webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-05-01 07:50:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,648 Commits 2 Branches 1 Tag
bd0feb32e34ed5176d09b92aa13ae54a12cc7952
Commit Graph

295 Commits

Author SHA1 Message Date
Michael Tremer
97b1857ba4 random: Initialise the kernel's PRNG earlier 
Since more processes depend on good randomness, we need to
make sure that the kernel's PRNG is initialized as early as
possible.

For systems without a HWRNG, we will need to fall back to our
noisy loop and wait until we have enough randomness.

This patch also removes saving and restoring the seed. This
is no longer useful because the kernel's PRNG only takes any
input after it has successfully been seeded from other sources.

Hence adding this seed does not increase its randomness.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-05-17 07:46:32 +00:00
Michael Tremer
65cb935200 random: Launch rngd earlier in the boot process 
We should initialise the kernel's PRNG as early as we can.

Starting rngd very early will seed the random number generator
when RDRAND or other hardware random number generators are available.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-05-17 07:45:30 +00:00
Arne Fitzenreiter
289a86a320 rootfiles: change MACHINE to xxxMACHINExxx 
berkeley has a file that nane contain MACHINE wich should not
replaced by the build architecture.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-05-10 17:27:28 +00:00
Erik Kapfer
b877372d92 hyperscan: Update to version 5.2.1 
Several bugfixes, improvements and extra detection has been added.
For the full changelog, take a look into here -->
https://github.com/intel/hyperscan/blob/master/CHANGELOG.md .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-05-09 11:54:34 +00:00
Michael Tremer
6b75121120 gcc: Drop Go on i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-20 15:25:51 +00:00
Michael Tremer
29cb9e478a glibc: Update to 2.31 
Fixes: #12288
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-22 07:30:45 +00:00
Michael Tremer
6b3b3a32ab swap: Start swap after mounting filesystems 
When using a swap file, it is not being activated correctly
when the filesystem it is residing on is not mounted, yet.

The root file system is mounted read-only here before
S40mountfs is being executed.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-21 16:19:54 +00:00
Peter Müller
cfd2f07cf0 binutils: update to 2.34 
Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-21 15:44:06 +00:00
Michael Tremer
067a6fd040 gcc: Update to 9.3.0 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-21 15:43:41 +00:00
Arne Fitzenreiter
a344d3c902 unbound/red.up: run unbound update-forwarders after suricata init. 
The old suricata instance blocks dns requests if the red ip has changed.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-04 08:52:56 +01:00
Arne Fitzenreiter
3b5131c1a3 unbound: drop remove-dns-fowarders at red.down 
this functions has only reloaded unbound config
which is useless at shutting down the red interface.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-02 17:54:48 +00:00
Arne Fitzenreiter
8569b3e11b red.up: move update-dns-forwareders behind the firewall 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-02-19 14:51:48 +00:00
Arne Fitzenreiter
831ff05d89 kernel: enable and enforce signed kernel modules 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-02-06 15:09:52 +01:00
Arne Fitzenreiter
4f175a1f57 rust: rootfiles updates 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-25 21:14:54 +01:00
Michael Tremer
8893881160 lvm2: Add initscript for lvmetad 
This daemon needs to be launched in order to use LVM
devices in IPFire.

It will run on all installations after this patch has been
merged but only consumes very little memory.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-16 18:23:30 +00:00
Arne Fitzenreiter
61cc563558 Merge remote-tracking branch 'ms/next-dns-ng' into next 2020-01-13 21:42:49 +00:00
Michael Tremer
04b7a78140 unbound: Do not reset safe search again 
This is now done in the reload stage and we do not need to
take care about it again.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-13 21:25:10 +01:00
Arne Fitzenreiter
6ede197501 pathon: update to 3.8 and move pyhton to core 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-11 14:35:11 +01:00
Michael Tremer
210b27e179 gcc: Update to 9.2.0 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-04 18:23:09 +00:00
Michael Tremer
d7190078ce unbound: Configure Safe Search dynamically 
The safe search code relied on working DNS resolution, but
was executed before unbound was even started and no network
was brought up.

That resulted in no records being created and nothing being
filtered.

