pakfire update --force
fail sometimes fail and use the old version of the serverlist
and get the old addon list. With removed list it cannot
use the wrong addonlist after update to IPFire 2.25.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This files contain version 141 because there is no extra build
so don't pak it into the updater to prevent wrong display in webgui
if core141 fails because there is not enough diskspace.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Wed, 22 Jan 2020 13:40:34 +0000 (14:40 +0100)]
ids-functions.pl: Introduce file for local rules.
This file is to be used, to store customized IDS rules.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Tue, 21 Jan 2020 17:27:13 +0000 (18:27 +0100)]
dns.cgi: Display when unbound is running in recursor mode.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 20 Jan 2020 17:23:12 +0000 (17:23 +0000)]
azure: Abort script when no instance ID can be retrieved
We cannot reliably determine if a system is running on Hyper-V
on a private server or on the Azure Cloud.
Therefore, we will have to try to retrieve an IP address
with DHCP and try to connect to the metadata service. If either
of those things is not successful, we will just continue with
the setup process as usual.
So cloud instances should be automatically configured now and
all other systems will continue to boot and call the setup
wizard as usual.
Fixes: #12272 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sun, 19 Jan 2020 16:32:14 +0000 (16:32 +0000)]
cloud-init: Remove importing DNS settings
Those scripts used to import settings from the meta-data services
and wrote them to the local configuration files.
For the DNS settings and Amazon, this is no longer possible because
their DNS servers do not support DNSSEC at all. Therefore we default
to recursor mode.
To be consistent across cloud providers, we are doing the same for
Azure.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sun, 19 Jan 2020 15:03:34 +0000 (15:03 +0000)]
setup: Do not check DNS settings any more
It has been removed that DNS servers could be configured in
setup, but I forgot to remove a check which leads to new
installations not being able to complete the setup wizard.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Wed, 15 Jan 2020 15:20:11 +0000 (15:20 +0000)]
lvm2: Create lock files in /run/lvm
The default is /var/lock which is not mounted at the time
when udev is initialising the volumes. Therefore after a
reboot, LVM devices won't show up unless pvscan is executed
manually.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Thu, 16 Jan 2020 16:18:13 +0000 (17:18 +0100)]
DNS: Defaults to use the ISP nameservers.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Thu, 16 Jan 2020 16:18:12 +0000 (17:18 +0100)]
configroot: Create /var/ipfire/dns/servers file
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Tue, 14 Jan 2020 11:14:02 +0000 (12:14 +0100)]
dns.cgi: Set kdig params for timeout and retry back to default.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Fri, 10 Jan 2020 11:12:36 +0000 (11:12 +0000)]
filesystem-cleanup: Automatically remove old libraries
This script runs through /usr/lib and /lib and tries to find
all libraries which are no longer being used and more and
deletes them.
This will help us to free space on root partitions that
are limited to 2GB.
However, the script does not cover 100% of the cases, so that
some files still need to be deleted manually (e.g. boost with
their weird versioning schema).
This script should be executed after a Core Update has been
installed.
Fixes: #12270 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 24 Dec 2019 12:58:52 +0000 (12:58 +0000)]
amazon-ssm-agent: New package
AWS Systems Manager Agent (SSM Agent) is Amazon software that can be
installed and configured on an Amazon EC2 instance, an on-premises
server, or a virtual machine (VM). SSM Agent makes it possible for
Systems Manager to update, manage, and configure these resources. The
agent processes requests from the Systems Manager service in the AWS
Cloud, and then runs them as specified in the request. SSM Agent then
sends status and execution information back to the Systems Manager
service by using the Amazon Message Delivery Service.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Tue, 7 Jan 2020 21:47:00 +0000 (21:47 +0000)]
vpnmain.cgi: set SubjectAlternativeName default during root certificate generation
Some IPsec implementations such as OpenIKED require SubjectAlternativeName
data on certificates and refuse to establish connections otherwise.
The StrongSwan project also recommends it (see:
https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA) although
it is currently not enforced by their IPsec software.
For convenience purposes and to raise awareness, this patch adds a default
SubjectAlternativeName based on the machines hostname or IP address. Existing
certificates remain unchanged for obvious reasons.
The third version of this patch fixes a duplicate DNS query reported by Michael.
Fixes #11594
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>