├── packages ├── .gitignore └── vyos-build-container │ ├── build.sh │ └── Jenkinsfile ├── CODEOWNERS ├── data ├── build-types │ ├── release.toml │ └── development.toml ├── versions ├── build-flavors │ ├── azure-iso.toml │ ├── aws-iso.toml │ ├── xcpng.toml │ ├── generic.toml │ ├── README.md │ ├── dell-vep1400.toml │ └── edgecore.toml ├── live-build-config │ ├── archives │ │ ├── vyos-dev.pref.chroot │ │ ├── zabbix-official-repo.key.chroot │ │ ├── bookworm-backports.pref.chroot │ │ ├── buster.list.chroot │ │ ├── buster.pref.chroot │ │ ├── saltstack.key.chroot │ │ └── vyos-dev.key.chroot │ ├── includes.chroot │ │ ├── etc │ │ │ ├── modules-load.d │ │ │ │ └── br-netfilter.conf │ │ │ ├── systemd │ │ │ │ ├── system │ │ │ │ │ └── getty@tty1.service.d │ │ │ │ │ │ └── noclear.conf │ │ │ │ ├── bootchart.conf │ │ │ │ ├── journald.conf │ │ │ │ └── system.conf │ │ │ ├── sudoers.d │ │ │ │ └── openvpn │ │ │ ├── modprobe.d │ │ │ │ ├── intel-qat-blacklist.conf │ │ │ │ └── no-copybreak.conf │ │ │ ├── nsswitch.conf │ │ │ ├── initramfs-tools │ │ │ │ └── hooks │ │ │ │ │ └── 10-vyos-addons │ │ │ ├── dh895xcc_dev0.conf │ │ │ ├── dh895xcc_dev1.conf │ │ │ ├── dh895xcc_dev2.conf │ │ │ ├── c3xxx_dev0.conf │ │ │ ├── c3xxx_dev1.conf │ │ │ ├── c3xxx_dev2.conf │ │ │ ├── c6xx_dev0.conf │ │ │ ├── c6xx_dev1.conf │ │ │ ├── c6xx_dev2.conf │ │ │ ├── d15xx_dev0.conf │ │ │ ├── d15xx_dev1.conf │ │ │ └── d15xx_dev2.conf │ │ ├── usr │ │ │ └── share │ │ │ │ └── vyos │ │ │ │ └── keys │ │ │ │ ├── vyos-backup.minisign.pub │ │ │ │ ├── vyos-release.minisign.pub │ │ │ │ ├── vyos-rolling-release.minisign.pub │ │ │ │ └── vyos-release.pub.asc │ │ ├── var │ │ │ └── lib │ │ │ │ └── shim-signed │ │ │ │ └── mok │ │ │ │ └── README.md │ │ └── opt │ │ │ └── vyatta │ │ │ └── etc │ │ │ ├── install-image │ │ │ └── postinst │ │ │ └── grub │ │ │ └── default-union-grub-entry │ ├── package-lists │ │ ├── vyos-base.list.chroot │ │ └── vyos-utils.list.chroot │ ├── hooks │ │ └── live │ │ │ ├── 23-config_mkdir.chroot │ │ │ ├── 15-sources_list.chroot │ │ │ ├── 16-fuse.chroot │ │ │ ├── 00-manifest.binary │ │ │ ├── 04-locale.chroot │ │ │ ├── 20-systemd_target.chroot │ │ │ ├── 24-efi_packages.chroot │ │ │ ├── 07-apt.chroot │ │ │ ├── 14-acpid.chroot │ │ │ ├── 19-kernel_symlinks.chroot │ │ │ ├── 01-interfaces.chroot │ │ │ ├── 82-import-vyos-gpg-signing-key.chroot │ │ │ ├── 90-localepurge.chroot │ │ │ ├── 30-mpls_modules.chroot │ │ │ ├── 03-root_bash_completion.chroot │ │ │ ├── 12-udev-initramfs.chroot │ │ │ ├── 09-live.chroot │ │ │ ├── 21-pam_mkhomedir.chroot │ │ │ ├── 40-init-geoip-database.chroot │ │ │ ├── 00-mk_buildid.chroot │ │ │ ├── 17-gen_initramfs.chroot │ │ │ ├── 08-sysconf.chroot │ │ │ ├── 93-sb-sign-kernel.chroot │ │ │ ├── 05-event_tty.chroot │ │ │ ├── 01-live-serial.binary │ │ │ ├── 30-strongswan-configs.chroot │ │ │ ├── 92-strip-symbols.chroot │ │ │ └── 18-enable-disable_services.chroot │ ├── bootloaders │ │ └── grub-pc │ │ │ ├── splash.png │ │ │ ├── dejavu-bold-14.pf2 │ │ │ ├── dejavu-bold-16.pf2 │ │ │ ├── grub.cfg │ │ │ └── live-theme │ │ │ └── theme.txt │ ├── includes.binary │ │ └── isolinux │ │ │ ├── splash.png │ │ │ ├── menu.cfg │ │ │ └── isolinux.cfg │ └── rootfs │ │ └── excludes ├── architectures │ ├── armhf.toml │ ├── arm64.toml │ └── amd64.toml └── defaults.toml ├── scripts ├── package-build │ ├── frr │ │ ├── build.py │ │ ├── .gitignore │ │ ├── patches │ │ │ └── 0001-Enable-PCRE2-in-Debian-package-builds.patch │ │ └── package.toml │ ├── hostap │ │ ├── build.py │ │ ├── README.md │ │ ├── .gitignore │ │ ├── package.toml │ │ └── build.sh │ ├── kea │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── ndppd │ │ ├── build.py │ │ ├── .gitignore │ │ ├── package.toml │ │ └── patches │ │ │ ├── 0002-set-vyos-version.patch │ │ │ └── 0001-skip-route-table-if-there-is-no-auto-rule.patch │ ├── owamp │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── pmacct │ │ ├── build.py │ │ ├── .gitignore │ │ ├── package.toml │ │ └── patches │ │ │ └── 0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch │ ├── podman │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── radvd │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── tacacs │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── aws-gwlbtun │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── ddclient │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── dropbear │ │ ├── build.py │ │ ├── .gitignore │ │ ├── package.toml │ │ └── patches │ │ │ └── 0001-Enable-PAM-support.patch │ ├── ethtool │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── hsflowd │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── isc-dhcp │ │ ├── build.py │ │ ├── .gitignore │ │ ├── package.toml │ │ └── patches │ │ │ ├── 0004-add-support-for-ARPHRD_NONE-interface-type.patch │ │ │ └── 0003-fix-compilation-errors.patch │ ├── keepalived │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── net-snmp │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── opennhrp │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── openvpn-otp │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── pyhumps │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── strongswan │ │ ├── build.py │ │ ├── .gitignore │ │ ├── package.toml │ │ └── build-vici.sh │ ├── telegraf │ │ ├── build.py │ │ ├── README.md │ │ ├── .gitignore │ │ ├── package.toml │ │ ├── plugins │ │ │ └── outputs │ │ │ │ └── all │ │ │ │ └── all.go │ │ └── build.sh │ ├── waagent │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── wide-dhcpv6 │ │ ├── build.py │ │ ├── .gitignore │ │ ├── package.toml │ │ └── patches │ │ │ └── 0024-bind-to-single-socket.patch │ ├── amazon-ssm-agent │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── frr_exporter │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── node_exporter │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── xen-guest-agent │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── amazon-cloudwatch-agent │ │ ├── build.py │ │ ├── .gitignore │ │ └── package.toml │ ├── netfilter │ │ ├── .gitignore │ │ └── package.toml │ └── linux-kernel │ │ ├── sign-modules.sh │ │ ├── .gitignore │ │ ├── build-openvpn-dco.sh │ │ ├── build-accel-ppp.sh │ │ ├── build-nat-rtsp.sh │ │ ├── patches │ │ └── ixgbe │ │ │ └── allow_unsupported_sfp.patch │ │ ├── package.toml │ │ ├── README.md │ │ └── build-kernel.sh ├── iso-to-oci ├── image-build │ ├── defaults.py │ └── utils.py └── utils │ └── merge-flavors ├── tools ├── cloud-init │ └── AWS │ │ ├── cloud-init.list.chroot │ │ ├── 90_dpkg.cfg │ │ └── config.boot.default └── container │ └── config.boot.default ├── docker ├── arm64 │ └── hooks │ │ ├── pre_build │ │ └── post_checkout ├── armhf │ └── hooks │ │ ├── pre_build │ │ └── post_checkout ├── entrypoint.sh └── patches │ └── live-build │ └── 0001-save-package-info.patch ├── .gitignore ├── vars ├── README.md ├── getGitRepoURL.groovy ├── getGitRepoName.groovy ├── isPullRequest.groovy ├── getGitBranchName.groovy ├── getChangeSetPath.groovy ├── getJenkinsfilePath.groovy ├── isCustomBuild.groovy └── setDescription.groovy ├── .github ├── workflows │ ├── label-backport.yml │ ├── check-stale.yml │ ├── check-pr-conflicts.yml │ ├── auto-author-assign.yml │ ├── linit-j2.yml │ ├── add-pr-labels.yml │ ├── check-pr-message.yml │ ├── check-unused-imports.yml │ ├── repo-sync.yml │ ├── codeql.yml │ ├── check-scripts-executable.yml │ └── trigger-docker-image-build.yml └── PULL_REQUEST_TEMPLATE.md ├── LICENSE.artwork ├── resources └── branding.sh ├── docker-vyos ├── vyos_install_stage_03.sh ├── README.md ├── vyos_install_stage_02.sh └── vyos_install_stage_01.sh ├── Makefile ├── README.md └── Jenkinsfile.docker /packages/.gitignore: -------------------------------------------------------------------------------- 1 | /* 2 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @vyos/reviewers 2 | -------------------------------------------------------------------------------- /data/build-types/release.toml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /scripts/package-build/frr/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/hostap/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/kea/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/ndppd/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/owamp/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/pmacct/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/podman/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/radvd/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/tacacs/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /data/versions: -------------------------------------------------------------------------------- 1 | { 2 | "current": "1.5" 3 | } 4 | -------------------------------------------------------------------------------- /scripts/package-build/aws-gwlbtun/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/ddclient/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/dropbear/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/ethtool/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/hsflowd/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/isc-dhcp/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/keepalived/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/net-snmp/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/opennhrp/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/openvpn-otp/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/pyhumps/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/strongswan/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/telegraf/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/waagent/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/wide-dhcpv6/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/amazon-ssm-agent/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/frr_exporter/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/node_exporter/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/xen-guest-agent/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/amazon-cloudwatch-agent/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /tools/cloud-init/AWS/cloud-init.list.chroot: -------------------------------------------------------------------------------- 1 | cloud-init 2 | awscli 3 | -------------------------------------------------------------------------------- /scripts/package-build/hostap/README.md: -------------------------------------------------------------------------------- 1 | # build 2 | ``` 3 | python3 build.py 4 | ``` 5 | -------------------------------------------------------------------------------- /scripts/package-build/telegraf/README.md: -------------------------------------------------------------------------------- 1 | # build 2 | ``` 3 | python3 build.py 4 | ``` 5 | -------------------------------------------------------------------------------- /data/build-flavors/azure-iso.toml: -------------------------------------------------------------------------------- 1 | image_format = "iso" 2 | 3 | packages = ["waagent"] 4 | 5 | 6 | -------------------------------------------------------------------------------- /data/build-flavors/aws-iso.toml: -------------------------------------------------------------------------------- 1 | image_format = "iso" 2 | 3 | packages = ["amazon-cloudwatch-agent"] 4 | -------------------------------------------------------------------------------- /scripts/package-build/owamp/.gitignore: -------------------------------------------------------------------------------- 1 | owamp/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | -------------------------------------------------------------------------------- /scripts/package-build/pmacct/.gitignore: -------------------------------------------------------------------------------- 1 | pmacct/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | -------------------------------------------------------------------------------- /scripts/package-build/radvd/.gitignore: -------------------------------------------------------------------------------- 1 | radvd/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | -------------------------------------------------------------------------------- /data/live-build-config/archives/vyos-dev.pref.chroot: -------------------------------------------------------------------------------- 1 | Package: * 2 | Pin: release n=current 3 | Pin-Priority: 999 4 | -------------------------------------------------------------------------------- /scripts/package-build/hsflowd/.gitignore: -------------------------------------------------------------------------------- 1 | host-sflow/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | -------------------------------------------------------------------------------- /scripts/package-build/kea/.gitignore: -------------------------------------------------------------------------------- 1 | isc-kea/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | 8 | -------------------------------------------------------------------------------- /scripts/package-build/ndppd/.gitignore: -------------------------------------------------------------------------------- 1 | ndppd/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | 8 | -------------------------------------------------------------------------------- /scripts/package-build/net-snmp/.gitignore: -------------------------------------------------------------------------------- 1 | net-snmp/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | -------------------------------------------------------------------------------- /scripts/package-build/opennhrp/.gitignore: -------------------------------------------------------------------------------- 1 | opennhrp/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | -------------------------------------------------------------------------------- /scripts/package-build/podman/.gitignore: -------------------------------------------------------------------------------- 1 | podman/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | 8 | -------------------------------------------------------------------------------- /scripts/package-build/pyhumps/.gitignore: -------------------------------------------------------------------------------- 1 | humps/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | 8 | -------------------------------------------------------------------------------- /scripts/package-build/telegraf/.gitignore: -------------------------------------------------------------------------------- 1 | telegraf/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | -------------------------------------------------------------------------------- /scripts/package-build/ddclient/.gitignore: -------------------------------------------------------------------------------- 1 | ddclient/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | 8 | -------------------------------------------------------------------------------- /scripts/package-build/dropbear/.gitignore: -------------------------------------------------------------------------------- 1 | dropbear/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | 8 | -------------------------------------------------------------------------------- /scripts/package-build/ethtool/.gitignore: -------------------------------------------------------------------------------- 1 | ethtool/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | 8 | -------------------------------------------------------------------------------- /scripts/package-build/hostap/.gitignore: -------------------------------------------------------------------------------- 1 | hostap/ 2 | wpa/ 3 | *.buildinfo 4 | *.build 5 | *.changes 6 | *.deb 7 | *.dsc 8 | -------------------------------------------------------------------------------- /scripts/package-build/isc-dhcp/.gitignore: -------------------------------------------------------------------------------- 1 | isc-dhcp/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | 8 | -------------------------------------------------------------------------------- /scripts/package-build/strongswan/.gitignore: -------------------------------------------------------------------------------- 1 | strongswan/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | -------------------------------------------------------------------------------- /tools/cloud-init/AWS/90_dpkg.cfg: -------------------------------------------------------------------------------- 1 | # to update this file, run dpkg-reconfigure cloud-init 2 | datasource_list: [ Ec2 ] 3 | -------------------------------------------------------------------------------- /scripts/package-build/keepalived/.gitignore: -------------------------------------------------------------------------------- 1 | keepalived/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | 8 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/modules-load.d/br-netfilter.conf: -------------------------------------------------------------------------------- 1 | # Load br-netfilter.ko at boot 2 | br_netfilter 3 | 4 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/systemd/system/getty@tty1.service.d/noclear.conf: -------------------------------------------------------------------------------- 1 | [Service] 2 | TTYVTDisallocate=no 3 | -------------------------------------------------------------------------------- /data/live-build-config/package-lists/vyos-base.list.chroot: -------------------------------------------------------------------------------- 1 | debconf 2 | gpgv 3 | gnupg 4 | vyos-1x 5 | vyos-user-utils 6 | zstd 7 | -------------------------------------------------------------------------------- /scripts/package-build/frr/.gitignore: -------------------------------------------------------------------------------- 1 | frr/ 2 | rtrlib/ 3 | libyang/ 4 | *.buildinfo 5 | *.build 6 | *.changes 7 | *.deb 8 | *.dsc 9 | -------------------------------------------------------------------------------- /scripts/package-build/frr_exporter/.gitignore: -------------------------------------------------------------------------------- 1 | frr_exporter / 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | -------------------------------------------------------------------------------- /scripts/package-build/node_exporter/.gitignore: -------------------------------------------------------------------------------- 1 | node_exporter/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | 8 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/23-config_mkdir.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | echo I: Create config directory. 4 | 5 | mkdir -p /config 6 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/sudoers.d/openvpn: -------------------------------------------------------------------------------- 1 | openvpn ALL=(ALL) NOPASSWD: /sbin/ip 2 | Defaults:openvpn !requiretty 3 | -------------------------------------------------------------------------------- /scripts/package-build/openvpn-otp/.gitignore: -------------------------------------------------------------------------------- 1 | openvpn-otp/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | *.tar.gz 8 | -------------------------------------------------------------------------------- /scripts/package-build/wide-dhcpv6/.gitignore: -------------------------------------------------------------------------------- 1 | wide-dhcpv6/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | *.udeb 8 | -------------------------------------------------------------------------------- /scripts/package-build/xen-guest-agent/.gitignore: -------------------------------------------------------------------------------- 1 | xen-guest-agent/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | 8 | -------------------------------------------------------------------------------- /scripts/package-build/waagent/.gitignore: -------------------------------------------------------------------------------- 1 | waagent/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | *.tar.gz 8 | *.tar.xz 9 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/15-sources_list.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | rm -f /etc/apt/sources.list.d/*.list >/dev/null 2>&1 || true 4 | 5 | -------------------------------------------------------------------------------- /data/live-build-config/package-lists/vyos-utils.list.chroot: -------------------------------------------------------------------------------- 1 | systemd-sysv 2 | systemd-bootchart 3 | ncurses-term 4 | kitty-terminfo 5 | binutils 6 | -------------------------------------------------------------------------------- /scripts/package-build/amazon-ssm-agent/.gitignore: -------------------------------------------------------------------------------- 1 | amazon-ssm-agent/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | *.tar.gz 8 | -------------------------------------------------------------------------------- /scripts/package-build/aws-gwlbtun/.gitignore: -------------------------------------------------------------------------------- 1 | aws-gwlbtun*/ 2 | *.tar.gz 3 | *.tar.xz 4 | *.deb 5 | *.dsc 6 | *.buildinfo 7 | *.build 8 | *.changes -------------------------------------------------------------------------------- /scripts/package-build/owamp/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "owamp" 3 | commit_id = "v4.4.6" 4 | scm_url = "https://github.com/perfsonar/owamp" 5 | -------------------------------------------------------------------------------- /scripts/package-build/netfilter/.gitignore: -------------------------------------------------------------------------------- 1 | /pkg-libnftnl/ 2 | /pkg-nftables/ 3 | *.buildinfo 4 | *.build 5 | *.changes 6 | *.deb 7 | *.dsc 8 | *.tar.gz 9 | -------------------------------------------------------------------------------- /data/build-types/development.toml: -------------------------------------------------------------------------------- 1 | packages = [ 2 | "gdb", 3 | "strace", 4 | "apt-rdepends", 5 | "tshark", 6 | "vim", 7 | "vyos-1x-smoketest" 8 | ] 9 | -------------------------------------------------------------------------------- /data/live-build-config/bootloaders/grub-pc/splash.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dd010101/vyos-build/HEAD/data/live-build-config/bootloaders/grub-pc/splash.png -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/16-fuse.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | sed -i 's/#user_allow_other/user_allow_other/g' /etc/fuse.conf 4 | chmod a+r /etc/fuse.conf 5 | -------------------------------------------------------------------------------- /scripts/package-build/amazon-cloudwatch-agent/.gitignore: -------------------------------------------------------------------------------- 1 | amazon-cloudwatch-agent/ 2 | *.buildinfo 3 | *.build 4 | *.changes 5 | *.deb 6 | *.dsc 7 | *.tar.gz 8 | -------------------------------------------------------------------------------- /scripts/package-build/ndppd/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "ndppd" 3 | commit_id = "debian/0.2.5-6" 4 | scm_url = "https://salsa.debian.org/debian/ndppd" 5 | -------------------------------------------------------------------------------- /scripts/package-build/tacacs/.gitignore: -------------------------------------------------------------------------------- 1 | libnss-tacplus/ 2 | libpam-tacplus/ 3 | libtacplus-map/ 4 | *.buildinfo 5 | *.build 6 | *.changes 7 | *.deb 8 | *.dsc 9 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/00-manifest.binary: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | echo I: Backwards compat packages.txt 4 | echo "ii vyatta-version " > live/packages.txt 5 | -------------------------------------------------------------------------------- /scripts/package-build/kea/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "isc-kea" 3 | commit_id = "debian/2.4.1-3" 4 | scm_url = "https://salsa.debian.org/debian/isc-kea" 5 | -------------------------------------------------------------------------------- /data/live-build-config/includes.binary/isolinux/splash.