Commit Graph

11097 Commits

Author SHA1 Message Date
Michael Tremer
2eda545fc7 core176: Ship diffutils
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2023-06-15 09:28:19 +00:00
Michael Tremer
89233e1abe core176: Ship dhcpcd
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2023-06-15 09:27:21 +00:00
Michael Tremer
36edd6d923 core176: Ship /etc/rc.d/init.d/partresize
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2023-06-15 09:26:20 +00:00
Michael Tremer
94820d5062 core176: Re-ship ovpnmain.cgi
This is just to ensure that all systems have the latest version of this
file as it has been changed during the test phase of the previous
update.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2023-06-15 09:23:34 +00:00
Michael Tremer
13183b0672 Start Core Update 176
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2023-06-15 09:23:02 +00:00
Adolf Belka
d57f305a10 update.sh: Fixes bug#13138 - root/host certificate set fails to be created
- The fix applied in vpnmain.cgi only adds the unique_subject = yes to the index.txt.attr
   file after the first time that the root/host certificates are attempted to be created.
- Without this line in update.sh, the first attempt to create the root/host certificate set
   will still have the original error code. If the creation is attempted again then it will
   work because the unique_subject = yes will have then been added into the file.
- This patch ensures that the first attempt to create a root/host certificate set in CU175
   will work.
- Confirmed on vm testbed with freshly updated CU175.

Fixes: Bug#13138
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2023-06-09 12:44:19 +00:00
Peter Müller
3d2beee7b1 Core Update 175: Ship vpnmain.cgi
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2023-06-05 14:52:01 +00:00
Peter Müller
495ea08478 Core Update 175: Ship backup.pl
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2023-06-05 14:51:09 +00:00
Adolf Belka
9eb2086e0f backup.pl: Fixes Bug#13137 - Existing n2n client connection created with openssl-1.1.1x fails to start with openssl-3.x
- This code adds the "providers legacy default" line into OpenVPN N2N Client config files
   when restoring them in case it is missing from a backup earlier than CU175.
   Only adds the line if it is not already present.
- Tested out on my vm testbed system

Fixes: Bug#13137
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
2023-06-05 14:50:18 +00:00
Adolf Belka
2054306c63 update.sh: Fixes Bug#13137 - Existing n2n client connection created with openssl-1.1.1x fails to start with openssl-3.x
- This modification will check if ovpnconfig exists and is not empty. If so then it will
   check for all n2n connections and if they are Client configs will check if
   "providers legacy default" is not already present and if so will add it.

Fixes: Bug#13137
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
2023-06-05 14:49:51 +00:00
Peter Müller
9797af3006 OpenSSL: Update to 3.1.1
Changelog concerning this version: https://www.openssl.org/news/cl31.txt
Accompanying security advisory: https://www.openssl.org/news/secadv/20230530.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2023-05-30 23:06:53 +00:00
Arne Fitzenreiter
cfd5dbf1bb alsa: update to 1.2.9 and add ucm configfiles
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2023-05-30 09:21:54 +00:00
Arne Fitzenreiter
25aa552258 kernel: update to 6.1.30
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2023-05-30 09:21:34 +00:00
Michael Tremer
76d514cf5b core175: Remove file that has been deleted through reverts
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2023-05-26 14:27:31 +00:00
Michael Tremer
d4c1274290 Revert "web-user-interface: Addition of new icon for secure connection certificate download"
This reverts commit 18bece0edb.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2023-05-26 14:27:08 +00:00
Michael Tremer
70ccbf30f3 Revert "update.sh: Adds code to update an existing ovpnconfig with pass or no-pass"
This reverts commit 9cac1034bc.

https://lists.ipfire.org/pipermail/development/2023-May/015952.html

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2023-05-24 10:02:00 +00:00
Michael Tremer
bd313e31b8 Revert "core175: Ship updated clwarn.cgi"
This reverts commit 9fae7ab32b.