This will now set/reset safe search when the system connects
to the Internet.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 08:51:21 +00:00
Stefan Schantl
5bc042df2f rust: Update to 1.39 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 08:50:31 +00:00
Arne Fitzenreiter
d346d47467 up/down beep: move from ppp ip-up/down to general red.up/down 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 15:29:59 +01:00
Arne Fitzenreiter
e557cecbdd python: update to 2.7.17 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-28 18:41:18 +01:00
Arne Fitzenreiter
44b227b102 kernel: update to 4.14.154 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-14 22:12:12 +01:00
Michael Tremer
951a9f9ba0 linux+iptables: Drop support for IMQ 
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:08 +00:00
Arne Fitzenreiter
c27fdd8697 Revert "linux+iptables: Drop support for IMQ" 
This reverts commit 59b9a6bd22.
 2019-10-20 20:20:26 +00:00
Michael Tremer
59b9a6bd22 linux+iptables: Drop support for IMQ 
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 18:02:55 +00:00
Arne Fitzenreiter
194c7b16e4 rust: add i586 and aarch64 rootfile 
todo: armv5tel is still missing...

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-09 18:11:32 +02:00
Stefan Schantl
59fe973584 rust: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 19:08:23 +00:00
Michael Tremer
d111587cc3 gcc: Build the Go compiler 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-20 17:21:08 +00:00
Arne Fitzenreiter
7c30831ad2 initskripts: move unbound down after network down 
this remove a bunch of unbound errors at shutdown because
network down try to reconfigure unbond. (e.g. disable forwarders)

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-11 11:09:40 +02:00
Arne Fitzenreiter
fd7c2f3a9e initskripts: fix i586 rootfile 2019-07-17 13:12:46 +02:00
Arne Fitzenreiter
3ec3329dff unbound: rework dns-forwader handling 
add check if red interface has an IPv4 address before test the servers at
red up and simply remove forwarders at down process.

This also fix the hung at dhcpd shutdown.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-07-16 19:20:48 +02:00
Michael Tremer
acf47bfa80 cloud-init: Import experimental configuration script for Azure 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-07-01 07:53:58 +01:00
Michael Tremer
ffb37e51d4 Rename AWS initscript to cloud-init 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-07-01 07:53:58 +01:00
Arne Fitzenreiter
70590cef48 Kernel: update to 4.14.128 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-19 21:01:29 +02:00
Arne Fitzenreiter
82c279a518 kernel: update to 4.14.127 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-18 18:41:19 +02:00
Michael Tremer
35f12f2998 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-10 09:58:15 +01:00
Michael Tremer
28093c8376 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-08 11:34:37 +01:00
Michael Tremer
09b9910696 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-07 11:14:11 +01:00
Michael Tremer
236831c0f9 Rootfile update for gcc on i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-04 23:41:59 +01:00
Michael Tremer
81544f8884 hyperscan: Move rootfiles to arch directories 
This package is only compiled on x86_64 and i586 and cannot
be packaged in any of the other architectures.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 15:38:42 +01:00
Michael Tremer
333125abf8 Merge branch 'toolchain' into next 2019-05-24 06:55:03 +01:00
Michael Tremer
6a83dbb451 SMT: Apply settings according to configuration 
SMT can be forced on.

By default, all systems that are vulnerable to RIDL/Fallout
will have SMT disabled by default.

Systems that are not vulnerable to that will keep SMT enabled.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 21:30:26 +01:00
Michael Tremer
68e0cf6714 grub: Update rootfile on i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-30 10:45:02 +01:00
Michael Tremer
5085356151 glibc: Update rootfile for i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-29 13:44:28 +01:00
Michael Tremer
452d2b6eaa grub: Disable efiemu on PC builds 
This won't compile with GCC 8 and we do not need it

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-26 16:19:42 +01:00
Arne Fitzenreiter
5fa063f859 kernel: update to 4.14.112 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-17 22:30:19 +02:00
Michael Tremer
01604708c3 Merge remote-tracking branch 'stevee/next-suricata' into next 2019-03-14 13:19:35 +00:00
Michael Tremer
771c9b78ee binutils: Ship strings & readelf 
This is needed by the spectre meltdown checker script

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 13:01:42 +00:00