vyos/vyos-build
1
0
Fork 0
mirror of https://github.com/vyos/vyos-build.git synced 2025-10-01 20:28:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

T6674: Add build-scrips for packages without Jenkins

Browse Source 
Add build scripts for .deb packages without Jenkins.
To exclude Jenkins we need some place where we can put new builds-scripts
to run in parallel (old/new) during meantime
We will deprecate old Jenkins package builds in the future.
This commit is contained in:
Viacheslav Hletenko 2024-08-26 15:21:14 +00:00
parent 70bb3c5baa
commit cc7d0993b4
121 changed files with 19090 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
scripts/package-build/aws-gwlbtun/.gitignore vendored Normal file
View File

@ -0,0 +1,8 @@
aws-gwlbtun*/
*.tar.gz
*.tar.xz
*.deb
*.dsc
*.buildinfo
*.build
*.changes

1
scripts/package-build/aws-gwlbtun/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

59
scripts/package-build/aws-gwlbtun/package.toml Normal file
View File

@ -0,0 +1,59 @@
[[packages]]
name = "aws-gwlbtun"
commit_id = "f78058a"
scm_url = "https://github.com/aws-samples/aws-gateway-load-balancer-tunnel-handler"
## Build cmd start
build_cmd = '''\
mkdir -p debian
echo 'obj-*-linux-gnu/gwlbtun usr/sbin' > debian/install
# changelog
cat <<EOF > debian/changelog
aws-gwlbtun (1.0-1) unstable; urgency=low
* Initial release
-- Your Name <your.email@example.com> Wed, 29 Aug 2024 09:00:00 +0000
EOF
# control
/bin/bash -c "cat <<EOF > debian/control
Source: aws-gwlbtun
Section: net
Priority: optional
Maintainer: VyOS Package Maintainers <maintainers@vyos.net>
Build-Depends: debhelper-compat (= 13)
Standards-Version: 4.5.1
Homepage: https://github.com/aws-samples/aws-gateway-load-balancer-tunnel-handler
Package: aws-gwlbtun
Architecture: any
Depends: \${shlibs:Depends}, \${misc:Depends}
Description: AWS Gateway Load Balancer Tunnel Handler
This is a simple package that handles tunneling for the AWS Gateway Load Balancer.
EOF
"
# rules
cat <<EOF > debian/rules
#!/usr/bin/make -f
%: dh $@
build:
dh build
binary:
dh binary
clean:
dh clean
EOF
chmod +x debian/rules
debuild -us -uc -b
'''
## Build cmd end

184
scripts/package-build/build.py Executable file
View File

@ -0,0 +1,184 @@
#!/usr/bin/env python3
#
# Copyright (C) 2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import glob
import shutil
import toml
import os
from argparse import ArgumentParser
from pathlib import Path
from subprocess import run, CalledProcessError
def ensure_dependencies(dependencies: list) -> None:
"""Ensure Debian build dependencies are met"""
if not dependencies:
print("I: No additional dependencies to install")
return
print("I: Ensure Debian build dependencies are met")
run(['sudo', 'apt-get', 'update'], check=True)
run(['sudo', 'apt-get', 'install', '-y'] + dependencies, check=True)
def apply_patches(repo_dir: Path, patch_dir: Path) -> None:
"""Apply patches from the patch directory to the repository"""
if not patch_dir.exists() or not patch_dir.is_dir():
print(f"I: Patch directory {patch_dir} does not exist, skipping patch application")
return
patches = sorted(patch_dir.glob('*'))
if not patches:
print(f"I: No patches found in {patch_dir}")
return
debian_patches_dir = repo_dir / 'debian/patches'
debian_patches_dir.mkdir(parents=True, exist_ok=True)
series_file = debian_patches_dir / 'series'
with series_file.open('a') as series:
for patch in patches:
patch_dest = debian_patches_dir / patch.name
shutil.copy(patch, patch_dest)
series.write(patch.name + '\n')
print(f"I: Applied patch: {patch.name}")
def prepare_package(repo_dir: Path, install_data: str) -> None:
"""Prepare a package"""
if not install_data:
print("I: No install data provided, skipping package preparation")
return
try:
install_file = repo_dir / 'debian/install'
install_file.parent.mkdir(parents=True, exist_ok=True)
install_file.write_text(install_data)
print("I: Prepared package")
except Exception as e:
print(f"Failed to prepare package: {e}")
raise
def build_package(package: list, dependencies: list, patch_dir: Path) -> None:
"""Build a package from the repository
Args:
package (list): List of Packages from toml
dependencies (list): List of additional dependencies
patch_dir (Path): Directory containing patches
"""
repo_name = package['name']
repo_dir = Path(repo_name)
try:
# Clone the repository if it does not exist
if not repo_dir.exists():
run(['git', 'clone', package['scm_url'], str(repo_dir)], check=True)
# Check out the specific commit
run(['git', 'checkout', package['commit_id']], cwd=repo_dir, check=True)
# Ensure dependencies
ensure_dependencies(dependencies)
# Apply patches if any
if (repo_dir / 'patches'):
apply_patches(repo_dir, patch_dir)
# Prepare the package if required
if package.get('prepare_package', False):
prepare_package(repo_dir, package.get('install_data', ''))
# Build dependency package and install it
if (repo_dir / 'debian/control').exists():
try:
run('sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"', cwd=repo_dir, check=True, shell=True)
run('sudo dpkg -i *build-deps*.deb', cwd=repo_dir, check=True, shell=True)
except CalledProcessError as e:
print(f"Failed to build package {repo_name}: {e}")
# Build the package, check if we have build_cmd in the package.toml
try:
build_cmd = package.get('build_cmd', 'dpkg-buildpackage -uc -us -tc -F')
run(build_cmd, cwd=repo_dir, check=True, shell=True)
except CalledProcessError as e:
print(e)
print("I: Source packages build failed, ignoring - building binaries only")
build_cmd = package.get('build_cmd', 'dpkg-buildpackage -uc -us -tc -b')
run(build_cmd, cwd=repo_dir, check=True, shell=True)
except CalledProcessError as e:
print(f"Failed to build package {repo_name}: {e}")
finally:
# Clean up repository directory
# shutil.rmtree(repo_dir, ignore_errors=True)
pass
def cleanup_build_deps(repo_dir: Path) -> None:
"""Clean up build dependency packages"""
try:
if repo_dir.exists():
for file in glob.glob(str(repo_dir / '*build-deps*.deb')):
os.remove(file)
print("I: Cleaned up build dependency packages")
except Exception as e:
print(f"Error cleaning up build dependencies: {e}")
def copy_packages(repo_dir: Path) -> None:
"""Copy generated .deb packages to the parent directory"""
try:
deb_files = glob.glob(str(repo_dir / '*.deb'))
for deb_file in deb_files:
shutil.copy(deb_file, repo_dir.parent)
print(f'I: copy generated "{deb_file}" package')
except Exception as e:
print(f"Error copying packages: {e}")
if __name__ == '__main__':
# Prepare argument parser
arg_parser = ArgumentParser()
arg_parser.add_argument('--config',
default='package.toml',
help='Path to the package configuration file')
arg_parser.add_argument('--patch-dir',
default='patches',
help='Path to the directory containing patches')
args = arg_parser.parse_args()
# Load package configuration
with open(args.config, 'r') as file:
config = toml.load(file)
packages = config['packages']
patch_dir = Path(args.patch_dir)
for package in packages:
dependencies = package.get('dependencies', {}).get('packages', [])
# Build the package
build_package(package, dependencies, patch_dir)
# Clean up build dependency packages after build
cleanup_build_deps(Path(package['name']))
# Copy generated .deb packages to parent directory
copy_packages(Path(package['name']))

7
scripts/package-build/ddclient/.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
ddclient/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

1
scripts/package-build/ddclient/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

4
scripts/package-build/ddclient/package.toml Normal file
View File

@ -0,0 +1,4 @@
[[packages]]
name = "ddclient"
commit_id = "debian/3.11.2-1"
scm_url = "https://salsa.debian.org/debian/ddclient"

7
scripts/package-build/dropbear/.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
dropbear/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

1
scripts/package-build/dropbear/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

7
scripts/package-build/dropbear/package.toml Normal file
View File

@ -0,0 +1,7 @@
[[packages]]
name = "dropbear"
commit_id = "debian/2022.83-1+deb12u1"
scm_url = "https://salsa.debian.org/debian/dropbear.git"
[packages.dependencies]
packages = ["libpam0g-dev"]

61
scripts/package-build/dropbear/patches/0001-Enable-PAM-support.patch Normal file
View File

@ -0,0 +1,61 @@
From 861bfb53de5909e25a952a83654c63de61af02b5 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sun, 28 May 2023 15:45:32 +0200
Subject: [PATCH] Enable PAM support
---
debian/control | 1 +
debian/rules | 2 +-
default_options.h | 4 ++--
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/debian/control b/debian/control
index 77ea036..b252b97 100644
--- a/debian/control
+++ b/debian/control
@@ -6,6 +6,7 @@ Build-Depends: debhelper,
debhelper-compat (= 13),
libtomcrypt-dev (>= 1.18.2~),
libtommath-dev (>= 1.2.0~),
+ libpam0g-dev,
libz-dev
Rules-Requires-Root: no
Standards-Version: 4.6.1
diff --git a/debian/rules b/debian/rules
index 7dab64c..ce11aa4 100755
--- a/debian/rules
+++ b/debian/rules
@@ -24,7 +24,7 @@ endif
dh $@
override_dh_auto_configure:
- dh_auto_configure -- --disable-bundled-libtom \
+ dh_auto_configure -- --disable-bundled-libtom --enable-pam \
CC='$(CC)' CFLAGS='$(CFLAGS)' $(CONFFLAGS)
execute_before_dh_auto_build:
diff --git a/default_options.h b/default_options.h
index 5132775..e7d274c 100644
--- a/default_options.h
+++ b/default_options.h
@@ -223,7 +223,7 @@ group1 in Dropbear server too */
/* Authentication Types - at least one required.
RFC Draft requires pubkey auth, and recommends password */
-#define DROPBEAR_SVR_PASSWORD_AUTH 1
+#define DROPBEAR_SVR_PASSWORD_AUTH 0
/* Note: PAM auth is quite simple and only works for PAM modules which just do
* a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
@@ -231,7 +231,7 @@ group1 in Dropbear server too */
* but there's an interface via a PAM module. It won't work for more complex
* PAM challenge/response.
* You can't enable both PASSWORD and PAM. */
-#define DROPBEAR_SVR_PAM_AUTH 0
+#define DROPBEAR_SVR_PAM_AUTH 1
/* ~/.ssh/authorized_keys authentication.
* You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins. */
--
2.30.2

7
scripts/package-build/ethtool/.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
ethtool/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

1
scripts/package-build/ethtool/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

4
scripts/package-build/ethtool/package.toml Normal file
View File

@ -0,0 +1,4 @@
[[packages]]
name = "ethtool"
commit_id = "debian/1%6.6-1"
scm_url = "https://salsa.debian.org/kernel-team/ethtool"

8
scripts/package-build/frr/.gitignore vendored Normal file
View File

@ -0,0 +1,8 @@
frr/
rtrlib/
libyang/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

1
scripts/package-build/frr/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

36
scripts/package-build/frr/package.toml Normal file
View File

@ -0,0 +1,36 @@
[[packages]]
name = "libyang"
commit_id = "v2.1.148"
scm_url = "https://github.com/CESNET/libyang.git"
build_cmd = "pipx run apkg build -i && find pkg/pkgs -type f -name *.deb -exec mv -t .. {} +"
[[packages]]
name = "rtrlib"
commit_id = "v0.8.0"
scm_url = "https://github.com/rtrlib/rtrlib.git"
build_cmd = "sudo mk-build-deps --install --tool 'apt-get --yes --no-install-recommends'; dpkg-buildpackage -uc -us -tc -b"
[[packages]]
name = "frr"
commit_id = "stable/9.1"
scm_url = "https://github.com/FRRouting/frr.git"
build_cmd = "sudo dpkg -i ../*.deb; sudo dpkg-buildpackage -us -uc -tc -b -Ppkg.frr.rtrlib,pkg.frr.lua"
[packages.dependencies]
packages = [
"chrpath",
"gawk",
"install-info",
"libcap-dev",
"libjson-c-dev",
"librtr-dev",
"libpam-dev",
"libprotobuf-c-dev",
"libpython3-dev:native",
"python3-sphinx:native",
"libsnmp-dev",
"protobuf-c-compiler",
"python3-dev:native",
"texinfo",
"lua5.3"
]

7
scripts/package-build/hostap/.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
hostap/
wpa/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

4
scripts/package-build/hostap/README.md Normal file
View File

@ -0,0 +1,4 @@
# build
```
python3 build.py
```

1
scripts/package-build/hostap/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

38
scripts/package-build/hostap/build.sh Executable file
View File

@ -0,0 +1,38 @@
#!/bin/bash
CWD=$(pwd)
set -e
SRC=hostap
SRC_DEB=wpa
if [ ! -d ${SRC} ]; then
echo "${SRC} directory does not exists, please 'git clone'"
exit 1
fi
if [ ! -d ${SRC_DEB} ]; then
echo "${SRC_DEB} directory does not exists, please 'git clone'"
exit 1
fi
echo "I: Copy Debian build instructions"
cp -a ${SRC_DEB}/debian ${SRC}
# Preserve Debian's default of allowing TLSv1.0 and legacy renegotiation for
# compatibility with networks that use legacy crypto
cat > ${SRC}/debian/patches/series << EOF
allow-tlsv1.patch
allow-legacy-renegotiation.patch
EOF
# Build Debian package
cd ${SRC}
echo "I: Ensure Debian build dependencies are met"
sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends" -Ppkg.wpa.nogui,noudeb
echo "I: Create new Debian Package version"
version="$(git describe --tags | tr _ .)"
dch -v ${version:7} "New version to support AES-GCM-256 for MACsec" -b
echo "I: Build Debian hostap Package"
DEB_CPPFLAGS_SET="-Wno-use-after-free -Wno-deprecated-declarations" \
dpkg-buildpackage -us -uc -tc -b -Ppkg.wpa.nogui,noudeb

12
scripts/package-build/hostap/package.toml Normal file
View File

@ -0,0 +1,12 @@
[[packages]]
name = "wpa"
commit_id = "debian/2%2.10-12"
scm_url = "https://salsa.debian.org/debian/wpa"
build_cmd = "/bin/true"
[[packages]]
name = "hostap"
commit_id = "e7172e26d"
scm_url = "git://w1.fi/srv/git/hostap.git"
build_cmd = "cd ..; y | ./build.sh"

6
scripts/package-build/hsflowd/.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
host-sflow/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

1
scripts/package-build/hsflowd/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

8
scripts/package-build/hsflowd/package.toml Normal file
View File

@ -0,0 +1,8 @@
[[packages]]
name = "host-sflow"
commit_id = "v2.0.55-1"
scm_url = "https://github.com/sflow/host-sflow.git"
build_cmd = "make deb FEATURES='PCAP DROPMON DBUS'"
[packages.dependencies]
packages = ["libpcap0.8-dev"]

7
scripts/package-build/isc-dhcp/.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
isc-dhcp/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

1
scripts/package-build/isc-dhcp/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

7
scripts/package-build/isc-dhcp/package.toml Normal file
View File

@ -0,0 +1,7 @@
[[packages]]
name = "isc-dhcp"
commit_id = "debian/4.4.3-P1-4"
scm_url = "https://salsa.debian.org/debian/isc-dhcp"
[packages.dependencies]
packages = ["libpam0g-dev"]

248
scripts/package-build/isc-dhcp/patches/0001-Add-support-for-raw-IP-interface-type.patch Normal file
View File

