This file is being read by some packages to find out on what
distribution they are running on.
This file needs to be included in every Core Update.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Since Go has a horrible build system which requires a Go
compiler to build the Go compiler and takes a very long
time to compile, we are following Rust and are using the
"official" pre-compiled release tarball.
We no longer ship the Go runtime, which mitigates the
risk of shipping any malware.
Because we currently only have one package using this
and which is only being compiled for x86_64, we are
only making Go available on this architecture.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
dhcpcd 9.x adds privelege seperation by creating a chroot
and running parts of the client not as root.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
With this commit suricata reads the HTTP port declarations from a newly
introduced external file
(/var/ipfire/suricata/suricata-http-ports.yaml).
This file dynamically will be generated. HTTP ports always are the
default port "80" and "81" for update Accelerator and HTTP access to the
WUI. In case the Web-proxy is used, the configured proxy port and/or Transparent
Proxy port also will be declared as a HTTP port and written to that file.
In case one of the proxy ports will be changed, the HTTP port file will
be re-generated and suricate restarted if launched. Also if an old
backup with snort will be restored the convert script handles the
generation of the HTTP ports file.
Finally the suricata-generate-http-ports-file as a tiny script which
simply generates the http ports file and needs to be launched during the
installation of a core update. (The script will no be required
anymore, so it could be deleted afterwards.)
Fixes#12308.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This file contains the configured ruleset and oinkcode settings and
therefore needs to be backuped and restored.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
fcrontab -z fails on a freshly installed system since
/var/spool/cron is now owned by cron:cron and a temporary
file cannot be created.
This will have to be manually changed in the updater by
calling:
chown cron:cron /var/spool/cron
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
For details see:
https://downloads.isc.org/isc/bind9/9.11.17/RELEASE-NOTES-bind-9.11.17.html
"Notes for BIND 9.11.17
Feature Changes
The configure option --with-libxml2 now uses pkg-config to detect
libxml2 library availability. You will either have to install pkg-config
or specify the exact path where libxml2 has been installed on your
system. [GL #1635]
Bug Fixes
Fixed re-signing issues with inline zones which resulted in records
being re-signed late or not at all."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
