vyos/vyos-build
1
0
Fork 0
mirror of https://github.com/vyos/vyos-build.git synced 2025-10-01 20:28:40 +02:00
Code Issues Packages Projects Releases Wiki Activity
2,660 Commits 9 Branches 17 Tags
Commit Graph

74 Commits

Author SHA1 Message Date
Christian Breunig
fd737172f1 T861: add UEFI Secure Boot support 
This adds support for UEFI Secure Boot. It adds the missing pieces to the Linux
Kernel and enforces module signing. This results in an additional security
layer where untrusted (unsigned) Kernel modules can no longer be loaded into
the live system.

NOTE: This commit will not work unless signing keys are present. Arbitrary
keys can be generated using instructions found in:

  data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md
 2024-09-14 23:05:23 +02:00
Christian Breunig
d50707bb29 T1416: remove deprecated default-union-grub-entry 2024-09-05 07:13:08 +02:00
John Estabrook
3f42cf0865 migration: T6006: move config.boot.default to vyos-1x 2024-06-05 20:00:59 -05:00
John Estabrook
04948aa983 T6356: normalize '.., ntp, server' path syntax in config.boot.default 2024-05-16 13:19:02 -05:00
Ginko
d2d083ac57
Enhance config.boot.default NTP allow-clients for T5694 and T6123 
Adds ipv4/ipv6 localhost, link-local and private address as allowed-clients to NTP service.
 2024-04-11 11:29:14 -04:00
Daniil Baturin
ff3645d4c3
Update the rolling release signing key 2024-04-02 14:19:31 +01:00
Christian Breunig
311963f379 ixgbe: T6155: remove modprobe.d option file 2024-03-22 09:02:21 +01:00
Christian Breunig
4110c7359d banner: T6077: implement ASCII contest winner default logo 2024-02-28 20:49:46 +01:00
greenpsi
80fdd62c73 T5945: add minisign public key for rolling release 2024-01-14 23:55:48 +01:00
Indrajit Raychaudhuri
10b5c5bc93 ssh: T5841: Remove ssh-session-cleanup.service 
With libpam-systemd >= 230-2, ssh-session-cleanup.service is no longer
necessary because when `UsePAM yes` in `/etc/ssh/sshd_config` (which is
the default), SSH sessions are cleaned up automatically when ssh-server
is shutdown or the system is rebooted.
 2023-12-20 01:33:34 -06:00
zsdc
5765d67009 initramfs: T5824: Added openssl.cnf to initramfs 
Without `openssl.cnf` software that uses `libssl` (for example busybox) has
issues with connections to some HTTPS servers.
 2023-12-14 14:20:52 +02:00
Christian Breunig
ccda7e415e netplug: T5476: move configuration files to vyos-1x repo 2023-08-16 13:24:35 +02:00
Christian Breunig
9fbe7e6d92 qat: fix file permission in rootfs - 755 not required 2023-06-17 08:41:10 +02:00
Christian Breunig
6a58292685 T5234: move BASH skeleton files to vyos-1x repo 2023-05-21 23:16:44 +02:00
Christian Breunig
8f4837fcf7
Merge pull request #302 from sempervictus/bug/udev_rename_deadlock 
T4966: Delay UDEV execution, avoid rename deadlock
 2023-03-08 07:36:47 +01:00
Christian Breunig
82f35fd474 T5001: Replace links to the phabricator site 
Replace links to the phabricator site from https://phabricator.vyos.net to
https://vyos.dev
 2023-02-12 21:13:05 +01:00
RageLtMan
f24c7ca09f T4966: Delay UDEV execution, avoid rename deadlock 
UDEV will rename interfaces from whatever the kernel called them
to eX before converting them to ethX during init. In current VyOS,
the second renaming operation can run into a lock on the adapter
preventing altering its name. As a result, the adapter will remain
in the eX configuration, preventing proper execution of subsequent
scripts and configuration stanzas.