@ -0,0 +1,248 @@
From 8d9e8ace96ad9e2dba9f2d4069228dee5daf6772 Mon Sep 17 00:00:00 2001
From: Loic Poulain <loic.poulain@linaro.org>
Date: Mon, 2 Nov 2020 06:42:12 -0500
Subject: [PATCH 1/4] Add support for raw IP interface type
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Under linux some devices can expose raw IP interfaces, such as WWAN
modems. In that case IP data is not encapsulated in any lower level
protocol.
dhclient does not support this currently and this patch adds support
for such pure IP interfaces.
The original patch comes from Bjørn Mork on Network-Manage mailing list:
https://mail.gnome.org/archives/networkmanager-list/2015-December/msg00044.html
---
common/bpf.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++-
common/lpf.c | 59 +++++++++++++++++++++++++++++++++++++-----------
common/packet.c | 7 ++++++
includes/dhcp.h | 1 +
4 files changed, 113 insertions(+), 14 deletions(-)
diff --git a/common/bpf.c b/common/bpf.c
index 658e5db..0c08574 100644
--- a/common/bpf.c
+++ b/common/bpf.c
@@ -198,6 +198,34 @@ struct bpf_insn dhcp_bpf_filter [] = {
BPF_STMT (BPF_RET + BPF_K, 0),
};
+int dhcp_bpf_filter_len = sizeof dhcp_bpf_filter / sizeof (struct bpf_insn);
+
+struct bpf_insn dhcp_bpf_pureip_filter [] = {
+ /* Make sure it's a UDP packet... */
+ BPF_STMT (BPF_LD + BPF_B + BPF_ABS, 9),
+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 6),
+
+ /* Make sure this isn't a fragment... */
+ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 6),
+ BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 4, 0),
+
+ /* Get the IP header length... */
+ BPF_STMT (BPF_LDX + BPF_B + BPF_MSH, 0),
+
+ /* Make sure it's to the right port... */
+ BPF_STMT (BPF_LD + BPF_H + BPF_IND, 2),
+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 0, 1), /* patch */
+
+ /* If we passed all the tests, ask for the whole packet. */
+ BPF_STMT(BPF_RET+BPF_K, (u_int)-1),
+
+ /* Otherwise, drop it. */
+ BPF_STMT(BPF_RET+BPF_K, 0),
+};
+
+int dhcp_bpf_pureip_filter_len =
+ sizeof dhcp_bpf_pureip_filter / sizeof (struct bpf_insn);
+
#if defined(RELAY_PORT)
/*
* For relay port extension
@@ -235,13 +263,43 @@ struct bpf_insn dhcp_bpf_relay_filter [] = {
int dhcp_bpf_relay_filter_len =
sizeof dhcp_bpf_relay_filter / sizeof (struct bpf_insn);
+
+struct bpf_insn dhcp_bpf_pureip_relay_filter [] = {
+ /* Make sure it's a UDP packet... */
+ BPF_STMT (BPF_LD + BPF_B + BPF_ABS, 9),
+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 8),
+
+ /* Make sure this isn't a fragment... */
+ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 6),
+ BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 6, 0),
+
+ /* Get the IP header length... */
+ BPF_STMT (BPF_LDX + BPF_B + BPF_MSH, 0),
+
+ /* Make sure it's to the right port... */
+ BPF_STMT (BPF_LD + BPF_H + BPF_IND, 16),
+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 2, 0), /* patch */
+
+ /* relay can have an alternative port... */
+ BPF_STMT (BPF_LD + BPF_H + BPF_IND, 16),
+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 0, 1), /* patch */
+
+ /* If we passed all the tests, ask for the whole packet. */
+ BPF_STMT (BPF_RET + BPF_K, (u_int)-1),
+
+ /* Otherwise, drop it. */
+ BPF_STMT (BPF_RET + BPF_K, 0),
+};
+
+int dhcp_bpf_pureip_relay_filter_len =
+ sizeof dhcp_bpf_pureip_relay_filter / sizeof (struct bpf_insn);
+
#endif
#if defined (DEC_FDDI)
struct bpf_insn *bpf_fddi_filter = NULL;
#endif
-int dhcp_bpf_filter_len = sizeof dhcp_bpf_filter / sizeof (struct bpf_insn);
#if defined (HAVE_TR_SUPPORT)
struct bpf_insn dhcp_bpf_tr_filter [] = {
/* accept all token ring packets due to variable length header */
diff --git a/common/lpf.c b/common/lpf.c
index bb8822a..d8f34a4 100644
--- a/common/lpf.c
+++ b/common/lpf.c
@@ -177,9 +177,15 @@ void if_deregister_send (info)
extern struct sock_filter dhcp_bpf_filter [];
extern int dhcp_bpf_filter_len;
+extern struct sock_filter dhcp_bpf_pureip_filter [];
+extern int dhcp_bpf_pureip_filter_len;
+
#if defined(RELAY_PORT)
extern struct sock_filter dhcp_bpf_relay_filter [];
extern int dhcp_bpf_relay_filter_len;
+
+extern struct sock_filter dhcp_bpf_pureip_relay_filter [];
+extern int dhcp_bpf_pureip_relay_filter_len;
#endif
#if defined (HAVE_TR_SUPPORT)
@@ -249,31 +255,52 @@ void if_deregister_receive (info)
static void lpf_gen_filter_setup (info)
struct interface_info *info;
{
+ int pure_ip = info -> hw_address.hbuf [0] == HTYPE_PUREIP;
struct sock_fprog p;
memset(&p, 0, sizeof(p));
- /* Set up the bpf filter program structure. This is defined in
- bpf.c */
- p.len = dhcp_bpf_filter_len;
- p.filter = dhcp_bpf_filter;
+ /* Set up the bpf filter program structure and patch port(s).
+ *
+ * This is defined in bpf.c, XXX changes to filter program may
+ * require changes to the insn number(s) used below! XXX
+ */
+
+ if (pure_ip) {
+ p.len = dhcp_bpf_pureip_filter_len;
+ p.filter = dhcp_bpf_pureip_filter;
+
+ /* patch port */
+ dhcp_bpf_pureip_filter [6].k = ntohs (local_port);
+ } else {
+ p.len = dhcp_bpf_filter_len;
+ p.filter = dhcp_bpf_filter;
+
+ /* patch port */
+ dhcp_bpf_filter [8].k = ntohs (local_port);
+ }
- /* Patch the server port into the LPF program...
- XXX changes to filter program may require changes
- to the insn number(s) used below! XXX */
#if defined(RELAY_PORT)
- if (relay_port) {
- /*
- * If user defined relay UDP port, we need to filter
- * also on the user UDP port.
- */
+ /*
+ * If user defined relay UDP port, we need to filter
+ * also on the user UDP port.
+ */
+ if (relay_port && pure_ip) {
+ p.len = dhcp_bpf_pureip_relay_filter_len;
+ p.filter = dhcp_bpf_pureip_relay_filter;
+
+ /* patch ports */
+ dhcp_bpf_pureip_relay_filter [6].k = ntohs (local_port);
+ dhcp_bpf_pureip_relay_filter [8].k = ntohs (relay_port);
+ } else if (relay_port) {
p.len = dhcp_bpf_relay_filter_len;
p.filter = dhcp_bpf_relay_filter;
+ /* patch ports */
+ dhcp_bpf_relay_filter [8].k = ntohs (local_port);
dhcp_bpf_relay_filter [10].k = ntohs (relay_port);
}
#endif
- dhcp_bpf_filter [8].k = ntohs (local_port);
if (setsockopt (info -> rfdesc, SOL_SOCKET, SO_ATTACH_FILTER, &p,
sizeof p) < 0) {
@@ -578,6 +605,12 @@ get_hw_addr(const char *name, struct hardware *hw) {
hw->hbuf[3] = 0xbe;
hw->hbuf[4] = 0xef;
break;
+#endif
+#ifdef ARPHRD_RAWIP
+ case ARPHRD_RAWIP:
+ hw->hlen = 1;
+ hw->hbuf[0] = HTYPE_PUREIP;
+ break;
#endif
default:
log_fatal("Unsupported device type %ld for \"%s\"",
diff --git a/common/packet.c b/common/packet.c
index 49795c4..6745db7 100644
--- a/common/packet.c
+++ b/common/packet.c
@@ -119,6 +119,10 @@ void assemble_hw_header (interface, buf, bufix, to)
case HTYPE_INFINIBAND:
log_error("Attempt to assemble hw header for infiniband");
break;
+ case HTYPE_PUREIP:
+ /* Nothing to do, there is no hw header */
+ *bufix = 0;
+ break;
case HTYPE_ETHER:
default:
assemble_ethernet_header(interface, buf, bufix, to);
@@ -219,6 +223,9 @@ ssize_t decode_hw_header (interface, buf, bufix, from)
case HTYPE_INFINIBAND:
log_error("Attempt to decode hw header for infiniband");
return (0);
+ case HTYPE_PUREIP:
+ /* Nothing to do, there is no hw header */
+ return 0;
case HTYPE_ETHER:
default:
return (decode_ethernet_header(interface, buf, bufix, from));
diff --git a/includes/dhcp.h b/includes/dhcp.h
index d519821..75be1fb 100644
--- a/includes/dhcp.h
+++ b/includes/dhcp.h
@@ -76,6 +76,7 @@ struct dhcp_packet {
#define HTYPE_IEEE802 6 /* IEEE 802.2 Token Ring... */
#define HTYPE_FDDI 8 /* FDDI... */
#define HTYPE_INFINIBAND 32 /* IP over Infiniband */
+#define HTYPE_PUREIP 35 /* Pure IP */
#define HTYPE_IPMP 255 /* IPMP - random hw address - there
* is no standard for this so we
* just steal a type */
--
2.39.2

170
scripts/package-build/isc-dhcp/patches/0002-Checkpoint-improved-patch.patch Normal file
View File

@ -0,0 +1,170 @@
From e67d1b6b4178f412084459c4cb7e54a8c0019bd2 Mon Sep 17 00:00:00 2001
From: Francis Dupont <fdupont@isc.org>
Date: Fri, 6 Nov 2020 10:46:09 +0100
Subject: [PATCH 2/4] Checkpoint: improved patch
---
common/bpf.c | 10 +++---
common/lpf.c | 89 +++++++++++++++++++++++++++++++++++-----------------
2 files changed, 65 insertions(+), 34 deletions(-)
diff --git a/common/bpf.c b/common/bpf.c
index 0c08574..30dcaa5 100644
--- a/common/bpf.c
+++ b/common/bpf.c
@@ -214,13 +214,13 @@ struct bpf_insn dhcp_bpf_pureip_filter [] = {
/* Make sure it's to the right port... */
BPF_STMT (BPF_LD + BPF_H + BPF_IND, 2),
- BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 0, 1), /* patch */
+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 67, 0, 1), /* patch */
/* If we passed all the tests, ask for the whole packet. */
- BPF_STMT(BPF_RET+BPF_K, (u_int)-1),
+ BPF_STMT(BPF_RET + BPF_K, (u_int)-1),
/* Otherwise, drop it. */
- BPF_STMT(BPF_RET+BPF_K, 0),
+ BPF_STMT(BPF_RET + BPF_K, 0),
};
int dhcp_bpf_pureip_filter_len =
@@ -278,11 +278,11 @@ struct bpf_insn dhcp_bpf_pureip_relay_filter [] = {
/* Make sure it's to the right port... */
BPF_STMT (BPF_LD + BPF_H + BPF_IND, 16),
- BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 2, 0), /* patch */
+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 67, 2, 0), /* patch */
/* relay can have an alternative port... */
BPF_STMT (BPF_LD + BPF_H + BPF_IND, 16),
- BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 0, 1), /* patch */
+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 67, 0, 1), /* patch */
/* If we passed all the tests, ask for the whole packet. */
BPF_STMT (BPF_RET + BPF_K, (u_int)-1),
diff --git a/common/lpf.c b/common/lpf.c
index d8f34a4..75609f5 100644
--- a/common/lpf.c
+++ b/common/lpf.c
@@ -221,6 +221,9 @@ void if_register_receive (info)
lpf_tr_filter_setup (info);
else
#endif
+ if (info -> hw_address.hbuf [0] == HTYPE_PUREIP)
+ lpf_pureip_filter_setup (info);
+ else
lpf_gen_filter_setup (info);
if (!quiet_interface_discovery)
@@ -255,50 +258,78 @@ void if_deregister_receive (info)
static void lpf_gen_filter_setup (info)
struct interface_info *info;
{
- int pure_ip = info -> hw_address.hbuf [0] == HTYPE_PUREIP;
struct sock_fprog p;
memset(&p, 0, sizeof(p));
- /* Set up the bpf filter program structure and patch port(s).
- *
- * This is defined in bpf.c, XXX changes to filter program may
- * require changes to the insn number(s) used below! XXX
- */
+ /* Set up the bpf filter program structure. This is defined in
+ bpf.c */
+ p.len = dhcp_bpf_filter_len;
+ p.filter = dhcp_bpf_filter;
+
+ dhcp_bpf_filter [8].k = ntohs (local_port);
- if (pure_ip) {
- p.len = dhcp_bpf_pureip_filter_len;
- p.filter = dhcp_bpf_pureip_filter;
+ /* Patch the server port into the LPF program...
+ XXX changes to filter program may require changes
+ to the insn number(s) used below! XXX */
+#if defined(RELAY_PORT)
+ if (relay_port) {
+ /*
+ * If user defined relay UDP port, we need to filter
+ * also on the user UDP port.
+ */
+ p.len = dhcp_bpf_relay_filter_len;
+ p.filter = dhcp_bpf_relay_filter;
- /* patch port */
- dhcp_bpf_pureip_filter [6].k = ntohs (local_port);
- } else {
- p.len = dhcp_bpf_filter_len;
- p.filter = dhcp_bpf_filter;
+ dhcp_bpf_relay_filter [8].k = ntohs (local_port);
+ dhcp_bpf_relay_filter [10].k = ntohs (relay_port);
+ }
+#endif
- /* patch port */
- dhcp_bpf_filter [8].k = ntohs (local_port);
+ if (setsockopt (info -> rfdesc, SOL_SOCKET, SO_ATTACH_FILTER, &p,
+ sizeof p) < 0) {
+ if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT ||
+ errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT ||
+ errno == EAFNOSUPPORT) {
+ log_error ("socket: %m - make sure");
+ log_error ("CONFIG_PACKET (Packet socket) %s",
+ "and CONFIG_FILTER");
+ log_error ("(Socket Filtering) are enabled %s",
+ "in your kernel");
+ log_fatal ("configuration!");
+ }
+ log_fatal ("Can't install packet filter program: %m");
}
+}
+
+static void lpf_pureip_gen_filter_setup (info)
+ struct interface_info *info;
+{
+ struct sock_fprog p;
+
+ memset(&p, 0, sizeof(p));
+
+ /* Set up the bpf filter program structure. This is defined in
+ bpf.c */
+ p.len = dhcp_bpf_pureip_filter_len;
+ p.filter = dhcp_bpf_pureip_filter;
+
+ dhcp_bpf_pureip_filter [6].k = ntohs (local_port);
+ /* Patch the server port into the LPF program...
+ XXX changes to filter program may require changes
+ to the insn number(s) used below! XXX */
#if defined(RELAY_PORT)
- /*
- * If user defined relay UDP port, we need to filter
- * also on the user UDP port.
- */
- if (relay_port && pure_ip) {
+ if (relay_port) {
+ /*
+ * If user defined relay UDP port, we need to filter
+ * also on the user UDP port.
+ */
p.len = dhcp_bpf_pureip_relay_filter_len;
p.filter = dhcp_bpf_pureip_relay_filter;
- /* patch ports */
dhcp_bpf_pureip_relay_filter [6].k = ntohs (local_port);
dhcp_bpf_pureip_relay_filter [8].k = ntohs (relay_port);
- } else if (relay_port) {
- p.len = dhcp_bpf_relay_filter_len;
- p.filter = dhcp_bpf_relay_filter;
-
- /* patch ports */
- dhcp_bpf_relay_filter [8].k = ntohs (local_port);
- dhcp_bpf_relay_filter [10].k = ntohs (relay_port);
}
#endif
--
2.39.2

48
scripts/package-build/isc-dhcp/patches/0003-fix-compilation-errors.patch Normal file
View File

@ -0,0 +1,48 @@
From 58e0d3317795987b2f1ca788645196d0e3543f88 Mon Sep 17 00:00:00 2001
From: Adam Smith <zero1three@gmail.com>
Date: Tue, 23 Jan 2024 21:47:00 -0500
Subject: [PATCH 3/4] fix compilation errors
---
common/lpf.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/common/lpf.c b/common/lpf.c
index 75609f5..1561d71 100644
--- a/common/lpf.c
+++ b/common/lpf.c
@@ -195,6 +195,7 @@ static void lpf_tr_filter_setup (struct interface_info *);
#endif
static void lpf_gen_filter_setup (struct interface_info *);
+static void lpf_pureip_gen_filter_setup (struct interface_info *);
void if_register_receive (info)
struct interface_info *info;
@@ -215,14 +216,13 @@ void if_register_receive (info)
}
#endif
-
#if defined (HAVE_TR_SUPPORT)
if (info -> hw_address.hbuf [0] == HTYPE_IEEE802)
lpf_tr_filter_setup (info);
else
#endif
if (info -> hw_address.hbuf [0] == HTYPE_PUREIP)
- lpf_pureip_filter_setup (info);
+ lpf_pureip_gen_filter_setup (info);
else
lpf_gen_filter_setup (info);
@@ -349,6 +349,7 @@ static void lpf_pureip_gen_filter_setup (info)
}
}
+
#if defined (HAVE_TR_SUPPORT)
static void lpf_tr_filter_setup (info)
struct interface_info *info;
--
2.39.2

29
scripts/package-build/isc-dhcp/patches/0004-add-support-for-ARPHRD_NONE-interface-type.patch Normal file
View File

@ -0,0 +1,29 @@
From fd96a11b31cd05aae450ec65fde0b5c6e0b718c2 Mon Sep 17 00:00:00 2001
From: Adam Smith <zero1three@gmail.com>
Date: Tue, 23 Jan 2024 22:35:54 -0500
Subject: [PATCH 4/4] add support for ARPHRD_NONE interface type
---
common/lpf.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/common/lpf.c b/common/lpf.c
index 1561d71..f7e84b1 100644
--- a/common/lpf.c
+++ b/common/lpf.c
@@ -643,6 +643,12 @@ get_hw_addr(const char *name, struct hardware *hw) {
hw->hlen = 1;
hw->hbuf[0] = HTYPE_PUREIP;
break;
+#endif
+#ifdef ARPHRD_NONE
+ case ARPHRD_NONE:
+ hw->hlen = 1;
+ hw->hbuf[0] = HTYPE_PUREIP;
+ break;
#endif
default:
log_fatal("Unsupported device type %ld for \"%s\"",
--
2.39.2

7
scripts/package-build/kea/.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
isc-kea/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

1
scripts/package-build/kea/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

4
scripts/package-build/kea/package.toml Normal file
View File

@ -0,0 +1,4 @@
[[packages]]
name = "isc-kea"
commit_id = "debian/2.4.1-3"
scm_url = "https://salsa.debian.org/debian/isc-kea"

7
scripts/package-build/keepalived/.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
keepalived/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

1
scripts/package-build/keepalived/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

4
scripts/package-build/keepalived/package.toml Normal file
View File

@ -0,0 +1,4 @@
[[packages]]
name = "keepalived"
commit_id = "debian/1%2.2.8-1"
scm_url = "https://salsa.debian.org/debian/pkg-keepalived.git"

129
scripts/package-build/keepalived/patches/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch Normal file
View File

