ipfire-2.x.git
5 months agocore140: ship glibc built with new gcc
Arne Fitzenreiter [Thu, 23 Jan 2020 17:52:14 +0000 (17:52 +0000)] 
core140: ship glibc built with new gcc

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agocore140: add gui.cgi
Arne Fitzenreiter [Thu, 23 Jan 2020 17:47:42 +0000 (17:47 +0000)] 
core140: add gui.cgi

this cgi was forgotten in core139

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agodns.cgi: Display when unbound is running in recursor mode.
Stefan Schantl [Tue, 21 Jan 2020 17:27:13 +0000 (18:27 +0100)] 
dns.cgi: Display when unbound is running in recursor mode.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agounbound: Use recursor mode if no nameservers are configured
Stefan Schantl [Tue, 21 Jan 2020 16:13:06 +0000 (17:13 +0100)] 
unbound: Use recursor mode if no nameservers are configured

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agoazure: Abort script when no instance ID can be retrieved
Michael Tremer [Mon, 20 Jan 2020 17:23:12 +0000 (17:23 +0000)] 
azure: Abort script when no instance ID can be retrieved

We cannot reliably determine if a system is running on Hyper-V
on a private server or on the Azure Cloud.

Therefore, we will have to try to retrieve an IP address
with DHCP and try to connect to the metadata service. If either
of those things is not successful, we will just continue with
the setup process as usual.

So cloud instances should be automatically configured now and
all other systems will continue to boot and call the setup
wizard as usual.

Fixes: #12272
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agocore140: add changed cloudsetup helper tu updater
Arne Fitzenreiter [Sun, 19 Jan 2020 17:28:24 +0000 (17:28 +0000)] 
core140: add changed cloudsetup helper tu updater

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agocloud-init: Remove importing DNS settings
Michael Tremer [Sun, 19 Jan 2020 16:32:14 +0000 (16:32 +0000)] 
cloud-init: Remove importing DNS settings

Those scripts used to import settings from the meta-data services
and wrote them to the local configuration files.

For the DNS settings and Amazon, this is no longer possible because
their DNS servers do not support DNSSEC at all. Therefore we default
to recursor mode.

To be consistent across cloud providers, we are doing the same for
Azure.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agomodules: Cleanup file
Michael Tremer [Sun, 19 Jan 2020 15:50:21 +0000 (15:50 +0000)] 
modules: Cleanup file

This file has an unsed line for the "fusion" module which
is no longer needed.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agomodules: No longer load parallel port modules
Michael Tremer [Sun, 19 Jan 2020 15:50:20 +0000 (15:50 +0000)] 
modules: No longer load parallel port modules

These modules are loaded by default on all systems.

They are simply a waste of space since not many systems
have parallel ports any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agosetup: Do not check DNS settings any more
Michael Tremer [Sun, 19 Jan 2020 15:03:34 +0000 (15:03 +0000)] 
setup: Do not check DNS settings any more

It has been removed that DNS servers could be configured in
setup, but I forgot to remove a check which leads to new
installations not being able to complete the setup wizard.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agoconvert-dns-settings: Import all possible PPP dialin profiles.
Stefan Schantl [Sat, 18 Jan 2020 09:03:06 +0000 (10:03 +0100)] 
convert-dns-settings: Import all possible PPP dialin profiles.

* Avoid from adding the same imported DNS server multiple times.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agocore140: fix typo
Arne Fitzenreiter [Sun, 19 Jan 2020 12:23:54 +0000 (12:23 +0000)] 
core140: fix typo

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agopartresize: NanoPi R1: copy also a0 config of Ampac AP6212
Arne Fitzenreiter [Fri, 17 Jan 2020 10:21:43 +0000 (11:21 +0100)] 
partresize: NanoPi R1: copy also a0 config of Ampac AP6212

there is a second hardware version of the AP6212 in some NanoPi R1
boards.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agocore140: add lvm2 to core updater
Arne Fitzenreiter [Thu, 16 Jan 2020 18:28:26 +0000 (18:28 +0000)] 
core140: add lvm2 to core updater

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agolvm2: Add initscript for lvmetad
Michael Tremer [Wed, 15 Jan 2020 15:20:12 +0000 (15:20 +0000)] 
lvm2: Add initscript for lvmetad

This daemon needs to be launched in order to use LVM
devices in IPFire.

