- Update from version 3.08 to 3.10
- Update of rootfile not required
- Renamed build_mountpoint patch
- Changelog
3.10
When the user executes "machinectl stop", systemd sends SIGRTMIN+4 to PID 1
in the container, and expects that to initiate a graceful shutdown
(power-off). SysV init now catches this signal and initiates a shutdown
(shutdown -hP now).
Fix issue in bootlogd which could cause the service to enter an endless loop
(and use too much CPU) when it is able to open a device for writing, but not
actually able to write to it. This resulted in bootlogd closing and
re-opening the device over and over. Now bootlogd should simply fail
gracefully when it cannot write to an open file/device.
Fix formatting in shutdown.8 manual page. Cleaned up whitespace and special
characters.
3.09
On Linux distributions which use the musl C library (instead of glibc) we can now
build properly. Specifically, the hddown helper program now builds on musl C
systems.
The reboot command is now able to pass messages to the underlying firmware on
Linux systems during a reboot. This allows the admin to pass information to the
underlying firmware to, for example, ask the system to boot from another
partition. Should be helpful on Raspberry Pi systems.
The reboot command can pass a message to the firmware when using the "-m"
command line flag.
This release also improves the Makefile's clean directive.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 0.25.3 to 0.25.5
- Update of rootfile
- Changelog
0.25.5
* iter: fix recursive attribute loading [PR#642]
* fix building on FreeBSD 14.0 (amd64) [PR#644]
* test fix [PR#645]
0.25.4
* rpc: add support for recursive attributes [PR#624, PR#629, PR#631, PR#633]
* p11-kit: add function to check run-time version of the library [PR#637]
* p11-kit: expose version information through macros [PR#635]
* p11-kit: add option to specify CKA_ID in generate-keypair and import-object
commands [PR#615]
* p11-kit: add --provider option to specify PKCS#11 module when using p11-kit
commands [PR#611]
* p11-kit: fix a bug where eddsa mechanism isn't recognized in generate-keypair
[PR#617]
* p11-kit: fallback to C_GetFunctionList when C_GetInterface returns
CKR_FUNCTION_NOT_SUPPORTED [PR#622]
* bug and build fixes [PR#603, PR#604, PR#605, PR#606, PR#609, PR#614, PR#616,
PR#619, PR#627, PR#628, PR#632, PR#636, PR#639]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.8.5 to 3.8.7
- Update of rootfile
- Changelog
3.8.7
** libgnutls: New configure option to compile out DSA support
The --disable-dsa configure option has been added to completely disable DSA
algorithm support.
** libgnutls: Experimental support for X25519Kyber768Draft00 key exchange in TLS
For testing purposes, the hybrid post-quantum key exchange defined
in draft-tls-westerbaan-xyber768d00 has been implemented using
liboqs. Since the algorithm is still not finalized, the support of
this key exchange is disabled by default and can be enabled with
the --with-liboqs configure option.
3.8.6
** libgnutls: PBMAC1 is now supported as a MAC mechanism for PKCS#12
To be compliant with FIPS 140-3, PKCS#12 files with MAC based on
PBKDF2 (PBMAC1) is now supported, according to the specification
proposed in draft-ietf-lamps-pkcs12-pbmac1.
** libgnutls: SHA3 extendable output functions (XOF) are now supported
SHA3 XOF, SHAKE128 and SHAKE256, are now usable through a new
public API gnutls_hash_squeeze.
** API and ABI modifications:
gnutls_pkcs12_generate_mac3: New function
gnutls_pkcs12_flags_t: New enum
gnutls_hash_squeeze: New function
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
We have been importing the language files many times when they are
actually rather slow. This just tidies this up.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch adds a watcher thread which monitors if Unbound is still
alive. If not, it will wait until Unbound comes back, rewrite the leases
file and reload Unbound to get it back into sync.
Afterwards Unbound will receive updates as usual.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This variable is no longer been used and has been abused way too much in
the past. May it rest in pieces.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This reverts commit 8ea702f3f8.
This commit seems to introduce many more regressions when building
packages which I cannot easily reproduce.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
We have defaulted to CAKE for all devices that quality. That has however
resulted in worse network quality as some devices could not provide the
compute power necessary for CAKE. There are however only very few
benefits to run an unconfigured CAKE.
This patch changes this back to fq_codel which is computationally
cheaper and should deliver 99% of the throughput that CAKE does. This is
presumably the better trade-off.
We don't use fq_codel on wireless devices since the kernel is running
this for each client. It would have been nice to only apply this to
wireless interfaces in AP mode, but I cannot find a way to tell the
difference with asking NETLINK.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- When a user tries to restore on the console from a backup on IPFire that has a colon in
the filename the tar treats this as meaning that everything after the colon is
information about a remote location to do the extraction to. This results in a filename
that cannot be found, and a remote location that is not correct and the tar operation
fails.
- This has been confirmed by myself.
- If the user tries a restore from a file downloaded to another computer then for most, if
not all browsers, the colon will have been replaced by an underscore or other character.
Firefox, Chromium and Vivaldi do this.
- So any backup file that is selected to be restored using the WUI will no longer have a
colon in the filename.
- This patch adds --force-local to the tar command, which means that tar will treat the
colon as a character in the filename. This will ensure that if a user has any backup
files stored on their IPFire system, with a colon in the filename then doing a restore
from this file will not cause tar to fail.
- The NOW variable is also changed to replace the colon by a dash and to separate the date
and time by an underscore. This filename will be accepted by browsers, without doing
any replacements. Tested out with Firefox, Chromium & Vivaldi.
- The above ensures that both the new and old filename versions will work for doing a
restore.
Fixes: bug13734
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The kernel's build system uses its own CFLAGS for building the kernel
but for the tooling we want to use our own CFLAGS.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This variable never actually held the kernel version. There were always
suffixes appended and other things changed about it. This makes it a lot
simpler as this variable now holds the actual kernel version.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
unshare(8) seems to fail with kernels older than 6.0.0 when mounting
the /proc filesystem in the inner namespace. This seems to be an bug
where unshare does not even try to mount the /proc filesystem but tries
to make its mount propagation private.
This is now solved in that way that we will use unshare on newer kernels
but will fall back on manually mounting the /proc filesystem once we have
entered the chroot environment.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When we create the outer mount namespace, we still want to receive any
mounts from the host system which is why we set it to slave.
The second mount namespace should be a copy of the outer one but should not
propagate anything back to the outer mount namespace.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
