vyos/vyos-build
1
0
Fork 0
mirror of https://github.com/vyos/vyos-build.git synced 2025-10-01 20:28:40 +02:00
Code Issues Packages Projects Releases Wiki Activity
2,660 Commits 9 Branches 17 Tags
Commit Graph

204 Commits

Author SHA1 Message Date
Christian Breunig
fd737172f1 T861: add UEFI Secure Boot support 
This adds support for UEFI Secure Boot. It adds the missing pieces to the Linux
Kernel and enforces module signing. This results in an additional security
layer where untrusted (unsigned) Kernel modules can no longer be loaded into
the live system.

NOTE: This commit will not work unless signing keys are present. Arbitrary
keys can be generated using instructions found in:

  data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md
 2024-09-14 23:05:23 +02:00
Christian Breunig
a9baaaba16 podman: T6598: add custom podman build for version 4.9.5 2024-07-23 08:03:07 +02:00
Christian Breunig
ca31af2cc3 hooks: T6346: set default boot target to multi-user.target 2024-05-16 07:19:59 +02:00
Christian Breunig
fabf5326b8
Merge pull request #582 from 0xThiebaut/suricata 
suricata: T751: Disable suricata.service by default
 2024-05-14 19:27:46 +02:00
Viacheslav Hletenko
618b1379b7 T3420: Remove service upnp 2024-05-14 16:59:59 +00:00
Maxime THIEBAUT
845846108e suricata: T751: Disable suricata.service by default 2024-05-03 00:31:38 +02:00
Christian Breunig
1a7a54730d
Merge pull request #556 from sever-sever/T6228 
T6228: Cleanup of not existing systemd units
 2024-04-11 16:05:48 +02:00
Viacheslav Hletenko
0622fa1ee5 T6228: Cleanup of not existing systemd units 
Delete not existing units:
```
06:12:51  Failed to disable unit, unit logd.service does not exist.
06:12:51  Failed to disable unit, unit heartbeat.service does not exist.
```
 2024-04-11 12:06:46 +00:00
Viacheslav Hletenko
daf8d44060 T1797: Delete not exist disable vpp service 
The builder log:
```
06:12:53  Failed to disable unit, unit vpp.service does not exist.
```
 2024-04-11 11:32:39 +00:00
Indrajit Raychaudhuri
10b5c5bc93 ssh: T5841: Remove ssh-session-cleanup.service 
With libpam-systemd >= 230-2, ssh-session-cleanup.service is no longer
necessary because when `UsePAM yes` in `/etc/ssh/sshd_config` (which is
the default), SSH sessions are cleaned up automatically when ssh-server
is shutdown or the system is rebooted.
 2023-12-20 01:33:34 -06:00
Christian Breunig
8ce1ae8594
Merge pull request #336 from sarthurdev/kea 
dhcp: T3316: Disable Kea services
 2023-12-09 21:36:00 +01:00
Christian Breunig
a3d29d9110 T4426: disable arpwatch.service by default 2023-12-03 19:25:28 +01:00
John Estabrook
e891c1e160 image: T4516: enable vyos-grub-update service 2023-11-15 08:15:01 -06:00
sarthurdev
ab4b3ee64f dhcp: T3316: Disable Kea services 2023-10-05 13:53:52 +02:00
Apachez
d47424822d T5589: Nonstripped binaries exists in VyOS 2023-10-04 16:26:09 +02:00
Apachez
51cf19f135 T5589: Nonstripped binaries exists in VyOS 2023-09-26 23:11:04 +02:00
Apachez
b6d5529ceb T5589: Nonstripped binaries exists in VyOS 2023-09-26 22:43:29 +02:00
Christian Breunig
2ca594db0d T5511: drop empty hooks 
This is a roundup commit to 0be277647 ("T5511: Cleanup of unused directories
(and files) in order to shrink image-size") that dropy empty/commented out
live-build hook scripts.
 2023-09-16 08:04:26 +02:00
Apachez
0be277647d T5511: Cleanup of unused directories (and files) in order to shrink image-size 2023-09-16 05:09:56 +02:00
sarthurdev
d9e93d7353 live: T5568: Add serial boot option to live ISO 2023-09-14 22:04:26 +02:00
Christian Breunig
a9a1ca3cbb frr: T5239: remove daemons.conf generated by chroot hook 
Daemon configuration is now generated during boot via vyos-1x repo.