@ -0,0 +1,129 @@
From af4aa758c3512bec8233549e138b03741c5404f9 Mon Sep 17 00:00:00 2001
From: Quentin Armitage <quentin@armitage.org.uk>
Date: Sat, 14 Oct 2023 15:37:19 +0100
Subject: [PATCH] vrrp: Set sysctl arp_ignore to 1 on IPv6 VMACs
Setting arp_ignore to 1 ensures that the VMAC interface does not respond
to ARP requests for IPv4 addresses not configured on the VMAC.
Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
---
keepalived/include/vrrp_if_config.h | 2 +-
keepalived/vrrp/vrrp_if_config.c | 28 ++++++++++++++++++++--------
keepalived/vrrp/vrrp_vmac.c | 5 ++---
3 files changed, 23 insertions(+), 12 deletions(-)
diff --git a/keepalived/include/vrrp_if_config.h b/keepalived/include/vrrp_if_config.h
index 35465cd..c35e56e 100644
--- a/keepalived/include/vrrp_if_config.h
+++ b/keepalived/include/vrrp_if_config.h
@@ -34,7 +34,7 @@ extern void set_promote_secondaries(interface_t*);
extern void reset_promote_secondaries(interface_t*);
#ifdef _HAVE_VRRP_VMAC_
extern void restore_rp_filter(void);
-extern void set_interface_parameters(const interface_t*, interface_t*);
+extern void set_interface_parameters(const interface_t*, interface_t*, sa_family_t);
extern void reset_interface_parameters(interface_t*);
extern void link_set_ipv6(const interface_t*, bool);
#endif
diff --git a/keepalived/vrrp/vrrp_if_config.c b/keepalived/vrrp/vrrp_if_config.c
index cfce7e2..fbfd34c 100644
--- a/keepalived/vrrp/vrrp_if_config.c
+++ b/keepalived/vrrp/vrrp_if_config.c
@@ -81,6 +81,11 @@ static sysctl_opts_t vmac_sysctl[] = {
{ 0, 0}
};
+static sysctl_opts_t vmac_sysctl_6[] = {
+ { IPV4_DEVCONF_ARP_IGNORE, 1 },
+ { 0, 0}
+};
+
#endif
#endif
@@ -216,11 +221,14 @@ netlink_set_interface_flags(unsigned ifindex, const sysctl_opts_t *sys_opts)
#ifdef _HAVE_VRRP_VMAC_
static inline int
-netlink_set_interface_parameters(const interface_t *ifp, interface_t *base_ifp)
+netlink_set_interface_parameters(const interface_t *ifp, interface_t *base_ifp, sa_family_t family)
{
- if (netlink_set_interface_flags(ifp->ifindex, vmac_sysctl))
+ if (netlink_set_interface_flags(ifp->ifindex, family == AF_INET6 ? vmac_sysctl_6 : vmac_sysctl))
return -1;
+ if (family == AF_INET6)
+ return 0;
+
/* If the underlying interface is a MACVLAN that has been moved into
* a separate network namespace from the parent, we can't access the
* parent. */
@@ -271,9 +279,9 @@ netlink_reset_interface_parameters(const interface_t* ifp)
}
static inline void
-set_interface_parameters_devconf(const interface_t *ifp, interface_t *base_ifp)
+set_interface_parameters_devconf(const interface_t *ifp, interface_t *base_ifp, sa_family_t family)
{
- if (netlink_set_interface_parameters(ifp, base_ifp))
+ if (netlink_set_interface_parameters(ifp, base_ifp, family))
log_message(LOG_INFO, "Unable to set parameters for %s", ifp->ifname);
}
@@ -310,11 +318,15 @@ reset_promote_secondaries_devconf(interface_t *ifp)
#ifdef _HAVE_VRRP_VMAC_
static inline void
-set_interface_parameters_sysctl(const interface_t *ifp, interface_t *base_ifp)
+set_interface_parameters_sysctl(const interface_t *ifp, interface_t *base_ifp, sa_family_t family)
{
unsigned val;
set_sysctl("net/ipv4/conf", ifp->ifname, "arp_ignore", 1);
+
+ if (family == AF_INET6)
+ return;
+
set_sysctl("net/ipv4/conf", ifp->ifname, "accept_local", 1);
set_sysctl("net/ipv4/conf", ifp->ifname, "rp_filter", 0);
@@ -524,15 +536,15 @@ restore_rp_filter(void)
}
void
-set_interface_parameters(const interface_t *ifp, interface_t *base_ifp)
+set_interface_parameters(const interface_t *ifp, interface_t *base_ifp, sa_family_t family)
{
if (all_rp_filter == UINT_MAX)
clear_rp_filter();
#ifdef _HAVE_IPV4_DEVCONF_
- set_interface_parameters_devconf(ifp, base_ifp);
+ set_interface_parameters_devconf(ifp, base_ifp, family);
#else
- set_interface_parameters_sysctl(ifp, base_ifp);
+ set_interface_parameters_sysctl(ifp, base_ifp, family);
#endif
}
diff --git a/keepalived/vrrp/vrrp_vmac.c b/keepalived/vrrp/vrrp_vmac.c
index e5ff0e9..021953a 100644
--- a/keepalived/vrrp/vrrp_vmac.c
+++ b/keepalived/vrrp/vrrp_vmac.c
@@ -407,10 +407,9 @@ netlink_link_add_vmac(vrrp_t *vrrp, const interface_t *old_interface)
if (!ifp->ifindex)
return false;
- if (vrrp->family == AF_INET && create_interface) {
+ if (create_interface) {
/* Set the necessary kernel parameters to make macvlans work for us */
-// If this saves current base_ifp's settings, we need to be careful if multiple VMACs on same i/f
- set_interface_parameters(ifp, ifp->base_ifp);
+ set_interface_parameters(ifp, ifp->base_ifp, vrrp->family);
}
#ifdef _WITH_FIREWALL_
--
2.34.1

32
scripts/package-build/linux-kernel/.gitignore vendored Normal file
View File

@ -0,0 +1,32 @@
/linux*
/wireguard
/wireguard-linux-compat
/accel-ppp
/intel-qat
/linux-firmware
/vyos-drivers-intel*
/vyos-drivers-realtek*
/ovpn-dco
/nat-rtsp*
/jool*
/qat*
/QAT*
*.tar.gz
*.tar.xz
/*.postinst
# Intel Driver source
i40e-*/
igb-*/
ixgbe-*/
ixgbevf-*/
vyos-intel-*/
vyos-linux-firmware*/
kernel-vars
r8152-*.tar.bz2
*.buildinfo
*.build
*.changes
*.deb
*.dsc

41
scripts/package-build/linux-kernel/README.md Normal file
View File

@ -0,0 +1,41 @@
# Build
```
./build.py --config package.toml --packages linux-kernel accel-ppp xxx
```
# About
VyOS runs on a custom Linux Kernel (which is 4.19) at the time of this writing.
This repository holds a Jenkins Pipeline which is used to build the Custom
Kernel (x86_64/amd64 at the moment) and all required out-of tree modules.
VyOS does not utilize the build in Intel Kernel drivers for its NICs as those
Kernels sometimes lack features e.g. configurable receive-side-scaling queues.
On the other hand we ship additional not mainlined features as WireGuard VPN.
## Kernel
The Kernel is build from the vanilla repositories hosted at https://git.kernel.org.
VyOS requires two additional patches to work which are stored in the patches/kernel
folder.
### Config
The Kernel configuration used is [x86_64_vyos_defconfig](x86_64_vyos_defconfig)
which will be copied on demand during the Pipeline run into the `arch/x86/configs`i
direcotry of the Kernel source tree.
Other configurations can be added in the future easily.
### Modules
VyOS utilizes several Out-of-Tree modules (e.g. WireGuard, Accel-PPP and Intel
network interface card drivers). Module source code is retrieved from the
upstream repository and - when needed - patched so it can be build using this
pipeline.
In the past VyOS maintainers had a fork of the Linux Kernel, WireGuard and
Accel-PPP. This is fine but increases maintenance effort. By utilizing vanilla
repositories upgrading to new versions is very easy - only the branch/commit/tag
used when cloning the repository via [Jenkinsfile](Jenkinsfile) needs to be
adjusted.

7138
scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig Normal file
View File

File diff suppressed because it is too large Load Diff

6355
scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig Normal file
View File

File diff suppressed because it is too large Load Diff

42
scripts/package-build/linux-kernel/build-accel-ppp.sh Executable file
View File

@ -0,0 +1,42 @@
#!/bin/sh
CWD=$(pwd)
KERNEL_VAR_FILE=${CWD}/kernel-vars
ACCEL_SRC=${CWD}/accel-ppp
if [ ! -d ${ACCEL_SRC} ]; then
echo "Accel-PPP source not found"
exit 1
fi
if [ ! -f ${KERNEL_VAR_FILE} ]; then
echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
exit 1
fi
PATCH_DIR=${CWD}/patches/accel-ppp
if [ -d $PATCH_DIR ]; then
cd ${ACCEL_SRC}
for patch in $(ls ${PATCH_DIR})
do
echo "I: Apply patch: ${PATCH_DIR}/${patch}"
patch -p1 < ${PATCH_DIR}/${patch}
done
fi
. ${KERNEL_VAR_FILE}
mkdir -p ${ACCEL_SRC}/build
cd ${ACCEL_SRC}/build
echo "I: Build Accel-PPP Debian package"
cmake -DBUILD_IPOE_DRIVER=TRUE \
-DBUILD_VLAN_MON_DRIVER=TRUE \
-DCMAKE_INSTALL_PREFIX=/usr \
-DKDIR=${KERNEL_DIR} \
-DLUA=5.3 \
-DMODULES_KDIR=${KERNEL_VERSION}${KERNEL_SUFFIX} \
-DCPACK_TYPE=Debian12 ..
make
cpack -G DEB
# rename resulting Debian package according git description
mv accel-ppp*.deb ${CWD}/accel-ppp_$(git describe --always --tags)_$(dpkg --print-architecture).deb

107
scripts/package-build/linux-kernel/build-intel-ixgbe.sh Executable file
View File

@ -0,0 +1,107 @@
#!/bin/sh
CWD=$(pwd)
KERNEL_VAR_FILE=${CWD}/kernel-vars
if ! dpkg-architecture -iamd64; then
echo "Intel ixgbe is only buildable on amd64 platforms"
exit 0
fi
if [ ! -f ${KERNEL_VAR_FILE} ]; then
echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
exit 1
fi
. ${KERNEL_VAR_FILE}
url="https://sourceforge.net/projects/e1000/files/ixgbe%20stable/5.20.3/ixgbe-5.20.3.tar.gz"
cd ${CWD}
DRIVER_FILE=$(basename ${url} | sed -e s/tar_0/tar/)
DRIVER_DIR="${DRIVER_FILE%.tar.gz}"
DRIVER_NAME="ixgbe"
DRIVER_VERSION=$(echo ${DRIVER_DIR} | awk -F${DRIVER_NAME} '{print $2}' | sed 's/^-//')
DRIVER_VERSION_EXTRA=""
# Build up Debian related variables required for packaging
DEBIAN_ARCH=$(dpkg --print-architecture)
DEBIAN_DIR="${CWD}/vyos-intel-${DRIVER_NAME}_${DRIVER_VERSION}_${DEBIAN_ARCH}"
DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control"
DEBIAN_POSTINST="${CWD}/vyos-intel-ixgbe.postinst"
# Fetch Intel driver source from SourceForge
if [ -e ${DRIVER_FILE} ]; then
rm -f ${DRIVER_FILE}
fi
curl -L -o ${DRIVER_FILE} ${url}
if [ "$?" -ne "0" ]; then
exit 1
fi
# Unpack archive
if [ -d ${DRIVER_DIR} ]; then
rm -rf ${DRIVER_DIR}
fi
mkdir -p ${DRIVER_DIR}
tar -C ${DRIVER_DIR} --strip-components=1 -xf ${DRIVER_FILE}
cd ${DRIVER_DIR}/src
if [ -z $KERNEL_DIR ]; then
echo "KERNEL_DIR not defined"
exit 1
fi
# See https://lore.kernel.org/lkml/f90837d0-810e-5772-7841-28d47c44d260@intel.com/
echo "I: remove pci_enable_pcie_error_reporting() code no longer present in Kernel"
sed -i '/.*pci_disable_pcie_error_reporting(pdev);/d' ixgbe_main.c
sed -i '/.*pci_enable_pcie_error_reporting(pdev);/d' ixgbe_main.c
# See https://vyos.dev/T6155
echo "I: always enable allow_unsupported_sfp for all NICs by default"
patch -l -p1 < ../../patches/ixgbe/allow_unsupported_sfp.patch
# See https://vyos.dev/T6162
echo "I: add 1000BASE-BX support"
patch -l -p1 < ../../patches/ixgbe/add_1000base-bx_support.patch
echo "I: Compile Kernel module for Intel ${DRIVER_NAME} driver"
make KSRC=${KERNEL_DIR} INSTALL_MOD_PATH=${DEBIAN_DIR} INSTALL_FW_PATH=${DEBIAN_DIR} -j $(getconf _NPROCESSORS_ONLN) install
if [ "x$?" != "x0" ]; then
exit 1
fi
if [ -f ${DEBIAN_DIR}.deb ]; then
rm ${DEBIAN_DIR}.deb
fi
# build Debian package
echo "I: Building Debian package vyos-intel-${DRIVER_NAME}"
cd ${CWD}
# delete non required files which are also present in the kernel package
# und thus lead to duplicated files
find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f
echo "#!/bin/sh" > ${DEBIAN_POSTINST}
echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST}
fpm --input-type dir --output-type deb --name vyos-intel-${DRIVER_NAME} \
--version ${DRIVER_VERSION} --deb-compression gz \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "Vendor based driver for Intel ${DRIVER_NAME}" \
--depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \
--license "GPL2" -C ${DEBIAN_DIR} --after-install ${DEBIAN_POSTINST}
echo "I: Cleanup ${DRIVER_NAME} source"
cd ${CWD}
if [ -e ${DRIVER_FILE} ]; then
rm -f ${DRIVER_FILE}
fi
if [ -d ${DRIVER_DIR} ]; then
rm -rf ${DRIVER_DIR}
fi
if [ -d ${DEBIAN_DIR} ]; then
rm -rf ${DEBIAN_DIR}
fi

100
scripts/package-build/linux-kernel/build-intel-ixgbevf.sh Executable file
View File

@ -0,0 +1,100 @@
#!/bin/sh
CWD=$(pwd)
KERNEL_VAR_FILE=${CWD}/kernel-vars
if ! dpkg-architecture -iamd64; then
echo "Intel ixgbevf is only buildable on amd64 platforms"
exit 0
fi
if [ ! -f ${KERNEL_VAR_FILE} ]; then
echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
exit 1
fi
. ${KERNEL_VAR_FILE}
url="https://sourceforge.net/projects/e1000/files/ixgbevf%20stable/4.18.9/ixgbevf-4.18.9.tar.gz"
cd ${CWD}
DRIVER_FILE=$(basename ${url} | sed -e s/tar_0/tar/)
DRIVER_DIR="${DRIVER_FILE%.tar.gz}"
DRIVER_NAME="ixgbevf"
DRIVER_VERSION=$(echo ${DRIVER_DIR} | awk -F${DRIVER_NAME} '{print $2}' | sed 's/^-//')
DRIVER_VERSION_EXTRA=""
# Build up Debian related variables required for packaging
DEBIAN_ARCH=$(dpkg --print-architecture)
DEBIAN_DIR="${CWD}/vyos-intel-${DRIVER_NAME}_${DRIVER_VERSION}_${DEBIAN_ARCH}"
DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control"
DEBIAN_POSTINST="${CWD}/vyos-intel-ixgbevf.postinst"
# Fetch Intel driver source from SourceForge
if [ -e ${DRIVER_FILE} ]; then
rm -f ${DRIVER_FILE}
fi
curl -L -o ${DRIVER_FILE} ${url}
if [ "$?" -ne "0" ]; then
exit 1
fi
# Unpack archive
if [ -d ${DRIVER_DIR} ]; then
rm -rf ${DRIVER_DIR}
fi
mkdir -p ${DRIVER_DIR}
tar -C ${DRIVER_DIR} --strip-components=1 -xf ${DRIVER_FILE}
cd ${DRIVER_DIR}/src
if [ -z $KERNEL_DIR ]; then
echo "KERNEL_DIR not defined"
exit 1
fi
# See https://lore.kernel.org/lkml/f90837d0-810e-5772-7841-28d47c44d260@intel.com/
echo "I: remove pci_enable_pcie_error_reporting() code no longer present in Kernel"
sed -i '/.*pci_disable_pcie_error_reporting(pdev);/d' ixgbevf_main.c
sed -i '/.*pci_enable_pcie_error_reporting(pdev);/d' ixgbevf_main.c
echo "I: Compile Kernel module for Intel ${DRIVER_NAME} driver"
make KSRC=${KERNEL_DIR} INSTALL_MOD_PATH=${DEBIAN_DIR} INSTALL_FW_PATH=${DEBIAN_DIR} -j $(getconf _NPROCESSORS_ONLN) install
if [ "x$?" != "x0" ]; then
exit 1
fi
if [ -f ${DEBIAN_DIR}.deb ]; then
rm ${DEBIAN_DIR}.deb
fi
# build Debian package
echo "I: Building Debian package vyos-intel-${DRIVER_NAME}"
cd ${CWD}
# delete non required files which are also present in the kernel package
# und thus lead to duplicated files
find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f
echo "#!/bin/sh" > ${DEBIAN_POSTINST}
echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST}
fpm --input-type dir --output-type deb --name vyos-intel-${DRIVER_NAME} \
--version ${DRIVER_VERSION} --deb-compression gz \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "Vendor based driver for Intel ${DRIVER_NAME}" \
--depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \
--license "GPL2" -C ${DEBIAN_DIR} --after-install ${DEBIAN_POSTINST}
echo "I: Cleanup ${DRIVER_NAME} source"
cd ${CWD}
if [ -e ${DRIVER_FILE} ]; then
rm -f ${DRIVER_FILE}
fi
if [ -d ${DRIVER_DIR} ]; then
rm -rf ${DRIVER_DIR}
fi
if [ -d ${DEBIAN_DIR} ]; then
rm -rf ${DEBIAN_DIR}
fi

111
scripts/package-build/linux-kernel/build-intel-qat.sh Executable file
View File

