python-disutils-extra: Drop package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

pcapy: Drop package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

fail2ban: Drop package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

python-yaml: Drop package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

python-progressbar: Drop package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

pygpgme: Drop package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

python-IPy: Drop package

This is not being used anywhere

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libtevent: Update to 0.13.0

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libtirpc: Update to 1.3.3

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libtalloc: Update to 2.3.4

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libtdb: Update to 1.4.7

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

python-urlgrabber: Drop package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

pyxattr: Drop package

This was used by Pakfire but is not longer needed.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

sip: Drop package

Nothing depends on this any longer

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

swig: Update to 4.1.1

And drop the dependency to Python 2.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

subversion: Drop package

We no longer use this.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

syslinux: Drop package

This is no longer maintained, and we currently use GRUB for our ISO
image.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Disable the RANDSTRUCT plugin

This does not seem to have the benefit we are expecting and comes with a
huge compile time cost that I would like to disable this for now.

As a disitribution kernel we do/have to publish the seed which makes
this entire feature very questionable.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

pango: Update to 1.90.0

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

cairo: Update to 1.17.6

This patch also changes that we use meson instead of autotools to build
cairo. The autotools build seems to have been incomplete and did not
allow us to build pango against cairo.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

harfbuzz: Enable GObject Introspection

This is required to build pango.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

passwd: Update to 0.80

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

bzip2: Update to 1.0.8

This patch also splits the library into a separate package.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Create a -debuginfo package for the tools

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

MAKEDEV: Drop package

Nothing has ever used this I think.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

asciidoc: Fix build

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ppp: Update to 2.4.9

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wpa_supplicant: Depend on network without epoch

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

batctl: Drop package

We currently do not have B.A.T.M.A.N. enabled in our kernel, so this
tools is not of much use.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

upower: Drop package

I don't think that we need to worry about battery-powered firewalls
right now.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

openldap: Update to 2.6.3

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

cyrus-sasl: Update to 2.1.28

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

tftp: Drop package

This is probably not needed right now, and tftp is pretty much out of
fashion.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libpwquality: Update to 1.4.5

The project has moved to GitHub.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

cracklib: Remove Python module

The Python module does not build with Python 3 and we do not need it
anyways. So this patch disables it.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

audit: Drop package

This package is not very useful as we do not have any sources
configured, nor do we have the audit subsystem enabled in the kernel.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Drop epoch from all files

We are having a fresh start, so let's use it for better version numbers.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipfire-release: Install pakfire by default and try to install vim

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipfire-release: No longer install pakfire-build into the build environment

Pakfire does not need any internal components any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

newt: Fix build against Python 3

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

python3-gobject3: Update to 3.42.2

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

gobject-introspection: Update to 1.74.0

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

python3-cairo: Update to 1.23.0

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

avahi: Update to 0.8

Drop dependency to Python 2

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

rrdtool: Update to 1.8.0

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

cairo: Update to 1.16.0

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

python3-dbus: Update to 1.3.2

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Disable all sorts of useless Device Mapper targets

This patch also compiles all sorts of device mapper stuff as modules.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Disable support for floppy drives and block ramdisks

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Enable modern features of the block layer

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Disable the Distributed Lock Manager

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Enable support for ExFAT & NTFS

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Enable support for Hyper-V across the board

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Disable I3C

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Update Ethernet driver configuration

Enable what hasn't been enabled before, and disable PIO mode where
possible.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Merge aarch64 & x86_64

This only sync configuration that seems to have been different between
those two architectures for no reason.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Compile EHCI/OHCI/UHCI support as modules

The USB core will always be compiled into the kernel (because I believe
that we have virtually no systems which won't have a USB bus).

The others will only be loaded when necessary.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Compile the entire SCSI subsystem as modules

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Compile the ATA subsystem as a module

It probably was a good assumption to compile this in, but since more
hardware is using NVMe, I think this might not be used on all systems
any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Compile the MMC subsystem as a module

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Disable the multimedia subsystem

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Enable all supported platforms for ARM

These are the platforms that are currently supported in IPFire 2 and
their depending drivers.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Disable overloading ACPI methods

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Wipe all memory when rebooting on EFI

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Wipe all caller-used registers on exit from the function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Make the scheduler aware of SMT

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Trust the CPU's RNG

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Enable all TPM devices

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Enable IOMMU and set it to strict mode

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Improve memory hardening with KFENCE

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Enable Kernel Lockdown in Confidentiality Mode

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Set HZ=100

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Enable cpufreq support for AMD processors

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Enable support for all sorts of ACPI components

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Disable some character devices that do not make sense

Like vibrators.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Make graphics configruation sane

This patch disables lots of legacy hardware that should not be found in
the IPFire context and enables any modern GPUs.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Disable syscalls that allows processes to r/w other processes' memory

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Mount devtmpfs with noexec, etc.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Enable/disable (mainly wireless) network hardware

This patch enables modules for various modern WiFi/WWAN devices, and
disables support for devices that are not supported by us any more (i.e.
802.11b only cards).

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Enable WireGuard

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Enable SLS on x86

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Disable option to execute 32 bit binaries

Since we are a 64 bit only distribution, there is no need to compile in
any support for 32 bit binaries.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Compile binfmt_misc as a module

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Disable /dev/mem

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Build all HWRNGs as modules

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Do not automatically load TTY line disciplines

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Enable Yama

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Enable Landlock

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Build all library routines as modules and disable self-tests

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Build BTRFS as a module

I am not sure why I built it into the kernel as it pulls in lots of
other stuff which will probably make the kernel image really large.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Enable various modern ciphers/hashes/etc. and acceleration

Most of them have been added in recent kernel releases, but since we
have not been running "make oldconfig" for each of them, they have not
been enabled by default.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Enable parallel crypto by default

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Disable the entire framebuffer subsystem

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Disable bcache

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Disable the entire PCMCIA/CardBus subsystem

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Disable all connection tracking helper modules

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Drop the entire xtables subsystem

This is being replaced by nf_tables.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Enable RANDSTRUCT plugin

This is currently configured to performance mode in order to avoid too
much performance impact.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Disable the latent entropy plugin

It does not generate cryptographically secure entropy.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

kernel: Compress the kernel, modules and firmware using Zstandard

Zstandard is an ideal compression algorithm with great performance for
this purpose. The kernel is still able to load firmware compressed using
XZ and ramdisks compressed with various other algorirthms.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>