See https://github.com/vyos/vyos-1x/pull/2245
 2023-09-11 22:04:20 +02:00
Christian Breunig
1e10c349d4 frr: T5518: enable pim6d 2023-09-01 08:33:45 +02:00
Viacheslav Hletenko
cb330a797e T5524: Add config directory for livecd 
Add the '/config' directory for live image boot
One of the reasons the DHCP-server uses lease from this directory T2958
 2023-08-30 09:14:59 +00:00
Apachez
b120f757d6 T5511: Cleanup of unused directories (and files) in order to shrink image-size 2023-08-27 00:55:42 +02:00
Apachez
f9946312df T5468: Remove unused manpages to free up space 2023-08-24 09:22:25 +02:00
Viacheslav Hletenko
11916c657d T5448: Disable zabbix-agent service by default 2023-08-08 21:21:41 +00:00
Christian Breunig
b400aeff8b systemd: T5003: sendmail.service no longer exists 2023-08-06 20:56:04 +02:00
Christian Breunig
705a03eb98 systemd: T5003: cleanup timers 2023-08-05 20:26:07 +02:00
Christian Breunig
4d371db4ff frr: T5415: make mgmtd only listen on localhost 2023-08-04 20:09:45 +02:00
Christian Breunig
dcfbfe9cbb T3355: enable vyos-router.service 2023-07-15 14:34:30 +02:00
Viacheslav Hletenko
5d3d807ca4 T1797: Disable vpp.service 2023-06-27 16:35:37 +00:00
Christian Breunig
0fda5512f1 T5003: disable non required GPG user services 2023-06-08 21:14:17 +02:00
Christian Breunig
f8e96c8c0d T5239: disable FRR service - will by started in order by VyOS startup 2023-06-08 21:13:14 +02:00
Christian Breunig
0e7ba50e3d T5003: disable sendmail service 2023-05-21 23:16:38 +02:00
Christian Breunig
304ba451eb T5208: disable nvmf-autoconnect.service 2023-05-17 15:55:38 +02:00
Viacheslav Hletenko
63c1d9c962 T5203: Disable by default vyos-wan-load-balance.service 2023-05-05 12:09:12 +00:00
Christian Breunig
e52a5136ef Revert "systemd: services: remove autostart of sendmail and rsyslogd" 
This reverts commit 0b91d71b9cd7e9641287433ea0d0fed3982edb23.

Somehow FRR does not like it to be started with no logging daemon present and
Smoketests fail.
 2023-04-11 19:53:57 +02:00
Christian Breunig
0b91d71b9c systemd: services: remove autostart of sendmail and rsyslogd 2023-04-08 22:08:42 +02:00
Viacheslav Hletenko
bff83d0cfe T5142: systemd-journald-audit must not show logs from auditd 
auditd logs must no be displayed for journalctl
mask it
 2023-04-04 10:57:27 +00:00
Viacheslav Hletenko
4f03ffb52d T5086: Disable by default hsflowd service 2023-03-14 18:40:32 +00:00
Christian Breunig
fdc0441a77 systemd: services: T5003: disable podman services 2023-03-11 23:03:35 +01:00
Yuxiang Zhu
792214b860 T4977: Enable Babeld 
Babeld support has been merged https://github.com/vyos/vyos-1x/pull/1800
however I just noticed `/etc/frr/daemons` came from this file.
 2023-03-07 22:51:32 +08:00
Christian Breunig
6987aa10a6
Merge pull request #306 from sarthurdev/bookworm 
debian: T5003: Upgrade base system to Debian 12 "Bookworm"
 2023-02-15 19:06:08 +01:00
Christian Breunig
5207b6f510 strongSwan: T4593: move to charon-systemd 2023-02-14 19:47:51 +01:00
sarthurdev
b4a10607bb debian: T5003: Disable strongswan.service provided by charon_systemd 2023-02-13 22:41:07 +01:00
Christian Poessinger
09ec7740dc Revert "Resolve resource deadlock for udev iface shuffle" 
This reverts commit 8e6d765be123be9d937970ee96b7d6d0b5053ed5.

This breaks existing configurations:
https://forum.vyos.io/t/yesterday-and-todays-build-causes-network-interface-getting-corrupted-vyos-1-4-rolling-202301280924-amd64-iso
 2023-01-31 07:33:40 +01:00
RageLtMan
8e6d765be1 Resolve resource deadlock for udev iface shuffle 
UDEV contains a default rule triggered early-on which renames all
NICs by their index to eX, systemd-udevd subsequently renames the
eX interface to ethX. Systemd-udevd can fail to rename the iface
if it still has resource locks from the prior renaming which then
fails to apply all manner of configurations resulting in a booted
zombie which cannot handle L3 traffic.

Fix the concern by removing 62-temporary-interface-rename.rules
from /etc/udev/rules.d during the cleanup hook executed in
data/live-build-config/hooks/live/82-cleanup-udev-rules.chroot.

Testing:
  Boot-tested in OpenStack under identical infrastructure-as-code
states. Verified DHCP-assigned routes, execution of cloud-init,
and configuration stanzas injected through cloud-init applied to
the FW and system.
 2023-01-29 13:35:01 -05:00
Christian Breunig
e516e4c297 ntp: T3008: move from ntpd to chrony 2023-01-14 14:26:53 +01:00
Christian Poessinger
426579c34b Revert "systemd: T4593: disable strongswan service by default" 
This reverts commit 0351b37359517dab1a18379d180a01fd5271802e.
 2023-01-09 16:36:20 +01:00
Christian Poessinger
0351b37359 systemd: T4593: disable strongswan service by default 2022-12-27 18:36:38 +01:00