We have been importing the language files many times when they are
actually rather slow. This just tidies this up.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch adds a watcher thread which monitors if Unbound is still
alive. If not, it will wait until Unbound comes back, rewrite the leases
file and reload Unbound to get it back into sync.
Afterwards Unbound will receive updates as usual.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This variable is no longer been used and has been abused way too much in
the past. May it rest in pieces.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This reverts commit 8ea702f3f8.
This commit seems to introduce many more regressions when building
packages which I cannot easily reproduce.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
We have defaulted to CAKE for all devices that quality. That has however
resulted in worse network quality as some devices could not provide the
compute power necessary for CAKE. There are however only very few
benefits to run an unconfigured CAKE.
This patch changes this back to fq_codel which is computationally
cheaper and should deliver 99% of the throughput that CAKE does. This is
presumably the better trade-off.
We don't use fq_codel on wireless devices since the kernel is running
this for each client. It would have been nice to only apply this to
wireless interfaces in AP mode, but I cannot find a way to tell the
difference with asking NETLINK.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- When a user tries to restore on the console from a backup on IPFire that has a colon in
the filename the tar treats this as meaning that everything after the colon is
information about a remote location to do the extraction to. This results in a filename
that cannot be found, and a remote location that is not correct and the tar operation
fails.
- This has been confirmed by myself.
- If the user tries a restore from a file downloaded to another computer then for most, if
not all browsers, the colon will have been replaced by an underscore or other character.
Firefox, Chromium and Vivaldi do this.
- So any backup file that is selected to be restored using the WUI will no longer have a
colon in the filename.
- This patch adds --force-local to the tar command, which means that tar will treat the
colon as a character in the filename. This will ensure that if a user has any backup
files stored on their IPFire system, with a colon in the filename then doing a restore
from this file will not cause tar to fail.
- The NOW variable is also changed to replace the colon by a dash and to separate the date
and time by an underscore. This filename will be accepted by browsers, without doing
any replacements. Tested out with Firefox, Chromium & Vivaldi.
- The above ensures that both the new and old filename versions will work for doing a
restore.
Fixes: bug13734
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The kernel's build system uses its own CFLAGS for building the kernel
but for the tooling we want to use our own CFLAGS.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This variable never actually held the kernel version. There were always
suffixes appended and other things changed about it. This makes it a lot
simpler as this variable now holds the actual kernel version.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
unshare(8) seems to fail with kernels older than 6.0.0 when mounting
the /proc filesystem in the inner namespace. This seems to be an bug
where unshare does not even try to mount the /proc filesystem but tries
to make its mount propagation private.
This is now solved in that way that we will use unshare on newer kernels
but will fall back on manually mounting the /proc filesystem once we have
entered the chroot environment.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When we create the outer mount namespace, we still want to receive any
mounts from the host system which is why we set it to slave.
The second mount namespace should be a copy of the outer one but should not
propagate anything back to the outer mount namespace.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When using QMI the dial-in option has to be set to "ppp" during setup.
In this case the initscript of suricata will create all related firewall
rules for the ppp0 interface which is not correct when using QMI where
the RED device is called red0.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package seemed to have bunlded WolfSSL which we don't want to use.
Instead we want to use OpenSSL.
The bundled version of WolfSSL did not want to compile with GCC 14.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This went really bad with the latest CSS changes. So this is a
refactor/rewrite of the CGI without many modifications.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This might only be useful for debugging (and even that is questionable).
So instead of flooding logs, we disable this, but it can be easily
enabled for development again.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
