 3:02 PM · VyOS Rolling
jestabro closed T8109: Fix for vyconf show command on leaf nodes as Resolved.
Fri, Jan 2, 3:02 PM · VyOS Rolling
jestabro closed T8113: Fix typo in vyconf show command as Resolved.
Fri, Jan 2, 3:02 PM · VyOS Rolling
jestabro closed T8114: Fix check on vyconf allowed delete paths as Resolved.
Fri, Jan 2, 3:02 PM · VyOS Rolling

Dec 23 2025

jestabro committed rVYOSONEXfb1788c3813d: T8061: add protobuf messages related to getCompletionEnv.
Dec 23 2025, 2:55 AM
jestabro committed rVYOSONEX50163be161a5: T8061: T8109: T8113: T8114: update for completion and bug fixes.
Dec 23 2025, 2:55 AM

Dec 21 2025

jestabro created T8114: Fix check on vyconf allowed delete paths.
Dec 21 2025, 3:05 PM · VyOS Rolling
jestabro updated the task description for T8113: Fix typo in vyconf show command.
Dec 21 2025, 3:02 PM · VyOS Rolling
jestabro created T8113: Fix typo in vyconf show command.
Dec 21 2025, 3:00 PM · VyOS Rolling

Dec 19 2025

jestabro created T8109: Fix for vyconf show command on leaf nodes.
Dec 19 2025, 3:38 PM · VyOS Rolling
jestabro closed T8074: Redistribute options from vyconf_cli to vyconf_cli_compat as Resolved.
Dec 19 2025, 2:13 PM · VyOS Rolling

Dec 18 2025

jestabro added a parent task for T8103: Fix regression in test in_session with vyos_op_run under http api: T7745: Implement command permission checks for local operator users.
Dec 18 2025, 2:24 PM · VyOS Rolling
jestabro added a subtask for T7745: Implement command permission checks for local operator users: T8103: Fix regression in test in_session with vyos_op_run under http api.
Dec 18 2025, 2:24 PM · VyOS Rolling

Dec 16 2025

jestabro closed T8103: Fix regression in test in_session with vyos_op_run under http api as Resolved.
Dec 16 2025, 2:08 PM · VyOS Rolling
jestabro committed rVYOSONEX766a868ebeaf: T8103: add root to those allowed to call op-run commands directly.
Dec 16 2025, 2:06 PM

Dec 15 2025

jestabro created T8103: Fix regression in test in_session with vyos_op_run under http api.
Dec 15 2025, 5:53 PM · VyOS Rolling

Dec 5 2025

jestabro created T8074: Redistribute options from vyconf_cli to vyconf_cli_compat.
Dec 5 2025, 6:51 PM · VyOS Rolling

Dec 4 2025

jestabro closed T7319: Add warning message for unsaved changes in the dialog before initiating an upgrade as Resolved.
Dec 4 2025, 3:10 PM · VyOS 1.4 Sagitta (1.4.4), VyOS 1.5 Circinus (1.5-stream-2025-Q4), VyOS Rolling
jestabro closed T8032: Add analogue of cli-shell-api sessionUnsaved as Resolved.
Dec 4 2025, 3:09 PM · VyOS Rolling
jestabro reopened T8032: Add analogue of cli-shell-api sessionUnsaved as "Open".
Dec 4 2025, 2:32 PM · VyOS Rolling
jestabro closed T8031: Use a smarter file comparison in boolean test unsaved_commits() as Resolved.
Dec 4 2025, 2:31 PM · VyOS 1.4 Sagitta (1.4.4)
jestabro closed T8032: Add analogue of cli-shell-api sessionUnsaved as Resolved.
Dec 4 2025, 2:30 PM · VyOS Rolling

Dec 3 2025

jestabro committed rVYOSONEX9c850218b663: T8032: add protobuf files for analogue of sessionUnsaved.
Dec 3 2025, 12:07 AM
jestabro committed rVYOSONEXe71c5909cb98: T8032: update commit hashes for analogue of sessionUnsaved.
Dec 3 2025, 12:07 AM