@ -0,0 +1,111 @@
#!/bin/sh
CWD=$(pwd)
KERNEL_VAR_FILE=${CWD}/kernel-vars
if ! dpkg-architecture -iamd64; then
echo "Intel-QAT is only buildable on amd64 platforms"
exit 0
fi
if [ ! -f ${KERNEL_VAR_FILE} ]; then
echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
exit 1
fi
. ${KERNEL_VAR_FILE}
url="https://dev.packages.vyos.net/source-mirror/QAT.L.4.24.0-00005.tar.gz"
cd ${CWD}
DRIVER_FILE=$(basename ${url} | sed -e s/tar_0/tar/)
DRIVER_DIR="${DRIVER_FILE%.tar.gz}"
DRIVER_NAME="QAT"
DRIVER_NAME_EXTRA="L."
DRIVER_VERSION=$(echo ${DRIVER_DIR} | awk -F${DRIVER_NAME} '{print $2}' | awk -F${DRIVER_NAME_EXTRA} '{print $2}')
DRIVER_VERSION_EXTRA="-0"
# Build up Debian related variables required for packaging
DEBIAN_ARCH=$(dpkg --print-architecture)
DEBIAN_DIR="${CWD}/vyos-intel-${DRIVER_NAME}_${DRIVER_VERSION}${DRIVER_VERSION_EXTRA}_${DEBIAN_ARCH}"
DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control"
DEBIAN_POSTINST="${CWD}/vyos-intel-qat.postinst"
# Fetch Intel driver source from SourceForge
if [ -e ${DRIVER_FILE} ]; then
rm -f ${DRIVER_FILE}
fi
curl -L -o ${DRIVER_FILE} ${url}
if [ "$?" -ne "0" ]; then
exit 1
fi
# Unpack archive
if [ -d ${DRIVER_DIR} ]; then
rm -rf ${DRIVER_DIR}
fi
mkdir -p ${DRIVER_DIR}
tar -C ${DRIVER_DIR} -xf ${DRIVER_FILE}
cd ${DRIVER_DIR}
if [ -z $KERNEL_DIR ]; then
echo "KERNEL_DIR not defined"
exit 1
fi
echo "I: Compile Kernel module for Intel ${DRIVER_NAME} driver"
mkdir -p \
${DEBIAN_DIR}/lib/firmware \
${DEBIAN_DIR}/usr/sbin \
${DEBIAN_DIR}/usr/lib/x86_64-linux-gnu \
${DEBIAN_DIR}/etc/init.d
KERNEL_SOURCE_ROOT=${KERNEL_DIR} ./configure --enable-kapi --enable-qat-lkcf
make -j $(getconf _NPROCESSORS_ONLN) all
make INSTALL_MOD_PATH=${DEBIAN_DIR} INSTALL_FW_PATH=${DEBIAN_DIR} \
qat-driver-install adf-ctl-all
if [ "x$?" != "x0" ]; then
exit 1
fi
cp quickassist/qat/fw/*.bin ${DEBIAN_DIR}/lib/firmware
cp build/*.so ${DEBIAN_DIR}/usr/lib/x86_64-linux-gnu
cp build/adf_ctl ${DEBIAN_DIR}/usr/sbin
cp quickassist/build_system/build_files/qat_service ${DEBIAN_DIR}/etc/init.d
cp build/usdm_drv.ko ${DEBIAN_DIR}/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/updates/drivers
chmod 644 ${DEBIAN_DIR}/lib/firmware/*
chmod 755 ${DEBIAN_DIR}/etc/init.d/* ${DEBIAN_DIR}/usr/local/bin/*
if [ -f ${DEBIAN_DIR}.deb ]; then
rm ${DEBIAN_DIR}.deb
fi
# build Debian package
echo "I: Building Debian package vyos-intel-${DRIVER_NAME}"
cd ${CWD}
# delete non required files which are also present in the kernel package
# und thus lead to duplicated files
find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f
echo "#!/bin/sh" > ${DEBIAN_POSTINST}
echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST}
fpm --input-type dir --output-type deb --name vyos-intel-${DRIVER_NAME} \
--version ${DRIVER_VERSION}${DRIVER_VERSION_EXTRA} --deb-compression gz \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "Vendor based driver for Intel ${DRIVER_NAME}" \
--depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \
--license "GPL2" -C ${DEBIAN_DIR} --after-install ${DEBIAN_POSTINST}
echo "I: Cleanup ${DRIVER_NAME} source"
cd ${CWD}
if [ -e ${DRIVER_FILE} ]; then
rm -f ${DRIVER_FILE}
fi
if [ -d ${DRIVER_DIR} ]; then
rm -rf ${DRIVER_DIR}
fi
if [ -d ${DEBIAN_DIR} ]; then
rm -rf ${DEBIAN_DIR}
fi

103
scripts/package-build/linux-kernel/build-jool.py Executable file
View File

@ -0,0 +1,103 @@
#!/usr/bin/env python3
import toml
from tomllib import loads as toml_loads
from requests import get
from pathlib import Path
from subprocess import run
package: dict = toml.load("package.toml")
def find_arch() -> str:
tmp=run(['dpkg-architecture', '-q', 'DEB_HOST_ARCH'], capture_output=True)
return tmp.stdout.decode().strip()
# dependency modifier
def add_depends(package_dir: str, package_name: str,
depends: list[str]) -> None:
"""Add dependencies to a package
Args:
package_dir (str): a directory where package sources are located
package_name (str): a name of package
depends (list[str]): a list of dependencies to add
"""
depends_list: str = ', '.join(depends)
depends_line: str = f'misc:Depends={depends_list}\n'
substvars_file = Path(f'{package_dir}/debian/{package_name}.substvars')
substvars_file.write_text(depends_line)
# find kernel version and source path
arch: str = find_arch()
KERNEL_VER: str = package.get('defaults').get('kernel_version')
KERNEL_FLAVOR: str = package.get('defaults').get('kernel_flavor')
KERNEL_SRC: str = Path.cwd().as_posix() + '/linux'
# define variables
PACKAGE_NAME: str = 'jool'
PACKAGE_VERSION: str = '4.1.9+bf4c7e3669'
PACKAGE_DIR: str = f'{PACKAGE_NAME}-{PACKAGE_VERSION}'
SOURCES_ARCHIVE: str = 'jool-4.1.9+bf4c7e3669.tar.gz'
SOURCES_URL: str = f'https://github.com/NICMx/Jool/archive/7f08c42c615ed63cf0fdc1522d91aa0809f6d990.tar.gz'
# download sources
sources_archive = Path(SOURCES_ARCHIVE)
sources_archive.write_bytes(get(SOURCES_URL).content)
# prepare sources
debmake_cmd: list[str] = [
'debmake', '-e', 'support@vyos.io', '-f', 'VyOS Support', '-p',
PACKAGE_NAME, '-u', PACKAGE_VERSION, '-a', SOURCES_ARCHIVE
]
run(debmake_cmd)
# add kernel to dependencies
add_depends(PACKAGE_DIR, PACKAGE_NAME,
[f'linux-image-{KERNEL_VER}-{KERNEL_FLAVOR}'])
# configure build rules
build_rules_text: str = f'''#!/usr/bin/make -f
# config
export KERNEL_DIR := {KERNEL_SRC}
PACKAGE_BUILD_DIR := debian/{PACKAGE_NAME}
KVER := {KERNEL_VER}-{KERNEL_FLAVOR}
MODULES_DIR := extra
# main packaging script based on dh7 syntax
%:
dh $@
override_dh_clean:
dh_clean --exclude=debian/{PACKAGE_NAME}.substvars
override_dh_prep:
dh_prep --exclude=debian/{PACKAGE_NAME}.substvars
# override_dh_auto_clean:
# make -C src/mod clean
override_dh_auto_build:
dh_auto_build $@
make -C ${{KERNEL_DIR}} M=$$PWD/src/mod/common modules
make -C ${{KERNEL_DIR}} M=$$PWD/src/mod/nat64 modules
make -C ${{KERNEL_DIR}} M=$$PWD/src/mod/siit modules
override_dh_auto_install:
dh_auto_install $@
install -D -m 644 src/mod/common/jool_common.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool_common.ko
install -D -m 644 src/mod/nat64/jool.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool.ko
install -D -m 644 src/mod/siit/jool_siit.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool_siit.ko
'''
bild_rules = Path(f'{PACKAGE_DIR}/debian/rules')
bild_rules.write_text(build_rules_text)
# build a package
debuild_cmd: list[str] = ['debuild']
run(debuild_cmd, cwd=PACKAGE_DIR)

56
scripts/package-build/linux-kernel/build-kernel.sh Executable file
View File

@ -0,0 +1,56 @@
#!/bin/bash
CWD=$(pwd)
KERNEL_SRC=linux
set -e
if [ ! -d ${KERNEL_SRC} ]; then
echo "Linux Kernel source directory does not exists, please 'git clone'"
exit 1
fi
echo "I: Copy Kernel config (x86_64_vyos_defconfig) to Kernel Source"
cp -rv arch/ ${KERNEL_SRC}/
cd ${KERNEL_SRC}
echo "I: clean modified files"
git reset --hard HEAD
KERNEL_VERSION=$(make kernelversion)
KERNEL_SUFFIX=-$(dpkg --print-architecture)-vyos
# VyOS requires some small Kernel Patches - apply them here
# It's easier to habe them here and make use of the upstream
# repository instead of maintaining a full Kernel Fork.
# Saving time/resources is essential :-)
PATCH_DIR=${CWD}/patches/kernel
for patch in $(ls ${PATCH_DIR})
do
echo "I: Apply Kernel patch: ${PATCH_DIR}/${patch}"
patch -p1 < ${PATCH_DIR}/${patch}
done
echo "I: make vyos_defconfig"
# Select Kernel configuration - currently there is only one
make vyos_defconfig
echo "I: Generate environment file containing Kernel variable"
cat << EOF >${CWD}/kernel-vars
#!/bin/sh
export KERNEL_VERSION=${KERNEL_VERSION}
export KERNEL_SUFFIX=${KERNEL_SUFFIX}
export KERNEL_DIR=${CWD}/${KERNEL_SRC}
EOF
echo "I: Build Debian Kernel package"
touch .scmversion
make bindeb-pkg BUILD_TOOLS=1 LOCALVERSION=${KERNEL_SUFFIX} KDEB_PKGVERSION=${KERNEL_VERSION}-1 -j $(getconf _NPROCESSORS_ONLN)
cd $CWD
if [[ $? == 0 ]]; then
for package in $(ls linux-*.deb)
do
ln -sf linux-kernel/$package ..
done
fi

98
scripts/package-build/linux-kernel/build-linux-firmware.sh Executable file
View File

@ -0,0 +1,98 @@
#!/bin/bash
# All selected drivers are then precomfiled "make drivers/foo/bar.i" and we grep for
# the magic word "UNIQUE_ID_firmware" which identifies firmware files.
CWD=$(pwd)
LINUX_SRC="linux"
LINUX_FIRMWARE="linux-firmware"
KERNEL_VAR_FILE=${CWD}/kernel-vars
if [ ! -d ${LINUX_SRC} ]; then
echo "Kernel source missing"
exit 1
fi
if [ ! -d ${LINUX_FIRMWARE} ]; then
echo "Linux firmware repository missing"
exit 1
fi
. ${KERNEL_VAR_FILE}
result=()
# Retrieve firmware blobs from source files
FW_FILES=$(find ${LINUX_SRC}/debian/linux-image/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/kernel/drivers/net -name *.ko | xargs modinfo | grep "^firmware:" | awk '{print $2}')
# Debian package will use the descriptive Git commit as version
GIT_COMMIT=$(cd ${CWD}/${LINUX_FIRMWARE}; git describe --always)
VYOS_FIRMWARE_NAME="vyos-linux-firmware"
VYOS_FIRMWARE_DIR="${VYOS_FIRMWARE_NAME}_${GIT_COMMIT}-0_all"
if [ -d ${VYOS_FIRMWARE_DIR} ]; then
# remove Debian package folder and deb file from previous runs
rm -rf ${VYOS_FIRMWARE_DIR}*
fi
mkdir -p ${VYOS_FIRMWARE_DIR}
# Install firmware files to build directory
LINUX_FIRMWARE_BUILD_DIR="${LINUX_FIRMWARE}_${GIT_COMMIT}"
if [ -d ${LINUX_FIRMWARE_BUILD_DIR} ]; then
rm -rf "${LINUX_FIRMWARE_BUILD_DIR}"
fi
mkdir -p "${LINUX_FIRMWARE_BUILD_DIR}"
(
cd ${LINUX_FIRMWARE}
./copy-firmware.sh "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}"
)
# Copy firmware file from linux firmware build directory into
# assembly folder for the vyos-firmware package
SED_REPLACE="s@${CWD}/${LINUX_FIRMWARE}/@@"
for FILE_PATTERN in ${FW_FILES}; do
find "${LINUX_FIRMWARE_BUILD_DIR}" -path "*/${FILE_PATTERN}" -print0 | while IFS= read -r -d $'\0' FILE; do
TARGET="$(echo "${FILE}" | sed "s/${LINUX_FIRMWARE_BUILD_DIR}\///g")"
TARGET_DIR="${VYOS_FIRMWARE_DIR}/lib/firmware/$(dirname "${TARGET}")"
# If file is a symlink install the symlink target as well
if [ -h "${FILE}" ]; then
if [ ! -f "${TARGET_DIR}/$(basename "${TARGET}")" ]; then
if [ -f "${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}" ]; then
mkdir -p "${TARGET_DIR}"
echo "I: install firmware: ${TARGET}"
cp "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}" "${TARGET_DIR}"
# If file links to other folder which this script not cover. Create folder and copy together.
if [ -L "${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}" ]; then
REALPATH_TARGET=$(realpath --relative-to="${CWD}/${LINUX_FIRMWARE_BUILD_DIR}" "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}")
REALPATH_TARGET_DIR="${VYOS_FIRMWARE_DIR}/lib/firmware/$(dirname "${REALPATH_TARGET}")"
mkdir -p "${REALPATH_TARGET_DIR}"
echo "I: install firmware: ${REALPATH_TARGET}"
cp "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}/${REALPATH_TARGET}" "${REALPATH_TARGET_DIR}"
fi
else
echo "I: firmware file not found: ${TARGET}"
fi
fi
fi
if [ -f "${FILE}" ]; then
mkdir -p "${TARGET_DIR}"
echo "I: install firmware: ${TARGET}"
cp -P "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}" "${TARGET_DIR}"
else
echo "I: firmware file not found: ${TARGET}"
fi
done
done
echo "I: Create linux-firmware package"
rm -f ${VYOS_FIRMWARE_NAME}_*.deb
fpm --input-type dir --output-type deb --name ${VYOS_FIRMWARE_NAME} \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "Binary firmware for various drivers in the Linux kernel" \
--architecture all --version ${GIT_COMMIT} --deb-compression gz -C ${VYOS_FIRMWARE_DIR}
rm -rf "${LINUX_FIRMWARE_BUILD_DIR}"
rm -rf ${VYOS_FIRMWARE_DIR}

38
scripts/package-build/linux-kernel/build-nat-rtsp.sh Executable file
View File

@ -0,0 +1,38 @@
#!/bin/sh
CWD=$(pwd)
KERNEL_VAR_FILE=${CWD}/kernel-vars
SRC=${CWD}/nat-rtsp
if [ ! -d ${SRC} ]; then
echo "nat-rtsp source not found"
exit 1
fi
if [ ! -f ${KERNEL_VAR_FILE} ]; then
echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
exit 1
fi
. ${KERNEL_VAR_FILE}
cd ${SRC} && make KERNELDIR=$KERNEL_DIR
# Copy binary to package directory
DEBIAN_DIR=tmp/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra
mkdir -p ${DEBIAN_DIR}
cp nf_conntrack_rtsp.ko nf_nat_rtsp.ko ${DEBIAN_DIR}
DEBIAN_POSTINST="${CWD}/vyos-nat-rtsp.postinst"
echo "#!/bin/sh" > ${DEBIAN_POSTINST}
echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST}
# Build Debian Package
fpm --input-type dir --output-type deb --name nat-rtsp \
--version $(git describe --tags --always) --deb-compression gz \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "Connection tracking and NAT support for RTSP" \
--depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \
--after-install ${DEBIAN_POSTINST} \
--license "GPL2" --chdir tmp
mv *.deb ..

33
scripts/package-build/linux-kernel/build-openvpn-dco.sh Executable file
View File

@ -0,0 +1,33 @@
#!/bin/sh
CWD=$(pwd)
KERNEL_VAR_FILE=${CWD}/kernel-vars
SRC=${CWD}/ovpn-dco
if [ ! -d ${SRC} ]; then
echo "OpenVPN DCO source not found"
exit 1
fi
if [ ! -f ${KERNEL_VAR_FILE} ]; then
echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
exit 1
fi
. ${KERNEL_VAR_FILE}
cd ${SRC} && make KERNEL_SRC=$KERNEL_DIR
# Copy binary to package directory
DEBIAN_DIR=tmp/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra
mkdir -p ${DEBIAN_DIR}
cp drivers/net/ovpn-dco/ovpn-dco-v2.ko ${DEBIAN_DIR}
# Build Debian Package
fpm --input-type dir --output-type deb --name openvpn-dco \
--version $(git describe | sed s/^v//) --deb-compression gz \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "OpenVPN Data Channel Offload" \
--depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \
--license "GPL2" --chdir tmp
mv *.deb ..