It will run on all installations after this patch has been
merged but only consumes very little memory.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agolvm2: Create lock files in /run/lvm
Michael Tremer [Wed, 15 Jan 2020 15:20:11 +0000 (15:20 +0000)] 
lvm2: Create lock files in /run/lvm

The default is /var/lock which is not mounted at the time
when udev is initialising the volumes. Therefore after a
reboot, LVM devices won't show up unless pvscan is executed
manually.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agolvm2: Enable lvmetad
Michael Tremer [Wed, 15 Jan 2020 15:20:10 +0000 (15:20 +0000)] 
lvm2: Enable lvmetad

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agolvm2: Build with support for udev
Michael Tremer [Wed, 15 Jan 2020 15:20:09 +0000 (15:20 +0000)] 
lvm2: Build with support for udev

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agolvm2: Ship with core system
Michael Tremer [Wed, 15 Jan 2020 15:20:08 +0000 (15:20 +0000)] 
lvm2: Ship with core system

This was requested by some users to mount devices
with LVM.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agoUpdate list of contributors
Michael Tremer [Wed, 15 Jan 2020 11:28:01 +0000 (11:28 +0000)] 
Update list of contributors

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agoMany improvements for the French translation
Stéphane Pautrel [Wed, 15 Jan 2020 11:26:47 +0000 (11:26 +0000)] 
Many improvements for the French translation

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agoDNS: Defaults to use the ISP nameservers.
Stefan Schantl [Thu, 16 Jan 2020 16:18:13 +0000 (17:18 +0100)] 
DNS: Defaults to use the ISP nameservers.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agoconfigroot: Create /var/ipfire/dns/servers file
Stefan Schantl [Thu, 16 Jan 2020 16:18:12 +0000 (17:18 +0100)] 
configroot: Create /var/ipfire/dns/servers file

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agocore140: add dns changes to updater.
Arne Fitzenreiter [Thu, 16 Jan 2020 14:01:13 +0000 (15:01 +0100)] 
core140: add dns changes to updater.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agoRevert "stage2: update rootfile"
Arne Fitzenreiter [Wed, 15 Jan 2020 17:15:48 +0000 (17:15 +0000)] 
Revert "stage2: update rootfile"

This reverts commit a877032915898b07dcacd165c0f89e427bc672a4.

5 months agoRevert "Introduce update-location-database script."
Arne Fitzenreiter [Wed, 15 Jan 2020 17:15:25 +0000 (17:15 +0000)] 
Revert "Introduce update-location-database script."

This reverts commit 93a985cc05e6b564ac1e3fc59fd37e94c77000ca.

5 months agoRevert "crontab: Adjust crontab to hourly launch the update-location-database"
Arne Fitzenreiter [Wed, 15 Jan 2020 17:14:57 +0000 (17:14 +0000)] 
Revert "crontab: Adjust crontab to hourly launch the update-location-database"

This reverts commit f8e7c1c9d07d348e8c3235c83fd889068269c823.

5 months agoset version in backupiso and also pakfire core to 140
Arne Fitzenreiter [Tue, 14 Jan 2020 21:10:15 +0000 (21:10 +0000)] 
set version in backupiso and also pakfire core to 140

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agodns.cgi: Fix ID and greater than checks.
Stefan Schantl [Tue, 14 Jan 2020 12:53:59 +0000 (13:53 +0100)] 
dns.cgi: Fix ID and greater than checks.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agodns.cgi: Set kdig params for timeout and retry back to default.
Stefan Schantl [Tue, 14 Jan 2020 11:14:02 +0000 (12:14 +0100)] 
dns.cgi: Set kdig params for timeout and retry back to default.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agostage2: update rootfile
Arne Fitzenreiter [Tue, 14 Jan 2020 06:54:45 +0000 (06:54 +0000)] 
stage2: update rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agoMerge remote-tracking branch 'ms/next-dns-ng' into next
Arne Fitzenreiter [Mon, 13 Jan 2020 21:42:49 +0000 (21:42 +0000)] 
Merge remote-tracking branch 'ms/next-dns-ng' into next

5 months agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Mon, 13 Jan 2020 21:38:16 +0000 (21:38 +0000)] 
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

5 months agofilesystem-cleanup: Add parameter to show changes
Daniel Weismüller [Fri, 10 Jan 2020 15:06:00 +0000 (16:06 +0100)] 
filesystem-cleanup: Add parameter to show changes

Use --dry-run to only show files that would be deleted, but do
not actually delete them.

Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agofilesystem-cleanup: Automatically remove old libraries
Michael Tremer [Fri, 10 Jan 2020 11:12:36 +0000 (11:12 +0000)] 
filesystem-cleanup: Automatically remove old libraries

This script runs through /usr/lib and /lib and tries to find
all libraries which are no longer being used and more and
deletes them.

This will help us to free space on root partitions that
are limited to 2GB.

However, the script does not cover 100% of the cases, so that
some files still need to be deleted manually (e.g. boost with
their weird versioning schema).

This script should be executed after a Core Update has been
installed.

Fixes: #12270
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agoamazon-ssm-agent: Move source to GOPATH
Michael Tremer [Mon, 13 Jan 2020 21:06:38 +0000 (21:06 +0000)] 
amazon-ssm-agent: Move source to GOPATH

Go won't build when this is only symlinked any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agounbound: Make dhcp-leases.conf readable for everyone
Michael Tremer [Mon, 13 Jan 2020 20:43:27 +0000 (21:43 +0100)] 
unbound: Make dhcp-leases.conf readable for everyone

unbound runs as nobody and cannot reload its configuration
when this file is only readable for root.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 months agounbound: Do not reset safe search again
Michael Tremer [Mon, 13 Jan 2020 20:25:10 +0000 (21:25 +0100)] 
unbound: Do not reset safe search again

This is now done in the reload stage and we do not need to
take care about it again.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 months agounbound: Drop some unused variables
Michael Tremer [Mon, 13 Jan 2020 20:20:32 +0000 (21:20 +0100)] 
unbound: Drop some unused variables

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 months agounbound: Drop function to reload forwarders on the fly
Michael Tremer [Mon, 13 Jan 2020 20:19:22 +0000 (21:19 +0100)] 
unbound: Drop function to reload forwarders on the fly

This is now being done by updating and re-reading forward.conf.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 months agodnsforward.cgi: Reloading unbound is enough to apply changes
Michael Tremer [Mon, 13 Jan 2020 20:13:03 +0000 (21:13 +0100)] 
dnsforward.cgi: Reloading unbound is enough to apply changes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 months agohosts.cgi: Hosts can now be imported when reloading unbound
Michael Tremer [Mon, 13 Jan 2020 20:12:02 +0000 (21:12 +0100)] 
hosts.cgi: Hosts can now be imported when reloading unbound

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 months agounbound: Write hosts to unbound configuration file
Michael Tremer [Mon, 13 Jan 2020 20:10:18 +0000 (21:10 +0100)] 
unbound: Write hosts to unbound configuration file

This will allow us to read more hosts in a shorter time.

Fixes: #11743
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 months agounbound: There is no need to rewrite tuning.conf
Michael Tremer [Mon, 13 Jan 2020 19:55:59 +0000 (20:55 +0100)] 
unbound: There is no need to rewrite tuning.conf

The number of CPU cores and memory normally does not change

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 months agounbound: Reload own hostname, too
Michael Tremer [Mon, 13 Jan 2020 19:55:32 +0000 (20:55 +0100)] 
unbound: Reload own hostname, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 months agodns.cgi: Fix check for undefined variable
Michael Tremer [Mon, 13 Jan 2020 19:44:55 +0000 (20:44 +0100)] 
dns.cgi: Fix check for undefined variable

This was positive when zero was returned.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 months agodns.cgi: Show error when trying to use ISP nameservers and TLS at the same time.
Stefan Schantl [Mon, 13 Jan 2020 16:40:29 +0000 (17:40 +0100)] 
dns.cgi: Show error when trying to use ISP nameservers and TLS at the same time.

Because the ISP-assigned nameservers do not have any TLS-hostname
information they cannot be used, when TLS is activated.

They only can be used if they will be added as "regular" DNS servers
with a TLS-hostname.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
5 months agosetup: Remove DNS settings
Michael Tremer [Mon, 13 Jan 2020 16:05:27 +0000 (16:05 +0000)] 
setup: Remove DNS settings

This is no longer required since we have a new CGI script
that takes care of all DNS settings and stores things in
another format.

Fixes: #12235
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
5 months agodns.cgi: Fix id compare when adding a new nameserver.
Stefan Schantl [Mon, 13 Jan 2020 09:42:56 +0000 (10:42 +0100)] 
dns.cgi: Fix id compare when adding a new nameserver.

I do not know why perl when using "le" which means "less-or-equal"
defines a "10" as "1".