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dd010101/vyos-build/HEAD/data/live-build-config/includes.binary/isolinux/splash.png -------------------------------------------------------------------------------- /scripts/package-build/ddclient/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "ddclient" 3 | commit_id = "debian/3.11.2-1" 4 | scm_url = "https://salsa.debian.org/debian/ddclient" 5 | -------------------------------------------------------------------------------- /scripts/package-build/pmacct/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "pmacct" 3 | commit_id = "debian/1.7.7-1" 4 | scm_url = "https://salsa.debian.org/debian/pmacct.git" 5 | -------------------------------------------------------------------------------- /data/live-build-config/bootloaders/grub-pc/dejavu-bold-14.pf2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dd010101/vyos-build/HEAD/data/live-build-config/bootloaders/grub-pc/dejavu-bold-14.pf2 -------------------------------------------------------------------------------- /data/live-build-config/bootloaders/grub-pc/dejavu-bold-16.pf2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dd010101/vyos-build/HEAD/data/live-build-config/bootloaders/grub-pc/dejavu-bold-16.pf2 -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/04-locale.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | echo I: Set default locale 4 | cat <etc/default/locale 5 | LANG=en_US.UTF-8 6 | LC_ALL=C 7 | EOF 8 | -------------------------------------------------------------------------------- /scripts/package-build/ethtool/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "ethtool" 3 | commit_id = "debian/1%6.10-1" 4 | scm_url = "https://salsa.debian.org/kernel-team/ethtool" 5 | -------------------------------------------------------------------------------- /data/live-build-config/archives/zabbix-official-repo.key.chroot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dd010101/vyos-build/HEAD/data/live-build-config/archives/zabbix-official-repo.key.chroot -------------------------------------------------------------------------------- /scripts/package-build/keepalived/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "keepalived" 3 | commit_id = "debian/1%2.2.8-1" 4 | scm_url = "https://salsa.debian.org/debian/pkg-keepalived.git" 5 | -------------------------------------------------------------------------------- /scripts/package-build/wide-dhcpv6/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "wide-dhcpv6" 3 | commit_id = "debian/20080615-23" 4 | scm_url = "https://salsa.debian.org/debian/wide-dhcpv6" 5 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/20-systemd_target.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | echo I: Choose systemd multi-user.target over graphical.target 4 | systemctl set-default -f multi-user.target 5 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-backup.minisign.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: VyOS release signing key 2 | RWSw63o24QvCadaeW21Vqv6+/uzXUsNOpLlRoLRQd2NJgdOm1k1zdAb3 3 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-release.minisign.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: VyOS release signing key 2 | RWTR1ty93Oyontk6caB9WqmiQC4fgeyd/ejgRxCRGd2MQej7nqebHneP 3 | -------------------------------------------------------------------------------- /data/live-build-config/includes.binary/isolinux/menu.cfg: -------------------------------------------------------------------------------- 1 | menu hshift 0 2 | menu width 82 3 | 4 | menu title VyOS - Boot Menu 5 | include stdmenu.cfg 6 | include live.cfg 7 | 8 | menu clear 9 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/modprobe.d/intel-qat-blacklist.conf: -------------------------------------------------------------------------------- 1 | blacklist intel_qat 2 | blacklist qat_c3xxx 3 | blacklist c6xx_dev0 4 | blacklist d15xx_dev0 5 | blacklist dh895xcc_dev0 6 | -------------------------------------------------------------------------------- /data/build-flavors/xcpng.toml: -------------------------------------------------------------------------------- 1 | # Installation ISO for the XCP-ng virtualization platform 2 | 3 | image_format = "iso" 4 | 5 | # Include these packages in the image 6 | packages = ["xe-guest-utilities"] 7 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-rolling-release.minisign.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: minisign public key D3643767F448688 2 | RWSIhkR/dkM2DSaBRniv/bbbAf8hmDqdbOEmgXkf1RxRoxzodgKcDyGq 3 | -------------------------------------------------------------------------------- /data/live-build-config/archives/bookworm-backports.pref.chroot: -------------------------------------------------------------------------------- 1 | Package: iproute2 2 | Pin: release n=bookworm-backports 3 | Pin-Priority: 600 4 | 5 | Package: * 6 | Pin: release n=bookworm-backports 7 | Pin-Priority: -100 8 | -------------------------------------------------------------------------------- /scripts/package-build/net-snmp/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "net-snmp" 3 | commit_id = "debian/5.9.4+dfsg-1" 4 | scm_url = "https://salsa.debian.org/debian/net-snmp" 5 | build_cmd = "dpkg-buildpackage -us -uc -tc -b || true" 6 | -------------------------------------------------------------------------------- /scripts/package-build/telegraf/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "telegraf" 3 | commit_id = "v1.28.3" 4 | scm_url = "https://github.com/influxdata/telegraf.git" 5 | build_cmd = "cd ..; ./build.sh; cp telegraf/build/dist/*.deb ." 6 | -------------------------------------------------------------------------------- /scripts/package-build/isc-dhcp/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "isc-dhcp" 3 | commit_id = "debian/4.4.3-P1-4" 4 | scm_url = "https://salsa.debian.org/debian/isc-dhcp" 5 | 6 | [packages.dependencies] 7 | packages = ["libpam0g-dev"] 8 | -------------------------------------------------------------------------------- /scripts/package-build/dropbear/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "dropbear" 3 | commit_id = "debian/2022.83-1+deb12u1" 4 | scm_url = "https://salsa.debian.org/debian/dropbear.git" 5 | 6 | [packages.dependencies] 7 | packages = ["libpam0g-dev"] -------------------------------------------------------------------------------- /data/architectures/armhf.toml: -------------------------------------------------------------------------------- 1 | additional_repositories = [ 2 | "deb [arch=armhf] https://packages.vyos.net/saltproject/debian/11/arm64/3005 bullseye main" 3 | ] 4 | 5 | # Packages included in armhf images by default 6 | packages = ["grub-efi-arm"] 7 | -------------------------------------------------------------------------------- /data/live-build-config/archives/buster.list.chroot: -------------------------------------------------------------------------------- 1 | deb http://deb.debian.org/debian/ buster main non-free 2 | deb http://deb.debian.org/debian/ buster-updates main non-free 3 | deb http://security.debian.org/debian-security buster/updates main non-free 4 | -------------------------------------------------------------------------------- /scripts/package-build/pyhumps/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "humps" 3 | commit_id = "v3.8.0" 4 | scm_url = "https://github.com/nficano/humps.git" 5 | build_cmd = "python3 setup.py --command-packages=stdeb.command bdist_deb; cp deb_dist/*.deb .." 6 | -------------------------------------------------------------------------------- /scripts/package-build/waagent/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "waagent" 3 | commit_id = "debian/2.9.1.1-2" 4 | scm_url = "https://salsa.debian.org/cloud-team/waagent.git" 5 | 6 | [packages.dependencies] 7 | packages = ["dpkg-source-gitarchive"] 8 | -------------------------------------------------------------------------------- /docker/arm64/hooks/pre_build: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Register qemu-*-static for all supported processors except the 3 | # current one, but also remove all registered binfmt_misc before 4 | docker run --rm --privileged multiarch/qemu-user-static:register --reset 5 | -------------------------------------------------------------------------------- /docker/armhf/hooks/pre_build: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Register qemu-*-static for all supported processors except the 3 | # current one, but also remove all registered binfmt_misc before 4 | docker run --rm --privileged multiarch/qemu-user-static:register --reset 5 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | build/* 2 | *.pyc 3 | packer_build/* 4 | packer_cache/* 5 | key/* 6 | packages/* 7 | !packages/*/ 8 | data/live-build-config/includes.chroot/var/lib/shim-signed/mok/* 9 | /testinstall*.img 10 | /testinstall*.efivars 11 | /*.qcow2 12 | /*.tar 13 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/24-efi_packages.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exit 0 3 | echo I: Download grub-efi packages. 4 | 5 | mkdir -p /usr/share/vyos/packages 6 | cd /usr/share/vyos/packages 7 | aptitude download grub-efi 8 | aptitude download grub-efi-amd64 9 | -------------------------------------------------------------------------------- /data/live-build-config/archives/buster.pref.chroot: -------------------------------------------------------------------------------- 1 | Package: bash 2 | Pin: release n=buster 3 | Pin-Priority: 600 4 | 5 | Package: bash-completion 6 | Pin: release n=buster 7 | Pin-Priority: 600 8 | 9 | Package: * 10 | Pin: release n=buster 11 | Pin-Priority: -10 12 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/07-apt.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ -e /cdrom/vyatta-pubkey.gpg ] ; then 4 | apt-key add /cdrom/vyatta-pubkey.gpg 5 | elif [ -e /vyatta-pubkey.gpg ] ; then 6 | apt-key add /vyatta-pubkey.gpg 7 | rm -f /vyatta-pubkey.gpg 8 | fi 9 | -------------------------------------------------------------------------------- /docker/arm64/hooks/post_checkout: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # downloads a local copy of qemu on docker-hub build machines 3 | curl -L https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-arm.tar.gz | tar zxvf - -C . && mv qemu-3.0.0+resin-arm/qemu-arm-static . 4 | -------------------------------------------------------------------------------- /docker/armhf/hooks/post_checkout: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # downloads a local copy of qemu on docker-hub build machines 3 | curl -L https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-arm.tar.gz | tar zxvf - -C . && mv qemu-3.0.0+resin-arm/qemu-arm-static . 4 | -------------------------------------------------------------------------------- /scripts/package-build/hsflowd/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "host-sflow" 3 | commit_id = "v2.0.55-1" 4 | scm_url = "https://github.com/sflow/host-sflow.git" 5 | build_cmd = "make deb FEATURES='PCAP DROPMON DBUS'" 6 | 7 | [packages.dependencies] 8 | packages = ["libpcap0.8-dev"] 9 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/14-acpid.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # To be able to properly shutdown bare-metal servers install and 4 | # configure acpid 5 | apt-get -y install acpid 6 | 7 | cat < /etc/acpi/events/powerbtn 8 | event=button[ /]power 9 | action=/sbin/poweroff 10 | EOF 11 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/19-kernel_symlinks.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | echo I: Creating Linux Kernel symbolic links 4 | cd /boot 5 | ln -s initrd.img-* initrd.img 6 | ln -s vmlinuz-* vmlinuz 7 | 8 | echo I: Remove Linux Kernel symbolic link to source folder 9 | rm -rf /lib/modules/*/build 10 | -------------------------------------------------------------------------------- /vars/README.md: -------------------------------------------------------------------------------- 1 | # Jenkins Build Library 2 | 3 | Instead of writing the same code over and over again, place the common 4 | parts into a Jenkins Library which is then consumed by every individual 5 | build Job. This not only makes it less complex, it also increases 6 | maintainability by several magnitudes. 7 | -------------------------------------------------------------------------------- /.github/workflows/label-backport.yml: -------------------------------------------------------------------------------- 1 | name: Mergifyio backport 2 | 3 | on: [issue_comment] 4 | 5 | permissions: 6 | pull-requests: write 7 | contents: read 8 | 9 | jobs: 10 | mergifyio-backport: 11 | uses: vyos/.github/.github/workflows/label-backport.yml@current 12 | secrets: inherit 13 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/01-interfaces.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if ! grep '^auto lo' /etc/network/interfaces &> /dev/null ; then 4 | mkdir -p -m 0755 /etc/network 5 | cat >> /etc/network/interfaces <<-EOF 6 | 7 | # The loopback network interface 8 | auto lo 9 | iface lo inet loopback 10 | 11 | EOF 12 | fi 13 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/82-import-vyos-gpg-signing-key.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if ! command -v gpg &> /dev/null; then 4 | echo "gpg binary could not be found" 5 | exit 1 6 | fi 7 | 8 | GPG_KEY="/usr/share/vyos/keys/vyos-release.pub.asc" 9 | 10 | echo I: Import GPG key 11 | gpg --import ${GPG_KEY} 12 | exit $? 13 | -------------------------------------------------------------------------------- /data/live-build-config/includes.binary/isolinux/isolinux.cfg: -------------------------------------------------------------------------------- 1 | include menu.cfg 2 | default vesamenu.c32 3 | prompt 0 4 | 5 | # Ignore the Shift/Alt/Caps Lock/Scroll Lock escape 6 | noescape 1 7 | 8 | # Wait 10 seconds unless the user types something, but 9 | # always boot after 5 minutes. 10 | timeout 100 11 | totaltimeout 3000 12 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/90-localepurge.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | LPCONF=/etc/locale.nopurge 4 | 5 | echo MANDELETE > $LPCONF 6 | echo DONTBOTHERNEWLOCALE >> $LPCONF 7 | echo SHOWFREEDSPACE >> $LPCONF 8 | echo QUICKNDIRTYCALC >> $LPCONF 9 | echo en >> $LPCONF 10 | echo en_US.UTF-8 >> $LPCONF 11 | 12 | /usr/sbin/localepurge 13 | -------------------------------------------------------------------------------- /.github/workflows/check-stale.yml: -------------------------------------------------------------------------------- 1 | name: "Issue and PR stale management" 2 | on: 3 | schedule: 4 | - cron: "0 0 * * *" 5 | workflow_dispatch: 6 | 7 | permissions: 8 | pull-requests: write 9 | contents: read 10 | 11 | jobs: 12 | stale: 13 | uses: vyos/.github/.github/workflows/check-stale.yml@current 14 | secrets: inherit 15 | -------------------------------------------------------------------------------- /scripts/package-build/hostap/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "wpa" 3 | commit_id = "debian/2%2.10-12" 4 | scm_url = "https://salsa.debian.org/debian/wpa" 5 | build_cmd = "/bin/true" 6 | 7 | [[packages]] 8 | name = "hostap" 9 | commit_id = "e7172e26d" 10 | scm_url = "git://w1.fi/srv/git/hostap.git" 11 | build_cmd = "cd ..; y | ./build.sh" 12 | 13 | -------------------------------------------------------------------------------- /.github/workflows/check-pr-conflicts.yml: -------------------------------------------------------------------------------- 1 | 2 | name: "PR Conflicts checker" 3 | on: 4 | pull_request_target: 5 | types: [synchronize] 6 | 7 | permissions: 8 | pull-requests: write 9 | contents: read 10 | 11 | jobs: 12 | check-pr-conflict-call: 13 | uses: vyos/.github/.github/workflows/check-pr-merge-conflict.yml@current 14 | secrets: inherit 15 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/30-mpls_modules.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # FRR LDP require loaded MPLS modules before starting FRR daemons 4 | 5 | echo I: Enabling autoload MPLS modules 6 | 7 | echo "mpls_gso" >> /etc/modules-load.d/mpls.conf 8 | echo "mpls_iptunnel" >> /etc/modules-load.d/mpls.conf 9 | echo "mpls_router" >> /etc/modules-load.d/mpls.conf 10 | -------------------------------------------------------------------------------- /.github/workflows/auto-author-assign.yml: -------------------------------------------------------------------------------- 1 | name: "PR Triage" 2 | on: 3 | pull_request_target: 4 | types: [opened, reopened, ready_for_review, locked] 5 | 6 | 7 | permissions: 8 | pull-requests: write 9 | contents: read 10 | 11 | jobs: 12 | assign-author: 13 | uses: vyos/.github/.github/workflows/assign-author.yml@current 14 | secrets: inherit 15 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/systemd/bootchart.conf: -------------------------------------------------------------------------------- 1 | [Bootchart] 2 | Samples=20000 3 | Frequency=25 4 | #Relative=yes 5 | #Filter=yes 6 | #Output= 7 | #Init=/path/to/init-binary 8 | #PlotMemoryUsage=yes 9 | #PlotEntropyGraph=yes 10 | #ScaleX=100 11 | #ScaleY=20 12 | #ControlGroup=yes 13 | PerCPU=yes 14 | Cmdline=yes 15 | 16 | -------------------------------------------------------------------------------- /.github/workflows/linit-j2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: J2 Lint 3 | 4 | on: 5 | pull_request: 6 | branches: 7 | - current 8 | - sagitta 9 | - equuleus 10 | workflow_dispatch: 11 | 12 | permissions: 13 | pull-requests: write 14 | contents: read 15 | 16 | jobs: 17 | j2lint: 18 | uses: vyos/.github/.github/workflows/lint-j2.yml@current 19 | secrets: inherit 20 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/03-root_bash_completion.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | grep -q '\(^[^#]*\)\(\.\|source\) /etc/bash_completion' root/.bashrc || \ 4 | cat <<-EOF >> root/.bashrc 5 | 6 | source /etc/bash_completion 7 | EOF 8 | 9 | sed -i 's/set $BASH_COMPLETION_ORIGINAL_V_VALUE/builtin set $BASH_COMPLETION_ORIGINAL_V_VALUE/g' /usr/share/bash-completion/bash_completion 10 | 11 | -------------------------------------------------------------------------------- /.github/workflows/add-pr-labels.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Add pull request labels 3 | 4 | on: 5 | pull_request_target: 6 | branches: 7 | - current 8 | - equuleus 9 | - sagitta 10 | 11 | permissions: 12 | pull-requests: write 13 | contents: read 14 | 15 | jobs: 16 | add-pr-label: 17 | uses: vyos/.github/.github/workflows/add-pr-labels.yml@current 18 | secrets: inherit 19 | -------------------------------------------------------------------------------- /.github/workflows/check-pr-message.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Check pull request message format 3 | 4 | on: 5 | pull_request_target: 6 | branches: 7 | - current 8 | - sagitta 9 | - equuleus 10 | 11 | permissions: 12 | pull-requests: write 13 | contents: read 14 | 15 | jobs: 16 | check-pr-title: 17 | uses: vyos/.github/.github/workflows/check-pr-message.yml@current 18 | secrets: inherit 19 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/12-udev-initramfs.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # this was a "local patch" but patch generates a .orig file if it doesn't 4 | # apply cleanly, which is not good when all files in the hook directory are 5 | # executed. just use sed to hack the udev hook here. 6 | 7 | sed -i 's/^\(mount -n -o move \/dev .*\/dev\)$/\1 2>\/dev\/null/' \ 8 | /usr/share/initramfs-tools/scripts/init-bottom/udev 9 | 10 | -------------------------------------------------------------------------------- /scripts/package-build/telegraf/plugins/outputs/all/all.go: -------------------------------------------------------------------------------- 1 | package all 2 | 3 | import ( 4 | //Blank imports for plugins to register themselves 5 | _ "github.com/influxdata/telegraf/plugins/outputs/azure_data_explorer" 6 | _ "github.com/influxdata/telegraf/plugins/outputs/http" 7 | _ "github.com/influxdata/telegraf/plugins/outputs/influxdb_v2" 8 | _ "github.com/influxdata/telegraf/plugins/outputs/prometheus_client" 9 | ) 10 | -------------------------------------------------------------------------------- /data/architectures/arm64.toml: -------------------------------------------------------------------------------- 1 | # Packages included in ARM64 images by default 2 | packages = [ 3 | "grub-efi-arm64", 4 | ] 5 | bootloaders = "grub-efi" 6 | 7 | [additional_repositories.salt] 8 | architecture = "arm64" 9 | url = "https://packages.vyos.net/saltproject/debian/11/amd64/3005" 10 | distribution = "bullseye" 11 | 12 | [additional_repositories.zabbix] 13 | url = "https://repo.zabbix.com/zabbix/6.0/debian-arm64" 14 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/09-live.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # hack live script that tries to mount ext[23] floppies as root 4 | # remove user settings live config scripts 5 | 6 | sed -e '/ln -s "${devname}"/,/return 0/ s/^/: FIXME/' \ 7 | -i /usr/share/initramfs-tools/scripts/live 8 | 9 | rm -rf /lib/live/config/0030-live-debconfig_passwd 10 | rm -rf /lib/live/config/0030-user-setup 11 | rm -rf /lib/live/config/0040-sudo 12 | -------------------------------------------------------------------------------- /.github/workflows/check-unused-imports.yml: -------------------------------------------------------------------------------- 1 | name: Check for unused imports using Pylint 2 | on: 3 | pull_request: 4 | branches: 5 | - current 6 | - sagitta 7 | - equuleus 8 | workflow_dispatch: 9 | 10 | permissions: 11 | pull-requests: write 12 | contents: read 13 | 14 | jobs: 15 | check-unused-imports: 16 | uses: vyos/.github/.github/workflows/check-unused-imports.yml@current 17 | secrets: inherit 18 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md: -------------------------------------------------------------------------------- 1 | # Secure Boot 2 | 3 | ## CA 4 | 5 | Create Certificate Authority used for Kernel signing. CA is loaded into the 6 | Machine Owner Key store on the target system. 7 | 8 | ```bash 9 | openssl req -new -x509 -newkey rsa:4096 -keyout MOK.key -outform DER -out MOK.der -days 36500 -subj "/CN=VyOS Secure Boot CA/" -nodes 10 | openssl x509 -inform der -in MOK.der -out MOK.pem 11 | ``` 12 | -------------------------------------------------------------------------------- /.github/workflows/repo-sync.yml: -------------------------------------------------------------------------------- 1 | name: Repo-sync 2 | 3 | on: 4 | pull_request_target: 5 | types: 6 | - closed 7 | branches: 8 | - current 9 | workflow_dispatch: 10 | 11 | jobs: 12 | trigger-sync: 13 | uses: vyos/.github/.github/workflows/trigger-repo-sync.yml@current 14 | secrets: 15 | REMOTE_REPO: ${{ secrets.REMOTE_REPO }} 16 | REMOTE_OWNER: ${{ secrets.REMOTE_OWNER }} 17 | PAT: ${{ secrets.PAT }} 18 | -------------------------------------------------------------------------------- /data/build-flavors/generic.toml: -------------------------------------------------------------------------------- 1 | # Generic (aka "universal") ISO image 2 | 3 | image_format = "iso" 4 | 5 | # Include these packages in the image regardless of the architecture 6 | packages = [ 7 | # QEMU and Xen guest tools exist for multiple architectures 8 | "qemu-guest-agent", 9 | "vyos-xe-guest-utilities", 10 | ] 11 | 12 | [architectures.amd64] 13 | # Hyper-V and VMware guest tools are x86-only 14 | packages = ["hyperv-daemons", "vyos-1x-vmware"] 15 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/21-pam_mkhomedir.