234
scripts/package-build/linux-kernel/build.py Executable file
View File

@ -0,0 +1,234 @@
#!/usr/bin/env python3
#
# Copyright (C) 2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import datetime
import glob
import shutil
import toml
import os
import subprocess
from argparse import ArgumentParser
from pathlib import Path
from subprocess import run, CalledProcessError
def ensure_dependencies(dependencies: list) -> None:
"""Ensure Debian build dependencies are met"""
if not dependencies:
print("I: No additional dependencies to install")
return
print("I: Ensure Debian build dependencies are met")
run(['sudo', 'apt-get', 'install', '-y'] + dependencies, check=True)
def prepare_package(repo_dir: Path, install_data: str) -> None:
"""Prepare a package"""
if not install_data:
print("I: No install data provided, skipping package preparation")
return
install_file = repo_dir / 'debian/install'
install_file.parent.mkdir(parents=True, exist_ok=True)
install_file.write_text(install_data)
print("I: Prepared package")
def clone_or_update_repo(repo_dir: Path, scm_url: str, commit_id: str) -> None:
"""Clone the repository if it does not exist, otherwise update it"""
if repo_dir.exists():
#run(['git', 'fetch'], cwd=repo_dir, check=True)
run(['git', 'checkout', commit_id], cwd=repo_dir, check=True)
#run(['git', 'pull'], cwd=repo_dir, check=True)
else:
run(['git', 'clone', scm_url, str(repo_dir)], check=True)
run(['git', 'checkout', commit_id], cwd=repo_dir, check=True)
def build_package(package: dict, dependencies: list) -> None:
"""Build a package from the repository
Args:
package (dict): Package information
dependencies (list): List of additional dependencies
"""
timestamp = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
repo_name = package['name']
repo_dir = Path(repo_name)
try:
# Clone or update the repository
#clone_or_update_repo(repo_dir, package['scm_url'], package['commit_id'])
# Ensure dependencies
#ensure_dependencies(dependencies)
# Prepare the package if required
#if package.get('prepare_package', False):
# prepare_package(repo_dir, package.get('install_data', ''))
# Execute the build command
if package['build_cmd'] == 'build_kernel':
build_kernel(package['kernel_version'])
elif package['build_cmd'] == 'build_linux_firmware':
build_linux_firmware(package['commit_id'], package['scm_url'])
elif package['build_cmd'] == 'build_accel_ppp':
build_accel_ppp(package['commit_id'], package['scm_url'])
elif package['build_cmd'] == 'build_intel_qat':
build_intel_qat()
elif package['build_cmd'] == 'build_intel_ixgbe':
build_intel_ixgbe()
elif package['build_cmd'] == 'build_intel_ixgbevf':
build_intel_ixgbevf()
elif package['build_cmd'] == 'build_jool':
build_jool()
elif package['build_cmd'] == 'build_openvpn_dco':
build_openvpn_dco(package['commit_id'], package['scm_url'])
elif package['build_cmd'] == 'build_nat_rtsp':
build_nat_rtsp(package['commit_id'], package['scm_url'])
else:
run(package['build_cmd'], cwd=repo_dir, check=True, shell=True)
except CalledProcessError as e:
print(f"Failed to build package {repo_name}: {e}")
finally:
# Clean up repository directory
# shutil.rmtree(repo_dir, ignore_errors=True)
pass
def cleanup_build_deps(repo_dir: Path) -> None:
"""Clean up build dependency packages"""
try:
if repo_dir.exists():
for file in glob.glob(str(repo_dir / '*build-deps*.deb')):
os.remove(file)
print("Cleaned up build dependency packages")
except Exception as e:
print(f"Error cleaning up build dependencies: {e}")
def copy_packages(repo_dir: Path) -> None:
"""Copy generated .deb packages to the parent directory"""
try:
deb_files = glob.glob(str(repo_dir / '*.deb'))
for deb_file in deb_files:
shutil.copy(deb_file, repo_dir.parent)
print("Copied generated .deb packages")
except Exception as e:
print(f"Error copying packages: {e}")
def merge_dicts(defaults, package):
return {**defaults, **package}
def build_kernel(kernel_version):
"""Build the Linux kernel"""
run(['gpg2', '--locate-keys', 'torvalds@kernel.org', 'gregkh@kernel.org'], check=True)
run(['curl', '-OL', f'https://www.kernel.org/pub/linux/kernel/v6.x/linux-{kernel_version}.tar.xz'], check=True)
run(['curl', '-OL', f'https://www.kernel.org/pub/linux/kernel/v6.x/linux-{kernel_version}.tar.sign'], check=True)
# Using pipes to handle decompression and verification
with subprocess.Popen(['xz', '-cd', f'linux-{kernel_version}.tar.xz'], stdout=subprocess.PIPE) as proc_xz:
run(['gpg2', '--verify', f'linux-{kernel_version}.tar.sign', '-'], stdin=proc_xz.stdout, check=True)
run(['tar', 'xf', f'linux-{kernel_version}.tar.xz'], check=True)
os.symlink(f'linux-{kernel_version}', 'linux')
run(['./build-kernel.sh'], check=True)
def build_linux_firmware(commit_id, scm_url):
"""Build Linux firmware"""
repo_dir = Path('linux-firmware')
clone_or_update_repo(repo_dir, scm_url, commit_id)
run(['./build-linux-firmware.sh'], check=True)
def build_accel_ppp(commit_id, scm_url):
"""Build accel-ppp"""
repo_dir = Path('accel-ppp')
clone_or_update_repo(repo_dir, scm_url, commit_id)
run(['./build-accel-ppp.sh'], check=True)
def build_intel_qat():
"""Build Intel QAT"""
run(['./build-intel-qat.sh'], check=True)
def build_intel_ixgbe():
"""Build Intel IXGBE"""
run(['./build-intel-ixgbe.sh'], check=True)
def build_intel_ixgbevf():
"""Build Intel IXGBEVF"""
run(['./build-intel-ixgbevf.sh'], check=True)
def build_jool():
"""Build Jool"""
run(['echo y | ./build-jool.py'], check=True, shell=True)
def build_openvpn_dco(commit_id, scm_url):
"""Build OpenVPN DCO"""
repo_dir = Path('ovpn-dco')
clone_or_update_repo(repo_dir, scm_url, commit_id)
run(['./build-openvpn-dco.sh'], check=True)
def build_nat_rtsp(commit_id, scm_url):
"""Build RTSP netfilter helper"""
repo_dir = Path('nat-rtsp')
clone_or_update_repo(repo_dir, scm_url, commit_id)
run(['./build-nat-rtsp.sh'], check=True)
if __name__ == '__main__':
# Prepare argument parser
arg_parser = ArgumentParser()
arg_parser.add_argument('--config', default='package.toml', help='Path to the package configuration file')
arg_parser.add_argument('--packages', nargs='+', help='Names of packages to build (default: all)', default=[])
args = arg_parser.parse_args()
# Load package configuration
with open(args.config, 'r') as file:
config = toml.load(file)
# Extract defaults and packages
defaults = config.get('defaults', {})
packages = config['packages']
# Filter packages if specific packages are specified in the arguments
if args.packages:
packages = [pkg for pkg in packages if pkg['name'] in args.packages]
# Merge defaults into each package
packages = [merge_dicts(defaults, pkg) for pkg in packages]
for package in packages:
dependencies = package.get('dependencies', {}).get('packages', [])
# Build the package
build_package(package, dependencies)
# Clean up build dependency packages after build
cleanup_build_deps(Path(package['name']))
# Copy generated .deb packages to parent directory
copy_packages(Path(package['name']))

61
scripts/package-build/linux-kernel/package.toml Normal file
View File

@ -0,0 +1,61 @@
[defaults]
kernel_version = "6.6.47"
kernel_flavor = "amd64-vyos"
[[packages]]
name = "linux-kernel"
commit_id = "" # Uses defaults.kernel_version
scm_url = ""
build_cmd = "build_kernel"
[[packages]]
name = "linux-firmware"
commit_id = "20240610"
scm_url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git"
build_cmd = "build_linux_firmware"
[[packages]]
name = "accel-ppp"
commit_id = "1.13.0"
scm_url = "https://github.com/accel-ppp/accel-ppp.git"
build_cmd = "build_accel_ppp"
[[packages]]
name = "ovpn-dco"
commit_id = "v0.2.20231117"
scm_url = "https://github.com/OpenVPN/ovpn-dco"
build_cmd = "build_openvpn_dco"
[[packages]]
name = "nat-rtsp"
commit_id = "475af0a"
scm_url = "https://github.com/maru-sama/rtsp-linux.git"
build_cmd = "build_nat_rtsp"
[[packages]]
name = "qat"
commit_id = ""
scm_url = ""
build_cmd = "build_intel_qat"
[[packages]]
name = "ixgbe"
commit_id = ""
scm_url = ""
build_cmd = "build_intel_ixgbe"
[[packages]]
name = "ixgbevf"
commit_id = ""
scm_url = ""
build_cmd = "build_intel_ixgbevf"
[[packages]]
name = "jool"
commit_id = ""
scm_url = ""
build_cmd = "build_jool"

183
scripts/package-build/linux-kernel/patches/accel-ppp/0001-L2TP-Include-Calling-Number-to-Calling-Station-ID-RA.patch Normal file
View File

@ -0,0 +1,183 @@
From 12778d1e9296b6dbf190a80dcf407b24f9821f95 Mon Sep 17 00:00:00 2001
From: zsdc <taras@vyos.io>
Date: Tue, 4 Apr 2023 11:15:26 +0300
Subject: [PATCH] L2TP: Include Calling-Number to Calling-Station-ID RADIUS
attribute
Patch authored by Alexander Serkin from
https://phabricator.accel-ppp.org/T59
---
accel-pppd/ctrl/l2tp/l2tp.c | 112 ++++++++++++++++++++++++++++++------
1 file changed, 93 insertions(+), 19 deletions(-)
diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c
index 027d710..c541c60 100644
--- a/accel-pppd/ctrl/l2tp/l2tp.c
+++ b/accel-pppd/ctrl/l2tp/l2tp.c
@@ -123,6 +123,11 @@ struct l2tp_sess_t
struct l2tp_conn_t *paren_conn;
uint16_t sid;
uint16_t peer_sid;
+/* We will keep l2tp attributes Calling-Number/Called-Number and their length while the session exists */
+ char *calling_num;
+ int calling_num_len;
+ char *called_num;
+ int called_num_len;
unsigned int ref_count;
int state1;
@@ -979,6 +984,10 @@ static void __session_destroy(struct l2tp_sess_t *sess)
_free(sess->ctrl.calling_station_id);
if (sess->ctrl.called_station_id)
_free(sess->ctrl.called_station_id);
+ if (sess->calling_num)
+ _free(sess->calling_num);
+ if (sess->called_num)
+ _free(sess->called_num);
log_session(log_info2, sess, "session destroyed\n");
@@ -1771,25 +1780,52 @@ static int l2tp_session_start_data_channel(struct l2tp_sess_t *sess)
sess->ctrl.max_mtu = conf_ppp_max_mtu;
sess->ctrl.mppe = conf_mppe;
- sess->ctrl.calling_station_id = _malloc(17);
- if (sess->ctrl.calling_station_id == NULL) {
- log_session(log_error, sess,
- "impossible to start data channel:"
- " allocation of calling station ID failed\n");
- goto err;
+ /* If l2tp calling number avp exists, we use it, otherwise we use lac ip */
+ if (sess->calling_num != NULL) {
+ sess->ctrl.calling_station_id = _malloc(sess->calling_num_len+1);
+ if (sess->ctrl.calling_station_id == NULL) {
+ log_session(log_error, sess,
+ "impossible to start data channel:"
+ " allocation of calling station ID failed\n");
+ goto err;
+ }else {
+ strcpy(sess->ctrl.calling_station_id, sess->calling_num);
+ }
+ } else {
+ sess->ctrl.calling_station_id = _malloc(17);
+ if (sess->ctrl.calling_station_id == NULL) {
+ log_session(log_error, sess,
+ "impossible to start data channel:"
+ " allocation of calling station ID failed\n");
+ goto err;
+ } else {
+ u_inet_ntoa(sess->paren_conn->peer_addr.sin_addr.s_addr,
+ sess->ctrl.calling_station_id);
+ }
}
- u_inet_ntoa(sess->paren_conn->peer_addr.sin_addr.s_addr,
- sess->ctrl.calling_station_id);
-
- sess->ctrl.called_station_id = _malloc(17);
- if (sess->ctrl.called_station_id == NULL) {
- log_session(log_error, sess,
- "impossible to start data channel:"
- " allocation of called station ID failed\n");
- goto err;
+ /* If l2tp called number avp exists, we use it, otherwise we use my ip */
+ if (sess->called_num != NULL) {
+ sess->ctrl.called_station_id = _malloc(sess->called_num_len+1);
+ if (sess->ctrl.called_station_id == NULL) {
+ log_session(log_error, sess,
+ "impossible to start data channel:"
+ " allocation of called station ID failed\n");
+ goto err;
+ } else {
+ strcpy(sess->ctrl.called_station_id, sess->called_num);
+ }
+ } else {
+ sess->ctrl.called_station_id = _malloc(17);
+ if (sess->ctrl.called_station_id == NULL) {
+ log_session(log_error, sess,
+ "impossible to start data channel:"
+ " allocation of called station ID failed\n");
+ goto err;
+ } else {
+ u_inet_ntoa(sess->paren_conn->host_addr.sin_addr.s_addr,
+ sess->ctrl.called_station_id);
+ }
}
- u_inet_ntoa(sess->paren_conn->host_addr.sin_addr.s_addr,
- sess->ctrl.called_station_id);
if (conf_ip_pool) {
sess->ppp.ses.ipv4_pool_name = _strdup(conf_ip_pool);
@@ -3295,6 +3331,10 @@ static int l2tp_recv_ICRQ(struct l2tp_conn_t *conn,
uint16_t sid = 0;
uint16_t res = 0;
uint16_t err = 0;
+ uint8_t *calling[254] = {0};
+ uint8_t *called[254] = {0};
+ int n = 0;
+ int m = 0;
if (conn->state != STATE_ESTB && conn->lns_mode) {
log_tunnel(log_warn, conn, "discarding unexpected ICRQ\n");
@@ -3332,7 +3372,17 @@ static int l2tp_recv_ICRQ(struct l2tp_conn_t *conn,
case Call_Serial_Number:
case Bearer_Type:
case Calling_Number:
+ /* Save Calling-Number L2TP attribute locally */
+ if (attr->attr->id == Calling_Number) {
+ n = attr->length;
+ memcpy(calling,attr->val.octets,n);
+ }
case Called_Number:
+ /* Save Called-Number L2TP attribute locally */
+ if (attr->attr->id == Called_Number) {
+ m = attr->length;
+ memcpy(called,attr->val.octets,m);
+ }
case Sub_Address:
case Physical_Channel_ID:
break;
@@ -3371,6 +3421,30 @@ static int l2tp_recv_ICRQ(struct l2tp_conn_t *conn,
sess->peer_sid = peer_sid;
sid = sess->sid;
+ /* Allocate memory for Calling-Number if exists, and put it to l2tp_sess_t structure */
+ if (calling != NULL && n > 0) {
+ sess->calling_num = _malloc(n+1);
+ if (sess->calling_num == NULL) {
+ log_tunnel(log_warn, conn, "can't allocate memory for Calling Number attribute. Will use LAC IP instead\n");
+ }else{
+ memcpy(sess->calling_num, calling, n);
+ sess->calling_num[n] = '\0';
+ sess->calling_num_len = n;
+ }
+ }
+
+ /* Allocate memory for Called-Number if exists, and put it to l2tp_sess_t structure */
+ if (called != NULL && m > 1) {
+ sess->called_num = _malloc(m+1);
+ if (sess->called_num == NULL) {
+ log_tunnel(log_warn, conn, "can't allocate memory for Called Number attribute. Will use my IP instead\n");
+ } else {
+ memcpy(sess->called_num, called, m);
+ sess->called_num[m] = '\0';
+ sess->called_num_len = m;
+ }
+ }
+
if (unknown_attr) {
log_tunnel(log_error, conn, "impossible to handle ICRQ:"
" unknown mandatory attribute type %i,"
@@ -3390,8 +3464,8 @@ static int l2tp_recv_ICRQ(struct l2tp_conn_t *conn,
goto out_reject;
}
- log_tunnel(log_info1, conn, "new session %hu-%hu created following"
- " reception of ICRQ\n", sid, peer_sid);
+ log_tunnel(log_info1, conn, "new session %hu-%hu with calling num %s len %d, called num %s len %d created following"
+ " reception of ICRQ\n", sid, peer_sid, sess->calling_num, sess->calling_num_len, sess->called_num, sess->called_num_len);
return 0;
--
2.34.1

259
scripts/package-build/linux-kernel/patches/ixgbe/add_1000base-bx_support.patch Normal file
View File