This commit fixes the issue that it was not possible to add more than 8
nameservers.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
5 months agogeoip: ship database 20191217
Arne Fitzenreiter [Sun, 12 Jan 2020 11:39:25 +0000 (12:39 +0100)] 
geoip: ship database 20191217

Maxmind has disabled the download so we ship the last free (creative commons)
database with the iso and core until we build an alternative.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agocore140: fix build on armv5tel and i586
Arne Fitzenreiter [Sun, 12 Jan 2020 09:48:14 +0000 (10:48 +0100)] 
core140: fix build on armv5tel and i586

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agoGo: Move the cache to the ccache directory
Michael Tremer [Tue, 24 Dec 2019 12:58:54 +0000 (12:58 +0000)] 
Go: Move the cache to the ccache directory

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agoGo: Cleanup Go Path after build
Michael Tremer [Tue, 24 Dec 2019 12:58:53 +0000 (12:58 +0000)] 
Go: Cleanup Go Path after build

Go leaves temporary build files in the directory
which we do not need and we should clean up after
every build.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agoamazon-ssm-agent: New package
Michael Tremer [Tue, 24 Dec 2019 12:58:52 +0000 (12:58 +0000)] 
amazon-ssm-agent: New package

AWS Systems Manager Agent (SSM Agent) is Amazon software that can be
installed and configured on an Amazon EC2 instance, an on-premises
server, or a virtual machine (VM). SSM Agent makes it possible for
Systems Manager to update, manage, and configure these resources. The
agent processes requests from the Systems Manager service in the AWS
Cloud, and then runs them as specified in the request. SSM Agent then
sends status and execution information back to the Systems Manager
service by using the Amazon Message Delivery Service.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agopython3: exclude __pycache__ from iso, core and packages
Arne Fitzenreiter [Sat, 11 Jan 2020 20:22:07 +0000 (21:22 +0100)] 
python3: exclude __pycache__ from iso, core and packages

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agoids.cgi: Do reload instead of restarting unbound
Stefan Schantl [Sat, 11 Jan 2020 18:37:50 +0000 (19:37 +0100)] 
ids.cgi: Do reload instead of restarting unbound

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
5 months agoinitscripts/unbound: Add support for reload the service
Stefan Schantl [Sat, 11 Jan 2020 18:36:29 +0000 (19:36 +0100)] 
initscripts/unbound: Add support for reload the service

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
5 months agounboundctrl: Add support for calling reload.
Stefan Schantl [Sat, 11 Jan 2020 18:35:24 +0000 (19:35 +0100)] 
unboundctrl: Add support for calling reload.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
5 months agodns.cgi: Only perform reverse lookup if DNS is working.
Stefan Schantl [Sat, 11 Jan 2020 18:34:12 +0000 (19:34 +0100)] 
dns.cgi: Only perform reverse lookup if DNS is working.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
5 months agounbound: No longer try to include safe-search.conf
Michael Tremer [Fri, 10 Jan 2020 10:57:49 +0000 (10:57 +0000)] 
unbound: No longer try to include safe-search.conf

This file is no longer generated and therefore cannot
be imported any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agocore140: ship updated vpnmain.cgi
Arne Fitzenreiter [Sat, 11 Jan 2020 14:17:50 +0000 (14:17 +0000)] 
core140: ship updated vpnmain.cgi

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agoupdate translation files for vpnmain.cgi changes
Peter Müller [Tue, 7 Jan 2020 21:47:00 +0000 (21:47 +0000)] 
update translation files for vpnmain.cgi changes

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agovpnmain.cgi: set SubjectAlternativeName default during root certificate generation
Peter Müller [Tue, 7 Jan 2020 21:47:00 +0000 (21:47 +0000)] 
vpnmain.cgi: set SubjectAlternativeName default during root certificate generation

Some IPsec implementations such as OpenIKED require SubjectAlternativeName
data on certificates and refuse to establish connections otherwise.

The StrongSwan project also recommends it (see:
https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA) although
it is currently not enforced by their IPsec software.

For convenience purposes and to raise awareness, this patch adds a default
SubjectAlternativeName based on the machines hostname or IP address. Existing
certificates remain unchanged for obvious reasons.

The third version of this patch fixes a duplicate DNS query reported by Michael.