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | echo I: Create home directory on login. 4 | 5 | cat > /usr/share/pam-configs/mkhomedir < $OUT_PATH 12 | 13 | if [ $? -ne 0 ]; then 14 | echo "Failed to download GeoIP database" 15 | rm $OUT_PATH 16 | fi 17 | -------------------------------------------------------------------------------- /.github/workflows/codeql.yml: -------------------------------------------------------------------------------- 1 | name: "Perform CodeQL Analysis" 2 | 3 | on: 4 | push: 5 | branches: [ "current", "sagitta", "equuleus" ] 6 | pull_request: 7 | # The branches below must be a subset of the branches above 8 | branches: [ "current" ] 9 | schedule: 10 | - cron: '22 10 * * 0' 11 | workflow_dispatch: 12 | 13 | permissions: 14 | actions: read 15 | contents: read 16 | security-events: write 17 | 18 | jobs: 19 | codeql-analysis-call: 20 | uses: vyos/.github/.github/workflows/codeql-analysis.yml@current 21 | secrets: inherit 22 | with: 23 | languages: "['python']" 24 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/00-mk_buildid.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # create the buildid file 3 | 4 | etcdir=/opt/vyatta/etc 5 | 6 | [ -d $etcdir ] || mkdir -p -m 0755 $etcdir 7 | rm -f $etcdir/build.txt $etcdir/iso-build.txt $etc/iso-submodules.txt 8 | 9 | ## NOTE: on live image build, these files are in the chroot/root 10 | ## however, during install, these are in /cdrom 11 | for f in iso-build.txt iso-submodules.txt ; do 12 | if [ -f /cdrom/$f ] ; then 13 | cp /cdrom/$f $etcdir 14 | elif [ -f /$f ] ; then 15 | cp /$f $etcdir 16 | else 17 | >$etcdir/$f 18 | fi 19 | done 20 | 21 | # backwards compatible symlink 22 | ln -s iso-build.txt $etcdir/build.txt 23 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/nsswitch.conf: -------------------------------------------------------------------------------- 1 | # /etc/nsswitch.conf 2 | # 3 | # Example configuration of GNU Name Service Switch functionality. 4 | # If you have the `glibc-doc-reference' and `info' packages installed, try: 5 | # `info libc "Name Service Switch"' for information about this file. 6 | 7 | passwd: files 8 | group: files 9 | shadow: files 10 | gshadow: files 11 | 12 | # Per T2678, commenting out myhostname 13 | hosts: files dns #myhostname 14 | networks: files 15 | 16 | protocols: db files 17 | services: db files 18 | ethers: db files 19 | rpc: db files 20 | 21 | netgroup: nis 22 | -------------------------------------------------------------------------------- /scripts/package-build/ndppd/patches/0002-set-vyos-version.patch: -------------------------------------------------------------------------------- 1 | From b0789cf679b0179d37e22f5a936af273d982abeb Mon Sep 17 00:00:00 2001 2 | From: Henning Surmeier 3 | Date: Tue, 11 Jan 2022 13:05:47 +0100 4 | Subject: [PATCH 2/2] set -vyos version 5 | 6 | --- 7 | src/ndppd.h | 2 +- 8 | 1 file changed, 1 insertion(+), 1 deletion(-) 9 | 10 | diff --git a/src/ndppd.h b/src/ndppd.h 11 | index 008726c..61ed950 100644 12 | --- a/src/ndppd.h 13 | +++ b/src/ndppd.h 14 | @@ -21,7 +21,7 @@ 15 | #define NDPPD_NS_BEGIN namespace ndppd { 16 | #define NDPPD_NS_END } 17 | 18 | -#define NDPPD_VERSION "0.2.4" 19 | +#define NDPPD_VERSION "0.2.5-vyos" 20 | 21 | #include 22 | 23 | -- 24 | 2.34.1 25 | 26 | -------------------------------------------------------------------------------- /scripts/package-build/openvpn-otp/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "openvpn-otp" 3 | commit_id = "9781ff1" 4 | scm_url = "https://github.com/evgeny-gridasov/openvpn-otp" 5 | 6 | # build_cmd = "cd ..; ./build-openvpn-otp.sh" 7 | build_cmd = """ 8 | ./autogen.sh 9 | ./configure --prefix=/usr 10 | make 11 | mkdir -p usr/lib/openvpn 12 | cp src/.libs/openvpn-otp.so usr/lib/openvpn 13 | 14 | fpm --input-type dir --output-type deb --name openvpn-otp \ 15 | --maintainer "VyOS Package Maintainers " \ 16 | --description "OpenVPN OTP Authentication support." \ 17 | --depends openvpn --architecture $(dpkg --print-architecture) \ 18 | --version $(git describe --tags --always | cut -c2-) --deb-compression gz usr 19 | """ 20 | -------------------------------------------------------------------------------- /scripts/package-build/frr_exporter/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "frr_exporter" 3 | commit_id = "v1.3.1" 4 | scm_url = "https://github.com/tynany/frr_exporter" 5 | 6 | build_cmd = """ 7 | 8 | # Create the install directory 9 | mkdir -p debian/usr/sbin 10 | make setup_promu 11 | go build 12 | 13 | # Move the frr_exporter binary to the install directory 14 | mv frr_exporter debian/usr/sbin 15 | 16 | # Build the Debian package 17 | fpm --input-type dir --output-type deb --name frr-exporter \ 18 | --version $(git describe --tags --always | cut -c2-) --deb-compression gz \ 19 | --maintainer "VyOS Package Maintainers " \ 20 | --description "Prometheus exporter for FRR" \ 21 | --license Apache-2.0 -C debian --package .. 22 | """ 23 | -------------------------------------------------------------------------------- /scripts/package-build/node_exporter/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "node_exporter" 3 | commit_id = "v1.8.2" 4 | scm_url = "https://github.com/prometheus/node_exporter" 5 | 6 | build_cmd = """ 7 | 8 | # Create the install directory 9 | mkdir -p debian/usr/sbin 10 | make build 11 | 12 | # Move the node_exporter binary to the install directory 13 | mv node_exporter debian/usr/sbin 14 | 15 | # Build the Debian package 16 | fpm --input-type dir --output-type deb --name node-exporter \ 17 | --version $(git describe --tags --always | cut -c2-) --deb-compression gz \ 18 | --maintainer "VyOS Package Maintainers " \ 19 | --description "Prometheus exporter for machine metrics" \ 20 | --license Apache-2.0 -C debian --package .. 21 | """ 22 | -------------------------------------------------------------------------------- /scripts/package-build/frr/patches/0001-Enable-PCRE2-in-Debian-package-builds.patch: -------------------------------------------------------------------------------- 1 | From 21800432167ac022c01772df993efca8d4969b38 Mon Sep 17 00:00:00 2001 2 | From: Daniil Baturin 3 | Date: Wed, 6 Nov 2024 15:58:10 +0000 4 | Subject: [PATCH] Enable PCRE2 in Debian package builds 5 | 6 | --- 7 | debian/rules | 1 + 8 | 1 file changed, 1 insertion(+) 9 | 10 | diff --git a/debian/rules b/debian/rules 11 | index 43e5d7e61..1f971ab22 100755 12 | --- a/debian/rules 13 | +++ b/debian/rules 14 | @@ -69,6 +69,7 @@ override_dh_auto_configure: 15 | --enable-vty-group=frrvty \ 16 | --enable-configfile-mask=0640 \ 17 | --enable-logfile-mask=0640 \ 18 | + --enable-pcre2posix \ 19 | # end 20 | 21 | override_dh_auto_install: 22 | -- 23 | 2.47.0 24 | 25 | -------------------------------------------------------------------------------- /scripts/package-build/telegraf/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | CWD=$(pwd) 3 | set -e 4 | 5 | BUILD_ARCH=$(dpkg-architecture -qDEB_TARGET_ARCH) 6 | 7 | SRC=telegraf 8 | if [ ! -d ${SRC} ]; then 9 | echo "Source directory does not exists, please 'git clone'" 10 | exit 1 11 | fi 12 | 13 | PLUGIN_DIR=${CWD}/plugins 14 | 15 | echo "I: Selecting Input plugins" 16 | cp ${PLUGIN_DIR}/inputs/all/all.go ${SRC}/plugins/inputs/all/all.go 17 | 18 | echo "I: Selecting Output plugins" 19 | cp ${PLUGIN_DIR}/outputs/all/all.go ${SRC}/plugins/outputs/all/all.go 20 | 21 | echo "I: Build Debian ${BUILD_ARCH} package" 22 | cd ${SRC} 23 | export PATH=/opt/go/bin:$PATH 24 | 25 | # Generate default telegraf config 26 | go run ./cmd/telegraf config > etc/telegraf.conf 27 | LDFLAGS=-w make "${BUILD_ARCH}.deb" 28 | -------------------------------------------------------------------------------- /scripts/package-build/tacacs/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "libtacplus-map" 3 | commit_id = "master" 4 | scm_url = "https://github.com/vyos/libtacplus-map.git" 5 | build_cmd = "dpkg-buildpackage -us -uc -tc -b" 6 | 7 | [[packages]] 8 | name = "libpam-tacplus" 9 | commit_id = "master" 10 | scm_url = "https://github.com/vyos/libpam-tacplus.git" 11 | build_cmd = "sudo dpkg -i ../libtacplus-map*.deb; dpkg-buildpackage -us -uc -tc -b" 12 | 13 | [[packages]] 14 | name = "libnss-tacplus" 15 | commit_id = "master" 16 | scm_url = "https://github.com/vyos/libnss-tacplus.git" 17 | build_cmd = "sudo dpkg -i ../libtac*.deb ../libpam-tacplus*.deb; dpkg-buildpackage -us -uc -tc -b" 18 | 19 | [packages.dependencies] 20 | packages = [ 21 | "libpam-dev", 22 | "autoconf-archive", 23 | "libaudit-dev" 24 | ] 25 | -------------------------------------------------------------------------------- /scripts/package-build/opennhrp/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "opennhrp" 3 | commit_id = "613277f" 4 | scm_url = "https://git.code.sf.net/p/opennhrp/code" 5 | 6 | build_cmd = """ 7 | make clean 8 | make 9 | 10 | install --directory debian/etc debian/usr/sbin 11 | install --mode 0644 etc/racoon-ph1dead.sh debian/etc 12 | install --mode 0644 etc/racoon-ph1down.sh debian/etc 13 | install --strip --mode 0755 nhrp/opennhrp debian/usr/sbin 14 | install --strip --mode 0755 nhrp/opennhrpctl debian/usr/sbin 15 | 16 | fpm --input-type dir --output-type deb --name opennhrp \ 17 | --version $(git describe --always | cut -c2-) --deb-compression gz \ 18 | --maintainer "VyOS Package Maintainers " \ 19 | --description "NBMA Next Hop Resolution Protocol daemon" \ 20 | --license "MIT" -C debian --package .. 21 | """ 22 | -------------------------------------------------------------------------------- /data/live-build-config/bootloaders/grub-pc/grub.cfg: -------------------------------------------------------------------------------- 1 | set default=0 2 | set timeout=10 3 | 4 | insmod serial 5 | serial --unit=0 --speed=115200 6 | 7 | insmod gzio 8 | insmod part_msdos 9 | insmod ext2 10 | insmod efi_gop 11 | insmod efi_uga 12 | insmod png 13 | 14 | loadfont /boot/grub/dejavu-bold-16.pf2 15 | loadfont /boot/grub/dejavu-bold-14.pf2 16 | loadfont /boot/grub/unicode.pf2 17 | 18 | set gfxmode="640x480x16" 19 | set gfxpayload="640x480x16" 20 | terminal_output gfxterm 21 | 22 | set splash_img="/isolinux/splash.png" 23 | if [ -e ${splash_img} ]; then 24 | background_image ${splash_img} 25 | fi 26 | 27 | terminal_output --append serial 28 | terminal_input serial console 29 | 30 | set color_normal=light-gray/black 31 | set color_highlight=white/black 32 | 33 | # Live boot 34 | LINUX_LIVE 35 | 36 | # Installer (if any) 37 | LINUX_INSTALL 38 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/17-gen_initramfs.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | echo I: Create initramfs if it does not exist. 4 | 5 | # Kernel complains about non available nls_ascii module when booting from USB pendrive 6 | echo "nls_ascii" >> /etc/initramfs-tools/modules 7 | 8 | if [ -e /boot/initrd.img-* ]; then 9 | rm -f /boot/initrd.img-* 10 | fi 11 | 12 | KERNEL_COUNT=$(find /boot/ -type f -name vmlinuz* | wc -l) 13 | if [ "$KERNEL_COUNT" -gt 1 ]; then 14 | echo "E: there is more than one kernel image file installed!" 15 | echo "E: please make sure that kernel_version in data/defaults.toml is up to date" 16 | echo "E: if your repository is up to date, then there is a bug" 17 | fi 18 | 19 | kernel=`ls /boot | grep vmlinuz- | sed 's/vmlinuz-//g'` 20 | 21 | echo "I: Executing update-initramfs -c -k $kernel" 22 | 23 | update-initramfs -c -k $kernel 24 | -------------------------------------------------------------------------------- /data/defaults.toml: -------------------------------------------------------------------------------- 1 | build_type = "development" 2 | 3 | architecture = "amd64" 4 | 5 | debian_distribution = "bookworm" 6 | 7 | debian_mirror = "http://deb.debian.org/debian" 8 | debian_security_mirror = "http://deb.debian.org/debian-security" 9 | 10 | debian_archive_areas = "main contrib non-free non-free-firmware" 11 | 12 | vyos_mirror = "https://packages.vyos.net/repositories/current" 13 | 14 | vyos_branch = "current" 15 | release_train = "current" 16 | 17 | kernel_version = "6.6.62" 18 | kernel_flavor = "vyos" 19 | bootloaders = "syslinux,grub-efi" 20 | 21 | squashfs_compression_type = "xz -Xbcj x86 -b 256k -always-use-fragments -no-recovery" 22 | 23 | website_url = "https://vyos.io" 24 | support_url = "https://support.vyos.io" 25 | bugtracker_url = "https://vyos.dev" 26 | documentation_url = "https://docs.vyos.io/en/latest" 27 | project_news_url = "https://blog.vyos.io" 28 | -------------------------------------------------------------------------------- /vars/getGitRepoURL.groovy: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env groovy 2 | // Copyright (C) 2020 VyOS maintainers and contributors 3 | // 4 | // This program is free software; you can redistribute it and/or modify 5 | // in order to easy exprort images built to "external" world 6 | // it under the terms of the GNU General Public License version 2 or later as 7 | // published by the Free Software Foundation. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program. If not, see . 16 | 17 | def call() { 18 | return scm.userRemoteConfigs[0].url 19 | } 20 | 21 | -------------------------------------------------------------------------------- /vars/getGitRepoName.groovy: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env groovy 2 | // Copyright (C) 2020 VyOS maintainers and contributors 3 | // 4 | // This program is free software; you can redistribute it and/or modify 5 | // in order to easy exprort images built to "external" world 6 | // it under the terms of the GNU General Public License version 2 or later as 7 | // published by the Free Software Foundation. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program. If not, see . 16 | 17 | def call() { 18 | return getGitRepoURL().split('/').last() 19 | } 20 | 21 | -------------------------------------------------------------------------------- /vars/isPullRequest.groovy: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2020 VyOS maintainers and contributors 2 | // 3 | // This program is free software; you can redistribute it and/or modify 4 | // in order to easy exprort images built to "external" world 5 | // it under the terms of the GNU General Public License version 2 or later as 6 | // published by the Free Software Foundation. 7 | // 8 | // This program is distributed in the hope that it will be useful, 9 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | // GNU General Public License for more details. 12 | // 13 | // You should have received a copy of the GNU General Public License 14 | // along with this program. If not, see . 15 | 16 | def call() { 17 | if (env.CHANGE_ID) { 18 | return true 19 | } 20 | return false 21 | } 22 | -------------------------------------------------------------------------------- /tools/container/config.boot.default: -------------------------------------------------------------------------------- 1 | system { 2 | host-name vyos 3 | login { 4 | user vyos { 5 | authentication { 6 | encrypted-password "*" 7 | plaintext-password "" 8 | } 9 | level admin 10 | } 11 | } 12 | syslog { 13 | global { 14 | facility all { 15 | level info 16 | } 17 | facility protocols { 18 | level debug 19 | } 20 | } 21 | } 22 | ntp { 23 | server "time1.vyos.net" 24 | server "time2.vyos.net" 25 | server "time3.vyos.net" 26 | } 27 | console { 28 | device ttyS0 { 29 | speed 115200 30 | } 31 | } 32 | config-management { 33 | commit-revisions 100 34 | } 35 | } 36 | 37 | interfaces { 38 | loopback lo { 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /tools/cloud-init/AWS/config.boot.default: -------------------------------------------------------------------------------- 1 | system { 2 | host-name vyos 3 | login { 4 | user vyos { 5 | authentication { 6 | encrypted-password "*" 7 | plaintext-password "" 8 | } 9 | level admin 10 | } 11 | } 12 | syslog { 13 | global { 14 | facility all { 15 | level info 16 | } 17 | facility protocols { 18 | level debug 19 | } 20 | } 21 | } 22 | ntp { 23 | server "time1.vyos.net" 24 | server "time2.vyos.net" 25 | server "time3.vyos.net" 26 | } 27 | console { 28 | device ttyS0 { 29 | speed 115200 30 | } 31 | } 32 | config-management { 33 | commit-revisions 100 34 | } 35 | } 36 | 37 | interfaces { 38 | loopback lo { 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /.github/workflows/check-scripts-executable.yml: -------------------------------------------------------------------------------- 1 | name: "Check for Jenkins build scripts has executable bit" 2 | 3 | on: 4 | pull_request: 5 | branches: 6 | - current 7 | - circinus 8 | - sagitta 9 | - equuleus 10 | 11 | permissions: 12 | contents: read 13 | 14 | jobs: 15 | check-scripts-executable: 16 | runs-on: ubuntu-latest 17 | 18 | steps: 19 | - uses: actions/checkout@v3 20 | with: 21 | repository: ${{ github.repository }} 22 | - name: Checking scripts are executable 23 | run: | 24 | files=$(find packages/ -type f -name '*.py' -or -name '*.sh' -not -executable -print) 25 | if [[ -n $files ]]; then 26 | echo "Found files without executable bit:" 27 | for file in $files; do 28 | echo $file; 29 | done; 30 | exit 1; 31 | fi 32 | shell: bash 33 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/08-sysconf.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cp -f /opt/vyatta/etc/default_ssh /etc/default/ssh 4 | >/etc/pam_radius_auth.conf 5 | 6 | update_sysctl_conf () 7 | { 8 | var=$1 9 | val=$2 10 | comment=$3 11 | sysctl_conf=/etc/sysctl.conf 12 | 13 | if grep -q "^${var}[[:space:]]*=" $sysctl_conf ; then 14 | sed -i "/^${var}[[:space:]]*=/ s,=.*,= ${val}," $sysctl_conf 15 | elif grep -q "^#[[:space:]]*${var}[[:space:]]*=" $sysctl_conf ; then 16 | sed -i "/^#[[:space:]]*${var}[[:space:]]*=/ { s,^#[[:space:]]*,, ; s,[[:space:]]*=.*, = ${val},} " $sysctl_conf 17 | else 18 | cat <<-EOF >> $sysctl_conf 19 | 20 | # $comment 21 | $var = $val 22 | EOF 23 | fi 24 | } 25 | 26 | update_sysctl_conf kernel.printk "4 4 1 7" \ 27 | "the following stops low-level messages on console" 28 | 29 | # Local Variables: 30 | # mode: shell-script 31 | # sh-indentation: 4 32 | # End: 33 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/93-sb-sign-kernel.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | SIGN_FILE=$(find /usr/lib -name sign-file) 3 | MOK_KEY="/var/lib/shim-signed/mok/MOK.key" 4 | MOK_CERT="/var/lib/shim-signed/mok/MOK.pem" 5 | VMLINUZ=$(readlink /boot/vmlinuz) 6 | 7 | # All Linux Kernel modules need to be cryptographically signed 8 | find /lib/modules -type f -name \*.ko | while read MODULE; do 9 | modinfo ${MODULE} | grep -q "signer:" 10 | if [ $? != 0 ]; then 11 | echo "E: Module ${MODULE} is not signed!" 12 | read -n 1 -s -r -p "Press any key to continue" 13 | fi 14 | done 15 | 16 | if [ ! -f ${MOK_KEY} ]; then 17 | echo "I: Signing key for Linux Kernel not found - Secure Boot not possible" 18 | else 19 | echo "I: Signing Linux Kernel for Secure Boot" 20 | sbsign --key ${MOK_KEY} --cert ${MOK_CERT} /boot/${VMLINUZ} --output /boot/${VMLINUZ} 21 | sbverify --list /boot/${VMLINUZ} 22 | fi 23 | -------------------------------------------------------------------------------- /scripts/package-build/isc-dhcp/patches/0004-add-support-for-ARPHRD_NONE-interface-type.patch: -------------------------------------------------------------------------------- 1 | From fd96a11b31cd05aae450ec65fde0b5c6e0b718c2 Mon Sep 17 00:00:00 2001 2 | From: Adam Smith 3 | Date: Tue, 23 Jan 2024 22:35:54 -0500 4 | Subject: [PATCH 4/4] add support for ARPHRD_NONE interface type 5 | 6 | --- 7 | common/lpf.c | 6 ++++++ 8 | 1 file changed, 6 insertions(+) 9 | 10 | diff --git a/common/lpf.c b/common/lpf.c 11 | index 1561d71..f7e84b1 100644 12 | --- a/common/lpf.c 13 | +++ b/common/lpf.c 14 | @@ -643,6 +643,12 @@ get_hw_addr(const char *name, struct hardware *hw) { 15 | hw->hlen = 1; 16 | hw->hbuf[0] = HTYPE_PUREIP; 17 | break; 18 | +#endif 19 | +#ifdef ARPHRD_NONE 20 | + case ARPHRD_NONE: 21 | + hw->hlen = 1; 22 | + hw->hbuf[0] = HTYPE_PUREIP; 23 | + break; 24 | #endif 25 | default: 26 | log_fatal("Unsupported device type %ld for \"%s\"", 27 | -- 28 | 2.39.2 29 | 30 | -------------------------------------------------------------------------------- /scripts/package-build/radvd/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "radvd" 3 | commit_id = "f2de4764559" 4 | scm_url = "https://github.com/radvd-project/radvd" 5 | 6 | #build_cmd = "cd ..; ./build.sh" 7 | build_cmd = """ 8 | ./autogen.sh 9 | ./configure 10 | make 11 | 12 | install --directory debian/lib/systemd/system debian/usr/sbin 13 | install --mode 0644 radvd.service debian/lib/systemd/system 14 | install --strip --mode 0755 radvd debian/usr/sbin 15 | 16 | # Version' field value 'v0.14-20-g613277f': version number does not start with digit 17 | # "cut" first character from version string 18 | fpm --input-type dir --output-type deb --name radvd \ 19 | --version $(git describe --always | cut -c2- | tr _ -) --deb-compression gz \ 20 | --maintainer "VyOS Package Maintainers " \ 21 | --description "RADVD router advertisement daemon" \ 22 | --license "RADVD" -C debian --package .. 23 | """ 24 | -------------------------------------------------------------------------------- /vars/getGitBranchName.groovy: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env groovy 2 | // Copyright (C) 2020 VyOS maintainers and contributors 3 | // 4 | // This program is free software; you can redistribute it and/or modify 5 | // in order to easy exprort images built to "external" world 6 | // it under the terms of the GNU General Public License version 2 or later as 7 | // published by the Free Software Foundation. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program. If not, see . 16 | 17 | def call() { 18 | def branch = scm.branches[0].name 19 | return branch.split('/')[-1] 20 | } 21 | 22 | -------------------------------------------------------------------------------- /scripts/package-build/podman/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "podman" 3 | commit_id = "v4.9.5" 4 | scm_url = "https://github.com/containers/podman" 5 | 6 | #build_cmd = "cd ..; ./build.sh" 7 | build_cmd = """ 8 | make install.tools 9 | make podman-release 10 | 11 | tar xf podman-release-$(dpkg --print-architecture).tar.gz 12 | VERSION=$(ls -d podman-v* | cut -c9-) 13 | 14 | fpm --input-type dir --output-type deb --name podman \ 15 | --version $VERSION --deb-compression gz \ 16 | --maintainer "VyOS Package Maintainers " \ 17 | --description "Engine to run OCI-based containers in Pods" \ 18 | --depends conmon --depends crun --depends netavark --depends libgpgme11 \ 19 | --depends fuse-overlayfs --depends golang-github-containers-common \ 20 | --license "Apache License 2.0" -C podman-v$VERSION --package .. 