@ -0,0 +1,259 @@
From 02491fc5cb9bfd0905cfa481d3a6156167fa1720 Mon Sep 17 00:00:00 2001
From: Ernesto Castellotti <ernesto@castellotti.net>
Date: Sat, 23 Mar 2024 12:57:56 +0100
Subject: [BACKPORT linux v6.9] [PATCH] ixgbe: Add 1000BASE-BX support
Added support for 1000BASE-BX, i.e. Gigabit Ethernet over single strand
of single-mode fiber.
The initialization of a 1000BASE-BX SFP is the same as 1000BASE-SX/LX
with the only difference that the Bit Rate Nominal Value must be
checked to make sure it is a Gigabit Ethernet transceiver, as described
by the SFF-8472 specification.
This was tested with the FS.com SFP-GE-BX 1310/1490nm 10km transceiver:
$ ethtool -m eth4
Identifier : 0x03 (SFP)
Extended identifier : 0x04 (GBIC/SFP defined by 2-wire interface ID)
Connector : 0x07 (LC)
Transceiver codes : 0x00 0x00 0x00 0x40 0x00 0x00 0x00 0x00 0x00
Transceiver type : Ethernet: BASE-BX10
Encoding : 0x01 (8B/10B)
BR, Nominal : 1300MBd
Rate identifier : 0x00 (unspecified)
Length (SMF,km) : 10km
Length (SMF) : 10000m
Length (50um) : 0m
Length (62.5um) : 0m
Length (Copper) : 0m
Length (OM3) : 0m
Laser wavelength : 1310nm
Vendor name : FS
Vendor OUI : 64:9d:99
Vendor PN : SFP-GE-BX
Vendor rev :
Option values : 0x20 0x0a
Option : RX_LOS implemented
Option : TX_FAULT implemented
Option : Power level 3 requirement
BR margin, max : 0%
BR margin, min : 0%
Vendor SN : S2202359108
Date code : 220307
Optical diagnostics support : Yes
Laser bias current : 17.650 mA
Laser output power : 0.2132 mW / -6.71 dBm
Receiver signal average optical power : 0.2740 mW / -5.62 dBm
Module temperature : 47.30 degrees C / 117.13 degrees F
Module voltage : 3.2576 V
Alarm/warning flags implemented : Yes
Laser bias current high alarm : Off
Laser bias current low alarm : Off
Laser bias current high warning : Off
Laser bias current low warning : Off
Laser output power high alarm : Off
Laser output power low alarm : Off
Laser output power high warning : Off
Laser output power low warning : Off
Module temperature high alarm : Off
Module temperature low alarm : Off
Module temperature high warning : Off
Module temperature low warning : Off
Module voltage high alarm : Off
Module voltage low alarm : Off
Module voltage high warning : Off
Module voltage low warning : Off
Laser rx power high alarm : Off
Laser rx power low alarm : Off
Laser rx power high warning : Off
Laser rx power low warning : Off
Laser bias current high alarm threshold : 110.000 mA
Laser bias current low alarm threshold : 1.000 mA
Laser bias current high warning threshold : 100.000 mA
Laser bias current low warning threshold : 1.000 mA
Laser output power high alarm threshold : 0.7079 mW / -1.50 dBm
Laser output power low alarm threshold : 0.0891 mW / -10.50 dBm
Laser output power high warning threshold : 0.6310 mW / -2.00 dBm
Laser output power low warning threshold : 0.1000 mW / -10.00 dBm
Module temperature high alarm threshold : 90.00 degrees C / 194.00 degrees F
Module temperature low alarm threshold : -45.00 degrees C / -49.00 degrees F
Module temperature high warning threshold : 85.00 degrees C / 185.00 degrees F
Module temperature low warning threshold : -40.00 degrees C / -40.00 degrees F
Module voltage high alarm threshold : 3.7950 V
Module voltage low alarm threshold : 2.8050 V
Module voltage high warning threshold : 3.4650 V
Module voltage low warning threshold : 3.1350 V
Laser rx power high alarm threshold : 0.7079 mW / -1.50 dBm
Laser rx power low alarm threshold : 0.0028 mW / -25.53 dBm
Laser rx power high warning threshold : 0.6310 mW / -2.00 dBm
Laser rx power low warning threshold : 0.0032 mW / -24.95 dBm
Signed-off-by: Ernesto Castellotti <ernesto@castellotti.net>
Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
Tested-by: Sunitha Mekala <sunithax.d.mekala@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Link: https://lore.kernel.org/r/20240301184806.2634508-3-anthony.l.nguyen@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---
ixgbe_82599.c | 4 +++-
ixgbe_ethtool.c | 4 ++++
ixgbe_phy.c | 33 +++++++++++++++++++++++++++++----
ixgbe_phy.h | 2 ++
ixgbe_type.h | 2 ++
5 files changed, 40 insertions(+), 5 deletions(-)
diff --git a/ixgbe_82599.c b/ixgbe_82599.c
index 75e368f..b0a10de 100644
--- a/ixgbe_82599.c
+++ b/ixgbe_82599.c
@@ -395,7 +395,9 @@ s32 ixgbe_get_link_capabilities_82599(struct ixgbe_hw *hw,
hw->phy.sfp_type == ixgbe_sfp_type_1g_lx_core0 ||
hw->phy.sfp_type == ixgbe_sfp_type_1g_lx_core1 ||
hw->phy.sfp_type == ixgbe_sfp_type_1g_sx_core0 ||
- hw->phy.sfp_type == ixgbe_sfp_type_1g_sx_core1) {
+ hw->phy.sfp_type == ixgbe_sfp_type_1g_sx_core1 ||
+ hw->phy.sfp_type == ixgbe_sfp_type_1g_bx_core0 ||
+ hw->phy.sfp_type == ixgbe_sfp_type_1g_bx_core1) {
*speed = IXGBE_LINK_SPEED_1GB_FULL;
*autoneg = true;
goto out;
diff --git a/ixgbe_ethtool.c b/ixgbe_ethtool.c
index 7ada455..fb16f3c 100644
--- a/ixgbe_ethtool.c
+++ b/ixgbe_ethtool.c
@@ -412,6 +412,8 @@ static int ixgbe_get_link_ksettings(struct net_device *netdev,
case ixgbe_sfp_type_1g_sx_core1:
case ixgbe_sfp_type_1g_lx_core0:
case ixgbe_sfp_type_1g_lx_core1:
+ case ixgbe_sfp_type_1g_bx_core0:
+ case ixgbe_sfp_type_1g_bx_core1:
ethtool_link_ksettings_add_link_mode(cmd, supported,
FIBRE);
ethtool_link_ksettings_add_link_mode(cmd, advertising,
@@ -642,6 +644,8 @@ static int ixgbe_get_settings(struct net_device *netdev,
case ixgbe_sfp_type_1g_sx_core1:
case ixgbe_sfp_type_1g_lx_core0:
case ixgbe_sfp_type_1g_lx_core1:
+ case ixgbe_sfp_type_1g_bx_core0:
+ case ixgbe_sfp_type_1g_bx_core1:
ecmd->supported |= SUPPORTED_FIBRE;
ecmd->advertising |= ADVERTISED_FIBRE;
ecmd->port = PORT_FIBRE;
diff --git a/ixgbe_phy.c b/ixgbe_phy.c
index 647fdba..0f39fd8 100644
--- a/ixgbe_phy.c
+++ b/ixgbe_phy.c
@@ -1266,6 +1266,7 @@ s32 ixgbe_identify_sfp_module_generic(struct ixgbe_hw *hw)
u8 comp_codes_1g = 0;
u8 comp_codes_10g = 0;
u8 oui_bytes[3] = {0, 0, 0};
+ u8 bitrate_nominal = 0;
u8 cable_tech = 0;
u8 cable_spec = 0;
u16 enforce_sfp = 0;
@@ -1309,6 +1310,12 @@ s32 ixgbe_identify_sfp_module_generic(struct ixgbe_hw *hw)
IXGBE_SFF_CABLE_TECHNOLOGY,
&cable_tech);
+ if (status != IXGBE_SUCCESS)
+ goto err_read_i2c_eeprom;
+
+ status = hw->phy.ops.read_i2c_eeprom(hw,
+ IXGBE_SFF_BITRATE_NOMINAL,
+ &bitrate_nominal);
if (status != IXGBE_SUCCESS)
goto err_read_i2c_eeprom;
@@ -1391,6 +1398,18 @@ s32 ixgbe_identify_sfp_module_generic(struct ixgbe_hw *hw)
else
hw->phy.sfp_type =
ixgbe_sfp_type_1g_lx_core1;
+ /* Support only Ethernet 1000BASE-BX10, checking the Bit Rate
+ * Nominal Value as per SFF-8472 by convention 1.25 Gb/s should
+ * be rounded up to 0Dh (13 in units of 100 MBd) for 1000BASE-BX
+ */
+ } else if ((comp_codes_1g & IXGBE_SFF_BASEBX10_CAPABLE) &&
+ (bitrate_nominal == 0xD)) {
+ if (hw->bus.lan_id == 0)
+ hw->phy.sfp_type =
+ ixgbe_sfp_type_1g_bx_core0;
+ else
+ hw->phy.sfp_type =
+ ixgbe_sfp_type_1g_bx_core1;
} else {
hw->phy.sfp_type = ixgbe_sfp_type_unknown;
}
@@ -1481,7 +1500,9 @@ s32 ixgbe_identify_sfp_module_generic(struct ixgbe_hw *hw)
hw->phy.sfp_type == ixgbe_sfp_type_1g_lx_core0 ||
hw->phy.sfp_type == ixgbe_sfp_type_1g_lx_core1 ||
hw->phy.sfp_type == ixgbe_sfp_type_1g_sx_core0 ||
- hw->phy.sfp_type == ixgbe_sfp_type_1g_sx_core1)) {
+ hw->phy.sfp_type == ixgbe_sfp_type_1g_sx_core1 ||
+ hw->phy.sfp_type == ixgbe_sfp_type_1g_bx_core0 ||
+ hw->phy.sfp_type == ixgbe_sfp_type_1g_bx_core1)) {
hw->phy.type = ixgbe_phy_sfp_unsupported;
status = IXGBE_ERR_SFP_NOT_SUPPORTED;
goto out;
@@ -1500,7 +1521,9 @@ s32 ixgbe_identify_sfp_module_generic(struct ixgbe_hw *hw)
hw->phy.sfp_type == ixgbe_sfp_type_1g_lx_core0 ||
hw->phy.sfp_type == ixgbe_sfp_type_1g_lx_core1 ||
hw->phy.sfp_type == ixgbe_sfp_type_1g_sx_core0 ||
- hw->phy.sfp_type == ixgbe_sfp_type_1g_sx_core1)) {
+ hw->phy.sfp_type == ixgbe_sfp_type_1g_sx_core1 ||
+ hw->phy.sfp_type == ixgbe_sfp_type_1g_bx_core0 ||
+ hw->phy.sfp_type == ixgbe_sfp_type_1g_bx_core1)) {
/* Make sure we're a supported PHY type */
if (hw->phy.type == ixgbe_phy_sfp_intel) {
status = IXGBE_SUCCESS;
@@ -1819,12 +1842,14 @@ s32 ixgbe_get_sfp_init_sequence_offsets(struct ixgbe_hw *hw,
if (sfp_type == ixgbe_sfp_type_da_act_lmt_core0 ||
sfp_type == ixgbe_sfp_type_1g_lx_core0 ||
sfp_type == ixgbe_sfp_type_1g_cu_core0 ||
- sfp_type == ixgbe_sfp_type_1g_sx_core0)
+ sfp_type == ixgbe_sfp_type_1g_sx_core0 ||
+ sfp_type == ixgbe_sfp_type_1g_bx_core0)
sfp_type = ixgbe_sfp_type_srlr_core0;
else if (sfp_type == ixgbe_sfp_type_da_act_lmt_core1 ||
sfp_type == ixgbe_sfp_type_1g_lx_core1 ||
sfp_type == ixgbe_sfp_type_1g_cu_core1 ||
- sfp_type == ixgbe_sfp_type_1g_sx_core1)
+ sfp_type == ixgbe_sfp_type_1g_sx_core1 ||
+ sfp_type == ixgbe_sfp_type_1g_bx_core1)
sfp_type = ixgbe_sfp_type_srlr_core1;
/* Read offset to PHY init contents */
diff --git a/ixgbe_phy.h b/ixgbe_phy.h
index 3ece00f..60c7574 100644
--- a/ixgbe_phy.h
+++ b/ixgbe_phy.h
@@ -18,6 +18,7 @@
#define IXGBE_SFF_1GBE_COMP_CODES 0x6
#define IXGBE_SFF_10GBE_COMP_CODES 0x3
#define IXGBE_SFF_CABLE_TECHNOLOGY 0x8
+#define IXGBE_SFF_BITRATE_NOMINAL 0xC
#define IXGBE_SFF_CABLE_SPEC_COMP 0x3C
#define IXGBE_SFF_SFF_8472_SWAP 0x5C
#define IXGBE_SFF_SFF_8472_COMP 0x5E
@@ -40,6 +41,7 @@
#define IXGBE_SFF_1GBASESX_CAPABLE 0x1
#define IXGBE_SFF_1GBASELX_CAPABLE 0x2
#define IXGBE_SFF_1GBASET_CAPABLE 0x8
+#define IXGBE_SFF_BASEBX10_CAPABLE 0x64
#define IXGBE_SFF_10GBASESR_CAPABLE 0x10
#define IXGBE_SFF_10GBASELR_CAPABLE 0x20
#define IXGBE_SFF_SOFT_RS_SELECT_MASK 0x8
diff --git a/ixgbe_type.h b/ixgbe_type.h
index d85bd9b..fbe2e66 100644
--- a/ixgbe_type.h
+++ b/ixgbe_type.h
@@ -3705,6 +3705,8 @@ enum ixgbe_sfp_type {
ixgbe_sfp_type_1g_sx_core1 = 12,
ixgbe_sfp_type_1g_lx_core0 = 13,
ixgbe_sfp_type_1g_lx_core1 = 14,
+ ixgbe_sfp_type_1g_bx_core0 = 15,
+ ixgbe_sfp_type_1g_bx_core1 = 16,
ixgbe_sfp_type_not_present = 0xFFFE,
ixgbe_sfp_type_unknown = 0xFFFF
};
--
2.44.0

48
scripts/package-build/linux-kernel/patches/ixgbe/allow_unsupported_sfp.patch Normal file
View File

@ -0,0 +1,48 @@
From 4f6c1dc3c48a1b2fa7c06206e6366bcfaa33f3f7 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Fri, 22 Mar 2024 11:33:27 +0000
Subject: [PATCH] ixgbe: always enable support for unsupported SFP+ modules
---
ixgbe_param.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/ixgbe_param.c b/ixgbe_param.c
index 71197b7..dac33ca 100644
--- a/ixgbe_param.c
+++ b/ixgbe_param.c
@@ -307,7 +307,7 @@ IXGBE_PARAM(LRO, "Large Receive Offload (0,1), default 0 = off");
* Default Value: 0
*/
IXGBE_PARAM(allow_unsupported_sfp, "Allow unsupported and untested "
- "SFP+ modules on 82599 based adapters, default 0 = Disable");
+ "SFP+ modules on 82599 based adapters, default 1 = Enable");
/* Enable/disable support for DMA coalescing
*
@@ -1133,8 +1133,8 @@ void ixgbe_check_options(struct ixgbe_adapter *adapter)
struct ixgbe_option opt = {
.type = enable_option,
.name = "allow_unsupported_sfp",
- .err = "defaulting to Disabled",
- .def = OPTION_DISABLED
+ .err = "defaulting to Enabled",
+ .def = OPTION_ENABLED
};
#ifdef module_param_array
if (num_allow_unsupported_sfp > bd) {
@@ -1150,7 +1150,11 @@ void ixgbe_check_options(struct ixgbe_adapter *adapter)
}
#ifdef module_param_array
} else {
+ if (opt.def == OPTION_ENABLED) {
+ adapter->hw.allow_unsupported_sfp = true;
+ } else {
adapter->hw.allow_unsupported_sfp = false;
+ }
}
#endif
}
--
2.39.2

158
scripts/package-build/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch Normal file
View File

@ -0,0 +1,158 @@
From 81d38c4a32e059ad7835f7dc254e7627642afbe9 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen@networkplumber.org>
Date: Mon, 29 Apr 2013 18:50:15 -0700
Subject: [PATCH] VyOS: Add linkstate IP device attribute
Backport of earlier Vyatta patch.
(cherry picked from commit 7c5a851086686be14ae937c80d6cee34814dbefc)
---
Documentation/networking/ip-sysctl.rst | 11 +++++++++++
include/linux/inetdevice.h | 1 +
include/linux/ipv6.h | 1 +
include/uapi/linux/ip.h | 1 +
include/uapi/linux/ipv6.h | 1 +
net/ipv4/devinet.c | 1 +
net/ipv6/addrconf.c | 8 ++++++++
net/ipv6/route.c | 10 ++++++++++
8 files changed, 34 insertions(+)
diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst
index a66054d0763a..53440098fa98 100644
--- a/Documentation/networking/ip-sysctl.rst
+++ b/Documentation/networking/ip-sysctl.rst
@@ -1734,6 +1734,17 @@ src_valid_mark - BOOLEAN
Default value is 0.
+link_filter - INTEGER
+ 0 - Allow packets to be received for the address on this interface
+ even if interface is disabled or no carrier.
+ 1 - Ignore packets received if interface associated with the incoming
+ address is down.
+ 2 - Ignore packets received if interface associated with the incoming
+ address is down or has no carrier.
+
+ Default value is 0. Note that some distributions enable it
+ in startup scripts.
+
arp_filter - BOOLEAN
- 1 - Allows you to have multiple network interfaces on the same
subnet, and have the ARPs for each interface be answered
diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h
index ddb27fc0ee8c..8ee3191d9558 100644
--- a/include/linux/inetdevice.h
+++ b/include/linux/inetdevice.h
@@ -137,6 +137,7 @@ static inline void ipv4_devconf_setall(struct in_device *in_dev)
#define IN_DEV_ARP_NOTIFY(in_dev) IN_DEV_MAXCONF((in_dev), ARP_NOTIFY)
#define IN_DEV_ARP_EVICT_NOCARRIER(in_dev) IN_DEV_ANDCONF((in_dev), \
ARP_EVICT_NOCARRIER)
+#define IN_DEV_LINKFILTER(in_dev) IN_DEV_MAXCONF((in_dev), LINKFILTER)
struct in_ifaddr {
struct hlist_node hash;
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index af8a771a053c..ece8ac89d317 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -84,6 +84,7 @@ struct ipv6_devconf {
__u8 ndisc_evict_nocarrier;
struct ctl_table_header *sysctl_header;
+ __s32 link_filter;
};
struct ipv6_params {
diff --git a/include/uapi/linux/ip.h b/include/uapi/linux/ip.h
index 283dec7e3645..8067941a635e 100644
--- a/include/uapi/linux/ip.h
+++ b/include/uapi/linux/ip.h
@@ -173,6 +173,7 @@ enum
IPV4_DEVCONF_DROP_GRATUITOUS_ARP,
IPV4_DEVCONF_BC_FORWARDING,
IPV4_DEVCONF_ARP_EVICT_NOCARRIER,
+ IPV4_DEVCONF_LINKFILTER,
__IPV4_DEVCONF_MAX
};
diff --git a/include/uapi/linux/ipv6.h b/include/uapi/linux/ipv6.h
index cf592d7b630f..e8915701aa73 100644
--- a/include/uapi/linux/ipv6.h
+++ b/include/uapi/linux/ipv6.h
@@ -199,6 +199,7 @@ enum {
DEVCONF_NDISC_EVICT_NOCARRIER,
DEVCONF_ACCEPT_UNTRACKED_NA,
DEVCONF_ACCEPT_RA_MIN_LFT,
+ DEVCONF_LINK_FILTER,
DEVCONF_MAX
};
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index bc74f131fe4d..9cdd5b50f9b2 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -2595,6 +2595,7 @@ static struct devinet_sysctl_table {
"route_localnet"),
DEVINET_SYSCTL_FLUSHING_ENTRY(DROP_UNICAST_IN_L2_MULTICAST,
"drop_unicast_in_l2_multicast"),
+ DEVINET_SYSCTL_RW_ENTRY(LINKFILTER, "link_filter"),
},
};
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index a9358c796a81..7e39846f556b 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -5657,6 +5657,7 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf,
array[DEVCONF_NDISC_EVICT_NOCARRIER] = cnf->ndisc_evict_nocarrier;
array[DEVCONF_ACCEPT_UNTRACKED_NA] = cnf->accept_untracked_na;
array[DEVCONF_ACCEPT_RA_MIN_LFT] = cnf->accept_ra_min_lft;
+ array[DEVCONF_LINK_FILTER] = cnf->link_filter;
}
static inline size_t inet6_ifla6_size(void)
@@ -7086,6 +7087,13 @@ static const struct ctl_table addrconf_sysctl[] = {
.extra1 = (void *)SYSCTL_ZERO,
.extra2 = (void *)SYSCTL_ONE,
},
+ {
+ .procname = "link_filter",
+ .data = &ipv6_devconf.link_filter,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+ },
{
.procname = "ioam6_id",
.data = &ipv6_devconf.ioam6_id,
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index eb3afaee62e8..0f8670e74cc7 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -679,6 +679,14 @@ static inline void rt6_probe(struct fib6_nh *fib6_nh)
}
#endif
+static inline int rt6_link_filter(const struct fib6_nh *nh)
+{
+ const struct net_device *dev = nh->fib_nh_dev;
+ int linkf = __in6_dev_get(dev)->cnf.link_filter;
+ return (linkf && !netif_running(dev))
+ || (linkf > 1 && !netif_carrier_ok(dev));
+}
+
/*
* Default Router Selection (RFC 2461 6.3.6)
*/
@@ -720,6 +728,8 @@ static int rt6_score_route(const struct fib6_nh *nh, u32 fib6_flags, int oif,
if (!m && (strict & RT6_LOOKUP_F_IFACE))
return RT6_NUD_FAIL_HARD;
+ if (rt6_link_filter(nh))
+ return -1;
#ifdef CONFIG_IPV6_ROUTER_PREF
m |= IPV6_DECODE_PREF(IPV6_EXTRACT_PREF(fib6_flags)) << 2;
#endif
--
2.39.2

298
scripts/package-build/linux-kernel/patches/kernel/0002-inotify-support-for-stackable-filesystems.patch Normal file
View File

