I completely ruined this now and therefore I had to make
it new again:
* I split the parameters into smaller chunks now and added
comments about why we have chosen those.
* I move it all to configure_build() since we do not need
to check if the host architecture is 64 bit capable, but
the architecture we are building for.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
We cannot reliably detect in this script any more if the
system has an actual HWRNG (/dev/hwrng always exists).
Therefore we always start the daemon now and let it
deal with what ever comes.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This caused that the xz command was called without any
extra arguments. This will now create the tar archive
first and then pass the archive through xz with our
command line switches.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Changes since V1:
- Tuned some more 'tar'-command lines
- Included 'lfs/core-updates'
- Some fine-tuning
Hi,
Current results with V2 (clean builds):
'next':
'packages' => 255 MB
'ipfire-2.19.2gb-ext4.i586-full-core121.img.gz => 319 MB
'ipfire-2.19.i586-full-core121.iso' => 218 MB
Total => 792 MB
'xz-tuning':
'packages' => 228 MB
'ipfire-2.19.2gb-ext4.i586-full-core121.img.gz' => 318 MB
'ipfire-2.19.i586-full-core121.iso' => 207 MB
Total => 753 MB (-39 MB)
It would be nice if someone could review and test these. ;-)
If necessary, I can upload a complete patch.
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Hi,
as mentioned in the "list", we're trying to make the archives as small as possible
using 'xz'-compression.
In order to achieve this, this patch tests the size of the memory available on the
host system.
It sets the xz-memory-limit (--memory=[N]Mib) to 70% of the available working memory,
a maximum of four xz-'worker threads' (-T4) and a compression rate of '-8' (-8).
These options are written to the 'XZ_OPT=' environment.
For details see:
https://linux.die.net/man/1/xz
I have set the number of available xz-'worker threads' (-T) to four (-T4), because during
the final tests the '-T0' parameter led to error messages snd stopped: 'cannot allocate memory'.
It wouldn't even run with 90%.
Furthermore, testing with '-T0' led to countless messages filling up '_build.packages.log'.
E.g.:
...
xz: Adjusted the number of threads from 8 to 2 to not exceed the memory usage
limit of 1557 MiB
...
Tests took place on a 32bit-Ubuntu 16.04.4-system with 8 GB RAM and an Intel I7-2600.
Build time was about 04:30 hrs. Perhaps a 64bit-system would perform better (higher
values), but my goal was to make this run on as many systems as possible, so I choosed
these averages.
If minimum requirements (1024 MB RAM) are not met, building stops.
Current results:
'next', untuned:
ipfire-2.19.2gb-ext4.i586-full-core121.img.gz => 332951687 Bytes
ipfire-2.19.i586-full-core121.iso => 228589568 Bytes
'next', XZ_OPT: -T4 -8, 70% RAM:
ipfire-2.19.2gb-ext4.i586-full-core121.img.gz => 329725723 Bytes
ipfire-2.19.i586-full-core121.iso => 217055232 Bytes
These two resulting archives are 14760300 Bytes smaller than before.
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Install initscript for NRPE addon.
The second version of this patch actually includes the
initscript, which was missing due to lack of coffee the
first time. :-)
Thanks to Michael for catching it.
Resent due to crappy linewrapping in initscript by MUA.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This makes debugging easier, especially when it comes to
GeoIP related firewall rules and database related issues
such as #11482.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fix some minor cosmetic issues on remote.cgi as well as a typo in
the language files ("sesstions" -> "sessions"). The changes are
listed in "filelists" for Core Update 121.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When creating firewallrules or using firewall groups,
it should be possible to select a single IpSec subnet if there is more than one.
This patch adds the changes to the firewall groups.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Tested-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When creating firewallrules or using firewall groups,
it should be possible to select a single IpSec subnet if there is more than one.
This patch has neccessary changes for the firewall-lib. While the network name of the IpSec changes
on save (subnet is added to name) we need to split the name or normalise the field before using it.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Tested-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When creating firewallrules or using firewall groups,
it should be possible to select a single IpSec subnet if there is more than one.
This patch has the changes for firewall.cgi
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Tested-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When creating firewallrules or using firewall groups,
it should be possible to select a single IpSec subnet if there is more than one.
This patch adds a new languagefileword "fwdfw all subnets" which is used in firewall.cgi and fwhosts.cgi
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Tested-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Display active user logins (both local and remote) at
the remote.cgi page in the WebUI. This might be useful
for debugging broken SSH sessions or simply checking that
nobody is currently logged in. :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Hi,
Excerpts from official announcement:
"This version fixes CVE-2018-0494 (Cookie injection vulnerability) found
by Harry Sintonen.
This version fixes several issues, mostly found by OSS-Fuzz.
It also introduces TLS1.3 with OpenSSL, a new option --ciphers and
updates the CSS grammar to version 2.2.
...
Noteworthy changes:
* Fix cookie injection (CVE-2018-0494)
* Enable TLS1.3 with recent OpenSSL environment
* New option --ciphers to set GnuTLS / OpenSSL ciphers directly
* Updated CSS grammar to CSS 2.2
* Fixed several memleaks found by OSS-Fuzz
* Fixed several buffer overflows found by OSS-Fuzz
* Fixed several integer overflows found by OSS-Fuzz
* Several minor bug fixes"
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