Dec 2 2025

jestabro created T8062: Set default value for commit-revisions, making the commit archive mandatory.
Dec 2 2025, 7:01 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q4), VyOS Rolling
jestabro updated the task description for T8032: Add analogue of cli-shell-api sessionUnsaved.
Dec 2 2025, 2:43 PM · VyOS Rolling
jestabro created T8061: Add analogue of cli-shell-api getCompletionEnv.
Dec 2 2025, 2:43 PM · VyOS Rolling

Nov 27 2025

jestabro committed rVYOSONEXaca852eb53dd: T8009: update commit hashes for vyconf edit-level aware session.
Nov 27 2025, 1:06 AM

Nov 26 2025

jestabro committed rVYOSONEX6943bdc5fc27: T8009: add vyconf_cli_compat for retained options of cli-shell-api.
Nov 26 2025, 7:52 PM
jestabro committed rVYOSONEXfd0104e0a48d: T8009: add generated protobuf files for edit_level.
Nov 26 2025, 7:52 PM
jestabro committed rVYOSONEX7ed7e7acf4f7: T7319: check unsaved_commits before upgrade.
Nov 26 2025, 7:34 PM
jestabro committed rVYOSONEX671210b3c0b8: T8041: update comments referring to deprecated priority.pl.
Nov 26 2025, 7:24 PM

Nov 24 2025

jestabro committed rVYOSONEX0bc7898a9651: T8031: use util file_compare for check unsaved_commits.
Nov 24 2025, 2:23 PM
jestabro committed rVYOSONEXb80bba65567c: T8031: add file comparison utility for comparison modulo empty lines.
Nov 24 2025, 2:23 PM
jestabro created T8032: Add analogue of cli-shell-api sessionUnsaved.
Nov 24 2025, 1:19 AM · VyOS Rolling
jestabro closed T7992: Remove references to OPAM in skel/.bashrc as Resolved.
Nov 24 2025, 1:14 AM · VyOS 1.4 Sagitta (1.4.4)
jestabro closed T7988: Extend vyconf show command for parity with legacy show command as Resolved.
Nov 24 2025, 1:10 AM · VyOS Rolling

Nov 21 2025

jestabro updated the task description for T8031: Use a smarter file comparison in boolean test unsaved_commits().
Nov 21 2025, 7:31 PM · VyOS 1.4 Sagitta (1.4.4)
jestabro created T8031: Use a smarter file comparison in boolean test unsaved_commits().
Nov 21 2025, 6:37 PM · VyOS 1.4 Sagitta (1.4.4)

Nov 20 2025

jestabro committed rVYOSONEXf26f737f0c58: T7988: adjust function name to distinguish compare from show config.
Nov 20 2025, 2:51 PM
jestabro committed rVYOSONEXe74b9a1b4d9d: T7988: update commit hashes for show config.
Nov 20 2025, 2:51 PM
jestabro triaged T8026: HTTPS API for /generate not working properly for wireguard interface as Normal priority.

A related issue is here: https://vyos.dev/T8000.

Nov 20 2025, 1:20 AM

Nov 19 2025

jestabro added a subtask for T7836: The /config bind mount does not respect inode updates: T7994: Image installer doesn't detect previous installation.
Nov 19 2025, 4:50 PM · VyOS 1.5 Circinus (2025.11)
jestabro added a parent task for T7994: Image installer doesn't detect previous installation: T7836: The /config bind mount does not respect inode updates.
Nov 19 2025, 4:50 PM · VyOS Rolling
jestabro closed T7994: Image installer doesn't detect previous installation as Resolved.
Nov 19 2025, 4:43 PM · VyOS Rolling

Nov 18 2025

jestabro committed rVYOSONEX6e7c62022a2a: T7992: remove unneeded references to OPAM in skel/.bashrc.
Nov 18 2025, 3:51 PM

Nov 17 2025

jestabro committed rVYOSONEXcf8f89262583: T7994: fix regression in check for previous installations on install.
Nov 17 2025, 3:25 PM

Nov 14 2025

jestabro added a comment to T7994: Image installer doesn't detect previous installation.

