kernel: drop kirkwood kernel

perl 5.30 will not work on kirkwood platform and firewinfo reports less than 10 users so we will drop the support for the platform.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

unbound: try resolve twice before time sync with ipfire server

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

unbound: add returncode to resolve function

this is used for time fix check.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

PPP: Always fetch DNS servers from provider

We will later decide whether we want to use them or not

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

pppsetup.cgi: Drop DNS setting

This has already been dropped and should not be added again
to the configuration file.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

dns.cgi: increase timeout to 5s

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

convert-dns-settings: add ppp/settings to list of converted files

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

Merge branch 'core141'

general-functions.pl: Return unique list of nameservers

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

ids-functions.pl: Fall back to $EXTERNAL_NET for DNS servers

When no DNS servers are configured (aka recursor mode), the
DNS servers that unbound will try to contact can be anywhere.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

ids-functions.pl: Fix generating DNS_SERVERS

The configuration file has an invalid syntax which causes
suricata to fail to start.

There was no comma inserted between DNS servers when there
was more than two of them. This is now fixed in this patch..

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core141: run pakfire update after db cleanup

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

make.sh: Modify update-contributors so that it will run with older version of awk

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

convert-dns-settings: Explicitely enable using ISP name servers

The unbound initscript checks if this parameter is on.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

dns.cgi: Shorten time when checking if DNS is alive

For localhost, one second should be plenty

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

dns.cgi: Show recursor mode message even when we have some servers to show

The message was not shown when we have received DNS servers from the
provider.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

convert-dns-settings: remove DNS settings also if no server config is generated

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

convert-dns-settings: Remove DNS variable from PPP profiles

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

convert-dns-settings: Refactor reading old configuration

This patch makes the code a lot shorter by removing special
cases for all sorts of files when they can all be treaded
equally.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

convert-dns-settings: Fix call for chmod

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

convert-dns-settings: Fix check to prevent doubble-adding the same server

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core141: manually delete pakfire lists

pakfire update --force
fail sometimes fail and use the old version of the serverlist
and get the old addon list. With removed list it cannot
use the wrong addonlist after update to IPFire 2.25.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core141: use full path to pakfire

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core141: fix remove of go8.3.0 directory

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core141: remove elinks and python3 from pakfire db

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core141: force packet list update after version change

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

set version and pakfire version to core141

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core141: correct move of nobeeps flag

in core139 there was a syntax error, and it was missed in
backup converter also.

fixes #12273

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

networking/red: wait only for carrier if device exists

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

rust: rootfiles updates

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core141: run convert-dns-settings at update

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core141: check free space on root

also force fsck at next boot to free the journal on xfs partitions.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core140: don't system-release and co

This files contain version 141 because there is no extra build
so don't pak it into the updater to prevent wrong display in webgui
if core141 fails because there is not enough diskspace.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core141: cleanup go-8.3.0 and run filesystem-cleanup

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

filesystem-cleanup: fix "fixed space" type

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

ids-functions.pl: Introduce file for local rules.

This file is to be used, to store customized IDS rules.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core140: remove /usr/lib/libboost*1.55.0 at cleanup

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

filesystem-cleanup: add /usr/lib/sse2 folder

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core140: insert a core upgrade that only cleans the rootfs

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

rename core140 to core141

we need to insert a core that cleanup root to free some diskspace.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core140: ship glibc built with new gcc

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core140: add gui.cgi

this cgi was forgotten in core139

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

dns.cgi: Display when unbound is running in recursor mode.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

unbound: Use recursor mode if no nameservers are configured

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

azure: Abort script when no instance ID can be retrieved

We cannot reliably determine if a system is running on Hyper-V
on a private server or on the Azure Cloud.

Therefore, we will have to try to retrieve an IP address
with DHCP and try to connect to the metadata service. If either
of those things is not successful, we will just continue with
the setup process as usual.

So cloud instances should be automatically configured now and
all other systems will continue to boot and call the setup
wizard as usual.

Fixes: #12272
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core140: add changed cloudsetup helper tu updater

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

cloud-init: Remove importing DNS settings

Those scripts used to import settings from the meta-data services
and wrote them to the local configuration files.

For the DNS settings and Amazon, this is no longer possible because
their DNS servers do not support DNSSEC at all. Therefore we default
to recursor mode.

To be consistent across cloud providers, we are doing the same for
Azure.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

modules: Cleanup file

This file has an unsed line for the "fusion" module which
is no longer needed.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

modules: No longer load parallel port modules

These modules are loaded by default on all systems.

They are simply a waste of space since not many systems
have parallel ports any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

setup: Do not check DNS settings any more

It has been removed that DNS servers could be configured in
setup, but I forgot to remove a check which leads to new
installations not being able to complete the setup wizard.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

convert-dns-settings: Import all possible PPP dialin profiles.