Fixes #11594

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Sat, 11 Jan 2020 14:11:06 +0000 (14:11 +0000)] 
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

5 months agosuricata: update rootfile
Arne Fitzenreiter [Sat, 11 Jan 2020 14:10:23 +0000 (14:10 +0000)] 
suricata: update rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agoelinks: move to core system.
Arne Fitzenreiter [Sat, 11 Jan 2020 14:04:48 +0000 (15:04 +0100)] 
elinks: move to core system.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agopathon: update to 3.8 and move pyhton to core
Arne Fitzenreiter [Sat, 11 Jan 2020 13:35:11 +0000 (14:35 +0100)] 
pathon: update to 3.8 and move pyhton to core

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agomake.sh: update IPFire and Toolchain verion
Arne Fitzenreiter [Sat, 11 Jan 2020 13:15:45 +0000 (14:15 +0100)] 
make.sh: update IPFire and Toolchain verion

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 months agogcc: update armv5tel rootfile
Arne Fitzenreiter [Sat, 11 Jan 2020 13:11:12 +0000 (14:11 +0100)] 
gcc: update armv5tel rootfile

6 months agoconvert-dns-settings: Set correct ownership after convert is done.
Stefan Schantl [Fri, 10 Jan 2020 08:29:47 +0000 (09:29 +0100)] 
convert-dns-settings: Set correct ownership after convert is done.

Otherwise it may happen, that the created config files have wrong
permissions and the WUI will break.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agodns.cgi: Restart suricata if neccessary.
Stefan Schantl [Thu, 9 Jan 2020 15:36:39 +0000 (16:36 +0100)] 
dns.cgi: Restart suricata if neccessary.

When the DNS configuration of the system is changed,
we need to re-generate the file which contains the DNS Server
details for suricata and to restart the service.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agoindex.cgi: Do not longer display the DNS servers.
Stefan Schantl [Thu, 9 Jan 2020 15:30:10 +0000 (16:30 +0100)] 
index.cgi: Do not longer display the DNS servers.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agoids-functions.pl: Update generate_dns_servers_file() function.
Stefan Schantl [Thu, 9 Jan 2020 15:25:01 +0000 (16:25 +0100)] 
ids-functions.pl: Update generate_dns_servers_file() function.

The function now uses the newly introduced get_nameservers() function
while generating the DNS servers file.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agogeneral-functions.pl: Add get_nameservers().
Stefan Schantl [Thu, 9 Jan 2020 15:08:13 +0000 (16:08 +0100)] 
general-functions.pl: Add get_nameservers().

This function simply return an array of all used nameservers.

It also takes care if the usage of ISP assigned nameservers
is enabled or not and if user-added nameservers are enabled or not.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agoguardian: Remove code for DNS servers.
Stefan Schantl [Thu, 9 Jan 2020 08:15:05 +0000 (09:15 +0100)] 
guardian: Remove code for DNS servers.

In the past this code was used to add the DNS servers
to the ignore list and prevent them from being blocked by
guardian.

Because of the switch to suricata as IPS, guardian now prevents
from password brute-forcing on SSH and/or the webserver, so this
code is not longer needed and safly can be removed.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agodns.cgi: Move grab_address_from_file function to general-functions.pl
Stefan Schantl [Wed, 8 Jan 2020 17:44:41 +0000 (18:44 +0100)] 
dns.cgi: Move grab_address_from_file function to general-functions.pl

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agodns.cgi: Also restart unbound if a server got enabled/disabled
Stefan Schantl [Wed, 8 Jan 2020 17:19:58 +0000 (18:19 +0100)] 
dns.cgi: Also restart unbound if a server got enabled/disabled

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agodns.cgi: Remove accidently commited debug code
Stefan Schantl [Wed, 8 Jan 2020 17:15:33 +0000 (18:15 +0100)] 
dns.cgi: Remove accidently commited debug code

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agodns.cgi: Restart unbound
Stefan Schantl [Wed, 8 Jan 2020 17:10:23 +0000 (18:10 +0100)] 
dns.cgi: Restart unbound

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agodns.cgi: Display DNS system status.
Stefan Schantl [Wed, 8 Jan 2020 17:00:15 +0000 (18:00 +0100)] 
dns.cgi: Display DNS system status.