21 | """ 22 | 23 | [packages.dependencies] 24 | packages = [ 25 | "libseccomp-dev", 26 | "libgpgme-dev" 27 | ] 28 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/opt/vyatta/etc/install-image/postinst: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source /opt/vyatta/sbin/install-functions 4 | 5 | NEWVER=`mount | grep /mnt/inst_root` 6 | NEWVER=${NEWVER#*upperdir=/live/image/boot/} 7 | NEWVER=${NEWVER%/live-rw*} 8 | 9 | # For upgrading from 1.1.8 and older: 10 | # Set the correct disk label and create persistence configs 11 | # Live CD persistence settings have changed in Debian Jessie 12 | # and the system will not find its persistence dir otherwise 13 | DISK_LABEL=`mount | grep /live/image | awk '{print $1}' | grep dev` 14 | 15 | if [ -d "/live/image" ]; then 16 | e2label "${DISK_LABEL}" persistence 17 | if [ ! -f /live/image/persistence.conf ]; then 18 | echo "/ union" > /live/image/persistence.conf 19 | fi 20 | rm -f /live/image/boot/"${NEWVER}"/live-rw/etc/fstab 21 | mv /live/image/boot/"${NEWVER}"/live-rw /live/image/boot/"${NEWVER}"/rw 22 | 23 | touch /live/image/boot/"${NEWVER}"/rw/config/.upgraded 24 | fi 25 | -------------------------------------------------------------------------------- /docker/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | USER_NAME="vyos_bld" 5 | NEW_UID=$(stat -c "%u" .) 6 | NEW_GID=$(stat -c "%g" .) 7 | 8 | # Change effective UID to the one specified via "-e GOSU_UID=`id -u $USER`" 9 | if [ -n "$GOSU_UID" ]; then 10 | NEW_UID=$GOSU_UID 11 | fi 12 | 13 | # Change effective UID to the one specified via "-e GOSU_GID=`id -g $USER`" 14 | if [ -n "$GOSU_GID" ]; then 15 | NEW_GID=$GOSU_GID 16 | fi 17 | 18 | # Notify user about selected UID/GID 19 | echo "Current UID/GID: $NEW_UID/$NEW_GID" 20 | 21 | # Create UNIX group on the fly if it does not exist 22 | if ! grep -q $NEW_GID /etc/group; then 23 | groupadd --gid $NEW_GID $USER_NAME 24 | fi 25 | 26 | useradd --shell /bin/bash --uid $NEW_UID --gid $NEW_GID --non-unique --create-home $USER_NAME 27 | sudo chown $NEW_UID:$NEW_GID /home/$USER_NAME 28 | export HOME=/home/$USER_NAME 29 | 30 | if [ "$(id -u)" == "0" ]; then 31 | exec gosu $USER_NAME "$@" 32 | fi 33 | 34 | # Execute process 35 | exec "$@" 36 | -------------------------------------------------------------------------------- /vars/getChangeSetPath.groovy: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env groovy 2 | // Copyright (C) 2020 VyOS maintainers and contributors 3 | // 4 | // This program is free software; you can redistribute it and/or modify 5 | // in order to easy exprort images built to "external" world 6 | // it under the terms of the GNU General Public License version 2 or later as 7 | // published by the Free Software Foundation. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program. If not, see . 16 | 17 | def call() { 18 | tmp = getJenkinsfilePath() 19 | if (tmp) 20 | tmp = "**/" + tmp + "*" 21 | else 22 | tmp = "**/*" 23 | echo tmp 24 | return tmp 25 | } 26 | 27 | -------------------------------------------------------------------------------- /vars/getJenkinsfilePath.groovy: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env groovy 2 | // Copyright (C) 2020 VyOS maintainers and contributors 3 | // 4 | // This program is free software; you can redistribute it and/or modify 5 | // in order to easy exprort images built to "external" world 6 | // it under the terms of the GNU General Public License version 2 or later as 7 | // published by the Free Software Foundation. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program. If not, see . 16 | 17 | def call() { 18 | tmp = currentBuild.rawBuild.parent.definition.scriptPath.replace('Jenkinsfile', '') 19 | if (tmp == null) { 20 | tmp = '' 21 | } 22 | return tmp 23 | } 24 | 25 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/05-event_tty.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ -r etc/event.d/tty1 ] ; then 4 | echo I: Delay getty until rcX completes 5 | sed -i 's/start on runlevel /start on stopped rc/' \ 6 | etc/event.d/tty[1-6] 7 | if [ ! -r etc/event.d/ttyS0 ] && [ -c dev/ttyS0 ] ; then 8 | echo I: Enable serial console login 9 | cat <<-EOF > etc/event.d/ttyS0 10 | # ttyS0 - getty 11 | # 12 | # This service maintains a getty on ttyS0 from the point the system is 13 | # started until it is shut down again. 14 | 15 | start on stopped rc2 16 | start on stopped rc3 17 | start on stopped rc4 18 | start on stopped rc5 19 | 20 | stop on runlevel 0 21 | stop on runlevel 1 22 | stop on runlevel 6 23 | 24 | respawn 25 | exec /sbin/getty 115200 ttyS0 vt100 26 | 27 | EOF 28 | fi 29 | fi 30 | 31 | if [ -r etc/inittab ] && [ -c dev/ttyS0 ] && grep -q '^#T0:.*getty.*ttyS0' etc/inittab ; then 32 | echo I: Enable serial console login 33 | sed -i '/^#T0:/s|^#.*$|T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100|' etc/inittab 34 | fi 35 | -------------------------------------------------------------------------------- /packages/vyos-build-container/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | cd vyos-build/docker 5 | 6 | echo "Inspecting current image of ${BRANCH_NAME}..." 7 | previousImageId=$(docker images --filter=reference="vyos/vyos-build:${BRANCH_NAME}" --format "{{.ID}}") 8 | 9 | echo "Building docker build container for branch ${BRANCH_NAME}..." 10 | docker build --no-cache -t "vyos/vyos-build:${BRANCH_NAME}" . 11 | 12 | echo "Pushing ${BRANCH_NAME} image to registry ${CUSTOM_DOCKER_REPO}..." 13 | docker tag "vyos/vyos-build:${BRANCH_NAME}" "${CUSTOM_DOCKER_REPO}/vyos/vyos-build:${BRANCH_NAME}" 14 | docker push "${CUSTOM_DOCKER_REPO}/vyos/vyos-build:$BRANCH_NAME" 15 | 16 | echo "Cleaning previous image of ${BRANCH_NAME}..." 17 | if [ "$previousImageId" != "" ]; then 18 | docker rmi --force "$previousImageId" || true 19 | fi 20 | 21 | echo "Cleaning local registry..." 22 | docker exec registry registry garbage-collect /etc/docker/registry/config.yml --delete-untagged=true 23 | 24 | echo "Image ${BRANCH_NAME} was successfully built and pushed to registry ${CUSTOM_DOCKER_REPO}." 25 | -------------------------------------------------------------------------------- /scripts/package-build/xen-guest-agent/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "xen-guest-agent" 3 | commit_id = "0.4.0" 4 | scm_url = "https://gitlab.com/xen-project/xen-guest-agent" 5 | 6 | 7 | build_cmd = """ 8 | # changelog 9 | cat < debian/changelog 10 | xen-guest-agent (0.4.0) UNRELEASED; urgency=medium 11 | 12 | * Upstream package 13 | 14 | -- VyOS Maintainers Thu, 26 Sep 2024 12:35:47 +0000 15 | 16 | EOF 17 | 18 | # Apply the patch to modify the debian/rules file 19 | sed -i 's|../xen-guest-agent-$(UPSTREAM_VERSION)-linux-$(DEB_TARGET_GNU_CPU)|target/release/xen-guest-agent|' debian/rules 20 | 21 | sudo apt-get -y install --no-install-recommends libclang-dev libxen-dev 22 | # Install rust 23 | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain stable --profile default --no-modify-path 24 | 25 | # Set PATH for Cargo 26 | export PATH="$HOME/.cargo/bin:$PATH" 27 | rustup update 28 | cd xen-guest-agent 29 | cargo update 30 | 31 | # Build deb 32 | cargo build -F static --profile release 33 | dpkg-buildpackage -b -us -uc 34 | """ 35 | -------------------------------------------------------------------------------- /scripts/package-build/frr/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "libyang" 3 | commit_id = "v2.1.148" 4 | scm_url = "https://github.com/CESNET/libyang.git" 5 | build_cmd = "pipx run apkg build -i && find pkg/pkgs -type f -name *.deb -exec mv -t .. {} +" 6 | 7 | [[packages]] 8 | name = "rtrlib" 9 | commit_id = "v0.8.0" 10 | scm_url = "https://github.com/rtrlib/rtrlib.git" 11 | build_cmd = "sudo mk-build-deps --install --tool 'apt-get --yes --no-install-recommends'; dpkg-buildpackage -uc -us -tc -b" 12 | 13 | [[packages]] 14 | name = "frr" 15 | commit_id = "stable/9.1" 16 | scm_url = "https://github.com/FRRouting/frr.git" 17 | build_cmd = "sudo dpkg -i ../*.deb; sudo dpkg-buildpackage -us -uc -tc -b -Ppkg.frr.rtrlib,pkg.frr.lua" 18 | 19 | [packages.dependencies] 20 | packages = [ 21 | "chrpath", 22 | "gawk", 23 | "install-info", 24 | "libcap-dev", 25 | "libjson-c-dev", 26 | "librtr-dev", 27 | "libpam-dev", 28 | "libprotobuf-c-dev", 29 | "libpython3-dev:native", 30 | "python3-sphinx:native", 31 | "libsnmp-dev", 32 | "protobuf-c-compiler", 33 | "python3-dev:native", 34 | "texinfo", 35 | "lua5.3" 36 | ] 37 | -------------------------------------------------------------------------------- /scripts/package-build/strongswan/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "strongswan" 3 | commit_id = "debian/5.9.11-2" 4 | scm_url = "https://salsa.debian.org/debian/strongswan.git" 5 | 6 | # build_cmd = "cd ..; yes | ./build.sh; ./build-vici.sh" 7 | build_cmd = """ 8 | export DEBEMAIL="maintainers@vyos.net" 9 | export DEBFULLNAME="VyOS Package Maintainers" 10 | 11 | dch -v "5.9.11-2+vyos0" "Patchset for DMVPN support" -b 12 | dpkg-buildpackage -uc -us -tc -b -d 13 | cd ..; ./build-vici.sh 14 | """ 15 | 16 | [packages.dependencies] 17 | packages = [ 18 | "bison", 19 | "bzip2", 20 | "debhelper-compat", 21 | "dh-apparmor", 22 | "dpkg-dev", 23 | "flex", 24 | "gperf", 25 | "libiptc-dev", 26 | "libcap-dev", 27 | "libcurl3-dev", 28 | "libgcrypt20-dev", 29 | "libgmp3-dev", 30 | "libkrb5-dev", 31 | "libldap2-dev", 32 | "libnm-dev", 33 | "libpam0g-dev", 34 | "libsqlite3-dev", 35 | "libssl-dev", 36 | "libsystemd-dev", 37 | "libtool", 38 | "libtss2-dev", 39 | "libxml2-dev", 40 | "pkg-config", 41 | "po-debconf", 42 | "systemd", 43 | "libsystemd-dev", 44 | "tzdata" 45 | ] 46 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/initramfs-tools/hooks/10-vyos-addons: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | PREREQ="" 3 | prereqs() 4 | { 5 | echo "$PREREQ" 6 | } 7 | case $1 in 8 | prereqs) 9 | prereqs 10 | exit 0 11 | ;; 12 | esac 13 | . /usr/share/initramfs-tools/hook-functions 14 | # Begin real processing below this line 15 | 16 | # include listed modules to initramfs but not load them without the necessity 17 | manual_add_modules igb ixgbe ixgbevf i40e i40evf 18 | 19 | # include modules from file (one per line) to initramfs but not load them without the necessity 20 | # add_modules_from_file /tmp/modlist 21 | 22 | # include listed modules to initramfs and load them during the boot 23 | # force_load xxx 24 | 25 | # executable to copy to initramfs, with library dependencies 26 | copy_exec /usr/lib/x86_64-linux-gnu/libnss_dns.so.2 27 | 28 | # missing fsck in initramfs 29 | copy_exec /usr/sbin/fsck 30 | copy_exec /usr/sbin/fsck.ext2 31 | copy_exec /usr/sbin/fsck.ext3 32 | copy_exec /usr/sbin/fsck.ext4 33 | 34 | # copy other files ("other" here is a file type, so do not delete this keyword) 35 | copy_file other /etc/ssl/certs/ca-certificates.crt 36 | copy_file other /etc/ssl/openssl.cnf 37 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry: -------------------------------------------------------------------------------- 1 | menuentry "VyOS (KVM console)" { 2 | linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=ttyS0,115200 console=tty0 3 | initrd /boot//initrd.img 4 | } 5 | 6 | menuentry "VyOS (Serial console)" { 7 | linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=tty0 console=ttyS0,115200 8 | initrd /boot//initrd.img 9 | } 10 | 11 | menuentry "Lost password change (KVM console)" { 12 | linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=ttyS0,115200 console=tty0 init=/opt/vyatta/sbin/standalone_root_pw_reset 13 | initrd /boot//initrd.img 14 | } 15 | 16 | menuentry "Lost password change (Serial console)" { 17 | linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=tty0 console=ttyS0,115200 init=/opt/vyatta/sbin/standalone_root_pw_reset 18 | initrd /boot//initrd.img 19 | } 20 | 21 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/01-live-serial.binary: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | GRUB_PATH=boot/grub/grub.cfg 4 | ISOLINUX_PATH=isolinux/live.cfg 5 | 6 | KVM_CONSOLE="console=ttyS0,115200 console=tty0" 7 | SERIAL_CONSOLE="console=tty0 console=ttyS0,115200" 8 | 9 | # Grub.cfg Update 10 | GRUB_MENUENTRY=$(sed -e '/menuentry.*hotkey.*/,/^}/!d' -e 's/--hotkey=l//g' $GRUB_PATH) 11 | 12 | # Update KVM menuentry name 13 | sed -i 's/"Live system \((.*vyos)\)"/"Live system \1 - KVM console"/' $GRUB_PATH 14 | 15 | # Insert serial menuentry 16 | echo "$GRUB_MENUENTRY" | sed \ 17 | -e 's/"Live system \((.*vyos)\)"/"Live system \1 - Serial console"/' \ 18 | -e "s/$KVM_CONSOLE/$SERIAL_CONSOLE/g" >> $GRUB_PATH 19 | 20 | # Live.cfg Update 21 | ISOLINUX_MENUENTRY=$(sed -e '/label live-\(.*\)-vyos$/,/^\tappend.*/!d' $ISOLINUX_PATH) 22 | 23 | # Update KVM menuentry name 24 | sed -i 's/Live system \((.*vyos)\)/Live system \1 - KVM console/' $ISOLINUX_PATH 25 | 26 | # Insert serial menuentry 27 | echo "\n$ISOLINUX_MENUENTRY" | sed \ 28 | -e 's/live-\(.*\)-vyos/live-\1-vyos-serial/' \ 29 | -e '/^\tmenu default/d' \ 30 | -e 's/Live system \((.*vyos)\)/Live system \1 - Serial console/' \ 31 | -e "s/$KVM_CONSOLE/$SERIAL_CONSOLE/g" >> $ISOLINUX_PATH 32 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/build-openvpn-dco.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | CWD=$(pwd) 3 | KERNEL_VAR_FILE=${CWD}/kernel-vars 4 | 5 | SRC=${CWD}/ovpn-dco 6 | if [ ! -d ${SRC} ]; then 7 | echo "OpenVPN DCO source not found" 8 | exit 1 9 | fi 10 | 11 | if [ ! -f ${KERNEL_VAR_FILE} ]; then 12 | echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" 13 | exit 1 14 | fi 15 | 16 | . ${KERNEL_VAR_FILE} 17 | 18 | cd ${SRC} 19 | git reset --hard HEAD 20 | git clean --force -d -x 21 | make KERNEL_SRC=$KERNEL_DIR 22 | 23 | # Copy binary to package directory 24 | DEBIAN_DIR=tmp/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra 25 | mkdir -p ${DEBIAN_DIR} 26 | cp drivers/net/ovpn-dco/ovpn-dco-v2.ko ${DEBIAN_DIR} 27 | 28 | # Sign generated Kernel modules 29 | ${CWD}/sign-modules.sh ${DEBIAN_DIR} 30 | 31 | # Build Debian Package 32 | fpm --input-type dir --output-type deb --name openvpn-dco \ 33 | --version $(git describe | sed s/^v//) --deb-compression gz \ 34 | --maintainer "VyOS Package Maintainers " \ 35 | --description "OpenVPN Data Channel Offload" \ 36 | --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ 37 | --license "GPL2" --chdir tmp 38 | 39 | mv *.deb .. 40 | -------------------------------------------------------------------------------- /scripts/package-build/hostap/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | CWD=$(pwd) 3 | set -e 4 | 5 | SRC=hostap 6 | SRC_DEB=wpa 7 | 8 | if [ ! -d ${SRC} ]; then 9 | echo "${SRC} directory does not exists, please 'git clone'" 10 | exit 1 11 | fi 12 | if [ ! -d ${SRC_DEB} ]; then 13 | echo "${SRC_DEB} directory does not exists, please 'git clone'" 14 | exit 1 15 | fi 16 | 17 | echo "I: Copy Debian build instructions" 18 | cp -a ${SRC_DEB}/debian ${SRC} 19 | # Preserve Debian's default of allowing TLSv1.0 and legacy renegotiation for 20 | # compatibility with networks that use legacy crypto 21 | cat > ${SRC}/debian/patches/series << EOF 22 | allow-tlsv1.patch 23 | allow-legacy-renegotiation.patch 24 | EOF 25 | 26 | # Build Debian package 27 | cd ${SRC} 28 | 29 | echo "I: Ensure Debian build dependencies are met" 30 | sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends" -Ppkg.wpa.nogui,noudeb 31 | 32 | echo "I: Create new Debian Package version" 33 | version="$(git describe --tags | tr _ .)" 34 | dch -v ${version:7} "New version to support AES-GCM-256 for MACsec" -b 35 | 36 | echo "I: Build Debian hostap Package" 37 | DEB_CPPFLAGS_SET="-Wno-use-after-free -Wno-deprecated-declarations" \ 38 | dpkg-buildpackage -us -uc -tc -b -Ppkg.wpa.nogui,noudeb 39 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/systemd/journald.conf: -------------------------------------------------------------------------------- 1 | # This file is managed in vyos-build 2 | # 3 | # This file is part of systemd. 4 | # 5 | # systemd is free software; you can redistribute it and/or modify it 6 | # under the terms of the GNU Lesser General Public License as published by 7 | # the Free Software Foundation; either version 2.1 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # Entries in this file show the compile time defaults. 11 | # You can change settings by editing this file. 12 | # Defaults can be restored by simply deleting this file. 13 | # 14 | # See journald.conf(5) for details. 15 | 16 | [Journal] 17 | #Storage=persistent 18 | #Compress=yes 19 | #Seal=yes 20 | #SplitMode=uid 21 | #SyncIntervalSec=5m 22 | #RateLimitIntervalSec=30s 23 | #RateLimitBurst=1000 24 | #SystemMaxUse= 25 | #SystemKeepFree= 26 | #SystemMaxFileSize= 27 | #SystemMaxFiles=100 28 | #RuntimeMaxUse= 29 | #RuntimeKeepFree= 30 | #RuntimeMaxFileSize= 31 | #RuntimeMaxFiles=100 32 | #MaxRetentionSec= 33 | #MaxFileSec=1month 34 | ForwardToSyslog=yes 35 | #ForwardToKMsg=no 36 | #ForwardToConsole=no 37 | #ForwardToWall=yes 38 | #TTYPath=/dev/console 39 | #MaxLevelStore=debug 40 | MaxLevelSyslog=debug 41 | #MaxLevelKMsg=notice 42 | #MaxLevelConsole=info 43 | #MaxLevelWall=emerg 44 | -------------------------------------------------------------------------------- /vars/isCustomBuild.groovy: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env groovy 2 | // Copyright (C) 2020 VyOS maintainers and contributors 3 | // 4 | // This program is free software; you can redistribute it and/or modify 5 | // in order to easy exprort images built to "external" world 6 | // it under the terms of the GNU General Public License version 2 or later as 7 | // published by the Free Software Foundation. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program. If not, see . 16 | 17 | def call() { 18 | // Returns true if this is a custom build launched on any project fork. 19 | // Returns false if this is build from git@github.com:vyos/. 20 | // can be e.g. vyos-1x.git 21 | // GitHub organisation base URL 22 | def gitURI = 'git@github.com:vyos/' + getGitRepoName() 23 | def httpURI = 'https://github.com/vyos/' + getGitRepoName() 24 | 25 | if (env.CUSTOM_BUILD_CHECK_DISABLED) { 26 | return false 27 | } 28 | 29 | return !((getGitRepoURL() == gitURI) || (getGitRepoURL() == httpURI)) || isPullRequest() 30 | } 31 | -------------------------------------------------------------------------------- /data/live-build-config/bootloaders/grub-pc/live-theme/theme.txt: -------------------------------------------------------------------------------- 1 | desktop-image: "../splash.png" 2 | title-color: "#ffffff" 3 | title-font: "DejaVu Sans Bold 16" 4 | title-text: "Live Boot Menu with GRUB" 5 | message-font: "Unifont Regular 16" 6 | terminal-font: "Unifont Regular 16" 7 | 8 | #help bar at the bottom 9 | + label { 10 | top = 100%-50 11 | left = 0 12 | width = 100% 13 | height = 20 14 | text = "@KEYMAP_SHORT@" 15 | align = "center" 16 | color = "#ffffff" 17 | font = "DejaVu Sans Bold 14" 18 | } 19 | 20 | #boot menu 21 | + boot_menu { 22 | left = 10% 23 | width = 80% 24 | top = 52% 25 | height = 48%-80 26 | item_color = "#a8a8a8" 27 | item_font = "DejaVu Sans Bold 14" 28 | selected_item_color= "#ffffff" 29 | selected_item_font = "DejaVu Sans Bold 14" 30 | item_height = 16 31 | item_padding = 0 32 | item_spacing = 4 33 | icon_width = 0 34 | icon_heigh = 0 35 | item_icon_space = 0 36 | } 37 | 38 | #progress bar 39 | + progress_bar { 40 | id = "__timeout__" 41 | left = 15% 42 | top = 100%-80 43 | height = 16 44 | width = 70% 45 | font = "DejaVu Sans Regular 14" 46 | text_color = "#000000" 47 | fg_color = "#ffffff" 48 | bg_color = "#a8a8a8" 49 | border_color = "#ffffff" 50 | text = "@TIMEOUT_NOTIFICATION_LONG@" 51 | } 52 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/build-accel-ppp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | CWD=$(pwd) 3 | KERNEL_VAR_FILE=${CWD}/kernel-vars 4 | 5 | ACCEL_SRC=${CWD}/accel-ppp 6 | if [ ! -d ${ACCEL_SRC} ]; then 7 | echo "Accel-PPP source not found" 8 | exit 1 9 | fi 10 | 11 | if [ ! -f ${KERNEL_VAR_FILE} ]; then 12 | echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" 13 | exit 1 14 | fi 15 | 16 | cd ${ACCEL_SRC} 17 | git reset --hard HEAD 18 | git clean --force -d -x 19 | 20 | PATCH_DIR=${CWD}/patches/accel-ppp 21 | if [ -d $PATCH_DIR ]; then 22 | cd ${ACCEL_SRC} 23 | for patch in $(ls ${PATCH_DIR}) 24 | do 25 | echo "I: Apply patch: ${PATCH_DIR}/${patch}" 26 | patch -p1 < ${PATCH_DIR}/${patch} 27 | done 28 | fi 29 | 30 | . ${KERNEL_VAR_FILE} 31 | mkdir -p ${ACCEL_SRC}/build 32 | cd ${ACCEL_SRC}/build 33 | 34 | echo "I: Build Accel-PPP Debian package" 35 | cmake -DBUILD_IPOE_DRIVER=TRUE \ 36 | -DBUILD_VLAN_MON_DRIVER=TRUE \ 37 | -DCMAKE_INSTALL_PREFIX=/usr \ 38 | -DKDIR=${KERNEL_DIR} \ 39 | -DLUA=5.3 \ 40 | -DMODULES_KDIR=${KERNEL_VERSION}${KERNEL_SUFFIX} \ 41 | -DCPACK_TYPE=Debian12 .. 42 | make 43 | 44 | # Sign generated Kernel modules 45 | ${CWD}/sign-modules.sh . 46 | 47 | cpack -G DEB 48 | 49 | # rename resulting Debian package according git description 50 | mv accel-ppp*.deb ${CWD}/accel-ppp_$(git describe --always --tags)_$(dpkg --print-architecture).deb 51 | -------------------------------------------------------------------------------- /scripts/package-build/aws-gwlbtun/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "aws-gwlbtun" 3 | commit_id = "f78058a" 4 | scm_url = "https://github.com/aws-samples/aws-gateway-load-balancer-tunnel-handler" 5 | 6 | 7 | ## Build cmd start 8 | build_cmd = '''\ 9 | mkdir -p debian 10 | echo 'obj-*-linux-gnu/gwlbtun usr/sbin' > debian/install 11 | 12 | # changelog 13 | cat < debian/changelog 14 | aws-gwlbtun (1.0-1) unstable; urgency=low 15 | 16 | * Initial release 17 | 18 | -- Your Name Wed, 29 Aug 2024 09:00:00 +0000 19 | 20 | EOF 21 | 22 | # control 23 | /bin/bash -c "cat < debian/control 24 | Source: aws-gwlbtun 25 | Section: net 26 | Priority: optional 27 | Maintainer: VyOS Package Maintainers 28 | Build-Depends: debhelper-compat (= 13) 29 | Standards-Version: 4.5.1 30 | Homepage: https://github.com/aws-samples/aws-gateway-load-balancer-tunnel-handler 31 | 32 | Package: aws-gwlbtun 33 | Architecture: any 34 | Depends: \${shlibs:Depends}, \${misc:Depends} 35 | Description: AWS Gateway Load Balancer Tunnel Handler 36 | This is a simple package that handles tunneling for the AWS Gateway Load Balancer. 37 | EOF 38 | " 39 | 40 | # rules 41 | cat < debian/rules 42 | #!/usr/bin/make -f 43 | 44 | %: dh $@ 45 | 46 | build: 47 | dh build 48 | 49 | binary: 50 | dh binary 51 | 52 | clean: 53 | dh clean 54 | EOF 55 | 56 | chmod +x debian/rules 57 | debuild -us -uc -b 58 | ''' 59 | ## Build cmd end 60 | -------------------------------------------------------------------------------- /scripts/package-build/isc-dhcp/patches/0003-fix-compilation-errors.patch: -------------------------------------------------------------------------------- 1 | From 58e0d3317795987b2f1ca788645196d0e3543f88 Mon Sep 17 00:00:00 2001 2 | From: Adam Smith 3 | Date: Tue, 23 Jan 2024 21:47:00 -0500 4 | Subject: [PATCH 3/4] fix compilation errors 5 | 6 | --- 7 | common/lpf.c | 5 +++-- 8 | 1 file changed, 3 insertions(+), 2 deletions(-) 9 | 10 | diff --git a/common/lpf.c b/common/lpf.c 11 | index 75609f5..1561d71 100644 12 | --- a/common/lpf.c 13 | +++ b/common/lpf.c 14 | @@ -195,6 +195,7 @@ static void lpf_tr_filter_setup (struct interface_info *); 15 | #endif 16 | 17 | static void lpf_gen_filter_setup (struct interface_info *); 18 | +static void lpf_pureip_gen_filter_setup (struct interface_info *); 19 | 20 | void if_register_receive (info) 21 | struct interface_info *info; 22 | @@ -215,14 +216,13 @@ void if_register_receive (info) 23 | } 24 | #endif 25 | 26 | - 27 | #if defined (HAVE_TR_SUPPORT) 28 | if (info -> hw_address.hbuf [0] == HTYPE_IEEE802) 29 | lpf_tr_filter_setup (info); 30 | else 31 | #endif 32 | if (info -> hw_address.hbuf [0] == HTYPE_PUREIP) 33 | - lpf_pureip_filter_setup (info); 34 | + lpf_pureip_gen_filter_setup (info); 35 | else 36 | lpf_gen_filter_setup (info); 37 | 38 | @@ -349,6 +349,7 @@ static void lpf_pureip_gen_filter_setup (info) 39 | } 40 | } 41 | 42 | + 43 | #if defined (HAVE_TR_SUPPORT) 44 | static void lpf_tr_filter_setup (info) 45 | struct interface_info *info; 46 | -- 47 | 2.39.2 48 | 49 | -------------------------------------------------------------------------------- /scripts/package-build/strongswan/build-vici.