- When borgbackup was upgraded from version 1.1.17 to 1.2.0 the build was sucessfully
completed but there was no testing feedback till after full release. It turned out
that it did not successfully run.
- python3-packaging which had been installed for the build of borgbackup needed to also
be available for the execution.
- When borgbackup was upgraded to 1.2.0 it was noticed that the old python3-msgpack was
no longer needed as borgbackup used its own bundled msgpack since around version 1.1.10
What was not seen was that in version 1.1.19 or 1.1.18 the bundled version of msgpack
had been removed and that the newer version of python3-msgpack now needed to be
installed but the version number has to meet the borgbackup requirements which currently
require it to be =<1.0.3
- This patch adds the python3-packaging and python3-msgpack modules as dependencies for
borgbackup
- The egg-info files are uncommented in the rootfile so that the borgbackup metadata can
be found by python.
- The updated borgbackup build together with the python3-packaging and python3-msgpack
modules were installed into a vm system using the .ipfire packages.
Successfully initialised a borgbackup repo and ran two backups to the repo and checked
the stats for the backup. Everything ran fine.
Fixes: Bug #12884
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
botocore parses any interface descriptions and exposes them to Python.
For that to work, we need to ship them.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Device time more accurate. (e.g., +/- 10 seconds per day to < 100 ms on some devices)
( I know we don't need the perfect time server )
- NTP and time will be accurate in manual mode (setting on Time Server > NTP Configuration WebGUI)
- Change NTP "prefer" server:
- The current preferred NTP server in an Undisciplined Local Clock.
- This is intended when no outside source of synchronized time is available.
- Change the "prefer" server from 127.127.1.0 to the Primary NTP server specified on
the Time Server > NTP Configuration WebGUI page.
- Change allows the drift file (located at /etc/ntp/drift) to be populated by ntpd.
- The drift file is updated about once per hour which helps correct the device time.
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Both packages have become part of the core system, so these files
are not longer needed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
pango and the PDF tools as core parts are linked against
libtiff, therefore this library has to become a part of the
core distribution too.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
On one hand, the key.dns_resolver binary is linked against libkrb5, so this
library at least is required by the base system.
On the other hand this easily allows different services on the firewall
to use kerberos for authentication (ssh etc).
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The function returned different output when TOTP was configured and not
which is not what it should do.
This version will now try to add the TOTP configuration, or will add
nothing it if fails to do so.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Move reading of environment in it's own function because not all
events have a ENV block following and thus always reading the ENV
will cause RuntimeError("Unexpected environment line ...").
This script runs aside of OpenVPN and connects to the management socket.
On the socket, OpenVPN will post any new clients trying to authenticate
which will be handled by the authenticator.
If a client has 2FA enabled, it will be challanged for the current token
which will then be checked in a second pass.
Clients which do not have 2FA enabled will just be authenticated no
matter what and tls-verify will have handled the rest.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Add two-factor authentication (2FA) to OpenVPN host connections with
one-time passwords.
The 2FA can be enabled or disabled per host connection and requires the
client to download it's configuration again after 2FA has beend enabled
for it.
Additionally the client needs to configure an TOTP application, like
"Google Authenticator" which then provides the second factor.
To faciliate this every connection with enabled 2FA
gets an "show qrcode" button after the "show file" button in the
host connection list to show the 2FA secret and an 2FA configuration QRCode.
When 2FA is enabled, the client needs to provide the second factor plus
the private key password (if set) to successfully authorize.
This only supports time based one-time passwords, TOTP with 30s
window and 6 digits, for now but we may update this in the future.
Signed-off-by: Timo Eissler <timo.eissler@ipfire.org>