* Avoid from adding the same imported DNS server multiple times.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core140: fix typo

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

partresize: NanoPi R1: copy also a0 config of Ampac AP6212

there is a second hardware version of the AP6212 in some NanoPi R1
boards.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core140: add lvm2 to core updater

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

lvm2: Add initscript for lvmetad

This daemon needs to be launched in order to use LVM
devices in IPFire.

It will run on all installations after this patch has been
merged but only consumes very little memory.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

lvm2: Create lock files in /run/lvm

The default is /var/lock which is not mounted at the time
when udev is initialising the volumes. Therefore after a
reboot, LVM devices won't show up unless pvscan is executed
manually.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

lvm2: Enable lvmetad

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

lvm2: Build with support for udev

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

lvm2: Ship with core system

This was requested by some users to mount devices
with LVM.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

Update list of contributors

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

Many improvements for the French translation

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

DNS: Defaults to use the ISP nameservers.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

configroot: Create /var/ipfire/dns/servers file

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core140: add dns changes to updater.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

Revert "stage2: update rootfile"

This reverts commit a877032915898b07dcacd165c0f89e427bc672a4.

Revert "Introduce update-location-database script."

This reverts commit 93a985cc05e6b564ac1e3fc59fd37e94c77000ca.

Revert "crontab: Adjust crontab to hourly launch the update-location-database"

This reverts commit f8e7c1c9d07d348e8c3235c83fd889068269c823.

set version in backupiso and also pakfire core to 140

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

dns.cgi: Fix ID and greater than checks.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

dns.cgi: Set kdig params for timeout and retry back to default.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

stage2: update rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

Merge remote-tracking branch 'ms/next-dns-ng' into next

Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

filesystem-cleanup: Add parameter to show changes

Use --dry-run to only show files that would be deleted, but do
not actually delete them.

Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

filesystem-cleanup: Automatically remove old libraries

This script runs through /usr/lib and /lib and tries to find
all libraries which are no longer being used and more and
deletes them.

This will help us to free space on root partitions that
are limited to 2GB.

However, the script does not cover 100% of the cases, so that
some files still need to be deleted manually (e.g. boost with
their weird versioning schema).

This script should be executed after a Core Update has been
installed.

Fixes: #12270
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

amazon-ssm-agent: Move source to GOPATH

Go won't build when this is only symlinked any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

unbound: Make dhcp-leases.conf readable for everyone

unbound runs as nobody and cannot reload its configuration
when this file is only readable for root.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

unbound: Do not reset safe search again

This is now done in the reload stage and we do not need to
take care about it again.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

unbound: Drop some unused variables

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

unbound: Drop function to reload forwarders on the fly

This is now being done by updating and re-reading forward.conf.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

dnsforward.cgi: Reloading unbound is enough to apply changes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

hosts.cgi: Hosts can now be imported when reloading unbound

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

unbound: Write hosts to unbound configuration file

This will allow us to read more hosts in a shorter time.

Fixes: #11743
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

unbound: There is no need to rewrite tuning.conf

The number of CPU cores and memory normally does not change

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

unbound: Reload own hostname, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

dns.cgi: Fix check for undefined variable

This was positive when zero was returned.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

dns.cgi: Show error when trying to use ISP nameservers and TLS at the same time.

Because the ISP-assigned nameservers do not have any TLS-hostname
information they cannot be used, when TLS is activated.

They only can be used if they will be added as "regular" DNS servers
with a TLS-hostname.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

setup: Remove DNS settings

This is no longer required since we have a new CGI script
that takes care of all DNS settings and stores things in
another format.

Fixes: #12235
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

dns.cgi: Fix id compare when adding a new nameserver.

I do not know why perl when using "le" which means "less-or-equal"
defines a "10" as "1".

This commit fixes the issue that it was not possible to add more than 8
nameservers.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

geoip: ship database 20191217

Maxmind has disabled the download so we ship the last free (creative commons)
database with the iso and core until we build an alternative.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core140: fix build on armv5tel and i586

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

Go: Move the cache to the ccache directory

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

Go: Cleanup Go Path after build

Go leaves temporary build files in the directory
which we do not need and we should clean up after
every build.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

amazon-ssm-agent: New package

AWS Systems Manager Agent (SSM Agent) is Amazon software that can be
installed and configured on an Amazon EC2 instance, an on-premises
server, or a virtual machine (VM). SSM Agent makes it possible for
Systems Manager to update, manage, and configure these resources. The
agent processes requests from the Systems Manager service in the AWS
Cloud, and then runs them as specified in the request. SSM Agent then
sends status and execution information back to the Systems Manager
service by using the Amazon Message Delivery Service.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

python3: exclude __pycache__ from iso, core and packages

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

ids.cgi: Do reload instead of restarting unbound

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

initscripts/unbound: Add support for reload the service

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

unboundctrl: Add support for calling reload.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

dns.cgi: Only perform reverse lookup if DNS is working.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

unbound: No longer try to include safe-search.conf

This file is no longer generated and therefore cannot
be imported any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>