The initial renaming step has to remain as it is needed to work
around other issues, which leaves the somewhat hacky approach of
delaying the second renaming step slightly in an effort to let the
device lock holders settle, releasing it for rename to ethX. This
is accomplished by a kernel commandline paramter (3s), which can be
tweaked to reduce impact or wait longer as needed on different
devices - udev.exec_delay=3
 2023-01-31 13:13:55 -05:00
Daniil Baturin
f84a69729a T4084: add the default VyOS post-login banner to the image 2021-12-19 11:16:45 +07:00
Christian Poessinger
24c0334519 Revert "T3912: use a more informative default login banner" 
This reverts commit c93c12d0813b276501562bc88bea68daee60b266.
 2021-11-07 20:30:26 +01:00
Daniil Baturin
c93c12d081 T3912: use a more informative default login banner 2021-10-17 09:40:27 -04:00
Christian Poessinger
16ed3787c1 T3879: bugfix GPG signature validation on image install 
(cherry picked from commit f9c89e3565037b4f60aef2577f9fdaa70da7b751)
 2021-10-16 18:55:40 +02:00
John Estabrook
b40705531c Revert "Merge pull request #186 from erkin/current" 
This reverts commit c753685173a48fdc2e47694f4b896e241caa7beb, reversing
changes made to 1d3d0401eeb9e8138f606433b6bbcd8c3f76c898.
 2021-09-20 09:35:39 -05:00
erkin
465af2e4e6 T3821: Hardcode component versions in configuration files 2021-09-11 22:53:22 +03:00
DmitriyEshenko
220bcf59f2 ntp: T2123: Change NTP servers in default configs 2021-05-27 09:50:15 +00:00
Christian Poessinger
430f2a8993 chroot: import modprobe.d/no-copybreak.conf from vyatta-cfg-system 2021-04-09 13:49:48 +02:00
Daniil Baturin
68007b92d6 T2108: add main and backup minisign release keys. 2021-04-03 22:48:12 +07:00
Christian Poessinger
f97f4aca40 Kernel: T3218: remove unavailable RSS parameter from intel driver options 
This is a roundup commit to ae2279e ("Kernel: no longer build Intel out-of-tree
NIC drivers") as the in-tree drivers do not support this option, the always use
the maximum available number.
 2021-01-17 20:34:47 +01:00
Christian Poessinger
eb1eb17b04 netplug: T3130: add VyOS specific helper script 2020-12-15 18:27:18 +01:00
Christian Poessinger
f0cbc17bda netplug: T3130: replace vyos-netplug with upstream Debian version 2020-12-14 18:52:33 +01:00
Christian Poessinger
6c1ed1c93f Revert "QAT: T2968: add support for Intel Atom C2000 platform" 
This reverts commit b234558db422390ed4d995e9134fe91c37d6cc8f.
 2020-11-13 09:16:57 +00:00
DmitriyEshenko
d14dacc5ab modules: T2984: Increase HW queues 2020-10-17 07:15:52 +00:00
Christian Poessinger
b234558db4 QAT: T2968: add support for Intel Atom C2000 platform 2020-10-09 19:13:28 +02:00
DmitriyEshenko
4d76890b35 QAT: T2932: Replace symlinks to files 2020-09-30 07:56:43 +00:00
kroy
2e4f60d495 T2678: Fixing massive memory usage with ssh and large number of routes 2020-07-05 15:45:13 -05:00
Christian Poessinger
be5b71edd7 QAT: import device configuration files 2020-05-30 19:35:13 +02:00
Christian Poessinger
79bb02aa42 systemd-bootchart: add configuration 2020-05-20 16:23:12 +02:00
Christian Poessinger
b385de7f43 chroot: T2340: add /etc/login.defs 2020-04-19 20:56:24 +02:00
kroy-the-rabbit
208d90f0d7
T2118: Add fsck tools to initramfs image 2020-03-10 20:54:11 -05:00
zsdc
cb9b13d910 initramfs: T1971: Extended initramfs-hook script 
Included:
  * libnss_dns.so.2 (required for DNS resolving from initramfs)
  * ca-certificates.crt (required for fetching files via HTTPS)
 2020-02-28 14:59:33 +02:00
zsdc
309576112e initramfs: T1971: Added initramfs-hook script for including modules 
The script allows include to initramfs or include and force to load any modules, listed inside.
Initially, the script replaces the trick used for intel drivers
 2020-02-25 19:10:14 +02:00
Christian Poessinger
62596a64f2 login: T1948: level node has been dropped from user 
There is no sense in having a user level when infact there is only the one
level "admin".
 2020-02-05 21:03:54 +01:00
Christian Poessinger
e58f2c396f VMware: move additional files to vyos-1x-vmware package 2020-01-25 08:50:20 +01:00
Christian Poessinger
e00af02a24 vmware-tools: import script file from vyos-vmwaretools-scripts repo 2019-12-27 23:55:07 +01:00
John Estabrook
1b3c234f21 T1676: [equuleus] buster: update GRUB boot parameters during upgrade 2019-09-20 18:44:49 -05:00
Christian Poessinger
8a681c6194 openvpn: T1630: add sudo configuration for openvpn user 2019-09-06 15:16:12 +02:00
Christian Poessinger
e81b7d5b25 [intel] T1554: enable RSS and Multiqueue for Intel IGB/IXGBE drivers 2019-07-31 21:41:55 +02:00
John Estabrook
4700953e29 T1327: Set the serial console speed to 115200 by default 
Set the serial console speed to 115200 in all build scripts, as is the
standard for current boards. This avoids an annoyance for users of the
livecd, and makes the defaults in build scripts in tools/ and scripts/
consistent.
 2019-04-16 13:47:51 -05:00
Christian Poessinger
43045e721c T1310: use FQDN as hostname in config prompt 2019-03-22 08:46:35 +01:00
Christian Poessinger
fd63d726f2 T1245: autoload br_netfilter kernel module on startup 2019-02-13 22:30:25 +01:00
danhusan
32ac33cd31
T1120: Add rootdelay=5 by default in grub.cfg 
Let disks settle to workaround issue with MD array not being detected.
 2019-01-02 13:56:03 +01:00