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | CWD=$(pwd) 3 | set -e 4 | 5 | SRC="strongswan/src/libcharon/plugins/vici/python" 6 | if [ ! -d ${SRC} ]; then 7 | echo "Source directory does not exist, please 'git clone'" 8 | exit 1 9 | fi 10 | 11 | cd ${SRC} 12 | 13 | mkdir -p debian 14 | 15 | # Create control file 16 | echo "I: create $SRC/debian/control" 17 | cat < debian/control 18 | Source: strongswan 19 | Section: python 20 | Priority: optional 21 | Maintainer: VyOS Package Maintainers 22 | Build-Depends: debhelper (>= 9), python3, python3-setuptools 23 | Standards-Version: 3.9.6 24 | 25 | Package: python3-vici 26 | Architecture: all 27 | Depends: \${misc:Depends}, \${python3:Depends} 28 | Description: Native Python interface for strongSwan's VICI protocol 29 | EOF 30 | 31 | # Create rules file 32 | echo "I: create $SRC/debian/rules" 33 | cat < debian/rules 34 | #!/usr/bin/make -f 35 | 36 | %: 37 | dh \$@ --with python3 38 | EOF 39 | chmod +x debian/rules 40 | 41 | echo '10' > debian/compat 42 | 43 | # Add the 'install' file to copy the vici package to the correct directory 44 | echo "I: create $SRC/debian/install" 45 | cat < debian/install 46 | vici /usr/lib/python3/dist-packages/ 47 | EOF 48 | 49 | # Copy changelog 50 | cp ../../../../../debian/changelog debian/ 51 | 52 | # Build the package 53 | echo "I: Build Debian Package" 54 | dpkg-buildpackage -uc -us -tc -b -d 55 | 56 | # Copy the resulting .deb packages 57 | echo "I: copy packages" 58 | cp ../*.deb ../../../../../../ 59 | -------------------------------------------------------------------------------- /scripts/package-build/pmacct/patches/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch: -------------------------------------------------------------------------------- 1 | From 58900c9d0f98f224577c28dc2323061d33823f39 Mon Sep 17 00:00:00 2001 2 | From: Paolo Lucente 3 | Date: Fri, 4 Mar 2022 22:07:29 +0000 4 | Subject: [PATCH] * fix, pmacctd: SEGV when ICMP/ICMPv6 traffic was processed 5 | and 'flows' primitive was enabled. To address Issue #586 6 | 7 | --- 8 | src/nl.c | 12 +++--------- 9 | 1 file changed, 3 insertions(+), 9 deletions(-) 10 | 11 | diff --git a/src/nl.c b/src/nl.c 12 | index c42689ed..6a3da94b 100644 13 | --- a/src/nl.c 14 | +++ b/src/nl.c 15 | @@ -1,6 +1,6 @@ 16 | /* 17 | pmacct (Promiscuous mode IP Accounting package) 18 | - pmacct is Copyright (C) 2003-2021 by Paolo Lucente 19 | + pmacct is Copyright (C) 2003-2022 by Paolo Lucente 20 | */ 21 | 22 | /* 23 | @@ -293,10 +293,7 @@ int ip_handler(register struct packet_ptrs *pptrs) 24 | } 25 | } 26 | else { 27 | - if (pptrs->l4_proto != IPPROTO_ICMP) { 28 | - pptrs->tlh_ptr = dummy_tlhdr; 29 | - } 30 | - 31 | + pptrs->tlh_ptr = dummy_tlhdr; 32 | if (off < caplen) pptrs->payload_ptr = ptr; 33 | } 34 | 35 | @@ -479,10 +476,7 @@ int ip6_handler(register struct packet_ptrs *pptrs) 36 | } 37 | } 38 | else { 39 | - if (pptrs->l4_proto != IPPROTO_ICMPV6) { 40 | - pptrs->tlh_ptr = dummy_tlhdr; 41 | - } 42 | - 43 | + pptrs->tlh_ptr = dummy_tlhdr; 44 | if (off < caplen) pptrs->payload_ptr = ptr; 45 | } 46 | 47 | -- 48 | 2.34.1 49 | 50 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/build-nat-rtsp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | CWD=$(pwd) 3 | KERNEL_VAR_FILE=${CWD}/kernel-vars 4 | 5 | SRC=${CWD}/nat-rtsp 6 | if [ ! -d ${SRC} ]; then 7 | echo "nat-rtsp source not found" 8 | exit 1 9 | fi 10 | 11 | if [ ! -f ${KERNEL_VAR_FILE} ]; then 12 | echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" 13 | exit 1 14 | fi 15 | 16 | . ${KERNEL_VAR_FILE} 17 | 18 | cd ${SRC} 19 | git reset --hard HEAD 20 | git clean --force -d -x 21 | make KERNELDIR=$KERNEL_DIR 22 | 23 | # Copy binary to package directory 24 | DEBIAN_DIR=tmp/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra 25 | mkdir -p ${DEBIAN_DIR} 26 | cp nf_conntrack_rtsp.ko nf_nat_rtsp.ko ${DEBIAN_DIR} 27 | 28 | DEBIAN_POSTINST="${CWD}/vyos-nat-rtsp.postinst" 29 | echo "#!/bin/sh" > ${DEBIAN_POSTINST} 30 | echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST} 31 | 32 | # Sign generated Kernel modules 33 | ${CWD}/sign-modules.sh ${DEBIAN_DIR} 34 | 35 | # Build Debian Package 36 | fpm --input-type dir --output-type deb --name nat-rtsp \ 37 | --version $(git describe --tags --always) --deb-compression gz \ 38 | --maintainer "VyOS Package Maintainers " \ 39 | --description "Connection tracking and NAT support for RTSP" \ 40 | --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ 41 | --after-install ${DEBIAN_POSTINST} \ 42 | --license "GPL2" --chdir tmp 43 | 44 | mv *.deb .. 45 | 46 | if [ -f ${DEBIAN_POSTINST} ]; then 47 | rm -f ${DEBIAN_POSTINST} 48 | fi 49 | -------------------------------------------------------------------------------- /.github/workflows/trigger-docker-image-build.yml: -------------------------------------------------------------------------------- 1 | name: Trigger Docker image build 2 | 3 | on: 4 | pull_request_target: 5 | types: 6 | - closed 7 | branches: 8 | - current 9 | 10 | permissions: 11 | packages: write 12 | contents: read 13 | attestations: write 14 | id-token: write 15 | pull-requests: read 16 | 17 | jobs: 18 | track-changes: 19 | if: github.event.pull_request.merged == true 20 | runs-on: ubuntu-latest 21 | 22 | env: 23 | REF: main # Used for curl to trigger image build 24 | 25 | steps: 26 | - name: Checkout vyos/vyos-build repo 27 | uses: actions/checkout@v4 28 | with: 29 | ref: ${{ github.ref_name }} 30 | 31 | - uses: dorny/paths-filter@v3 32 | id: changes 33 | with: 34 | filters: | 35 | docker-dir: 36 | - 'docker/**' 37 | 38 | - name: "Trigger Docker image build for ${{ github.ref_name }}" 39 | if: ${{ steps.changes.outputs.docker-dir == 'true' }} 40 | run: | 41 | curl -L \ 42 | -X POST \ 43 | -H "Accept: application/vnd.github+json" \ 44 | -H "Authorization: Bearer ${{ secrets.PAT }}" \ 45 | -H "X-GitHub-Api-Version: 2022-11-28" \ 46 | https://api.github.com/repos/${{ secrets.REMOTE_OWNER }}/${{ secrets.REMOTE_REUSE_REPO }}/actions/workflows/build-docker-image.yml/dispatches \ 47 | -d '{"ref": "${{ env.REF }}", "inputs":{"branch":"${{ github.ref_name }}", "environment":"production"}}' -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/systemd/system.conf: -------------------------------------------------------------------------------- 1 | # This file is managed in vyos-build 2 | # 3 | # This file is part of systemd. 4 | # 5 | # systemd is free software; you can redistribute it and/or modify it 6 | # under the terms of the GNU Lesser General Public License as published by 7 | # the Free Software Foundation; either version 2.1 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # See systemd-system.conf(5) for details 11 | 12 | [Manager] 13 | #LogLevel=info 14 | #LogTarget=journal-or-kmsg 15 | #LogColor=yes 16 | #LogLocation=no 17 | #DumpCore=yes 18 | #CrashShell=no 19 | ShowStatus=yes 20 | #CrashChVT=1 21 | #CPUAffinity=1 2 22 | #JoinControllers=cpu,cpuacct net_cls,net_prio 23 | #RuntimeWatchdogSec=0 24 | #ShutdownWatchdogSec=10min 25 | #CapabilityBoundingSet= 26 | #SystemCallArchitectures= 27 | #TimerSlackNSec= 28 | #DefaultTimerAccuracySec=1min 29 | #DefaultStandardOutput=journal 30 | #DefaultStandardError=inherit 31 | #DefaultTimeoutStartSec=90s 32 | #DefaultTimeoutStopSec=90s 33 | #DefaultRestartSec=100ms 34 | #DefaultStartLimitInterval=10s 35 | #DefaultStartLimitBurst=5 36 | #DefaultEnvironment= 37 | #DefaultCPUAccounting=no 38 | #DefaultBlockIOAccounting=no 39 | #DefaultMemoryAccounting=no 40 | #DefaultLimitCPU= 41 | #DefaultLimitFSIZE= 42 | #DefaultLimitDATA= 43 | #DefaultLimitSTACK= 44 | #DefaultLimitCORE= 45 | #DefaultLimitRSS= 46 | #DefaultLimitNOFILE= 47 | #DefaultLimitAS= 48 | #DefaultLimitNPROC= 49 | #DefaultLimitMEMLOCK= 50 | #DefaultLimitLOCKS= 51 | #DefaultLimitSIGPENDING= 52 | #DefaultLimitMSGQUEUE= 53 | #DefaultLimitNICE= 54 | #DefaultLimitRTPRIO= 55 | #DefaultLimitRTTIME= 56 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/patches/ixgbe/allow_unsupported_sfp.patch: -------------------------------------------------------------------------------- 1 | From 4f6c1dc3c48a1b2fa7c06206e6366bcfaa33f3f7 Mon Sep 17 00:00:00 2001 2 | From: Christian Breunig 3 | Date: Fri, 22 Mar 2024 11:33:27 +0000 4 | Subject: [PATCH] ixgbe: always enable support for unsupported SFP+ modules 5 | 6 | --- 7 | ixgbe_param.c | 10 +++++++--- 8 | 1 file changed, 7 insertions(+), 3 deletions(-) 9 | 10 | diff --git a/ixgbe_param.c b/ixgbe_param.c 11 | index 71197b7..dac33ca 100644 12 | --- a/ixgbe_param.c 13 | +++ b/ixgbe_param.c 14 | @@ -307,7 +307,7 @@ IXGBE_PARAM(LRO, "Large Receive Offload (0,1), default 0 = off"); 15 | * Default Value: 0 16 | */ 17 | IXGBE_PARAM(allow_unsupported_sfp, "Allow unsupported and untested " 18 | - "SFP+ modules on 82599 based adapters, default 0 = Disable"); 19 | + "SFP+ modules on 82599 based adapters, default 1 = Enable"); 20 | 21 | /* Enable/disable support for DMA coalescing 22 | * 23 | @@ -1133,8 +1133,8 @@ void ixgbe_check_options(struct ixgbe_adapter *adapter) 24 | struct ixgbe_option opt = { 25 | .type = enable_option, 26 | .name = "allow_unsupported_sfp", 27 | - .err = "defaulting to Disabled", 28 | - .def = OPTION_DISABLED 29 | + .err = "defaulting to Enabled", 30 | + .def = OPTION_ENABLED 31 | }; 32 | #ifdef module_param_array 33 | if (num_allow_unsupported_sfp > bd) { 34 | @@ -1150,7 +1150,11 @@ void ixgbe_check_options(struct ixgbe_adapter *adapter) 35 | } 36 | #ifdef module_param_array 37 | } else { 38 | + if (opt.def == OPTION_ENABLED) { 39 | + adapter->hw.allow_unsupported_sfp = true; 40 | + } else { 41 | adapter->hw.allow_unsupported_sfp = false; 42 | + } 43 | } 44 | #endif 45 | } 46 | -- 47 | 2.39.2 48 | 49 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/package.toml: -------------------------------------------------------------------------------- 1 | # [defaults] 2 | # We get the kernel_version from vyos-build/data/defaults.toml 3 | # kernel_version = "6.6.47" 4 | # kernel_flavor = "amd64-vyos" 5 | 6 | 7 | [[packages]] 8 | name = "linux-kernel" 9 | commit_id = "" # Uses defaults.kernel_version 10 | scm_url = "" 11 | build_cmd = "build_kernel" 12 | 13 | [[packages]] 14 | name = "linux-firmware" 15 | commit_id = "20240610" 16 | scm_url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git" 17 | build_cmd = "build_linux_firmware" 18 | 19 | [[packages]] 20 | name = "accel-ppp" 21 | commit_id = "1.13.0" 22 | scm_url = "https://github.com/accel-ppp/accel-ppp.git" 23 | build_cmd = "build_accel_ppp" 24 | 25 | 26 | [[packages]] 27 | name = "ovpn-dco" 28 | commit_id = "v0.2.20231117" 29 | scm_url = "https://github.com/OpenVPN/ovpn-dco" 30 | build_cmd = "build_openvpn_dco" 31 | 32 | [[packages]] 33 | name = "nat-rtsp" 34 | commit_id = "475af0a" 35 | scm_url = "https://github.com/maru-sama/rtsp-linux.git" 36 | build_cmd = "build_nat_rtsp" 37 | 38 | 39 | [[packages]] 40 | name = "qat" 41 | commit_id = "" 42 | scm_url = "" 43 | build_cmd = "build_intel_qat" 44 | 45 | [[packages]] 46 | name = "ixgbe" 47 | commit_id = "" 48 | scm_url = "" 49 | build_cmd = "build_intel_ixgbe" 50 | 51 | [[packages]] 52 | name = "ixgbevf" 53 | commit_id = "" 54 | scm_url = "" 55 | build_cmd = "build_intel_ixgbevf" 56 | 57 | [[packages]] 58 | name = "jool" 59 | commit_id = "" 60 | scm_url = "" 61 | build_cmd = "build_jool" 62 | 63 | [[packages]] 64 | name = "mlnx" 65 | commit_id = "" 66 | scm_url = "" 67 | build_cmd = "build_mellanox_ofed" 68 | 69 | [[packages]] 70 | name = "realtek-r8152" 71 | commit_id = "" 72 | scm_url = "" 73 | build_cmd = "build_realtek_r8152" 74 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/30-strongswan-configs.chroot: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | # The Cisco Unity plugin, that implements a proprietary extension 4 | # for IPsec split tunneling, interfers with DMVPN 5 | # 6 | # Since we do not do remote access IPsec, the simplest solution 7 | # is to disable it entirely from the start. 8 | 9 | import re 10 | 11 | # Disable the 'cisco_unity' option in charon.conf 12 | with open('/etc/strongswan.d/charon.conf', 'r') as f: 13 | charon_conf = f.read() 14 | charon_conf = re.sub(r'# (cisco_unity = no)', r"\1", charon_conf) 15 | 16 | with open('/etc/strongswan.d/charon.conf', 'w') as f: 17 | f.write(charon_conf) 18 | 19 | 20 | 21 | # Prevent the 'cisco_unity' plugin from loading 22 | with open('/etc/strongswan.d/charon/unity.conf', 'r') as f: 23 | unity_conf = f.read() 24 | unity_conf = re.sub(r'load = yes', r'load = no', unity_conf) 25 | 26 | with open('/etc/strongswan.d/charon/unity.conf', 'w') as f: 27 | f.write(unity_conf) 28 | 29 | 30 | 31 | # Prevent the 'farp' plugin from loading 32 | with open('/etc/strongswan.d/charon/farp.conf', 'r') as f: 33 | farp_conf = f.read() 34 | 35 | farp_conf = re.sub(r'load = yes', r'load = no', farp_conf) 36 | 37 | with open('/etc/strongswan.d/charon/farp.conf', 'w') as f: 38 | f.write(farp_conf) 39 | 40 | 41 | # Add ike-name to logging 42 | charon_logging = """ 43 | charon { 44 | syslog { 45 | # prefix for each log message 46 | identifier = charon 47 | # use default settings to log to the LOG_DAEMON facility 48 | daemon { 49 | default = 1 50 | ike_name = yes 51 | } 52 | } 53 | } 54 | """ 55 | 56 | with open('/etc/strongswan.d/charon-logging.conf', 'w') as f: 57 | f.write(charon_logging) 58 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/README.md: -------------------------------------------------------------------------------- 1 | # Build 2 | ``` 3 | ./build.py --config package.toml --packages linux-kernel accel-ppp xxx 4 | ``` 5 | 6 | # About 7 | 8 | VyOS runs on a custom Linux Kernel (which is 4.19) at the time of this writing. 9 | This repository holds a Jenkins Pipeline which is used to build the Custom 10 | Kernel (x86_64/amd64 at the moment) and all required out-of tree modules. 11 | 12 | VyOS does not utilize the build in Intel Kernel drivers for its NICs as those 13 | Kernels sometimes lack features e.g. configurable receive-side-scaling queues. 14 | On the other hand we ship additional not mainlined features as WireGuard VPN. 15 | 16 | ## Kernel 17 | 18 | The Kernel is build from the vanilla repositories hosted at https://git.kernel.org. 19 | VyOS requires two additional patches to work which are stored in the patches/kernel 20 | folder. 21 | 22 | ### Config 23 | 24 | The Kernel configuration used is [x86_64_vyos_defconfig](x86_64_vyos_defconfig) 25 | which will be copied on demand during the Pipeline run into the `arch/x86/configs`i 26 | direcotry of the Kernel source tree. 27 | 28 | Other configurations can be added in the future easily. 29 | 30 | ### Modules 31 | 32 | VyOS utilizes several Out-of-Tree modules (e.g. WireGuard, Accel-PPP and Intel 33 | network interface card drivers). Module source code is retrieved from the 34 | upstream repository and - when needed - patched so it can be build using this 35 | pipeline. 36 | 37 | In the past VyOS maintainers had a fork of the Linux Kernel, WireGuard and 38 | Accel-PPP. This is fine but increases maintenance effort. By utilizing vanilla 39 | repositories upgrading to new versions is very easy - only the branch/commit/tag 40 | used when cloning the repository via [Jenkinsfile](Jenkinsfile) needs to be 41 | adjusted. 42 | -------------------------------------------------------------------------------- /data/live-build-config/archives/saltstack.key.chroot: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v2 3 | 4 | mQENBFOpvpgBCADkP656H41i8fpplEEB8IeLhugyC2rTEwwSclb8tQNYtUiGdna9 5 | m38kb0OS2DDrEdtdQb2hWCnswxaAkUunb2qq18vd3dBvlnI+C4/xu5ksZZkRj+fW 6 | tArNR18V+2jkwcG26m8AxIrT+m4M6/bgnSfHTBtT5adNfVcTHqiT1JtCbQcXmwVw 7 | WbqS6v/LhcsBE//SHne4uBCK/GHxZHhQ5jz5h+3vWeV4gvxS3Xu6v1IlIpLDwUts 8 | kT1DumfynYnnZmWTGc6SYyIFXTPJLtnoWDb9OBdWgZxXfHEcBsKGha+bXO+m2tHA 9 | gNneN9i5f8oNxo5njrL8jkCckOpNpng18BKXABEBAAG0MlNhbHRTdGFjayBQYWNr 10 | YWdpbmcgVGVhbSA8cGFja2FnaW5nQHNhbHRzdGFjay5jb20+iQE4BBMBAgAiBQJT 11 | qb6YAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAOCKFJ3le/vhkqB/0Q 12 | WzELZf4d87WApzolLG+zpsJKtt/ueXL1W1KA7JILhXB1uyvVORt8uA9FjmE083o1 13 | yE66wCya7V8hjNn2lkLXboOUd1UTErlRg1GYbIt++VPscTxHxwpjDGxDB1/fiX2o 14 | nK5SEpuj4IeIPJVE/uLNAwZyfX8DArLVJ5h8lknwiHlQLGlnOu9ulEAejwAKt9CU 15 | 4oYTszYM4xrbtjB/fR+mPnYh2fBoQO4d/NQiejIEyd9IEEMd/03AJQBuMux62tjA 16 | /NwvQ9eqNgLw9NisFNHRWtP4jhAOsshv1WW+zPzu3ozoO+lLHixUIz7fqRk38q8Q 17 | 9oNR31KvrkSNrFbA3D89uQENBFOpvpgBCADJ79iH10AfAfpTBEQwa6vzUI3Eltqb 18 | 9aZ0xbZV8V/8pnuU7rqM7Z+nJgldibFk4gFG2bHCG1C5aEH/FmcOMvTKDhJSFQUx 19 | uhgxttMArXm2c22OSy1hpsnVG68G32Nag/QFEJ++3hNnbyGZpHnPiYgej3FrerQJ 20 | zv456wIsxRDMvJ1NZQB3twoCqwapC6FJE2hukSdWB5yCYpWlZJXBKzlYz/gwD/Fr 21 | GL578WrLhKw3UvnJmlpqQaDKwmV2s7MsoZogC6wkHE92kGPG2GmoRD3ALjmCvN1E 22 | PsIsQGnwpcXsRpYVCoW7e2nW4wUf7IkFZ94yOCmUq6WreWI4NggRcFC5ABEBAAGJ 23 | AR8EGAECAAkFAlOpvpgCGwwACgkQDgihSd5Xv74/NggA08kEdBkiWWwJZUZEy7cK 24 | WWcgjnRuOHd4rPeT+vQbOWGu6x4bxuVf9aTiYkf7ZjVF2lPn97EXOEGFWPZeZbH4 25 | vdRFH9jMtP+rrLt6+3c9j0M8SIJYwBL1+CNpEC/BuHj/Ra/cmnG5ZNhYebm76h5f 26 | T9iPW9fFww36FzFka4VPlvA4oB7ebBtquFg3sdQNU/MmTVV4jPFWXxh4oRDDR+8N 27 | 1bcPnbB11b5ary99F/mqr7RgQ+YFF0uKRE3SKa7a+6cIuHEZ7Za+zhPaQlzAOZlx 28 | fuBmScum8uQTrEF5+Um5zkwC7EXTdH1co/+/V/fpOtxIg4XO4kcugZefVm5ERfVS 29 | MA== 30 | =dtMN 31 | -----END PGP PUBLIC KEY BLOCK----- 32 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/dh895xcc_dev0.conf: -------------------------------------------------------------------------------- 1 | # Intel® Communications Chipset 8900 to 8920 and Intel® Atom™ Processor C2000 Product Family for Communications Infrastructure 2 | # Vyos config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 4096 11 | # Interrupt Coalescing, available only in Intel® Communications Chipset 8900 to 8920 and Intel® Atom™ Processor C2000 Product Family for Communications Infrastructure 12 | InterruptCoalescingEnabled = 1 13 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 14 | InterruptCoalescingTimerNs = 500000 15 | # Automatically resets the device in case of fatal error or heartbeat failure 16 | AutoResetOnError = 1 17 | 18 | [KERNEL] 19 | # create two cryptographic instances 20 | NumberCyInstances = 8 21 | NumberDcInstances = 0 22 | # Instance 0 23 | Cy0Name = "IPSec0" 24 | Cy0IsPolled = 0 25 | Cy0CoreAffinity = 0 26 | # Instance 1 27 | Cy1Name = "IPSec1" 28 | Cy1IsPolled = 0 29 | Cy1CoreAffinity = 1 30 | # Instance 2 31 | Cy2Name = "IPSec2" 32 | Cy2IsPolled = 0 33 | Cy2CoreAffinity = 2 34 | # Instance 3 35 | Cy3Name = "IPSec3" 36 | Cy3IsPolled = 0 37 | Cy3CoreAffinity = 3 38 | # Instance 4 39 | Cy4Name = "IPSec4" 40 | Cy4IsPolled = 0 41 | Cy4CoreAffinity = 4 42 | # Instance 5 43 | Cy5Name = "IPSec5" 44 | Cy5IsPolled = 0 45 | Cy5CoreAffinity = 5 46 | # Instance 6 47 | Cy6Name = "IPSec6" 48 | Cy6IsPolled = 0 49 | Cy6CoreAffinity = 6 50 | # Instance 7 51 | Cy7Name = "IPSec7" 52 | Cy7IsPolled = 0 53 | Cy7CoreAffinity = 7 54 | 55 | 56 | # Disable QAT API 57 | [KERNEL_QAT] 58 | NumberCyInstances = 0 59 | NumberDcInstances = 0 60 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/dh895xcc_dev1.conf: -------------------------------------------------------------------------------- 1 | # Intel® Communications Chipset 8900 to 8920 and Intel® Atom™ Processor C2000 Product Family for Communications Infrastructure 2 | # Vyos config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 4096 11 | # Interrupt Coalescing, available only in Intel® Communications Chipset 8900 to 8920 and Intel® Atom™ Processor C2000 Product Family for Communications Infrastructure 12 | InterruptCoalescingEnabled = 1 13 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 14 | InterruptCoalescingTimerNs = 500000 15 | # Automatically resets the device in case of fatal error or heartbeat failure 16 | AutoResetOnError = 1 17 | 18 | [KERNEL] 19 | # create two cryptographic instances 20 | NumberCyInstances = 8 21 | NumberDcInstances = 0 22 | # Instance 0 23 | Cy0Name = "IPSec0" 24 | Cy0IsPolled = 0 25 | Cy0CoreAffinity = 0 26 | # Instance 1 27 | Cy1Name = "IPSec1" 28 | Cy1IsPolled = 0 29 | Cy1CoreAffinity = 1 30 | # Instance 2 31 | Cy2Name = "IPSec2" 32 | Cy2IsPolled = 0 33 | Cy2CoreAffinity = 2 34 | # Instance 3 35 | Cy3Name = "IPSec3" 36 | Cy3IsPolled = 0 37 | Cy3CoreAffinity = 3 38 | # Instance 4 39 | Cy4Name = "IPSec4" 40 | Cy4IsPolled = 0 41 | Cy4CoreAffinity = 4 42 | # Instance 5 43 | Cy5Name = "IPSec5" 44 | Cy5IsPolled = 0 45 | Cy5CoreAffinity = 5 46 | # Instance 6 47 | Cy6Name = "IPSec6" 48 | Cy6IsPolled = 0 49 | Cy6CoreAffinity = 6 50 | # Instance 7 51 | Cy7Name = "IPSec7" 52 | Cy7IsPolled = 0 53 | Cy7CoreAffinity = 7 54 | 55 | 56 | # Disable QAT API 57 | [KERNEL_QAT] 58 | NumberCyInstances = 0 59 | NumberDcInstances = 0 60 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/dh895xcc_dev2.conf: -------------------------------------------------------------------------------- 1 | # Intel® Communications Chipset 8900 to 8920 and Intel® Atom™ Processor C2000 Product Family for Communications Infrastructure 2 | # Vyos config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 4096 11 | # Interrupt Coalescing, available only in Intel® Communications Chipset 8900 to 8920 and Intel® Atom™ Processor C2000 Product Family for Communications Infrastructure 12 | InterruptCoalescingEnabled = 1 13 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 14 | InterruptCoalescingTimerNs = 500000 15 | # Automatically resets the device in case of fatal error or heartbeat failure 16 | AutoResetOnError = 1 17 | 18 | [KERNEL] 19 | # create two cryptographic instances 20 | NumberCyInstances = 8 21 | NumberDcInstances = 0 22 | # Instance 0 23 | Cy0Name = "IPSec0" 24 | Cy0IsPolled = 0 25 | Cy0CoreAffinity = 0 26 | # Instance 1 27 | Cy1Name = "IPSec1" 28 | Cy1IsPolled = 0 29 | Cy1CoreAffinity = 1 30 | # Instance 2 31 | Cy2Name = "IPSec2" 32 | Cy2IsPolled = 0 33 | Cy2CoreAffinity = 2 34 | # Instance 3 35 | Cy3Name = "IPSec3" 36 | Cy3IsPolled = 0 37 | Cy3CoreAffinity = 3 38 | # Instance 4 39 | Cy4Name = "IPSec4" 40 | Cy4IsPolled = 0 41 | Cy4CoreAffinity = 4 42 | # Instance 5 43 | Cy5Name = "IPSec5" 44 | Cy5IsPolled = 0 45 | Cy5CoreAffinity = 5 46 | # Instance 6 47 | Cy6Name = "IPSec6" 48 | Cy6IsPolled = 0 49 | Cy6CoreAffinity = 6 50 | # Instance 7 51 | Cy7Name = "IPSec7" 52 | Cy7IsPolled = 0 53 | Cy7CoreAffinity = 7 54 | 55 | 56 | # Disable QAT API 57 | [KERNEL_QAT] 58 | NumberCyInstances = 0 59 | NumberDcInstances = 0 60 | -------------------------------------------------------------------------------- /vars/setDescription.groovy: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env groovy 2 | // Copyright (C) 2020 VyOS maintainers and contributors 3 | // 4 | // This program is free software; you can redistribute it and/or modify 5 | // in order to easy exprort images built to "external" world 6 | // it under the terms of the GNU General Public License version 2 or later as 7 | // published by the Free Software Foundation. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program. If not, see . 16 | 17 | def call(text = null) { 18 | def item = Jenkins.instance.getItemByFullName(env.JOB_NAME) 19 | 20 | // build up the main description text 21 | def description = "" 22 | if (text) { 23 | description += "

VyOS package build: " + text + "

" 24 | } else { 25 | description += "

VyOS package build: " + getGitRepoName().replace('.git', '') + "

" 26 | } 27 | 28 | if (isCustomBuild()) { 29 | description += "

" 30 | description += "Build not started from official Git repository!