This file is not part of the core distribution, but part of the
squidclamav package.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2023-05-24 10:00:49 +00:00
Michael Tremer
9fae7ab32b core175: Ship updated clwarn.cgi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2023-05-24 08:22:56 +00:00
Adolf Belka
416f317376 openssl: Fix for Bug#13117 - adds legacy option in for openssl extraction of cert & key
- OpenSSL-3.x gives an error when trying to open insecure .p12 files to extract the cert
   and key for the insecure package download option.
- To make this work the -legacy option is needed in the openssl command, which requires
   the legacy.so library to be available.
- Successfully tested on a vm system.
- Patch set built on Master (CU175 Testing)

Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
2023-05-22 22:08:11 +00:00
Arne Fitzenreiter
c6c78f8e11 kernel: update to 6.1.29
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2023-05-19 12:05:52 +00:00
Jon Murphy
f23508b724 rsnapshot: New addon
- What is it?
	rsnapshot is a filesystem snapshot utility based on
	rsync. rsnapshot makes it easy to make periodic snapshots of the
	ipfire device. The code makes extensive use of hard links whenever
	possible, to greatly reduce the disk space required.  See:
	https://rsnapshot.org

- Why is it needed?
	Rsnapshot backups run multiple times per day
	(e.g., once per day up to 24 times per day). Rsnapshot is much easier
	to configure, setup and use than the borg backup add-on.  (I found
	borg somewhat confusing). Rsnapshot completes each backup very fast.
	Unlike borg, rsnapshot does not compress each backup before storage.
	During a complete rebuild, borg backup need installation of the borg
	add-on to recover archived files.  Rsnapshot backups can be copied
	directly from the backup drive. Current backups (backup.pl or borg)
	could corrupt sqlite3 databases by running a backup during a database
	write.  This add-on includes a script specifically for sqlite backups.

- IPFire Wiki
	In process at: https://wiki.ipfire.org/addons/rsnapshot

Thanks to Gerd for creating a first build and a nice template for me!

Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
2023-05-18 11:24:29 +00:00
Peter Müller
1d5b66b145 Core Update 175: Ship harfbuzz
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2023-05-18 10:55:30 +00:00
Peter Müller
de5d9c9b47 Core Update 175: Merely reload firewall engine, instead of restart it
The latter will not work until a reboot due to the Core Update featuring
a new kernel, and will instead result in the following error:

modprobe: FATAL: Module nf_log_ipv4 not found in directory /lib/modules/6.1.27-ipfire

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2023-05-18 10:01:39 +00:00
Peter Müller
e5632e6697 Core Update 175: Ship necessary files for OpenVPN CGI changes
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2023-05-18 09:53:37 +00:00
Adolf Belka
9cac1034bc update.sh: Adds code to update an existing ovpnconfig with pass or no-pass
- The code checks first if ovpnconfig exists and is not empty.
- Then it makes all net2net connections no-pass since they do not use encryption
- Then it cycles through all .p12 files and checks with openssl if a password exists or not.
   If a password is present then pass is added to index 41 and if not then no-pass is added
   to index 41
- This code should be left in update.sh for future Core Updates in case people don't update
   with Core Update 175 but leave it till later. This code works fine on code that already
   has pass or no-pass entered into index 41 in ovpnconfig

Fixes: Bug#11048
Suggested-by: Erik Kapfer <ummeegge@ipfire.org>
Suggested-by: Adolf Belka <adolf.belka@ipfire.org>
Tested-by: Erik Kapfer <ummeegge@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
2023-05-18 09:51:09 +00:00
Adolf Belka
18bece0edb web-user-interface: Addition of new icon for secure connection certificate download
- This uses a padlock icon from https://commons.wikimedia.org/wiki/File:Encrypted.png
- The license for this image is the following:-
   This library is free software; you can redistribute it and/or modify it under the terms
   of the GNU Lesser General Public License as published by the Free Software Foundation;
   either version 2.1 of the License, or (at your option) any later version. This library
   is distributed in the hope that it will be useful, but without any warranty; without
   even the implied warranty of merchantability or fitness for a particular purpose. See
   version 2.1 and version 3 of the GNU Lesser General Public License for more details.
- Based on the above license I believe it can be used by IPFire covered by the GNU General
   Public License that is used for it.
- The icon image was made by taking the existing openvpn.png file and superimposing the
   padlock icon on top of it at a 12x12 pixel format and naming it openvpn_encrypted.png

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
2023-05-18 09:51:09 +00:00
Adolf Belka
f9e2cd1c0b wio: add references to wio cgi and image files
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
2023-05-18 09:47:47 +00:00
Adolf Belka
b6b59014a3 wio: add reference to wio menu
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
2023-05-18 09:47:47 +00:00
Adolf Belka
b1584da093 wio: moved files from src/wio directory to standard IPFire location
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
2023-05-18 09:47:47 +00:00
Adolf Belka
1ee6f37fb4 wio: move files from src/wio/main/ to standard IPFire location
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
2023-05-18 09:47:46 +00:00
Adolf Belka
b637cb23c8 wio: move addon language files to standard IPFire location
- This location used by guardian addon