For this, a test query to the local unbound instance will be
sent and if the DNS system work properly can be answerd.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agodns.cgi: Perform server checks on user request
Stefan Schantl [Wed, 8 Jan 2020 14:24:59 +0000 (15:24 +0100)] 
dns.cgi: Perform server checks on user request

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agodns.cgi: Remove hard-coded box title.
Stefan Schantl [Wed, 8 Jan 2020 14:22:56 +0000 (15:22 +0100)] 
dns.cgi: Remove hard-coded box title.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agodns.cgi: Do not perform kdig tests when adding a server
Stefan Schantl [Wed, 8 Jan 2020 11:58:50 +0000 (12:58 +0100)] 
dns.cgi: Do not perform kdig tests when adding a server

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agodns.cgi: Check for empty server address.
Stefan Schantl [Wed, 8 Jan 2020 11:12:29 +0000 (12:12 +0100)] 
dns.cgi: Check for empty server address.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agodns.cgi: Perform kdig tests only if the system is online.
Stefan Schantl [Wed, 8 Jan 2020 10:13:05 +0000 (11:13 +0100)] 
dns.cgi: Perform kdig tests only if the system is online.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agodns.cgi: Introduce red_is_active()
Stefan Schantl [Wed, 8 Jan 2020 10:12:42 +0000 (11:12 +0100)] 
dns.cgi: Introduce red_is_active()

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agodns.cgi: Always display the input field for TLS_HOSTNAME
Stefan Schantl [Wed, 8 Jan 2020 09:35:52 +0000 (10:35 +0100)] 
dns.cgi: Always display the input field for TLS_HOSTNAME

* Mark it as required if the protocol is set to TLS.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agodns.cgi: Only perform reverse lookups if the system is online
Stefan Schantl [Wed, 8 Jan 2020 09:35:24 +0000 (10:35 +0100)] 
dns.cgi: Only perform reverse lookups if the system is online

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 months agounbound: Implement setting qname minimisation into strict mode
Michael Tremer [Tue, 7 Jan 2020 16:32:35 +0000 (16:32 +0000)] 
unbound: Implement setting qname minimisation into strict mode

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 months agounbound: Try to set time when DNS is not working
Michael Tremer [Tue, 7 Jan 2020 16:24:35 +0000 (16:24 +0000)] 
unbound: Try to set time when DNS is not working

Since DNSSEC relies on time to validate its signatures,
a common problem is that some systems (usually those without
a working RTC) are not being able to reach their time server.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 months agounbound: Do not update the forwarders when we are running in TLS mode
Michael Tremer [Tue, 7 Jan 2020 16:02:14 +0000 (16:02 +0000)] 
unbound: Do not update the forwarders when we are running in TLS mode

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 months agounbound: Read configuration globally
Michael Tremer [Tue, 7 Jan 2020 15:28:21 +0000 (15:28 +0000)] 
unbound: Read configuration globally

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 months agounbound: Update forwarders when system connects/disconnects
Michael Tremer [Tue, 7 Jan 2020 15:21:59 +0000 (15:21 +0000)] 
unbound: Update forwarders when system connects/disconnects

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 months agounbound: Update setting Safe Search redirects
Michael Tremer [Tue, 7 Jan 2020 14:57:12 +0000 (14:57 +0000)] 
unbound: Update setting Safe Search redirects

When the system comes online, we must update entries
in the unbound cache to point to the "safe" IP addresses.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 months agodns.cgi: Show ISP name servers as disabled
Michael Tremer [Tue, 7 Jan 2020 14:49:54 +0000 (14:49 +0000)] 
dns.cgi: Show ISP name servers as disabled

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 months agodns.cgi: Fix handling of WARNINGs from kdig
Michael Tremer [Tue, 7 Jan 2020 14:41:13 +0000 (14:41 +0000)] 
dns.cgi: Fix handling of WARNINGs from kdig

There might be multiple warnings which must all be shown
to the user.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 months agodns.cgi: Remove smartmatch operator
Michael Tremer [Tue, 7 Jan 2020 13:46:11 +0000 (13:46 +0000)] 
dns.cgi: Remove smartmatch operator

Perl likes to make things difficult

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 months agodns.cgi: Timeout after 2 seconds for DNS server checks
Michael Tremer [Tue, 7 Jan 2020 13:45:21 +0000 (13:45 +0000)] 
dns.cgi: Timeout after 2 seconds for DNS server checks

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 months agoDNS: Write name servers received from ISP to /var/run/dns{1,2}
Michael Tremer [Tue, 7 Jan 2020 13:35:45 +0000 (13:35 +0000)] 
DNS: Write name servers received from ISP to /var/run/dns{1,2}

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 months agounbound: Drop live checks
Michael Tremer [Tue, 7 Jan 2020 13:06:09 +0000 (13:06 +0000)] 
unbound: Drop live checks

Those checks have caused us a lot of trouble and are now being dropped.

Users must make sure to choose servers that support DNSSEC or enable
any of the tunneling mechanisms to be able to reach them.

Fixes: #12239
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>