" 31 | description += "
" 32 | description += "Repository: " + getGitRepoURL() + "
" 33 | description += "Branch: " + getGitBranchName() + "
" 34 | description += "

" 35 | } else { 36 | description += "Sources taken from Git branch: " + getGitBranchName() + "
" 37 | } 38 | 39 | item.setDescription(description) 40 | item.save() 41 | } 42 | 43 | -------------------------------------------------------------------------------- /scripts/iso-to-oci: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | function cleanup() { 4 | if [[ -d $ROOTFS ]]; then 5 | rm -rf $ROOTFS 6 | fi 7 | if [[ -d $UNSQUASHFS ]]; then 8 | rm -rf $UNSQUASHFS 9 | fi 10 | } 11 | 12 | if [[ $(/usr/bin/id -u) -ne 0 ]]; then 13 | echo "Not running as root" 14 | exit 15 | fi 16 | 17 | if [ "$#" -ne 1 ]; then 18 | echo "Illegal number of parameters" 19 | fi 20 | 21 | ISO=$1 22 | ROOTFS=rootfs 23 | UNSQUASHFS=unsquashfs 24 | 25 | # ensure clean working directory 26 | cleanup 27 | 28 | mkdir $ROOTFS $UNSQUASHFS 29 | echo "I: mount ISO $ISO" 30 | mount -t iso9660 -o loop $ISO $ROOTFS/ >/dev/null 2>&1 31 | 32 | # create directory, unpack squashfs filesystem, get ISO version 33 | # and unmount ISO 34 | echo "I: extracting squashfs content" 35 | unsquashfs -follow -dest $UNSQUASHFS/ $ROOTFS/live/filesystem.squashfs >/dev/null 2>&1 36 | VERSION=$(jq --raw-output .version $ROOTFS/version.json) 37 | umount $ROOTFS/ 38 | 39 | # fix locales for correct system configuration loading 40 | sed -i 's/^LANG=.*$/LANG=C.UTF-8/' $UNSQUASHFS/etc/default/locale 41 | 42 | # optional step: Decrease docker image size by deleting not necessary files for container 43 | rm -rf $UNSQUASHFS/boot/*.img 44 | rm -rf $UNSQUASHFS/boot/*vyos* 45 | rm -rf $UNSQUASHFS/boot/vmlinuz 46 | rm -rf $UNSQUASHFS/lib/firmware/ 47 | rm -rf $UNSQUASHFS/usr/lib/x86_64-linux-gnu/libwireshark.so* 48 | rm -rf $UNSQUASHFS/lib/modules/*amd64-vyos 49 | rm -rf $UNSQUASHFS/root/.gnupg 50 | 51 | # create a symbolic link to the configuration 52 | ln -s /opt/vyatta/etc/config $UNSQUASHFS/config 53 | 54 | # create docker image 55 | echo "I: generate OCI container image vyos-$VERSION.tar" 56 | tar -C unsquashfs -c . -f vyos-$VERSION.tar 57 | 58 | echo "I: to import the previously generated OCI image to your local images run:" 59 | echo "" 60 | echo " docker import vyos-$VERSION.tar vyos:$VERSION --change 'CMD ["/sbin/init"]'" 61 | echo "" 62 | 63 | cleanup 64 | -------------------------------------------------------------------------------- /LICENSE.artwork: -------------------------------------------------------------------------------- 1 | # The spirit 2 | 3 | VyOS is free (as in freedom) software. We keep the source code and the build tools freely-licensed 4 | and available to everyone to inspect, modify, and distribute. 5 | The goal of VyOS is to create a network operating system available to everyone who needs it. 6 | We welcome contributions from all community members and we are happy to share our work on LTS releases 7 | with contributors. We also don't require contributors to give us exclusive rights to their contributions, 8 | and VyOS source code belongs to the entire community. 9 | 10 | However, success of a project and its ability to receive funding through commercial services 11 | rests on the reputation of its maintainers. 12 | And the "pay for binaries" LTS release model only works if access to images is actually restricted 13 | to those who support the project by purchasing a subscription or contributing. 14 | 15 | We cannot let other people and organizations exploit our reputation for gain or put it at risk 16 | by distributing modified images with VyOS branding, or compromise the LTS business model 17 | by redistributing pre-built images meant for subscription holders. 18 | 19 | We enforce that through trademarks and copyrighted artwork. 20 | 21 | Use and distribution of pre-built LTS images is governed by a EULA you can find in /usr/share/doc/vyos/EULA 22 | on the live image and in installed systems. 23 | 24 | Self-built images can be freely distributed, but only if you replace the branding with yourn own, 25 | that is, replace all artwork files that contain the VyOS logo and all end-user-visible mentions of the VyOS name. 26 | 27 | # The letter 28 | 29 | VyOS is a registered trademarks in the United States, countries of the European Union, and other countries. 30 | 31 | The copyright to the artwork files that contain the VyOS logo, such as data/live-build-config/includes.binary/isolinux/splash.png 32 | belongs to Sentrium S.L. and affiliated, all rights reserved. 33 | -------------------------------------------------------------------------------- /resources/branding.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | echo "NOT_VYOS: $NOT_VYOS" 5 | if [ "$NOT_VYOS" != "" ]; then 6 | name="$NOT_VYOS" 7 | if [ "$name" == "yes" ]; then 8 | name="NOTvyos" 9 | fi 10 | 11 | if [[ "$JOB_NAME" == *"vyos-1x"* ]]; then 12 | # sagitta 13 | echo "Removing branding for $JOB_NAME..." 14 | defaultMotd="./data/templates/login/default_motd.j2" 15 | if [ -f "$defaultMotd" ]; then 16 | sed -i "s/VyOS/$name/" "$defaultMotd" 17 | fi 18 | 19 | systemLoginBannerPy="./src/conf_mode/system_login_banner.py" 20 | if [ -f "$systemLoginBannerPy" ]; then 21 | sed -i "s/Welcome to VyOS/Welcome to $name/" "$systemLoginBannerPy" 22 | fi 23 | 24 | vyosRouter="./src/init/vyos-router" 25 | if [ -f "$vyosRouter" ]; then 26 | sed -i "s/VyOS Config/$name Config/" "$vyosRouter" 27 | sed -i "s/VyOS router/$name router/" "$vyosRouter" 28 | fi 29 | 30 | vyosVersionPy="./src/op_mode/version.py" 31 | if [ -f "$vyosVersionPy" ]; then 32 | sed -i "s/VyOS {{version}}/$name {{version}}/" "$vyosVersionPy" 33 | fi 34 | 35 | airbagPy="./python/vyos/airbag.py" 36 | if [ -f "$airbagPy" ]; then 37 | sed -i "s/VyOS {{version}}/$name {{version}}/" "$airbagPy" 38 | fi 39 | 40 | # equuleus 41 | systemLoginBannerPy2="./src/conf_mode/system-login-banner.py" 42 | if [ -f "$systemLoginBannerPy2" ]; then 43 | sed -i "s/Welcome to VyOS/Welcome to $name/" "$systemLoginBannerPy2" 44 | fi 45 | 46 | vyosVersionPy2="./src/op_mode/show_version.py" 47 | if [ -f "$vyosVersionPy2" ]; then 48 | sed -i "s/VyOS {{version}}/$name {{version}}/" "$vyosVersionPy2" 49 | fi 50 | 51 | elif [[ "$JOB_NAME" == *"vyatta-cfg"* ]]; then 52 | 53 | # equuleus 54 | echo "Removing branding for $JOB_NAME..." 55 | vyosRouter="./scripts/init/vyos-router" 56 | if [ -f "$vyosRouter" ]; then 57 | sed -i "s/VyOS Config/$name Config/" "$vyosRouter" 58 | sed -i "s/VyOS router/$name router/" "$vyosRouter" 59 | fi 60 | 61 | else 62 | echo "No branding to remove for $JOB_NAME" 63 | fi 64 | fi 65 | -------------------------------------------------------------------------------- /docker-vyos/vyos_install_stage_03.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2020-2023 VyOS maintainers and contributors 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License version 2 or later as 7 | # published by the Free Software Foundation. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program. If not, see . 16 | 17 | # Stage 3 - tune the system 18 | 19 | # load common functions 20 | . vyos_install_common.sh 21 | 22 | # Add config partition marker 23 | mkdir -p /opt/vyatta/etc/config 24 | touch /opt/vyatta/etc/config/.vyatta_config 25 | 26 | # create folder for configuration mounting 27 | ln -s /opt/vyatta/etc/config /config 28 | 29 | # Delete SSH keys 30 | rm -rf /etc/ssh/ssh_host_* 31 | 32 | # Fix FUSE settings 33 | sed -i 's/#user_allow_other/user_allow_other/g' /etc/fuse.conf 34 | 35 | # Configure locale 36 | sed -i 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen 37 | dpkg-reconfigure locales 38 | update-locale LANG=en_US.UTF-8 LC_ALL=C 39 | 40 | # Tune bash and environment settings 41 | echo "source /etc/bash_completion" >> /root/.bashrc 42 | sed -i 's/set $BASH_COMPLETION_ORIGINAL_V_VALUE/builtin set $BASH_COMPLETION_ORIGINAL_V_VALUE/g' /usr/share/bash-completion/bash_completion 43 | 44 | # Run configuration hooks 45 | echo "Running system configuration hooks" 46 | hooks_list=( 47 | "18-enable-disable_services.chroot" 48 | "30-frr-configs.chroot" 49 | ) 50 | for hook in ${hooks_list[@]}; do 51 | if [[ -e /tmp/hooks/${hook} ]]; then 52 | echo "Running ${hook}" 53 | /tmp/hooks/${hook} 54 | fi 55 | done 56 | 57 | # Delete needless options from CLI 58 | CLI_DELETION=( 59 | "/opt/vyatta/share/vyatta-cfg/templates/container/" 60 | ) 61 | rm -rf ${CLI_DELETION[@]} 62 | 63 | exit 0 64 | -------------------------------------------------------------------------------- /data/build-flavors/README.md: -------------------------------------------------------------------------------- 1 | # VyOS build flavors 2 | 3 | VyOS supports multiple different hardware and virtual platforms. 4 | Those platforms often need custom packages and may require custom 5 | configs. To make maintenance of existing flavors simpler 6 | and to allow everyone to make and maintain their own flavors, 7 | the build scripts support storing flavor configuration in [TOML](https://toml.io) files. 8 | 9 | Flavor files must be in `data/build-flavors`. Here's an example: 10 | 11 | ```toml 12 | # Generic (aka "universal") ISO image 13 | 14 | image_format = "iso" 15 | 16 | # Include these packages in the image regardless of the architecture 17 | packages = [ 18 | # QEMU and Xen guest tools exist for multiple architectures 19 | "qemu-guest-agent", 20 | "vyos-xe-guest-utilities", 21 | ] 22 | 23 | [architectures.amd64] 24 | # Hyper-V and VMware guest tools are x86-only 25 | packages = ["hyperv-daemons", "vyos-1x-vmware"] 26 | ``` 27 | 28 | ## Image format 29 | 30 | The `image_format` option specifies the default format to build. 31 | 32 | ```toml 33 | image_format = "iso" 34 | ``` 35 | 36 | **Note:** currently, ISO is the only supported format, 37 | support for different flavors is in progress. 38 | 39 | ## Including custom packages 40 | 41 | If you want the build scripts to include custom packages from repositories 42 | in the image, you can list them in the `packages` field. 43 | 44 | For example, this is how to include the GNU Hello package: 45 | 46 | ```toml 47 | packages = ['hello'] 48 | ``` 49 | 50 | It's possible to include packages only in images with certain build architectures 51 | by placing them in a subtable. 52 | 53 | If you want to include GNU Hello only in AMD64 images, do this: 54 | 55 | ```toml 56 | [architectures.amd64] 57 | packages = ['hello'] 58 | ``` 59 | 60 | ## Including custom files 61 | 62 | You can include files inside the SquashFS filesystem by adding entries 63 | to the `includes_chroot` array. 64 | 65 | ```toml 66 | [[includes_chroot]] 67 | path = "etc/question.txt" 68 | data = ''' 69 | Can you guess how this file ended up in the image? 70 | ''' 71 | 72 | path = "etc/answer.txt" 73 | data = ''' 74 | It was in the flavor file! 75 | ''' 76 | ``` 77 | -------------------------------------------------------------------------------- /data/live-build-config/rootfs/excludes: -------------------------------------------------------------------------------- 1 | # Exclude various unused files and directories in order to free some space and shrink imagesize. 2 | # 3 | # For information on how to use wildcards properly (Anchored and Non-anchored excludes): 4 | # 5 | # https://github.com/plougher/squashfs-tools/blob/master/RELEASE-READMEs/README-3.3 6 | # 7 | # Note: 8 | # 9 | # - root starts without leading '/'. 10 | # 11 | 12 | # Txxx: Drop isc-dhcp helper files from /etc/default. 13 | # We use systemd to control ISC daemons from within vyos-1x. 14 | etc/default/isc-dhcp-server 15 | etc/default/isc-dhcp-relay 16 | 17 | # T2185: Clean leftover files (ddclient) from base package. 18 | etc/dhcp/dhclient-exit-hooks.d/ddclient 19 | etc/ddclient.conf 20 | 21 | # T3242: Add hook to prevent link_config redundancy call in systemd-udev. 22 | # 99-default.link rule always calls link_config thats trying to set autonegotiation and duplex even for PPP interfaces. 23 | # Need to delete this rule to prevent overhead on interface creation stage. 24 | lib/systemd/network/99-default.link 25 | 26 | # T3774: Disabled atop services. 27 | etc/cron.d/atop 28 | 29 | # T3912: Remove superfluous motd.d kernel version shell script. 30 | etc/update-motd.d/10-uname 31 | 32 | # T4415: We do not need any documentation on the system. 33 | # Copyright/licenses files are ignored for deletion. 34 | usr/share/doc/*/!(copyright*|README*) 35 | usr/share/doc-base 36 | 37 | # T5468: We do not need any manpages on the system since man-binary is missing. 38 | usr/local/man/* 39 | usr/local/share/man/* 40 | usr/share/man/* 41 | 42 | # T5511: We do not need any games on the system. 43 | usr/games/* 44 | usr/local/games/* 45 | 46 | # T5511: We do not need any caches on the system (will be recreated when needed). 47 | var/cache/* 48 | 49 | # T5511: We do not need any log-files on the system (will be recreated when needed). 50 | var/log/*.log 51 | var/log/*/*.log 52 | var/log/*/*.log.xz 53 | 54 | # T5511: We do not need any backup-files on the system (will be recreated when needed). 55 | ... *.bak 56 | ... *.old 57 | ... *.kbx~ 58 | var/lib/dpkg/*-old 59 | 60 | # T5624: Remove the Debian version file to avoid false positives from security scanners. 61 | etc/debian_version 62 | 63 | -------------------------------------------------------------------------------- /scripts/package-build/ndppd/patches/0001-skip-route-table-if-there-is-no-auto-rule.patch: -------------------------------------------------------------------------------- 1 | From b148ba055245cec5007ee91dd3ffbfeb58d49c5a Mon Sep 17 00:00:00 2001 2 | From: Henning Surmeier 3 | Date: Sun, 9 Jan 2022 20:35:15 +0100 4 | Subject: [PATCH 1/2] skip route table if there is no auto rule 5 | 6 | --- 7 | src/ndppd.cc | 3 ++- 8 | src/rule.cc | 8 ++++++++ 9 | src/rule.h | 4 ++++ 10 | 3 files changed, 14 insertions(+), 1 deletion(-) 11 | 12 | diff --git a/src/ndppd.cc b/src/ndppd.cc 13 | index bec9656..b303721 100644 14 | --- a/src/ndppd.cc 15 | +++ b/src/ndppd.cc 16 | @@ -304,7 +304,8 @@ int main(int argc, char* argv[], char* env[]) 17 | t1.tv_sec = t2.tv_sec; 18 | t1.tv_usec = t2.tv_usec; 19 | 20 | - route::update(elapsed_time); 21 | + if (rule::any_auto()) 22 | + route::update(elapsed_time); 23 | session::update_all(elapsed_time); 24 | } 25 | 26 | diff --git a/src/rule.cc b/src/rule.cc 27 | index 9e72480..a1e8376 100644 28 | --- a/src/rule.cc 29 | +++ b/src/rule.cc 30 | @@ -24,6 +24,8 @@ 31 | 32 | NDPPD_NS_BEGIN 33 | 34 | +bool rule::_any_aut = false; 35 | + 36 | rule::rule() 37 | { 38 | } 39 | @@ -49,6 +51,7 @@ ptr rule::create(const ptr& pr, const address& addr, bool aut) 40 | ru->_pr = pr; 41 | ru->_addr = addr; 42 | ru->_aut = aut; 43 | + _any_aut = _any_aut || aut; 44 | 45 | logger::debug() 46 | << "rule::create() if=" << pr->ifa()->name().c_str() << ", addr=" << addr 47 | @@ -57,6 +60,11 @@ ptr rule::create(const ptr& pr, const address& addr, bool aut) 48 | return ru; 49 | } 50 | 51 | +bool rule::any_auto() 52 | +{ 53 | + return _any_aut; 54 | +} 55 | + 56 | const address& rule::addr() const 57 | { 58 | return _addr; 59 | diff --git a/src/rule.h b/src/rule.h 60 | index 6663066..ca2aa36 100644 61 | --- a/src/rule.h 62 | +++ b/src/rule.h 63 | @@ -42,6 +42,8 @@ public: 64 | 65 | bool check(const address& addr) const; 66 | 67 | + static bool any_auto(); 68 | + 69 | private: 70 | weak_ptr _ptr; 71 | 72 | @@ -53,6 +55,8 @@ private: 73 | 74 | bool _aut; 75 | 76 | + static bool _any_aut; 77 | + 78 | rule(); 79 | }; 80 | 81 | -- 82 | 2.34.1 83 | 84 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | ## Change Summary 5 | 6 | 7 | ## Types of changes 8 | 13 | - [ ] Bug fix (non-breaking change which fixes an issue) 14 | - [ ] New feature (non-breaking change which adds functionality) 15 | - [ ] Code style update (formatting, renaming) 16 | - [ ] Refactoring (no functional changes) 17 | - [ ] Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component 18 | - [ ] Other (please describe): 19 | 20 | ## Related Task(s) 21 | 22 | 23 | 24 | ## Component(s) name 25 | 26 | 27 | ## Proposed changes 28 | 29 | 30 | ## How to test 31 | 39 | 40 | ## Checklist: 41 | 42 | 43 | 44 | - [ ] I have read the [**CONTRIBUTING**](https://github.com/vyos/vyos-build/blob/current/CONTRIBUTING.md) document 45 | - [ ] I have linked this PR to one or more Phabricator Task(s) 46 | - [ ] My commit headlines contain a valid Task id 47 | - [ ] My change requires a change to the documentation 48 | - [ ] I have updated the documentation accordingly 49 | -------------------------------------------------------------------------------- /scripts/package-build/dropbear/patches/0001-Enable-PAM-support.patch: -------------------------------------------------------------------------------- 1 | From 861bfb53de5909e25a952a83654c63de61af02b5 Mon Sep 17 00:00:00 2001 2 | From: Christian Breunig 3 | Date: Sun, 28 May 2023 15:45:32 +0200 4 | Subject: [PATCH] Enable PAM support 5 | 6 | --- 7 | debian/control | 1 + 8 | debian/rules | 2 +- 9 | default_options.h | 4 ++-- 10 | 3 files changed, 4 insertions(+), 3 deletions(-) 11 | 12 | diff --git a/debian/control b/debian/control 13 | index 77ea036..b252b97 100644 14 | --- a/debian/control 15 | +++ b/debian/control 16 | @@ -6,6 +6,7 @@ Build-Depends: debhelper, 17 | debhelper-compat (= 13), 18 | libtomcrypt-dev (>= 1.18.2~), 19 | libtommath-dev (>= 1.2.0~), 20 | + libpam0g-dev, 21 | libz-dev 22 | Rules-Requires-Root: no 23 | Standards-Version: 4.6.1 24 | diff --git a/debian/rules b/debian/rules 25 | index 7dab64c..ce11aa4 100755 26 | --- a/debian/rules 27 | +++ b/debian/rules 28 | @@ -24,7 +24,7 @@ endif 29 | dh $@ 30 | 31 | override_dh_auto_configure: 32 | - dh_auto_configure -- --disable-bundled-libtom \ 33 | + dh_auto_configure -- --disable-bundled-libtom --enable-pam \ 34 | CC='$(CC)' CFLAGS='$(CFLAGS)' $(CONFFLAGS) 35 | 36 | execute_before_dh_auto_build: 37 | diff --git a/default_options.h b/default_options.h 38 | index 5132775..e7d274c 100644 39 | --- a/default_options.h 40 | +++ b/default_options.h 41 | @@ -223,7 +223,7 @@ group1 in Dropbear server too */ 42 | 43 | /* Authentication Types - at least one required. 44 | RFC Draft requires pubkey auth, and recommends password */ 45 | -#define DROPBEAR_SVR_PASSWORD_AUTH 1 46 | +#define DROPBEAR_SVR_PASSWORD_AUTH 0 47 | 48 | /* Note: PAM auth is quite simple and only works for PAM modules which just do 49 | * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c). 50 | @@ -231,7 +231,7 @@ group1 in Dropbear server too */ 51 | * but there's an interface via a PAM module. It won't work for more complex 52 | * PAM challenge/response. 53 | * You can't enable both PASSWORD and PAM. */ 54 | -#define DROPBEAR_SVR_PAM_AUTH 0 55 | +#define DROPBEAR_SVR_PAM_AUTH 1 56 | 57 | /* ~/.ssh/authorized_keys authentication. 58 | * You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins. */ 59 | -- 60 | 2.30.2 61 | 62 | -------------------------------------------------------------------------------- /data/build-flavors/dell-vep1400.toml: -------------------------------------------------------------------------------- 1 | # ISO image for Dell VEP4600 devices 2 | 3 | image_format = "iso" 4 | 5 | # Replace built-in NIC naming rules with empty files 6 | # to prevent them from taking any effect 7 | 8 | [[includes_chroot]] 9 | path = "lib/systemd/network/99-default.link" 10 | data = '' 11 | 12 | [[includes_chroot]] 13 | path = "lib/udev/rules.d/65-vyatta-net.rules" 14 | data = '' 15 | 16 | [[includes_chroot]] 17 | path = "lib/udev/rules.d/75-persistent-net-generator.rules" 18 | data = '' 19 | 20 | # Install platform-specific link files 21 | 22 | [[includes_chroot]] 23 | path = "etc/systemd/network/10-eth0-000.link" 24 | data = ''' 25 | [Match] 26 | Path=pci-0000:05:00.1 27 | Driver=ixgbe 28 | 29 | [Link] 30 | Name=eth0 31 | Alias=SFP+1 32 | ''' 33 | 34 | [[includes_chroot]] 35 | path = "etc/systemd/network/10-eth1-000.link" 36 | data = ''' 37 | [Match] 38 | Path=pci-0000:05:00.0 39 | Driver=ixgbe 40 | 41 | [Link] 42 | Name=eth1 43 | Alias=SFP+2 44 | ''' 45 | 46 | [[includes_chroot]] 47 | path = "etc/systemd/network/10-eth2-000.link" 48 | data = ''' 49 | [Match] 50 | Path=pci-0000:02:00.2 51 | Driver=igb 52 | 53 | [Link] 54 | Name=eth2 55 | Alias=GE1 56 | ''' 57 | 58 | [[includes_chroot]] 59 | path = "etc/systemd/network/10-eth3-000.link" 60 | data = ''' 61 | [Match] 62 | Path=pci-0000:02:00.3 63 | Driver=igb 64 | 65 | [Link] 66 | Name=eth3 67 | Alias=GE2 68 | ''' 69 | 70 | [[includes_chroot]] 71 | path = "etc/systemd/network/10-eth4-000.link" 72 | data = ''' 73 | [Match] 74 | Path=pci-0000:02:00.0 75 | Driver=igb 76 | 77 | [Link] 78 | Name=eth4 79 | Alias=GE3 80 | ''' 81 | 82 | [[includes_chroot]] 83 | path = "etc/systemd/network/10-eth5-000.link" 84 | data = ''' 85 | [Match] 86 | Path=pci-0000:02:00.1 87 | Driver=igb 88 | 89 | [Link] 90 | Name=eth5 91 | Alias=GE4 92 | ''' 93 | 94 | [[includes_chroot]] 95 | path = "etc/systemd/network/10-eth6-000.link" 96 | data = ''' 97 | [Match] 98 | Path=pci-0000:07:00.1 99 | Driver=ixgbe 100 | 101 | [Link] 102 | Name=eth6 103 | Alias=GE5 104 | ''' 105 | 106 | [[includes_chroot]] 107 | path = "etc/systemd/network/10-eth7-000.link" 108 | data = ''' 109 | [Match] 110 | Path=pci-0000:07:00.0 111 | Driver=ixgbe 112 | 113 | [Link] 114 | Name=eth7 115 | Alias=GE6 116 | ''' 117 | -------------------------------------------------------------------------------- /scripts/image-build/defaults.