Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
* Add a Summary and Services field to all pak lfs files
* Replace occurances of INSTALL_INITSCRIPT with new INSTALL_INITSCRIPTS
macro in all pak lfs files.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Not sure why this has ever been there. This simply makes it
nicer to read and edit because we can have line-breaks now.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
In the past this code was used to add the DNS servers
to the ignore list and prevent them from being blocked by
guardian.
Because of the switch to suricata as IPS, guardian now prevents
from password brute-forcing on SSH and/or the webserver, so this
code is not longer needed and safly can be removed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
IPFire has moved to suricata as IDS/IPS system, therefore all snort related
options has become obsolete.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Most of these files still used old dates and/or domain names for contact
mail addresses. This is now replaced by an up-to-date copyright line.
Just some housekeeping... :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
During commit d68ead3dec the guardian.cgi
has been changed, and therefore the package version of guardian
needs to be bumped to ship the changed files.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
I did the following:
- Rearranged the fields on 'guardian.cgi' a bit - in a (hopefully) logical manner,
so that they don't need so much room.
- Added some translation-strings and explanations to (revised) 'guardian.cgi'.
- Added missing language string(s), deleted obsolete.
- Deleted all guardian entries from standard language files in
'/var/ipfire/langs'-directory.
- Added (upgraded) addon-specific language files to '/var/ipfire/addon-lang'-directory.
I hope, I didn't forget something...
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