PR:
https://github.com/vyos/vyos-1x/pull/4849

Nov 14 2025, 3:50 PM · VyOS Rolling
jestabro claimed T7994: Image installer doesn't detect previous installation.
Nov 14 2025, 3:28 PM · VyOS Rolling

Nov 13 2025

jestabro created T8009: Extend vyconf session to be edit-level aware.
Nov 13 2025, 1:55 AM · VyOS Rolling

Nov 12 2025

jestabro closed T7711: config-sync: TypeError: 'coroutine' object is not iterable as Resolved.
Nov 12 2025, 6:31 PM · VyOS 1.5 Circinus (2025.11)
jestabro edited projects for T7321: Replace legacy operations in configsession.py with vyconf client operations, added: VyOS Rolling; removed VyOS 1.5 Circinus (2025.11).
Nov 12 2025, 5:54 PM · VyOS Rolling

Nov 11 2025

jestabro lowered the priority of T7307: Data added via vyos.utils.configfs.add_cli_node() not available when script is called via call_depends() from High to Wishlist.

Based on the comments above, I am moving this to 'wishlist' for consideration after the legacy backend is retired. My expectation is that we will not want to drop the invariant as such, however, we will be in a position to consider refinements of the model, radical or conservative, once freed from the legacy constraints.

Nov 11 2025, 5:05 PM · VyOS Rolling, VyOS 1.5 Circinus

Nov 6 2025

jestabro closed T7946: Log redirected stdout from FRRender under vyos-configd, a subtask of T7855: Redirect stdout and catch exceptions from FRRender under vyos-configd, as Resolved.
Nov 6 2025, 3:58 PM · VyOS 1.5 Circinus (2025.11)
jestabro closed T7946: Log redirected stdout from FRRender under vyos-configd as Resolved.
Nov 6 2025, 3:58 PM · VyOS 1.5 Circinus (2025.11)
jestabro moved T7946: Log redirected stdout from FRRender under vyos-configd from Open to Finished on the VyOS 1.5 Circinus (1.5-stream-2025-Q3) board.
Nov 6 2025, 3:57 PM · VyOS 1.5 Circinus (2025.11)
jestabro edited projects for T7946: Log redirected stdout from FRRender under vyos-configd, added: VyOS 1.5 Circinus (1.5-stream-2025-Q3); removed VyOS 1.5 Circinus (1.5-stream-2025-Q4).
Nov 6 2025, 3:57 PM · VyOS 1.5 Circinus (2025.11)
jestabro closed T7910: Standardize vyconf session resource management across Python config modules, a subtask of T7374: Integrate vyconf config session with CLI config session, as Resolved.
Nov 6 2025, 3:57 PM · VyOS Rolling
jestabro closed T7910: Standardize vyconf session resource management across Python config modules as Resolved.
Nov 6 2025, 3:57 PM · VyOS Rolling
jestabro closed T7915: Add compile time alerts for static exception analysis of vyos1x-config/vyconf as Resolved.
Nov 6 2025, 3:56 PM · VyOS Rolling
jestabro closed T7969: Add value_exists to configtree as Resolved.
Nov 6 2025, 3:56 PM · VyOS Rolling
jestabro closed T7980: Load active config on vyconfd restart as Resolved.
Nov 6 2025, 3:55 PM · VyOS Rolling
jestabro committed rVYOSONEX128885203149: T7915: update commit hashes for exn-alert.
Nov 6 2025, 3:31 PM
jestabro committed rVYOSONEX42015261ce2e: T7915: minor fixes for consistent exception handling and error messages.
Nov 6 2025, 3:31 PM
jestabro committed rVYOSONEX47cc7ab10b9b: T7969: expose boolean test value_exists.
Nov 6 2025, 3:31 PM

Nov 5 2025

jestabro committed rVYOSONEXcad2c08ee6f2: T7910: update auto-generated protobuf files for show_sessions.
Nov 5 2025, 6:21 PM
jestabro committed rVYOSONEX47b36a3af0bd: T7910: switch keyword order pid/token for consistency and intuition.
Nov 5 2025, 6:21 PM
jestabro committed rVYOSONEXa02b7d54c561: T7910: add call show_sessions.
Nov 5 2025, 6:21 PM
jestabro committed rVYOSONEX4c391ed39c51: T7910: add keyword extant, for use by teardown script.
Nov 5 2025, 6:21 PM
jestabro committed rVYOSONEXc414a7d55579: T7910: use weakref.finalize for reliable session teardown.
Nov 5 2025, 6:21 PM
jestabro committed rVYOSONEXcbbfd427896d: T7910: op-mode init should always start a new session.
Nov 5 2025, 6:21 PM