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
2023-05-18 09:47:46 +00:00
Adolf Belka
1d666a6b3b wio: relocate wio menu item to standard IPFire location
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
2023-05-18 09:47:46 +00:00
Adolf Belka
addb1b2fe1 wio: Move backup/includes file to standard IPFire location
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
2023-05-18 09:47:46 +00:00
Peter Müller
e8a73cfe94 initscripts: Remove re-added lvmetad initscript from rootfiles
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2023-05-18 09:46:41 +00:00
Jonatan Schlag
3a96d482f6 initscripts: Sort rootfiles
This simply sorts the rootfiles. Everything should be sorted :-).

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
2023-05-18 09:43:23 +00:00
Peter Müller
94d883abe7 Core Update 175: Remove any dropped add-ons, if installed
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2023-05-18 09:37:00 +00:00
Adolf Belka
0a54896b20 python3-pkgconfig: Identified that this module is only required as a build time dependency
- Moved rootfile from common to packages and commented out all entries.
- Updated lfs file from addon to core package that is only used for build

Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
2023-05-18 09:31:12 +00:00
Adolf Belka
e6cfa25714 python3-flit_scm: Fixes Bug#13076 - Build time dependency for python3-exceptiongroup
Fixes: Bug#13076
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
2023-05-18 09:31:12 +00:00
Adolf Belka
1da6cbf79f python3-exceptiongroup: Fixes Bug#13076 - New run time dependency for borgbackup fuse mount
Fixes: Bug#13076
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
2023-05-18 09:31:12 +00:00
Adolf Belka
ad4df98d7f python3-attr: Module no longer needed in the borgbackup dependency chain
- Previous update of python3-trio to 0.22.0 removed this dependency.

Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
2023-05-18 09:31:12 +00:00
Arne Fitzenreiter
6a005bd9aa kernel: update to 6.1.28
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2023-05-16 18:53:01 +00:00
Arne Fitzenreiter
a211d45238 dracut: lower ram usage at compression
this lower the compression ratio sligtly (the ramdlisk is 100kb
larger) and use only a single thread now. (it's still faster than
before on a dual core.)

fixes: #13091

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2023-05-16 18:52:08 +00:00
Peter Müller
ccd793b360 linux: Update rootfiles
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2023-05-12 18:29:27 +00:00
Peter Müller
30b904fb80 Core Update 175: Remove orphaned qpdf libraries, if present
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2023-05-11 20:29:21 +00:00
Peter Müller
31620ed428 Core Update 175: Ship more files dependant on OpenSSL
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2023-05-11 20:28:45 +00:00
Peter Müller
cf1b407f05 Core Update 175: Ship mpfr
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2023-05-11 20:11:04 +00:00
Adolf Belka
133b2ae6bb libcap: Adjust the lfs file to place pkg-config files in the correct place
- libcap places the files by default in /lib and not /usr/lib etc. To fix this libcap made
   a symlink for the library file from /lib to /usr/lib. However the .pc files were left
   in /lib/pkgconfig and not /usr/lib/pkgconfig and were therefore not found by the update
   of rng-tools which now required libcap to be found.
- Changed the prefix settings for libcap which placed the libraries and .pc files in the
   correct locations while keeping the executables in their existing location.
- This removed the need for symlinking /usr/lib/libcap.so to /lib/libcap.so.2.67 as the
   libraries are now placed in /usr/lib
- Installed the ipfire build with these changes into a vm system and confirmed that
   everything worked. Input from Michael Tremer that if ping worked then libcap was
   functioning correctly.
- The prefixes have to be applied to both make and make install to end up with the files
   in the correct places.

Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
2023-05-11 20:10:00 +00:00
Peter Müller
cef4daddf7 Core Update 175: Remove orphaned lvmetad initscript
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2023-05-11 20:09:23 +00:00
Adolf Belka
0921556c85 initscripts: removal of lvmetad initscript
- With the last update of lvm2 lvmetad was removed from lvm2. I did not recognise that
   lvmetad had been setup as an automatic initscript, so it no longer works as the
   binary is no longer provided.
- This patch removes the lvmetad initscript, the reference to lvmetad in the initscript
   lfs file and the lvmetad initscript entries in the rootfile for each architecture.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
2023-05-11 20:08:07 +00:00
Peter Müller
ad6ad54f18 Core Update 175: Ship backup.cgi
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2023-05-11 20:07:33 +00:00