@ -0,0 +1,298 @@
From 1d625d2f745b61a718ce52cd1729f467c17defa6 Mon Sep 17 00:00:00 2001
From: Alex Harpin <development@landsofshadow.co.uk>
Date: Wed, 31 Dec 2014 10:33:38 +0000
Subject: [PATCH] VyOS: add inotify support for stackable filesystems
(overlayfs)
As it stands at the moment, overlayfs doesn't have full support for
inotify, and as such anything that relies on inotify currently has
issues. The simplest method of demonstrating this is to tail a file
(so tail -f /var/log/messages) and see that it doesn't follow changes
in that file. This has been reported in a number of places, including
Bug #882147 in Ubuntu. This patch is based on the version proposed by
Li Jianguo in response to this bug, adding support for inotify in
stackable filesystems.
This commit provides a complete fix for the workaround implemented
for bug #303, and will allow that commit to be reverted.
Bug #425 http://bugzilla.vyos.net/show_bug.cgi?id=425
(cherry picked from commit a93f1128bc83b5a6628da242e71c18ef05e81ea2)
---
fs/notify/inotify/Kconfig | 9 +++
fs/notify/inotify/inotify_user.c | 114 ++++++++++++++++++++++++++++++-
fs/overlayfs/super.c | 27 ++++++--
include/linux/inotify.h | 28 ++++++++
4 files changed, 172 insertions(+), 6 deletions(-)
diff --git a/fs/notify/inotify/Kconfig b/fs/notify/inotify/Kconfig
index 1cc8be25df7e..bc4acd1a6ea4 100644
--- a/fs/notify/inotify/Kconfig
+++ b/fs/notify/inotify/Kconfig
@@ -15,3 +15,12 @@ config INOTIFY_USER
For more information, see <file:Documentation/filesystems/inotify.rst>
If unsure, say Y.
+
+config INOTIFY_STACKFS
+ bool "Inotify support for stackable filesystem"
+ select INOTIFY_USER
+ default y
+ help
+ Say Y here to enable inotify support for stackable filesystem.
+
+ If unsure, say N.
diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
index 1c4bfdab008d..cf567cc33679 100644
--- a/fs/notify/inotify/inotify_user.c
+++ b/fs/notify/inotify/inotify_user.c
@@ -15,6 +15,7 @@
#include <linux/file.h>
#include <linux/fs.h> /* struct inode */
+#include <linux/mount.h>
#include <linux/fsnotify_backend.h>
#include <linux/idr.h>
#include <linux/init.h> /* fs_initcall */
@@ -97,6 +98,93 @@ static void __init inotify_sysctls_init(void)
#define inotify_sysctls_init() do { } while (0)
#endif /* CONFIG_SYSCTL */
+#ifdef CONFIG_INOTIFY_STACKFS
+
+static DEFINE_RWLOCK(inotify_fs_lock);
+static LIST_HEAD(inotify_fs_list);
+
+static inline struct file_system_type* peek_fs_type(struct path *path)
+{
+ return path->mnt->mnt_sb->s_type;
+}
+
+static struct inotify_stackfs* inotify_get_stackfs(struct path *path)
+{
+ struct file_system_type *fs;
+ struct inotify_stackfs *fse, *ret = NULL;
+
+ fs = peek_fs_type(path);
+
+ read_lock(&inotify_fs_lock);
+ list_for_each_entry(fse, &inotify_fs_list, list) {
+ if (fse->fs_type == fs) {
+ ret = fse;
+ break;
+ }
+ }
+ read_unlock(&inotify_fs_lock);
+
+ return ret;
+}
+
+static inline void inotify_put_stackfs(struct inotify_stackfs *fs)
+{
+}
+
+int inotify_register_stackfs(struct inotify_stackfs *fs)
+{
+ int ret = 0;
+ struct inotify_stackfs *fse;
+
+ BUG_ON(IS_ERR_OR_NULL(fs->fs_type));
+ BUG_ON(IS_ERR_OR_NULL(fs->func));
+
+ INIT_LIST_HEAD(&fs->list);
+
+ write_lock(&inotify_fs_lock);
+ list_for_each_entry(fse, &inotify_fs_list, list) {
+ if (fse->fs_type == fs->fs_type) {
+ write_unlock(&inotify_fs_lock);
+ ret = -EBUSY;
+ goto out;
+ }
+ }
+ list_add_tail(&fs->list, &inotify_fs_list);
+ write_unlock(&inotify_fs_lock);
+
+out:
+ return ret;
+}
+EXPORT_SYMBOL_GPL(inotify_register_stackfs);
+
+void inotify_unregister_stackfs(struct inotify_stackfs *fs)
+{
+ struct inotify_stackfs *fse, *n;
+
+ write_lock(&inotify_fs_lock);
+ list_for_each_entry_safe(fse, n, &inotify_fs_list, list) {
+ if (fse == fs) {
+ list_del(&fse->list);
+ break;
+ }
+ }
+ write_unlock(&inotify_fs_lock);
+}
+EXPORT_SYMBOL_GPL(inotify_unregister_stackfs);
+
+#else
+
+static inline struct inotify_stackfs* inotify_get_stackfs(struct path *path)
+{
+ return NULL;
+}
+
+static inline void inotify_put_stackfs(struct inotify_stackfs *fs)
+{
+}
+
+#endif /* CONFIG_INOTIFY_STACKFS */
+
static inline __u32 inotify_arg_to_mask(struct inode *inode, u32 arg)
{
__u32 mask;
@@ -370,8 +458,8 @@ static const struct file_operations inotify_fops = {
/*
* find_inode - resolve a user-given path to a specific inode
*/
-static int inotify_find_inode(const char __user *dirname, struct path *path,
- unsigned int flags, __u64 mask)
+static inline int __inotify_find_inode(const char __user *dirname, struct path *path,
+ unsigned int flags, __u64 mask)
{
int error;
@@ -392,6 +480,28 @@ static int inotify_find_inode(const char __user *dirname, struct path *path,
return error;
}
+static int inotify_find_inode(const char __user *dirname, struct path *path,
+ unsigned int flags, __u64 mask)
+{
+ int ret;
+ struct path tpath;
+ struct inotify_stackfs *fse;
+
+ ret = __inotify_find_inode(dirname, &tpath, flags, mask);
+ if (ret)
+ return ret;
+ fse = inotify_get_stackfs(&tpath);
+ if (fse == NULL) {
+ *path = tpath;
+ return 0;
+ }
+ ret = fse->func(path, &tpath);
+ inotify_put_stackfs(fse);
+ path_put(&tpath);
+
+ return ret;
+}
+
static int inotify_add_to_idr(struct idr *idr, spinlock_t *idr_lock,
struct inotify_inode_mark *i_mark)
{
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 2c056d737c27..2cb1f0024e70 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -15,6 +15,7 @@
#include <linux/seq_file.h>
#include <linux/posix_acl_xattr.h>
#include <linux/exportfs.h>
+#include <linux/inotify.h>
#include <linux/file.h>
#include <linux/fs_context.h>
#include <linux/fs_parser.h>
@@ -1528,6 +1529,18 @@ static void ovl_inode_init_once(void *foo)
inode_init_once(&oi->vfs_inode);
}
+static int ovl_inotify_path(struct path *dst, struct path *src)
+{
+ ovl_path_real(src->dentry, dst);
+ path_get(dst);
+ return 0;
+}
+
+static struct inotify_stackfs ovl_inotify = {
+ .fs_type = &ovl_fs_type,
+ .func = ovl_inotify_path,
+};
+
static int __init ovl_init(void)
{
int err;
@@ -1543,18 +1556,24 @@ static int __init ovl_init(void)
err = ovl_aio_request_cache_init();
if (!err) {
err = register_filesystem(&ovl_fs_type);
- if (!err)
- return 0;
+ if (err)
+ goto err;
+ err = inotify_register_stackfs(&ovl_inotify);
+ if (err)
+ goto err;
+ return 0;
- ovl_aio_request_cache_destroy();
}
+err:
kmem_cache_destroy(ovl_inode_cachep);
-
+ unregister_filesystem(&ovl_fs_type);
+ ovl_aio_request_cache_destroy();
return err;
}
static void __exit ovl_exit(void)
{
+ inotify_unregister_stackfs(&ovl_inotify);
unregister_filesystem(&ovl_fs_type);
/*
diff --git a/include/linux/inotify.h b/include/linux/inotify.h
index 8d20caa1b268..c126e2f93a73 100644
--- a/include/linux/inotify.h
+++ b/include/linux/inotify.h
@@ -8,6 +8,8 @@
#define _LINUX_INOTIFY_H
#include <uapi/linux/inotify.h>
+#include <linux/list.h>
+#include <linux/fs.h>
#define ALL_INOTIFY_BITS (IN_ACCESS | IN_MODIFY | IN_ATTRIB | IN_CLOSE_WRITE | \
IN_CLOSE_NOWRITE | IN_OPEN | IN_MOVED_FROM | \
@@ -17,4 +19,30 @@
IN_DONT_FOLLOW | IN_EXCL_UNLINK | IN_MASK_ADD | \
IN_MASK_CREATE | IN_ISDIR | IN_ONESHOT)
+typedef int (*inotify_path_proc)(struct path *dst, struct path *src);
+
+struct inotify_stackfs {
+ struct list_head list; /* entry in inotify_fs_list */
+ struct file_system_type *fs_type; /* registed file_system_type */
+ inotify_path_proc func; /* registed callback function */
+};
+
+#ifdef CONFIG_INOTIFY_STACKFS
+
+extern int inotify_register_stackfs(struct inotify_stackfs *fs);
+extern void inotify_unregister_stackfs(struct inotify_stackfs *fs);
+
+#else
+
+static inline int inotify_register_stackfs(struct inotify_stackfs *fs)
+{
+ return 0;
+}
+
+static inline void inotify_unregister_stackfs(struct inotify_stackfs *fs)
+{
+}
+
+#endif /* CONFIG_INOTIFY_STACKFS */
+
#endif /* _LINUX_INOTIFY_H */
--
2.39.2

7
scripts/package-build/ndppd/.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
ndppd/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

1
scripts/package-build/ndppd/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

4
scripts/package-build/ndppd/package.toml Normal file
View File

@ -0,0 +1,4 @@
[[packages]]
name = "ndppd"
commit_id = "debian/0.2.5-6"
scm_url = "https://salsa.debian.org/debian/ndppd"

83
scripts/package-build/ndppd/patches/0001-skip-route-table-if-there-is-no-auto-rule.patch Normal file
View File

@ -0,0 +1,83 @@
From b148ba055245cec5007ee91dd3ffbfeb58d49c5a Mon Sep 17 00:00:00 2001
From: Henning Surmeier <me@hensur.de>
Date: Sun, 9 Jan 2022 20:35:15 +0100
Subject: [PATCH 1/2] skip route table if there is no auto rule
---
src/ndppd.cc | 3 ++-
src/rule.cc | 8 ++++++++
src/rule.h | 4 ++++
3 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/ndppd.cc b/src/ndppd.cc
index bec9656..b303721 100644
--- a/src/ndppd.cc
+++ b/src/ndppd.cc
@@ -304,7 +304,8 @@ int main(int argc, char* argv[], char* env[])
t1.tv_sec = t2.tv_sec;
t1.tv_usec = t2.tv_usec;
- route::update(elapsed_time);
+ if (rule::any_auto())
+ route::update(elapsed_time);
session::update_all(elapsed_time);
}
diff --git a/src/rule.cc b/src/rule.cc
index 9e72480..a1e8376 100644
--- a/src/rule.cc
+++ b/src/rule.cc
@@ -24,6 +24,8 @@
NDPPD_NS_BEGIN
+bool rule::_any_aut = false;
+
rule::rule()
{
}
@@ -49,6 +51,7 @@ ptr<rule> rule::create(const ptr<proxy>& pr, const address& addr, bool aut)
ru->_pr = pr;
ru->_addr = addr;
ru->_aut = aut;
+ _any_aut = _any_aut || aut;
logger::debug()
<< "rule::create() if=" << pr->ifa()->name().c_str() << ", addr=" << addr
@@ -57,6 +60,11 @@ ptr<rule> rule::create(const ptr<proxy>& pr, const address& addr, bool aut)
return ru;
}
+bool rule::any_auto()
+{
+ return _any_aut;
+}
+
const address& rule::addr() const
{
return _addr;
diff --git a/src/rule.h b/src/rule.h
index 6663066..ca2aa36 100644
--- a/src/rule.h
+++ b/src/rule.h
@@ -42,6 +42,8 @@ public:
bool check(const address& addr) const;
+ static bool any_auto();
+
private:
weak_ptr<rule> _ptr;
@@ -53,6 +55,8 @@ private:
bool _aut;
+ static bool _any_aut;
+
rule();
};
--
2.34.1

25
scripts/package-build/ndppd/patches/0002-set-vyos-version.patch Normal file
View File

@ -0,0 +1,25 @@
From b0789cf679b0179d37e22f5a936af273d982abeb Mon Sep 17 00:00:00 2001
From: Henning Surmeier <me@hensur.de>
Date: Tue, 11 Jan 2022 13:05:47 +0100
Subject: [PATCH 2/2] set -vyos version
---
src/ndppd.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ndppd.h b/src/ndppd.h
index 008726c..61ed950 100644
--- a/src/ndppd.h
+++ b/src/ndppd.h
@@ -21,7 +21,7 @@
#define NDPPD_NS_BEGIN namespace ndppd {
#define NDPPD_NS_END }
-#define NDPPD_VERSION "0.2.4"
+#define NDPPD_VERSION "0.2.5-vyos"
#include <assert.h>
--
2.34.1

6
scripts/package-build/net-snmp/.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
net-snmp/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

1
scripts/package-build/net-snmp/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

5
scripts/package-build/net-snmp/package.toml Normal file
View File

@ -0,0 +1,5 @@
[[packages]]
name = "net-snmp"
commit_id = "debian/5.9.4+dfsg-1"
scm_url = "https://salsa.debian.org/debian/net-snmp"
build_cmd = "dpkg-buildpackage -us -uc -tc -b || true"

119
scripts/package-build/net-snmp/patches/add-linux-6.7-compatibility-parsing.patch Normal file
View File

@ -0,0 +1,119 @@
From f5ae6baf0018abda9dedc368fe6d52c0d7a8ab8f Mon Sep 17 00:00:00 2001
From: Philippe Troin <phil+github-commits@fifi.org>
Date: Sat, 3 Feb 2024 10:30:30 -0800
Subject: [PATCH] Add Linux 6.7 compatibility parsing /proc/net/snmp
Linux 6.7 adds a new OutTransmits field to Ip in /proc/net/snmp.
This breaks the hard-coded assumptions about the Ip line length.
Add compatibility to parse Linux 6.7 Ip header while keep support
for previous versions.
---
.../ip-mib/data_access/systemstats_linux.c | 46 +++++++++++++++----
1 file changed, 37 insertions(+), 9 deletions(-)
diff --git a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
index 49e0a34d5c..f04e828a94 100644
--- a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
+++ b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
@@ -36,7 +36,7 @@ netsnmp_access_systemstats_arch_init(void)
}
/*
- /proc/net/snmp
+ /proc/net/snmp - Linux 6.6 and lower
Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates
Ip: 2 64 7083534 0 0 0 0 0 6860233 6548963 0 0 1 286623 63322 1 259920 0 0
@@ -49,6 +49,26 @@ netsnmp_access_systemstats_arch_init(void)
Udp: InDatagrams NoPorts InErrors OutDatagrams
Udp: 1491094 122 0 1466178
+*
+ /proc/net/snmp - Linux 6.7 and higher
+
+ Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates OutTransmits
+ Ip: 1 64 50859058 496 0 37470604 0 0 20472980 7515791 1756 0 0 7264 3632 0 3548 0 7096 44961424
+
+ Icmp: InMsgs InErrors InCsumErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks InAddrMaskReps OutMsgs OutErrors OutRateLimitGlobal OutRateLimitHost OutDestUnreachs OutTimeExcds OutParmProbs OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps OutTimestampReps OutAddrMasks OutAddrMaskReps
+ Icmp: 114447 2655 0 17589 0 0 0 0 66905 29953 0 0 0 0 143956 0 0 572 16610 484 0 0 0 59957 66905 0 0 0 0
+
+ IcmpMsg: InType0 InType3 InType8 OutType0 OutType3 OutType8 OutType11
+ IcmpMsg: 29953 17589 66905 66905 16610 59957 484
+
+ Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors
+ Tcp: 1 200 120000 -1 17744 13525 307 3783 6 18093137 9277788 3499 8 7442 0
+
+ Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
+ Udp: 2257832 1422 0 2252835 0 0 0 84 0
+
+ UdpLite: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
+ UdpLite: 0 0 0 0 0 0 0 0 0
*/
@@ -101,10 +121,10 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
FILE *devin;
char line[1024];
netsnmp_systemstats_entry *entry = NULL;
- int scan_count;
+ int scan_count, expected_scan_count;
char *stats, *start = line;
int len;
- unsigned long long scan_vals[19];
+ unsigned long long scan_vals[20];
DEBUGMSGTL(("access:systemstats:container:arch", "load v4 (flags %x)\n",
load_flags));
@@ -126,10 +146,17 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
*/
NETSNMP_IGNORE_RESULT(fgets(line, sizeof(line), devin));
len = strlen(line);
- if (224 != len) {
+ switch (len) {
+ case 224:
+ expected_scan_count = 19;
+ break;
+ case 237:
+ expected_scan_count = 20;
+ break;
+ default:
fclose(devin);
snmp_log(LOG_ERR, "systemstats_linux: unexpected header length in /proc/net/snmp."
- " %d != 224\n", len);
+ " %d not in { 224, 237 } \n", len);
return -4;
}
@@ -178,20 +205,20 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
memset(scan_vals, 0x0, sizeof(scan_vals));
scan_count = sscanf(stats,
"%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu"
- "%llu %llu %llu %llu %llu %llu %llu %llu %llu",
+ "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu",
&scan_vals[0],&scan_vals[1],&scan_vals[2],
&scan_vals[3],&scan_vals[4],&scan_vals[5],
&scan_vals[6],&scan_vals[7],&scan_vals[8],
&scan_vals[9],&scan_vals[10],&scan_vals[11],
&scan_vals[12],&scan_vals[13],&scan_vals[14],
&scan_vals[15],&scan_vals[16],&scan_vals[17],
- &scan_vals[18]);
+ &scan_vals[18],&scan_vals[19]);
DEBUGMSGTL(("access:systemstats", " read %d values\n", scan_count));
- if(scan_count != 19) {
+ if(scan_count != expected_scan_count) {
snmp_log(LOG_ERR,
"error scanning systemstats data (expected %d, got %d)\n",
- 19, scan_count);
+ expected_scan_count, scan_count);
netsnmp_access_systemstats_entry_free(entry);
return -4;
}
@@ -223,6 +250,7 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
entry->stats.HCOutFragFails.high = scan_vals[17] >> 32;
entry->stats.HCOutFragCreates.low = scan_vals[18] & 0xffffffff;
entry->stats.HCOutFragCreates.high = scan_vals[18] >> 32;
+ /* entry->stats. = scan_vals[19]; / * OutTransmits */
entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCINRECEIVES] = 1;
entry->stats.columnAvail[IPSYSTEMSTATSTABLE_INHDRERRORS] = 1;

3
scripts/package-build/netfilter/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
/pkg-libnftnl/
/pkg-nftables/

