Kernel compile time option for our custom patch to enable inotify
on stackable filesystems accidently got removed in commit cfdd4451ca3aa
("Kernel: T7428: remove io_uring support").
Option was re-enabled.
Previous patch was removed during VyOS 1.3 -> 1.4 development cycle as the
internal handling for Kernel package generation changed.
This brings back the perf binary in a new linux-perf-$KERNELVERSION
Debian package.
Given the recent chatter about io_uring and it flaws - e.g. [1] - and we have
to my knowledge no use for it we should remove it from the Kernel configuration.
Every feature not used and removed from the Kernel is a good one.
1: https://www.armosec.io/blog/io_uring-rootkit-bypasses-linux-security/
* Add 0002-Radius-Dns-Server-IPv6-Address.patch
This adds the ability to pull IPv6 DNS servers from the radius response not just hard coded in the config file
Previous commit a10b29560 ("intel: T6847: update IXGBE Out-Of-Tree driver to
v6.0.5") missed a proper CI "git clone" on the driver repository - this has
been fixed.
The shim review board (which is the secure boot base loader) recommends using
ephemeral keys when signing the Linux Kernel. This commit enables the Kernel
build system to generate a one-time ephemeral key that is used to:
* sign all build-in Kernel modules
* sign all other out-of-tree Kernel modules
The key lives in /tmp and is destroyed after the build container exits and is
named: "VyOS build time autogenerated kernel key".
In addition the Kernel now uses CONFIG_MODULE_SIG_FORCE. This now makes it
unable to load any Kernel Module to the image that is NOT signed by the
ephemeral key.
Add build scripts for .deb packages without Jenkins.
To exclude Jenkins we need some place where we can put new builds-scripts
to run in parallel (old/new) during meantime
We will deprecate old Jenkins package builds in the future.