189
scripts/package-build/netfilter/build.py Executable file
View File

@ -0,0 +1,189 @@
#!/usr/bin/env python3
#
# Copyright (C) 2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import glob
import shutil
import toml
import os
from argparse import ArgumentParser
from pathlib import Path
from subprocess import run, CalledProcessError
def ensure_dependencies(dependencies: list) -> None:
"""Ensure Debian build dependencies are met"""
if not dependencies:
print("I: No additional dependencies to install")
return
print("I: Ensure Debian build dependencies are met")
run(['sudo', 'apt-get', 'update'], check=True)
run(['sudo', 'apt-get', 'install', '-y'] + dependencies, check=True)
def apply_patches(repo_dir: Path, patch_dir: Path, package_name: str) -> None:
"""Apply patches from the patch directory to the repository"""
package_patch_dir = patch_dir / package_name
if package_patch_dir.exists() and package_patch_dir.is_dir():
patches = list(package_patch_dir.glob('*'))
else:
print(f"I: No patch directory found for {package_name} in {patch_dir}")
return
# Filter out directories from patches list
patches = [patch for patch in patches if patch.is_file()]
if not patches:
print(f"I: No patches found in {package_patch_dir}")
return
debian_patches_dir = repo_dir / 'debian/patches'
debian_patches_dir.mkdir(parents=True, exist_ok=True)
series_file = debian_patches_dir / 'series'
with series_file.open('a') as series:
for patch in patches:
patch_dest = debian_patches_dir / patch.name
try:
# Ensure the patch file exists before copying
if patch.exists():
shutil.copy(patch, patch_dest)
series.write(patch.name + '\n')
print(f"I: Applied patch: {patch.name}")
else:
print(f"W: Patch file {patch} not found, skipping")
except FileNotFoundError:
print(f"W: Patch file {patch} not found, skipping")
def prepare_package(repo_dir: Path, install_data: str) -> None:
"""Prepare a package"""
if not install_data:
print("I: No install data provided, skipping package preparation")
return
try:
install_file = repo_dir / 'debian/install'
install_file.parent.mkdir(parents=True, exist_ok=True)
install_file.write_text(install_data)
print("I: Prepared package")
except Exception as e:
print(f"Failed to prepare package: {e}")
raise
def build_package(package: dict, dependencies: list, patch_dir: Path) -> None:
"""Build a package from the repository
Args:
package (dict): Package information
dependencies (list): List of additional dependencies
patch_dir (Path): Directory containing patches
"""
repo_name = package['name']
repo_dir = Path(repo_name)
try:
# Clone the repository if it does not exist
if not repo_dir.exists():
run(['git', 'clone', package['scm_url'], str(repo_dir)], check=True)
# Check out the specific commit
run(['git', 'checkout', package['commit_id']], cwd=repo_dir, check=True)
# Ensure dependencies
ensure_dependencies(dependencies)
# Apply patches if any
apply_patches(repo_dir, patch_dir, repo_name)
# Prepare the package if required
if package.get('prepare_package', False):
prepare_package(repo_dir, package.get('install_data', ''))
# Build dependency package and install it
if (repo_dir / 'debian/control').exists():
try:
run('sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"', cwd=repo_dir, check=True, shell=True)
run('sudo dpkg -i *build-deps*.deb', cwd=repo_dir, check=True, shell=True)
except CalledProcessError as e:
print(f"Failed to build package {repo_name}: {e}")
# Build the package, check if we have build_cmd in the package.toml
build_cmd = package.get('build_cmd', 'dpkg-buildpackage -uc -us -tc -b')
run(build_cmd, cwd=repo_dir, check=True, shell=True)
except CalledProcessError as e:
print(f"Failed to build package {repo_name}: {e}")
finally:
# Clean up repository directory
# shutil.rmtree(repo_dir, ignore_errors=True)
pass
def cleanup_build_deps(repo_dir: Path) -> None:
"""Clean up build dependency packages"""
try:
if repo_dir.exists():
for file in glob.glob(str(repo_dir / '*build-deps*.deb')):
os.remove(file)
print("Cleaned up build dependency packages")
except Exception as e:
print(f"Error cleaning up build dependencies: {e}")
def copy_packages(repo_dir: Path) -> None:
"""Copy generated .deb packages to the parent directory"""
try:
deb_files = glob.glob(str(repo_dir / '*.deb'))
for deb_file in deb_files:
shutil.copy(deb_file, repo_dir.parent)
print(f'I: copy generated "{deb_file}" package')
except Exception as e:
print(f"Error copying packages: {e}")
if __name__ == '__main__':
# Prepare argument parser
arg_parser = ArgumentParser()
arg_parser.add_argument('--config',
default='package.toml',
help='Path to the package configuration file')
arg_parser.add_argument('--patch-dir',
default='patches',
help='Path to the directory containing patches')
args = arg_parser.parse_args()
# Load package configuration
with open(args.config, 'r') as file:
config = toml.load(file)
packages = config['packages']
patch_dir = Path(args.patch_dir)
for package in packages:
dependencies = package.get('dependencies', {}).get('packages', [])
# Build the package
build_package(package, dependencies, patch_dir)
# Clean up build dependency packages after build
cleanup_build_deps(Path(package['name']))
# Copy generated .deb packages to parent directory
copy_packages(Path(package['name']))

11
scripts/package-build/netfilter/package.toml Normal file
View File

@ -0,0 +1,11 @@
[[packages]]
name = "pkg-libnftnl"
commit_id = "debian/1.2.6-2"
scm_url = "https://salsa.debian.org/pkg-netfilter-team/pkg-libnftnl.git"
build_cmd = "sudo mk-build-deps --install --tool 'apt-get --yes --no-install-recommends'; dpkg-buildpackage -uc -us -tc -b"
[[packages]]
name = "pkg-nftables"
commit_id = "debian/1.0.9-1"
scm_url = "https://salsa.debian.org/pkg-netfilter-team/pkg-nftables.git"
build_cmd = "sudo dpkg -i ../libnftnl*.deb; dpkg-buildpackage -uc -us -tc -b"

118
scripts/package-build/netfilter/patches/pkg-nftables/0001-meta-fix-hour-decoding.patch Normal file
View File

@ -0,0 +1,118 @@
From d392ddf243dcbf8a34726c777d2c669b1e8bfa85 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Thu, 2 Nov 2023 15:34:13 +0100
Subject: meta: fix hour decoding when timezone offset is negative
Brian Davidson says:
meta hour rules don't display properly after being created when the
hour is on or after 00:00 UTC. The netlink debug looks correct for
seconds past midnight UTC, but displaying the rules looks like an
overflow or a byte order problem. I am in UTC-0400, so today, 20:00
and later exhibits the problem, while 19:00 and earlier hours are
fine.
meta.c only ever worked when the delta to UTC is positive.
We need to add in case the second counter turns negative after
offset adjustment.
Also add a test case for this.
Fixes: f8f32deda31d ("meta: Introduce new conditions 'time', 'day' and 'hour'")
Reported-by: Brian Davidson <davidson.brian@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
src/meta.c | 11 ++++-
.../shell/testcases/listing/dumps/meta_time.nodump | 0
tests/shell/testcases/listing/meta_time | 52 ++++++++++++++++++++++
3 files changed, 61 insertions(+), 2 deletions(-)
create mode 100644 tests/shell/testcases/listing/dumps/meta_time.nodump
create mode 100755 tests/shell/testcases/listing/meta_time
diff --git a/src/meta.c b/src/meta.c
index b578d5e2..7846aefe 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -495,9 +495,16 @@ static void hour_type_print(const struct expr *expr, struct output_ctx *octx)
/* Obtain current tm, so that we can add tm_gmtoff */
ts = time(NULL);
- if (ts != ((time_t) -1) && localtime_r(&ts, &cur_tm))
- seconds = (seconds + cur_tm.tm_gmtoff) % SECONDS_PER_DAY;
+ if (ts != ((time_t) -1) && localtime_r(&ts, &cur_tm)) {
+ int32_t adj = seconds + cur_tm.tm_gmtoff;
+ if (adj < 0)
+ adj += SECONDS_PER_DAY;
+ else if (adj >= SECONDS_PER_DAY)
+ adj -= SECONDS_PER_DAY;
+
+ seconds = adj;
+ }
minutes = seconds / 60;
seconds %= 60;
hours = minutes / 60;
diff --git a/tests/shell/testcases/listing/dumps/meta_time.nodump b/tests/shell/testcases/listing/dumps/meta_time.nodump
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/shell/testcases/listing/meta_time b/tests/shell/testcases/listing/meta_time
new file mode 100755
index 00000000..a9761998
--- /dev/null
+++ b/tests/shell/testcases/listing/meta_time
@@ -0,0 +1,52 @@
+#!/bin/bash
+
+set -e
+
+TMP1=$(mktemp)
+TMP2=$(mktemp)
+
+cleanup()
+{
+ rm -f "$TMP1"
+ rm -f "$TMP2"
+}
+
+check_decode()
+{
+ TZ=$1 $NFT list chain t c | grep meta > "$TMP2"
+ diff -u "$TMP1" "$TMP2"
+}
+
+trap cleanup EXIT
+
+$NFT -f - <<EOF
+table t {
+ chain c {
+ }
+}
+EOF
+
+for i in $(seq -w 0 23); do
+ TZ=UTC $NFT add rule t c meta hour "$i:00"-"$i:59"
+done
+
+# Check decoding in UTC, this mirrors 1:1 what should have been added.
+for i in $(seq 0 23); do
+ printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" $i 0 $i 59 >> "$TMP1"
+done
+
+check_decode UTC
+
+printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" 23 0 23 59 > "$TMP1"
+for i in $(seq 0 22); do
+ printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" $i 0 $i 59 >> "$TMP1"
+done
+check_decode UTC+1
+
+printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" 1 0 1 59 > "$TMP1"
+for i in $(seq 2 23); do
+ printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" $i 0 $i 59 >> "$TMP1"
+done
+printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" 0 0 0 59 >> "$TMP1"
+
+check_decode UTC-1
--
cgit v1.2.3

6
scripts/package-build/opennhrp/.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
opennhrp/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

1
scripts/package-build/opennhrp/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

21
scripts/package-build/opennhrp/package.toml Normal file
View File

@ -0,0 +1,21 @@
[[packages]]
name = "opennhrp"
commit_id = "613277f"
scm_url = "https://git.code.sf.net/p/opennhrp/code"
build_cmd = """
make clean
make
install --directory debian/etc debian/usr/sbin
install --mode 0644 etc/racoon-ph1dead.sh debian/etc
install --mode 0644 etc/racoon-ph1down.sh debian/etc
install --strip --mode 0755 nhrp/opennhrp debian/usr/sbin
install --strip --mode 0755 nhrp/opennhrpctl debian/usr/sbin
fpm --input-type dir --output-type deb --name opennhrp \
--version $(git describe --always | cut -c2-) --deb-compression gz \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "NBMA Next Hop Resolution Protocol daemon" \
--license "MIT" -C debian --package ..
"""

6
scripts/package-build/openvpn-otp/.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
openvpn-otp/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

1
scripts/package-build/openvpn-otp/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

19
scripts/package-build/openvpn-otp/package.toml Normal file
View File

@ -0,0 +1,19 @@
[[packages]]
name = "openvpn-otp"
commit_id = "master"
scm_url = "https://github.com/evgeny-gridasov/openvpn-otp"
# build_cmd = "cd ..; ./build-openvpn-otp.sh"
build_cmd = """
./autogen.sh
./configure --prefix=/usr
make
mkdir -p usr/lib/openvpn
cp src/.libs/openvpn-otp.so usr/lib/openvpn
fpm --input-type dir --output-type deb --name openvpn-otp \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "OpenVPN OTP Authentication support." \
--depends openvpn --architecture $(dpkg --print-architecture) \
--version $(git describe --tags --always | cut -c2-) --deb-compression gz usr
"""

6
scripts/package-build/owamp/.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
owamp/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

1
scripts/package-build/owamp/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

4
scripts/package-build/owamp/package.toml Normal file
View File

@ -0,0 +1,4 @@
[[packages]]
name = "owamp"
commit_id = "v4.4.6"
scm_url = "https://github.com/perfsonar/owamp"

7
scripts/package-build/pam_tacplus/.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
pam_tacplus/
pam_tacplus-debian/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

1
scripts/package-build/pam_tacplus/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

19
scripts/package-build/pam_tacplus/package.toml Normal file
View File

@ -0,0 +1,19 @@
[[packages]]
name = "pam_tacplus-debian"
commit_id = "50c6fd7"
scm_url = "https://github.com/kravietz/pam_tacplus-debian"
build_cmd = "/bin/true"
[[packages]]
name = "pam_tacplus"
#commit_id = "4f91b0d" # This commit cannot build the package
commit_id = "b839c44"
scm_url = "https://github.com/kravietz/pam_tacplus"
#build_cmd = "sudo mk-build-deps --install --tool 'apt-get --yes --no-install-recommends'; cd ..; ./build.sh"
build_cmd = """
cp -a ../pam_tacplus-debian debian
rm -f debian/compat
sudo mk-build-deps --install --tool 'apt-get --yes --no-install-recommends'
dpkg-buildpackage -uc -us -tc -b -d
"""

6
scripts/package-build/pmacct/.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
pmacct/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

1
scripts/package-build/pmacct/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

4
scripts/package-build/pmacct/package.toml Normal file
View File

@ -0,0 +1,4 @@
[[packages]]
name = "pmacct"
commit_id = "debian/1.7.7-1"
scm_url = "https://salsa.debian.org/debian/pmacct.git"

49
scripts/package-build/pmacct/patches/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch Normal file
View File

@ -0,0 +1,49 @@
From 58900c9d0f98f224577c28dc2323061d33823f39 Mon Sep 17 00:00:00 2001
From: Paolo Lucente <pl+github@pmacct.net>
Date: Fri, 4 Mar 2022 22:07:29 +0000
Subject: [PATCH] * fix, pmacctd: SEGV when ICMP/ICMPv6 traffic was processed
and 'flows' primitive was enabled. To address Issue #586
---
src/nl.c | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/src/nl.c b/src/nl.c
index c42689ed..6a3da94b 100644
--- a/src/nl.c
+++ b/src/nl.c
@@ -1,6 +1,6 @@
/*
pmacct (Promiscuous mode IP Accounting package)
- pmacct is Copyright (C) 2003-2021 by Paolo Lucente
+ pmacct is Copyright (C) 2003-2022 by Paolo Lucente
*/
/*
@@ -293,10 +293,7 @@ int ip_handler(register struct packet_ptrs *pptrs)
}
}
else {
- if (pptrs->l4_proto != IPPROTO_ICMP) {
- pptrs->tlh_ptr = dummy_tlhdr;
- }
-
+ pptrs->tlh_ptr = dummy_tlhdr;
if (off < caplen) pptrs->payload_ptr = ptr;
}
@@ -479,10 +476,7 @@ int ip6_handler(register struct packet_ptrs *pptrs)
}
}
else {
- if (pptrs->l4_proto != IPPROTO_ICMPV6) {
- pptrs->tlh_ptr = dummy_tlhdr;
- }
-
+ pptrs->tlh_ptr = dummy_tlhdr;
if (off < caplen) pptrs->payload_ptr = ptr;
}
--
2.34.1

7
scripts/package-build/podman/.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
podman/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

1
scripts/package-build/podman/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

27
scripts/package-build/podman/package.toml Normal file
View File

@ -0,0 +1,27 @@
[[packages]]
name = "podman"
commit_id = "v4.9.5"
scm_url = "https://github.com/containers/podman"
#build_cmd = "cd ..; ./build.sh"
build_cmd = """
make install.tools
make podman-release
tar xf podman-release-$(dpkg --print-architecture).tar.gz
VERSION=$(ls -d podman-v* | cut -c9-)
fpm --input-type dir --output-type deb --name podman \
--version $VERSION --deb-compression gz \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "Engine to run OCI-based containers in Pods" \
--depends conmon --depends crun --depends netavark --depends libgpgme11 \
--depends fuse-overlayfs --depends golang-github-containers-common \
--license "Apache License 2.0" -C podman-v$VERSION --package ..
"""
[packages.dependencies]
packages = [
"libseccomp-dev",
"libgpgme-dev"
]

7
scripts/package-build/pyhumps/.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
humps/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

1
scripts/package-build/pyhumps/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

5
scripts/package-build/pyhumps/package.toml Normal file
View File

@ -0,0 +1,5 @@
[[packages]]
name = "humps"
commit_id = "v3.8.0"
scm_url = "https://github.com/nficano/humps.git"
build_cmd = "python3 setup.py --command-packages=stdeb.command bdist_deb; cp deb_dist/*.deb .."

6
scripts/package-build/radvd/.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
radvd/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

1
scripts/package-build/radvd/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

23
scripts/package-build/radvd/package.toml Normal file
View File

@ -0,0 +1,23 @@
[[packages]]
name = "radvd"
commit_id = "f2de4764559"
scm_url = "https://github.com/radvd-project/radvd"
#build_cmd = "cd ..; ./build.sh"
build_cmd = """
./autogen.sh
./configure
make
install --directory debian/lib/systemd/system debian/usr/sbin
install --mode 0644 radvd.service debian/lib/systemd/system
install --strip --mode 0755 radvd debian/usr/sbin
# Version' field value 'v0.14-20-g613277f': version number does not start with digit
# "cut" first character from version string
fpm --input-type dir --output-type deb --name radvd \
--version $(git describe --always | cut -c2- | tr _ -) --deb-compression gz \
--maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
--description "RADVD router advertisement daemon" \
--license "RADVD" -C debian --package ..
"""

6
scripts/package-build/strongswan/.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
strongswan/
*.buildinfo
*.build
*.changes
*.deb
*.dsc

57
scripts/package-build/strongswan/build-vici.sh Executable file
View File

@ -0,0 +1,57 @@
#!/bin/sh
CWD=$(pwd)
set -e
SRC="strongswan/src/libcharon/plugins/vici/python"
if [ ! -d ${SRC} ]; then
echo "Source directory does not exists, please 'git clone'"
exit 1
fi
cd ${SRC}
mkdir -p debian
# Create control file
echo "I: create $SRC/debian/control"
cat <<EOF > debian/control
Source: strongswan
Section: python
Priority: optional
Maintainer: VyOS Package Maintainers <maintainers@vyos.net>
Build-Depends: debhelper (>= 9), python3, python3-setuptools
Standards-Version: 3.9.6
Package: python3-vici
Architecture: all
Depends: \${misc:Depends}, \${python3:Depends}
Description: Native Python interface for strongSwan's VICI protocol
EOF
# Create rules file
echo "I: create $SRC/rules"
cat <<EOF > debian/rules
#!/usr/bin/make -f
%:
dh \$@ --with python3
EOF
# Make the rules file executable
chmod +x debian/rules
echo '10' > debian/compat
# Copy changelog
cp ../../../../../debian/changelog debian/
ls -la
pwd
echo "I: Build Debian Package"
dpkg-buildpackage -uc -us -tc -b -d
echo "I: copy packages"
cp ../*.deb ../../../../../../

1
scripts/package-build/strongswan/build.py Symbolic link
View File

@ -0,0 +1 @@
../build.py

Some files were not shown because too many files have changed in this diff Show More