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2024 VyOS maintainers and contributors 2 | # 3 | # This program is free software; you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License version 2 or later as 5 | # published by the Free Software Foundation. 6 | # 7 | # This program is distributed in the hope that it will be useful, 8 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | # GNU General Public License for more details. 11 | # 12 | # You should have received a copy of the GNU General Public License 13 | # along with this program. If not, see . 14 | # 15 | # File: defaults.py 16 | # Purpose: Various default values for use in build scripts. 17 | 18 | 19 | import os 20 | import getpass 21 | import platform 22 | 23 | def get_default_build_by(): 24 | return "{user}@{host}".format(user= getpass.getuser(), host=platform.node()) 25 | 26 | # Default boot settings 27 | boot_settings: dict[str, str] = { 28 | 'timeout': '5', 29 | 'console_type': 'tty', 30 | 'console_num': '0', 31 | 'console_speed': '115200', 32 | 'bootmode': 'normal' 33 | } 34 | 35 | # Hardcoded default values 36 | HARDCODED_BUILD = { 37 | 'custom_apt_entry': [], 38 | 'custom_apt_keys': [], 39 | 'custom_package': [], 40 | 'reuse_iso': None, 41 | 'disk_size': 10, 42 | 'build_by': get_default_build_by(), 43 | 'build_comment': '', 44 | } 45 | 46 | # Relative to the repository directory 47 | 48 | BUILD_DIR = 'build' 49 | BUILD_CONFIG = os.path.join(BUILD_DIR, 'build-config.toml') 50 | 51 | DEFAULTS_FILE = 'data/defaults.toml' 52 | 53 | BUILD_TYPES_DIR = 'data/build-types' 54 | BUILD_ARCHES_DIR = 'data/architectures' 55 | BUILD_FLAVORS_DIR = 'data/build-flavors' 56 | 57 | # Relative to the build directory 58 | 59 | PBUILDER_CONFIG = 'pbuilderrc' 60 | PBUILDER_DIR = 'pbuilder' 61 | 62 | LB_CONFIG_DIR = 'config' 63 | 64 | CHROOT_INCLUDES_DIR = 'config/includes.chroot' 65 | BINARY_INCLUDES_DIR = 'config/includes.binary' 66 | ARCHIVES_DIR = 'config/archives/' 67 | 68 | VYOS_REPO_FILE = 'config/archives/vyos.list.chroot' 69 | VYOS_PIN_FILE = 'config/archives/release.pref.chroot' 70 | CUSTOM_REPO_FILE = 'config/archives/custom.list.chroot' 71 | PACKAGE_LIST_FILE = 'config/package-lists/custom.list.chroot' 72 | 73 | LOCAL_PACKAGES_PATH = 'config/packages.chroot/' 74 | -------------------------------------------------------------------------------- /packages/vyos-build-container/Jenkinsfile: -------------------------------------------------------------------------------- 1 | // Copyright (C) 2020-2024 VyOS maintainers and contributors 2 | // 3 | // This program is free software; you can redistribute it and/or modify 4 | // in order to easy exprort images built to 'external' world 5 | // it under the terms of the GNU General Public License version 2 or later as 6 | // published by the Free Software Foundation. 7 | // 8 | // This program is distributed in the hope that it will be useful, 9 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | // GNU General Public License for more details. 12 | // 13 | // You should have received a copy of the GNU General Public License 14 | // along with this program. If not, see . 15 | @NonCPS 16 | 17 | // Using a version specifier library, use 'current' branch. The underscore (_) 18 | // is not a typo! You need this underscore if the line immediately after the 19 | // @Library annotation is not an import statement! 20 | @Library('vyos-build@current')_ 21 | 22 | pipeline { 23 | agent none 24 | options { 25 | disableConcurrentBuilds() 26 | timeout(time: 240, unit: 'MINUTES') 27 | timestamps() 28 | buildDiscarder(logRotator(numToKeepStr: '10')) 29 | } 30 | stages { 31 | stage('Build') { 32 | agent { 33 | label "ec2_amd64" 34 | } 35 | when { 36 | anyOf { 37 | changeset pattern: "**/docker/*", caseSensitive: true 38 | triggeredBy cause: "UserIdCause" 39 | } 40 | } 41 | steps { 42 | script { 43 | // Checkout git repository which hold 'Jenkinsfile' 44 | checkout scm 45 | 46 | // Display Git commit Id used with the Jenkinsfile on the Job 'Build History' pane 47 | def commitId = sh(returnStdout: true, script: 'git rev-parse --short=11 HEAD').trim() 48 | currentBuild.description = 'Git SHA1: ' + commitId 49 | 50 | // Fetch sources and build docker image 51 | dir(getJenkinsfilePath() + 'vyos-build') { 52 | checkout([$class: 'GitSCM', 53 | doGenerateSubmoduleConfigurations: false, 54 | extensions: [[$class: 'CleanCheckout']], 55 | branches: [[name: env.BRANCH_NAME]], 56 | userRemoteConfigs: [[url: 'https://github.com/dd010101/vyos-build.git']]]) 57 | 58 | sh 'cd ..; ./build.sh' 59 | } 60 | } 61 | } 62 | post { 63 | cleanup { 64 | deleteDir() 65 | } 66 | } 67 | } 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/92-strip-symbols.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # 4 | # Discard symbols and other data from object files. 5 | # 6 | # Reference: 7 | # https://www.linuxfromscratch.org/lfs/view/systemd/chapter08/stripping.html 8 | # https://www.debian.org/doc/debian-policy/ch-files.html 9 | # 10 | 11 | # Set variables. 12 | STRIPCMD_REGULAR="strip --remove-section=.comment --remove-section=.note --preserve-dates" 13 | STRIPCMD_DEBUG="strip --strip-debug --remove-section=.comment --remove-section=.note --preserve-dates" 14 | STRIPCMD_UNNEEDED="strip --strip-unneeded --remove-section=.comment --remove-section=.note --preserve-dates" 15 | STRIPDIR_REGULAR=" 16 | " 17 | STRIPDIR_DEBUG=" 18 | " 19 | STRIPDIR_UNNEEDED=" 20 | /etc/hsflowd/modules 21 | /usr/bin 22 | /usr/lib/openvpn 23 | /usr/lib/x86_64-linux-gnu 24 | /usr/lib32 25 | /usr/lib64 26 | /usr/libx32 27 | /usr/sbin 28 | " 29 | STRIP_EXCLUDE=`dpkg-query -L libbinutils | grep '.so'` 30 | 31 | # Perform stuff. 32 | echo "Stripping symbols..." 33 | 34 | # List excluded files. 35 | echo "Exclude files: ${STRIP_EXCLUDE}" 36 | 37 | # CMD: strip 38 | for DIR in ${STRIPDIR_REGULAR}; do 39 | echo "Parse dir (strip): ${DIR}" 40 | find ${DIR} -type f -exec file {} \; | grep 'not stripped' | cut -d ":" -f 1 | while read FILE; do 41 | echo "${STRIP_EXCLUDE}" | grep -F -q -w "${FILE}" 42 | if [ $? -ne 0 ]; then 43 | echo "Strip file (strip): ${FILE}" 44 | ${STRIPCMD_REGULAR} ${FILE} 45 | fi 46 | done 47 | done 48 | 49 | # CMD: strip --strip-debug 50 | for DIR in ${STRIPDIR_DEBUG}; do 51 | echo "Parse dir (strip-debug): ${DIR}" 52 | find ${DIR} -type f -exec file {} \; | grep 'not stripped' | cut -d ":" -f 1 | while read FILE; do 53 | echo "${STRIP_EXCLUDE}" | grep -F -q -w "${FILE}" 54 | if [ $? -ne 0 ]; then 55 | echo "Strip file (strip-debug): ${FILE}" 56 | ${STRIPCMD_DEBUG} ${FILE} 57 | fi 58 | done 59 | done 60 | 61 | # CMD: strip --strip-unneeded 62 | for DIR in ${STRIPDIR_UNNEEDED}; do 63 | echo "Parse dir (strip-unneeded: ${DIR}" 64 | find ${DIR} -type f -exec file {} \; | grep 'not stripped' | cut -d ":" -f 1 | while read FILE; do 65 | echo "${STRIP_EXCLUDE}" | grep -F -q -w "${FILE}" 66 | if [ $? -ne 0 ]; then 67 | echo "Strip file (strip-unneeded): ${FILE}" 68 | ${STRIPCMD_UNNEEDED} ${FILE} 69 | fi 70 | done 71 | done 72 | 73 | # Remove binutils package. 74 | apt-get -y purge --autoremove binutils 75 | 76 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/c3xxx_dev0.conf: -------------------------------------------------------------------------------- 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES 2 | # VyOS config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 16384 11 | # Automatically resets the device in case of fatal error or heartbeat failure 12 | AutoResetOnError = 1 13 | # Interrupts Coalescing 14 | InterruptCoalescingEnabled = 1 15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 16 | InterruptCoalescingTimerNs = 500000 17 | 18 | 19 | [KERNEL] 20 | # Create two cryptographic instances 21 | NumberCyInstances = 16 22 | NumberDcInstances = 0 23 | # Instance 0 24 | Cy0Name = "IPSec0" 25 | Cy0IsPolled = 0 26 | Cy0CoreAffinity = 0 27 | # Instance 1 28 | Cy1Name = "IPSec1" 29 | Cy1IsPolled = 0 30 | Cy1CoreAffinity = 1 31 | # Instance 2 32 | Cy2Name = "IPSec2" 33 | Cy2IsPolled = 0 34 | Cy2CoreAffinity = 2 35 | # Instance 3 36 | Cy3Name = "IPSec3" 37 | Cy3IsPolled = 0 38 | Cy3CoreAffinity = 3 39 | # Instance 4 40 | Cy4Name = "IPSec4" 41 | Cy4IsPolled = 0 42 | Cy4CoreAffinity = 4 43 | # Instance 5 44 | Cy5Name = "IPSec5" 45 | Cy5IsPolled = 0 46 | Cy5CoreAffinity = 5 47 | # Instance 6 48 | Cy6Name = "IPSec6" 49 | Cy6IsPolled = 0 50 | Cy6CoreAffinity = 6 51 | # Instance 7 52 | Cy7Name = "IPSec7" 53 | Cy7IsPolled = 0 54 | Cy7CoreAffinity = 7 55 | # Instance 8 56 | Cy8Name = "IPSec8" 57 | Cy8IsPolled = 0 58 | Cy8CoreAffinity = 8 59 | # Instance 9 60 | Cy9Name = "IPSec9" 61 | Cy9IsPolled = 0 62 | Cy9CoreAffinity = 9 63 | # Instance 10 64 | Cy10Name = "IPSec10" 65 | Cy10IsPolled = 0 66 | Cy10CoreAffinity = 10 67 | # Instance 11 68 | Cy11Name = "IPSec11" 69 | Cy11IsPolled = 0 70 | Cy11CoreAffinity = 11 71 | # Instance 12 72 | Cy12Name = "IPSec12" 73 | Cy12IsPolled = 0 74 | Cy12CoreAffinity = 12 75 | # Instance 13 76 | Cy13Name = "IPSec13" 77 | Cy13IsPolled = 0 78 | Cy13CoreAffinity = 13 79 | # Instance 14 80 | Cy14Name = "IPSec14" 81 | Cy14IsPolled = 0 82 | Cy14CoreAffinity = 14 83 | # Instance 15 84 | Cy15Name = "IPSec15" 85 | Cy15IsPolled = 0 86 | Cy15CoreAffinity = 15 87 | 88 | 89 | # Disable QAT API 90 | [KERNEL_QAT] 91 | NumberCyInstances = 0 92 | NumberDcInstances = 0 93 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/c3xxx_dev1.conf: -------------------------------------------------------------------------------- 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES 2 | # VyOS config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 16384 11 | # Automatically resets the device in case of fatal error or heartbeat failure 12 | AutoResetOnError = 1 13 | # Interrupts Coalescing 14 | InterruptCoalescingEnabled = 1 15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 16 | InterruptCoalescingTimerNs = 500000 17 | 18 | 19 | [KERNEL] 20 | # Create two cryptographic instances 21 | NumberCyInstances = 16 22 | NumberDcInstances = 0 23 | # Instance 0 24 | Cy0Name = "IPSec0" 25 | Cy0IsPolled = 0 26 | Cy0CoreAffinity = 0 27 | # Instance 1 28 | Cy1Name = "IPSec1" 29 | Cy1IsPolled = 0 30 | Cy1CoreAffinity = 1 31 | # Instance 2 32 | Cy2Name = "IPSec2" 33 | Cy2IsPolled = 0 34 | Cy2CoreAffinity = 2 35 | # Instance 3 36 | Cy3Name = "IPSec3" 37 | Cy3IsPolled = 0 38 | Cy3CoreAffinity = 3 39 | # Instance 4 40 | Cy4Name = "IPSec4" 41 | Cy4IsPolled = 0 42 | Cy4CoreAffinity = 4 43 | # Instance 5 44 | Cy5Name = "IPSec5" 45 | Cy5IsPolled = 0 46 | Cy5CoreAffinity = 5 47 | # Instance 6 48 | Cy6Name = "IPSec6" 49 | Cy6IsPolled = 0 50 | Cy6CoreAffinity = 6 51 | # Instance 7 52 | Cy7Name = "IPSec7" 53 | Cy7IsPolled = 0 54 | Cy7CoreAffinity = 7 55 | # Instance 8 56 | Cy8Name = "IPSec8" 57 | Cy8IsPolled = 0 58 | Cy8CoreAffinity = 8 59 | # Instance 9 60 | Cy9Name = "IPSec9" 61 | Cy9IsPolled = 0 62 | Cy9CoreAffinity = 9 63 | # Instance 10 64 | Cy10Name = "IPSec10" 65 | Cy10IsPolled = 0 66 | Cy10CoreAffinity = 10 67 | # Instance 11 68 | Cy11Name = "IPSec11" 69 | Cy11IsPolled = 0 70 | Cy11CoreAffinity = 11 71 | # Instance 12 72 | Cy12Name = "IPSec12" 73 | Cy12IsPolled = 0 74 | Cy12CoreAffinity = 12 75 | # Instance 13 76 | Cy13Name = "IPSec13" 77 | Cy13IsPolled = 0 78 | Cy13CoreAffinity = 13 79 | # Instance 14 80 | Cy14Name = "IPSec14" 81 | Cy14IsPolled = 0 82 | Cy14CoreAffinity = 14 83 | # Instance 15 84 | Cy15Name = "IPSec15" 85 | Cy15IsPolled = 0 86 | Cy15CoreAffinity = 15 87 | 88 | 89 | # Disable QAT API 90 | [KERNEL_QAT] 91 | NumberCyInstances = 0 92 | NumberDcInstances = 0 93 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/c3xxx_dev2.conf: -------------------------------------------------------------------------------- 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES 2 | # VyOS config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 16384 11 | # Automatically resets the device in case of fatal error or heartbeat failure 12 | AutoResetOnError = 1 13 | # Interrupts Coalescing 14 | InterruptCoalescingEnabled = 1 15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 16 | InterruptCoalescingTimerNs = 500000 17 | 18 | 19 | [KERNEL] 20 | # Create two cryptographic instances 21 | NumberCyInstances = 16 22 | NumberDcInstances = 0 23 | # Instance 0 24 | Cy0Name = "IPSec0" 25 | Cy0IsPolled = 0 26 | Cy0CoreAffinity = 0 27 | # Instance 1 28 | Cy1Name = "IPSec1" 29 | Cy1IsPolled = 0 30 | Cy1CoreAffinity = 1 31 | # Instance 2 32 | Cy2Name = "IPSec2" 33 | Cy2IsPolled = 0 34 | Cy2CoreAffinity = 2 35 | # Instance 3 36 | Cy3Name = "IPSec3" 37 | Cy3IsPolled = 0 38 | Cy3CoreAffinity = 3 39 | # Instance 4 40 | Cy4Name = "IPSec4" 41 | Cy4IsPolled = 0 42 | Cy4CoreAffinity = 4 43 | # Instance 5 44 | Cy5Name = "IPSec5" 45 | Cy5IsPolled = 0 46 | Cy5CoreAffinity = 5 47 | # Instance 6 48 | Cy6Name = "IPSec6" 49 | Cy6IsPolled = 0 50 | Cy6CoreAffinity = 6 51 | # Instance 7 52 | Cy7Name = "IPSec7" 53 | Cy7IsPolled = 0 54 | Cy7CoreAffinity = 7 55 | # Instance 8 56 | Cy8Name = "IPSec8" 57 | Cy8IsPolled = 0 58 | Cy8CoreAffinity = 8 59 | # Instance 9 60 | Cy9Name = "IPSec9" 61 | Cy9IsPolled = 0 62 | Cy9CoreAffinity = 9 63 | # Instance 10 64 | Cy10Name = "IPSec10" 65 | Cy10IsPolled = 0 66 | Cy10CoreAffinity = 10 67 | # Instance 11 68 | Cy11Name = "IPSec11" 69 | Cy11IsPolled = 0 70 | Cy11CoreAffinity = 11 71 | # Instance 12 72 | Cy12Name = "IPSec12" 73 | Cy12IsPolled = 0 74 | Cy12CoreAffinity = 12 75 | # Instance 13 76 | Cy13Name = "IPSec13" 77 | Cy13IsPolled = 0 78 | Cy13CoreAffinity = 13 79 | # Instance 14 80 | Cy14Name = "IPSec14" 81 | Cy14IsPolled = 0 82 | Cy14CoreAffinity = 14 83 | # Instance 15 84 | Cy15Name = "IPSec15" 85 | Cy15IsPolled = 0 86 | Cy15CoreAffinity = 15 87 | 88 | 89 | # Disable QAT API 90 | [KERNEL_QAT] 91 | NumberCyInstances = 0 92 | NumberDcInstances = 0 93 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/c6xx_dev0.conf: -------------------------------------------------------------------------------- 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES 2 | # VyOS config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 16384 11 | # Automatically resets the device in case of fatal error or heartbeat failure 12 | AutoResetOnError = 1 13 | # Interrupts Coalescing 14 | InterruptCoalescingEnabled = 1 15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 16 | InterruptCoalescingTimerNs = 500000 17 | 18 | 19 | [KERNEL] 20 | # Create two cryptographic instances 21 | NumberCyInstances = 16 22 | NumberDcInstances = 0 23 | # Instance 0 24 | Cy0Name = "IPSec0" 25 | Cy0IsPolled = 0 26 | Cy0CoreAffinity = 0 27 | # Instance 1 28 | Cy1Name = "IPSec1" 29 | Cy1IsPolled = 0 30 | Cy1CoreAffinity = 1 31 | # Instance 2 32 | Cy2Name = "IPSec2" 33 | Cy2IsPolled = 0 34 | Cy2CoreAffinity = 2 35 | # Instance 3 36 | Cy3Name = "IPSec3" 37 | Cy3IsPolled = 0 38 | Cy3CoreAffinity = 3 39 | # Instance 4 40 | Cy4Name = "IPSec4" 41 | Cy4IsPolled = 0 42 | Cy4CoreAffinity = 4 43 | # Instance 5 44 | Cy5Name = "IPSec5" 45 | Cy5IsPolled = 0 46 | Cy5CoreAffinity = 5 47 | # Instance 6 48 | Cy6Name = "IPSec6" 49 | Cy6IsPolled = 0 50 | Cy6CoreAffinity = 6 51 | # Instance 7 52 | Cy7Name = "IPSec7" 53 | Cy7IsPolled = 0 54 | Cy7CoreAffinity = 7 55 | # Instance 8 56 | Cy8Name = "IPSec8" 57 | Cy8IsPolled = 0 58 | Cy8CoreAffinity = 8 59 | # Instance 9 60 | Cy9Name = "IPSec9" 61 | Cy9IsPolled = 0 62 | Cy9CoreAffinity = 9 63 | # Instance 10 64 | Cy10Name = "IPSec10" 65 | Cy10IsPolled = 0 66 | Cy10CoreAffinity = 10 67 | # Instance 11 68 | Cy11Name = "IPSec11" 69 | Cy11IsPolled = 0 70 | Cy11CoreAffinity = 11 71 | # Instance 12 72 | Cy12Name = "IPSec12" 73 | Cy12IsPolled = 0 74 | Cy12CoreAffinity = 12 75 | # Instance 13 76 | Cy13Name = "IPSec13" 77 | Cy13IsPolled = 0 78 | Cy13CoreAffinity = 13 79 | # Instance 14 80 | Cy14Name = "IPSec14" 81 | Cy14IsPolled = 0 82 | Cy14CoreAffinity = 14 83 | # Instance 15 84 | Cy15Name = "IPSec15" 85 | Cy15IsPolled = 0 86 | Cy15CoreAffinity = 15 87 | 88 | 89 | # Disable QAT API 90 | [KERNEL_QAT] 91 | NumberCyInstances = 0 92 | NumberDcInstances = 0 93 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/c6xx_dev1.conf: -------------------------------------------------------------------------------- 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES 2 | # VyOS config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 16384 11 | # Automatically resets the device in case of fatal error or heartbeat failure 12 | AutoResetOnError = 1 13 | # Interrupts Coalescing 14 | InterruptCoalescingEnabled = 1 15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 16 | InterruptCoalescingTimerNs = 500000 17 | 18 | 19 | [KERNEL] 20 | # Create two cryptographic instances 21 | NumberCyInstances = 16 22 | NumberDcInstances = 0 23 | # Instance 0 24 | Cy0Name = "IPSec0" 25 | Cy0IsPolled = 0 26 | Cy0CoreAffinity = 0 27 | # Instance 1 28 | Cy1Name = "IPSec1" 29 | Cy1IsPolled = 0 30 | Cy1CoreAffinity = 1 31 | # Instance 2 32 | Cy2Name = "IPSec2" 33 | Cy2IsPolled = 0 34 | Cy2CoreAffinity = 2 35 | # Instance 3 36 | Cy3Name = "IPSec3" 37 | Cy3IsPolled = 0 38 | Cy3CoreAffinity = 3 39 | # Instance 4 40 | Cy4Name = "IPSec4" 41 | Cy4IsPolled = 0 42 | Cy4CoreAffinity = 4 43 | # Instance 5 44 | Cy5Name = "IPSec5" 45 | Cy5IsPolled = 0 46 | Cy5CoreAffinity = 5 47 | # Instance 6 48 | Cy6Name = "IPSec6" 49 | Cy6IsPolled = 0 50 | Cy6CoreAffinity = 6 51 | # Instance 7 52 | Cy7Name = "IPSec7" 53 | Cy7IsPolled = 0 54 | Cy7CoreAffinity = 7 55 | # Instance 8 56 | Cy8Name = "IPSec8" 57 | Cy8IsPolled = 0 58 | Cy8CoreAffinity = 8 59 | # Instance 9 60 | Cy9Name = "IPSec9" 61 | Cy9IsPolled = 0 62 | Cy9CoreAffinity = 9 63 | # Instance 10 64 | Cy10Name = "IPSec10" 65 | Cy10IsPolled = 0 66 | Cy10CoreAffinity = 10 67 | # Instance 11 68 | Cy11Name = "IPSec11" 69 | Cy11IsPolled = 0 70 | Cy11CoreAffinity = 11 71 | # Instance 12 72 | Cy12Name = "IPSec12" 73 | Cy12IsPolled = 0 74 | Cy12CoreAffinity = 12 75 | # Instance 13 76 | Cy13Name = "IPSec13" 77 | Cy13IsPolled = 0 78 | Cy13CoreAffinity = 13 79 | # Instance 14 80 | Cy14Name = "IPSec14" 81 | Cy14IsPolled = 0 82 | Cy14CoreAffinity = 14 83 | # Instance 15 84 | Cy15Name = "IPSec15" 85 | Cy15IsPolled = 0 86 | Cy15CoreAffinity = 15 87 | 88 | 89 | # Disable QAT API 90 | [KERNEL_QAT] 91 | NumberCyInstances = 0 92 | NumberDcInstances = 0 93 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/c6xx_dev2.conf: -------------------------------------------------------------------------------- 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES 2 | # VyOS config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 16384 11 | # Automatically resets the device in case of fatal error or heartbeat failure 12 | AutoResetOnError = 1 13 | # Interrupts Coalescing 14 | InterruptCoalescingEnabled = 1 15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 16 | InterruptCoalescingTimerNs = 500000 17 | 18 | 19 | [KERNEL] 20 | # Create two cryptographic instances 21 | NumberCyInstances = 16 22 | NumberDcInstances = 0 23 | # Instance 0 24 | Cy0Name = "IPSec0" 25 | Cy0IsPolled = 0 26 | Cy0CoreAffinity = 0 27 | # Instance 1 28 | Cy1Name = "IPSec1" 29 | Cy1IsPolled = 0 30 | Cy1CoreAffinity = 1 31 | # Instance 2 32 | Cy2Name = "IPSec2" 33 | Cy2IsPolled = 0 34 | Cy2CoreAffinity = 2 35 | # Instance 3 36 | Cy3Name = "IPSec3" 37 | Cy3IsPolled = 0 38 | Cy3CoreAffinity = 3 39 | # Instance 4 40 | Cy4Name = "IPSec4" 41 | Cy4IsPolled = 0 42 | Cy4CoreAffinity = 4 43 | # Instance 5 44 | Cy5Name = "IPSec5" 45 | Cy5IsPolled = 0 46 | Cy5CoreAffinity = 5 47 | # Instance 6 48 | Cy6Name = "IPSec6" 49 | Cy6IsPolled = 0 50 | Cy6CoreAffinity = 6 51 | # Instance 7 52 | Cy7Name = "IPSec7" 53 | Cy7IsPolled = 0 54 | Cy7CoreAffinity = 7 55 | # Instance 8 56 | Cy8Name = "IPSec8" 57 | Cy8IsPolled = 0 58 | Cy8CoreAffinity = 8 59 | # Instance 9 60 | Cy9Name = "IPSec9" 61 | Cy9IsPolled = 0 62 | Cy9CoreAffinity = 9 63 | # Instance 10 64 | Cy10Name = "IPSec10" 65 | Cy10IsPolled = 0 66 | Cy10CoreAffinity = 10 67 | # Instance 11 68 | Cy11Name = "IPSec11" 69 | Cy11IsPolled = 0 70 | Cy11CoreAffinity = 11 71 | # Instance 12 72 | Cy12Name = "IPSec12" 73 | Cy12IsPolled = 0 74 | Cy12CoreAffinity = 12 75 | # Instance 13 76 | Cy13Name = "IPSec13" 77 | Cy13IsPolled = 0 78 | Cy13CoreAffinity = 13 79 | # Instance 14 80 | Cy14Name = "IPSec14" 81 | Cy14IsPolled = 0 82 | Cy14CoreAffinity = 14 83 | # Instance 15 84 | Cy15Name = "IPSec15" 85 | Cy15IsPolled = 0 86 | Cy15CoreAffinity = 15 87 | 88 | 89 | # Disable QAT API 90 | [KERNEL_QAT] 91 | NumberCyInstances = 0 92 | NumberDcInstances = 0 93 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/d15xx_dev0.conf: -------------------------------------------------------------------------------- 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES 2 | # VyOS config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 16384 11 | # Automatically resets the device in case of fatal error or heartbeat failure 12 | AutoResetOnError = 1 13 | # Interrupts Coalescing 14 | InterruptCoalescingEnabled = 1 15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 16 | InterruptCoalescingTimerNs = 500000 17 | 18 | 19 | [KERNEL] 20 | # Create two cryptographic instances 21 | NumberCyInstances = 16 22 | NumberDcInstances = 0 23 | # Instance 0 24 | Cy0Name = "IPSec0" 25 | Cy0IsPolled = 0 26 | Cy0CoreAffinity = 0 27 | # Instance 1 28 | Cy1Name = "IPSec1" 29 | Cy1IsPolled = 0 30 | Cy1CoreAffinity = 1 31 | # Instance 2 32 | Cy2Name = "IPSec2" 33 | Cy2IsPolled = 0 34 | Cy2CoreAffinity = 2 35 | # Instance 3 36 | Cy3Name = "IPSec3" 37 | Cy3IsPolled = 0 38 | Cy3CoreAffinity = 3 39 | # Instance 4 40 | Cy4Name = "IPSec4" 41 | Cy4IsPolled = 0 42 | Cy4CoreAffinity = 4 43 | # Instance 5 44 | Cy5Name = "IPSec5" 45 | Cy5IsPolled = 0 46 | Cy5CoreAffinity = 5 47 | # Instance 6 48 | Cy6Name = "IPSec6" 49 | Cy6IsPolled = 0 50 | Cy6CoreAffinity = 6 51 | # Instance 7 52 | Cy7Name = "IPSec7" 53 | Cy7IsPolled = 0 54 | Cy7CoreAffinity = 7 55 | # Instance 8 56 | Cy8Name = "IPSec8" 57 | Cy8IsPolled = 0 58 | Cy8CoreAffinity = 8 59 | # Instance 9 60 | Cy9Name = "IPSec9" 61 | Cy9IsPolled = 0 62 | Cy9CoreAffinity = 9 63 | # Instance 10 64 | Cy10Name = "IPSec10" 65 | Cy10IsPolled = 0 66 | Cy10CoreAffinity = 10 67 | # Instance 11 68 | Cy11Name = "IPSec11" 69 | Cy11IsPolled = 0 70 | Cy11CoreAffinity = 11 71 | # Instance 12 72 | Cy12Name = "IPSec12" 73 | Cy12IsPolled = 0 74 | Cy12CoreAffinity = 12 75 | # Instance 13 76 | Cy13Name = "IPSec13" 77 | Cy13IsPolled = 0 78 | Cy13CoreAffinity = 13 79 | # Instance 14 80 | Cy14Name = "IPSec14" 81 | Cy14IsPolled = 0 82 | Cy14CoreAffinity = 14 83 | # Instance 15 84 | Cy15Name = "IPSec15" 85 | Cy15IsPolled = 0 86 | Cy15CoreAffinity = 15 87 | 88 | 89 | # Disable QAT API 90 | [KERNEL_QAT] 91 | NumberCyInstances = 0 92 | NumberDcInstances = 0 93 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/d15xx_dev1.conf: -------------------------------------------------------------------------------- 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES 2 | # VyOS config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 16384 11 | # Automatically resets the device in case of fatal error or heartbeat failure 12 | AutoResetOnError = 1 13 | # Interrupts Coalescing 14 | InterruptCoalescingEnabled = 1 15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 16 | InterruptCoalescingTimerNs = 500000 17 | 18 | 19 | [KERNEL] 20 | # Create two cryptographic instances 21 | NumberCyInstances = 16 22 | NumberDcInstances = 0 23 | # Instance 0 24 | Cy0Name = "IPSec0" 25 | Cy0IsPolled = 0 26 | Cy0CoreAffinity = 0 27 | # Instance 1 28 | Cy1Name = "IPSec1" 29 | Cy1IsPolled = 0 30 | Cy1CoreAffinity = 1 31 | # Instance 2 32 | Cy2Name = "IPSec2" 33 | Cy2IsPolled = 0 34 | Cy2CoreAffinity = 2 35 | # Instance 3 36 | Cy3Name = "IPSec3" 37 | Cy3IsPolled = 0 38 | Cy3CoreAffinity = 3 39 | # Instance 4 40 | Cy4Name = "IPSec4" 41 | Cy4IsPolled = 0 42 | Cy4CoreAffinity = 4 43 | # Instance 5 44 | Cy5Name = "IPSec5" 45 | Cy5IsPolled = 0 46 | Cy5CoreAffinity = 5 47 | # Instance 6 48 | Cy6Name = "IPSec6" 49 | Cy6IsPolled = 0 50 | Cy6CoreAffinity = 6 51 | # Instance 7 52 | Cy7Name = "IPSec7" 53 | Cy7IsPolled = 0 54 | Cy7CoreAffinity = 7 55 | # Instance 8 56 | Cy8Name = "IPSec8" 57 | Cy8IsPolled = 0 58 | Cy8CoreAffinity = 8 59 | # Instance 9 60 | Cy9Name = "IPSec9" 61 | Cy9IsPolled = 0 62 | Cy9CoreAffinity = 9 63 | # Instance 10 64 | Cy10Name = "IPSec10" 65 | Cy10IsPolled = 0 66 | Cy10CoreAffinity = 10 67 | # Instance 11 68 | Cy11Name = "IPSec11" 69 | Cy11IsPolled = 0 70 | Cy11CoreAffinity = 11 71 | # Instance 12 72 | Cy12Name = "IPSec12" 73 | Cy12IsPolled = 0 74 | Cy12CoreAffinity = 12 75 | # Instance 13 76 | Cy13Name = "IPSec13" 77 | Cy13IsPolled = 0 78 | Cy13CoreAffinity = 13 79 | # Instance 14 80 | Cy14Name = "IPSec14" 81 | Cy14IsPolled = 0 82 | Cy14CoreAffinity = 14 83 | # Instance 15 84 | Cy15Name = "IPSec15" 85 | Cy15IsPolled = 0 86 | Cy15CoreAffinity = 15 87 | 88 | 89 | # Disable QAT API 90 | [KERNEL_QAT] 91 | NumberCyInstances = 0 92 | NumberDcInstances = 0 93 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/d15xx_dev2.conf: -------------------------------------------------------------------------------- 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES 2 | # VyOS config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 16384 11 | # Automatically resets the device in case of fatal error or heartbeat failure 12 | AutoResetOnError = 1 13 | # Interrupts Coalescing 14 | InterruptCoalescingEnabled = 1 15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 16 | InterruptCoalescingTimerNs = 500000 17 | 18 | 19 | [KERNEL] 20 | # Create two cryptographic instances 21 | NumberCyInstances = 16 22 | NumberDcInstances = 0 23 | # Instance 0 24 | Cy0Name = "IPSec0" 25 | Cy0IsPolled = 0 26 | Cy0CoreAffinity = 0 27 | # Instance 1 28 | Cy1Name = "IPSec1" 29 | Cy1IsPolled = 0 30 | Cy1CoreAffinity = 1 31 | # Instance 2 32 | Cy2Name = "IPSec2" 33 | Cy2IsPolled = 0 34 | Cy2CoreAffinity = 2 35 | # Instance 3 36 | Cy3Name = "IPSec3" 37 | Cy3IsPolled = 0 38 | Cy3CoreAffinity = 3 39 | # Instance 4 40 | Cy4Name = "IPSec4" 41 | Cy4IsPolled = 0 42 | Cy4CoreAffinity = 4 43 | # Instance 5 44 | Cy5Name = "IPSec5" 45 | Cy5IsPolled = 0 46 | Cy5CoreAffinity = 5 47 | # Instance 6 48 | Cy6Name = "IPSec6" 49 | Cy6IsPolled = 0 50 | Cy6CoreAffinity = 6 51 | # Instance 7 52 | Cy7Name = "IPSec7" 53 | Cy7IsPolled = 0 54 | Cy7CoreAffinity = 7 55 | # Instance 8 56 | Cy8Name = "IPSec8" 57 | Cy8IsPolled = 0 58 | Cy8CoreAffinity = 8 59 | # Instance 9 60 | Cy9Name = "IPSec9" 61 | Cy9IsPolled = 0 62 | Cy9CoreAffinity = 9 63 | # Instance 10 64 | Cy10Name = "IPSec10" 65 | Cy10IsPolled = 0 66 | Cy10CoreAffinity = 10 67 | # Instance 11 68 | Cy11Name = "IPSec11" 69 | Cy11IsPolled = 0 70 | Cy11CoreAffinity = 11 71 | # Instance 12 72 | Cy12Name = "IPSec12" 73 | Cy12IsPolled = 0 74 | Cy12CoreAffinity = 12 75 | # Instance 13 76 | Cy13Name = "IPSec13" 77 | Cy13IsPolled = 0 78 | Cy13CoreAffinity = 13 79 | # Instance 14 80 | Cy14Name = "IPSec14" 81 | Cy14IsPolled = 0 82 | Cy14CoreAffinity = 14 83 | # Instance 15 84 | Cy15Name = "IPSec15" 85 | Cy15IsPolled = 0 86 | Cy15CoreAffinity = 15 87 | 88 | 89 | # Disable QAT API 90 | [KERNEL_QAT] 91 | NumberCyInstances = 0 92 | NumberDcInstances = 0 93 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | SHELL := /bin/bash 2 | 3 | build_dir := build 4 | 5 | .PHONY: all 6 | all: 7 | @echo "Make what specifically?" 8 | @echo "The most common target is 'generic'" 9 | 10 | %: 11 | ./build-vyos-image $* 12 | 13 | .PHONY: checkiso 14 | .ONESHELL: 15 | checkiso: 16 | if [ ! -f build/live-image-amd64.hybrid.iso ]; then 17 | echo "Could not find build/live-image-amd64.hybrid.iso" 18 | exit 1 19 | fi 20 | 21 | .PHONY: test 22 | .ONESHELL: 23 | test: checkiso 24 | scripts/check-qemu-install --debug --configd --match="$(MATCH)" --smoketest --uefi build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS)) 25 | 26 | .PHONY: test-no-interfaces 27 | .ONESHELL: 28 | test-no-interfaces: checkiso 29 | scripts/check-qemu-install --debug --configd --smoketest --uefi --no-interfaces build/live-image-amd64.hybrid.iso 30 | 31 | .PHONY: test-interfaces 32 | .ONESHELL: 33 | test-interfaces: checkiso 34 | scripts/check-qemu-install --debug --configd --match="interfaces_" --smoketest --uefi build/live-image-amd64.hybrid.iso 35 | 36 | .PHONY: testc 37 | .ONESHELL: 38 | testc: checkiso 39 | scripts/check-qemu-install --debug --configd --configtest build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS)) 40 | 41 | .PHONY: testraid 42 | .ONESHELL: 43 | testraid: checkiso 44 | scripts/check-qemu-install --debug --configd --raid build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS)) 45 | 46 | .PHONY: testsb 47 | .ONESHELL: 48 | testsb: checkiso 49 | scripts/check-qemu-install --debug --uefi --sbtest build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS)) 50 | 51 | .PHONY: testtpm 52 | .ONESHELL: 53 | testtpm: checkiso 54 | scripts/check-qemu-install --debug --tpmtest build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS)) 55 | 56 | .PHONY: qemu-live 57 | .ONESHELL: 58 | qemu-live: checkiso 59 | scripts/check-qemu-install --qemu-cmd --uefi build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS)) 60 | 61 | .PHONY: oci 62 | .ONESHELL: 63 | oci: checkiso 64 | scripts/iso-to-oci build/live-image-amd64.hybrid.iso 65 | 66 | .PHONY: clean 67 | .ONESHELL: 68 | clean: 69 | @set -e 70 | mkdir -p $(build_dir) 71 | cd $(build_dir) 72 | lb clean 73 | 74 | rm -f config/binary config/bootstrap config/chroot config/common config/source 75 | rm -f build.log 76 | rm -f vyos-*.iso 77 | rm -f *.img 78 | rm -f *.xz 79 | rm -f *.vhd 80 | rm -f *.raw 81 | rm -f *.tar.gz 82 | rm -f *.qcow2 83 | rm -f *.mf 84 | rm -f *.ovf 85 | rm -f *.ova 86 | 87 | .PHONY: purge 88 | purge: 89 | rm -rf build packer_build packer_cache testinstall-*.img 90 | -------------------------------------------------------------------------------- /docker-vyos/README.md: -------------------------------------------------------------------------------- 1 | # VyOS as Docker container 2 | 3 | VyOS can be run as a Docker container on a Linux host with a compatible kernel. 4 | 5 | ## Build Container 6 | 7 | To build a Docker image you need to have the whole `vyos-build` repository, not 8 | only a folder with Dockerfile, because some files from this repository are 9 | required for building. 10 | 11 | Docker image with VyOS can be built on Linux host with the next command: 12 | 13 | ```console 14 | docker build --compress --file Dockerfile \ 15 | --tag vyos:version-`date -u +%Y%m%d%H%M%S` \ 16 | --build-arg BUILD_DATE="`date -u --rfc-3339=seconds`" \ 17 | --build-arg VYOS_VERSION=version \ 18 | --build-arg DEBIAN_VERSION=debian \ 19 | --progress plain .. 20 | ``` 21 | 22 | Or, if you want to rebuild completely from the scratch (without cache): 23 | 24 | ```console 25 | docker build --no-cache --pull --compress --file Dockerfile \ 26 | --tag vyos:version-`date -u +%Y%m%d%H%M%S` \ 27 | --build-arg BUILD_DATE="`date -u --rfc-3339=seconds`" \ 28 | --build-arg VYOS_VERSION=version \ 29 | --build-arg DEBIAN_VERSION=debian \ 30 | --progress plain .. 31 | ``` 32 | 33 | > **_NOTE:_** You must use proper version value for `DEBIAN_VERSION` variable. 34 | It can be only `jessie` (for VyOS 1.2) or `buster` (for VyOS 1.3). 35 | 36 | ## Run Container 37 | 38 | Docker container with VyOS can be running with the next command: 39 | 40 | ```console 41 | docker run --privileged --detach \ 42 | --volume /lib/modules:/lib/modules \ 43 | --name vyos_inside_docker vyos:version 44 | ``` 45 | 46 | You need to use the `--privileged` flag because the system actively interacts 47 | with a host kernel to perform routing operations and tune networking options. 48 | 49 | **Experimantal:** You can limit access to some system resources with: 50 | 51 | ```console 52 | docker run --privileged --detach \ 53 | --tmpfs /tmp \ 54 | --tmpfs /run \ 55 | --tmpfs /run/lock \ 56 | --volume /lib/modules:/lib/modules:ro \ 57 | --volume /sys/fs/cgroup:/sys/fs/cgroup:ro \ 58 | --name vyos_inside_docker vyos:version 59 | ``` 60 | 61 | ### Log into container 62 | 63 | To open VyOS CLI, you can use SSH connection to the Docker container or run 64 | on host: 65 | 66 | ```console 67 | docker exec -it vyos_inside_docker su vyos 68 | ``` 69 | 70 | ## Troubleshooting 71 | 72 | If in VyOS appears IPv6-related errors, for example, it cannot assign an IPv6 73 | address for an interface, it is necessary to enable IPv6 support in Docker. 74 | 75 | This can be done, by editing `/etc/docker/daemon.json`: 76 | 77 | ```console 78 | { 79 | "ipv6": true, 80 | "fixed-cidr-v6": "fe80::/64" 81 | } 82 | ``` 83 | -------------------------------------------------------------------------------- /data/build-flavors/edgecore.toml: -------------------------------------------------------------------------------- 1 | # ISO image for EdgeCore routers 2 | 3 | image_format = "iso" 4 | 5 | # udev rules for correct ordering of onboard NICs 6 | [[includes_chroot]] 7 | path = "lib/udev/rules.d/64-vyos-SAF51015I-net.rules" 8 | data = ''' 9 | ATTR{[dmi/id]board_name}!="SAF51015I-0318-EC", GOTO="end_ec_nic" 10 | 11 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:02:00.0", ENV{VYOS_IFNAME}="eth1" 12 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:03:00.0", ENV{VYOS_IFNAME}="eth2" 13 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:04:00.0", ENV{VYOS_IFNAME}="eth3" 14 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:05:00.0", ENV{VYOS_IFNAME}="eth4" 15 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:06:00.0", ENV{VYOS_IFNAME}="eth5" 16 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:06:00.1", ENV{VYOS_IFNAME}="eth6" 17 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:06:00.2", ENV{VYOS_IFNAME}="eth7" 18 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:06:00.3", ENV{VYOS_IFNAME}="eth8" 19 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:0a:00.0", ENV{VYOS_IFNAME}="eth9" 20 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:0a:00.1", ENV{VYOS_IFNAME}="eth10" 21 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:0b:00.0", ENV{VYOS_IFNAME}="eth11" 22 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:0b:00.1", ENV{VYOS_IFNAME}="eth12" 23 | 24 | LABEL="end_ec_nic" 25 | 26 | ''' 27 | 28 | [[includes_chroot]] 29 | path = "lib/udev/rules.d/64-vyos-SAF51003I-net.rules" 30 | data = ''' 31 | ATTR{[dmi/id]board_name}!="SAF51003I", GOTO="end_ec_nic" 32 | 33 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:02:00.0", ENV{VYOS_IFNAME}="eth1", ATTR{ifalias}="LAN1" 34 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:02:00.1", ENV{VYOS_IFNAME}="eth2", ATTR{ifalias}="LAN2" 35 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:02:00.2", ENV{VYOS_IFNAME}="eth3", ATTR{ifalias}="LAN3" 36 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:02:00.3", ENV{VYOS_IFNAME}="eth4", ATTR{ifalias}="LAN4" 37 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:05:00.0", ENV{VYOS_IFNAME}="eth5", ATTR{ifalias}="LAN5" 38 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:05:00.1", ENV{VYOS_IFNAME}="eth6", ATTR{ifalias}="LAN6" 39 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:05:00.2", ENV{VYOS_IFNAME}="eth7", ATTR{ifalias}="LAN7" 40 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:05:00.3", ENV{VYOS_IFNAME}="eth8", ATTR{ifalias}="LAN8" 41 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:08:00.0", ENV{VYOS_IFNAME}="eth9", ATTR{ifalias}="DMZ" 42 | ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:08:00.1", ENV{VYOS_IFNAME}="eth10", ATTR{ifalias}="WAN" 43 | 44 | LABEL="end_ec_nic" 45 | 46 | ''' 47 | -------------------------------------------------------------------------------- /docker/patches/live-build/0001-save-package-info.patch: -------------------------------------------------------------------------------- 1 | From 9dacc8bf99310b2216be24a42f2c0475080cf039 Mon Sep 17 00:00:00 2001 2 | From: khramshinr 3 | Date: Thu, 24 Oct 2024 14:22:57 +0600 4 | Subject: [PATCH] T6684: new Debian package repo snapshot logic 5 | 6 | Save information about all installed packages and teir source repo, including temporary packages 7 | Added functionality to store version information for temporarily installed packages. 8 | --- 9 | functions/packages.sh | 9 +++++++++ 10 | scripts/build/chroot | 6 ++++++ 11 | scripts/build/clean | 2 +- 12 | 3 files changed, 16 insertions(+), 1 deletion(-) 13 | 14 | diff --git a/functions/packages.sh b/functions/packages.sh 15 | index 2481edc25..a6c2c1e8d 100755 16 | --- a/functions/packages.sh 17 | +++ b/functions/packages.sh 18 | @@ -60,6 +60,15 @@ Install_packages () 19 | Chroot chroot "aptitude install --without-recommends ${APTITUDE_OPTIONS} ${_LB_PACKAGES}" 20 | ;; 21 | esac 22 | + 23 | + # save information about all temporary installed packages and source repos 24 | + for PACKAGE in ${_LB_PACKAGES}; do 25 | + INSTALLED_VERSION=$(Chroot chroot "apt-cache policy ${PACKAGE}" | grep 'Installed:' | awk '{print $2}') 26 | + Chroot chroot "apt-cache policy ${PACKAGE}" | sed -n '/\*\*\*/,$p' | grep -P 'http:|https:' -m 1 | \ 27 | + awk -v pkg="${PACKAGE}" -v version="${INSTALLED_VERSION}" '{print $2" "$3" "pkg" "version}' >> chroot.packages.all.info 28 | + 29 | + done 30 | + 31 | unset _LB_PACKAGES # Can clear this now 32 | } 33 | 34 | diff --git a/scripts/build/chroot b/scripts/build/chroot 35 | index a0aa10be0..700762e78 100755 36 | --- a/scripts/build/chroot 37 | +++ b/scripts/build/chroot 38 | @@ -48,6 +48,12 @@ for _PASS in install live; do 39 | fi 40 | done 41 | 42 | +# save information about all installed packages and source repos 43 | +Chroot chroot "dpkg-query -W" | while read PACKAGE; do 44 | + Chroot chroot "apt-cache policy ${PACKAGE}" | sed -n '/\*\*\*/,$p' | grep -P 'http:|https:' -m 1 | awk -v pkg="${PACKAGE}" '{print $2" "$3" "pkg}' >> chroot.packages.all.info 45 | +done 46 | + 47 | + 48 | lb chroot_includes_after_packages "${@}" 49 | lb chroot_hooks "${@}" 50 | lb chroot_hacks "${@}" 51 | diff --git a/scripts/build/clean b/scripts/build/clean 52 | index 6549fc635..4376d7525 100755 53 | --- a/scripts/build/clean 54 | +++ b/scripts/build/clean 55 | @@ -159,7 +159,7 @@ if [ "${RM_CHROOT}" = "true" ]; then 56 | 57 | rm -rf chroot chroot.tmp 58 | 59 | - rm -f chroot.packages.live chroot.packages.install 60 | + rm -f chroot.packages.live chroot.packages.install chroot.packages.all.info 61 | rm -f chroot.files 62 | 63 | rm -f "$(Installed_tmp_packages_file)" 64 | 65 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/modprobe.d/no-copybreak.conf: -------------------------------------------------------------------------------- 1 | # 2 | # **** License **** 3 | # This program is free software; you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License version 2 as 5 | # published by the Free Software Foundation. 6 | # 7 | # This program is distributed in the hope that it will be useful, but 8 | # WITHOUT ANY WARRANTY; without even the implied warranty of 9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 10 | # General Public License for more details. 11 | # 12 | # This code was originally developed by Vyatta, Inc. 13 | # Portions created by Vyatta are Copyright (C) 2009 Vyatta, Inc. 14 | # All Rights Reserved. 15 | # **** End License **** 16 | # 17 | # Author: Bob Gilligan 18 | # 19 | # Some network interface drivers employ a scheme known as "copybreak" 20 | # in which they make a copy of a received skb if the size of the 21 | # buffer is below a particular threshold, then return the original 22 | # receive skb back to the pool. Since these drivers initially 23 | # allocate a buffer size that is larger than the largest possible 24 | # packet, this scheme returns that large buffer to the pool quickly, 25 | # and uses a smaller one. 26 | # 27 | # The primary benefit of copybreak is better memory utilization. On 28 | # systems where the data is ultimately going to be copied out to user 29 | # space, the copybreak scheme is "low cost" because it has the side 30 | # benefit of priming the cache for that later copy. But on a router 31 | # that only touches the header fields of a received packet, the cost 32 | # can be relatively higher. And on modern systems the memory savings 33 | # is rarely an important consideration. 34 | # 35 | # Some of the drivers that employ copybreak make the feature 36 | # configurable via a module parameter. This file disables copybreak 37 | # in some of those drivers. Generally this results in an improvement 38 | # in forwarding performance for traffic using these drivers. 39 | 40 | options 3c515 rx_copybreak=0 41 | options 3c59x rx_copybreak=0 42 | options bcm63xx copybreak=0 43 | options cxgb copybreak=0 44 | options e1000 copybreak=0 45 | options e1000e copybreak=0 46 | options epic100 rx_copybreak=0 47 | options fealnx rx_copybreak=0 48 | options hamachi rx_copybreak=0 49 | options ixgb copybreak=0 50 | options natsemi rx_copybreak=0 51 | options pch_gbe copybreak=0 52 | options pcnet32 rx_copybreak=0 53 | options sis190 rx_copybreak=0 54 | options sky2 copybreak=0 55 | options starfire rx_copybreak=0 56 | options sundance rx_copybreak=0 57 | options typhoon rx_copybreak=0 58 | options via-rhine rx_copybreak=0 59 | options via-velocity rx_copybreak=0 60 | options yellowfin rx_copybreak=0 61 | -------------------------------------------------------------------------------- /scripts/utils/merge-flavors: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # 3 | # Copyright (C) 2024 VyOS maintainers and contributors 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License version 2 or later as 7 | # published by the Free Software Foundation. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program. If not, see . 16 | # 17 | # Purpose: merges multiple flavor files into one 18 | 19 | import sys 20 | 21 | import tomli 22 | import tomli_w 23 | 24 | def load_flavor(file_path): 25 | with open(file_path, 'rb') as f: 26 | flavor_def = tomli.load(f) 27 | 28 | return flavor_def 29 | 30 | # XXX: at the moment, this script is only used 31 | # to produce a meta-flavor for collecting packages 32 | # used in multiple flavors, 33 | # so it ignores all other flavor fields for now 34 | def merge_flavors(l, r): 35 | if 'packages' in r: 36 | l['packages'] += r['packages'] 37 | 38 | for arch in r.get('architectures', []): 39 | if arch not in l['architectures']: 40 | l['architectures'][arch] = {} 41 | 42 | if 'packages' not in l['architectures'][arch]: 43 | l['architectures'][arch]['packages'] = [] 44 | 45 | if 'packages' in r['architectures'][arch]: 46 | l['architectures'][arch]['packages'] += \ 47 | r['architectures'][arch]['packages'] 48 | 49 | return l 50 | 51 | if __name__ == '__main__': 52 | if len(sys.argv) < 3: 53 | print("Please specify a base flavor and a list of flavor files to merge!") 54 | sys.exit(1) 55 | 56 | base_flavor = load_flavor(sys.argv[1]) 57 | 58 | if 'architectures' not in base_flavor: 59 | base_flavor['architectures'] = {} 60 | 61 | if 'packages' not in base_flavor: 62 | base_flavor['packages'] = [] 63 | 64 | flavor_files = sys.argv[2:] 65 | flavor_defs = map(load_flavor, flavor_files) 66 | 67 | for fd in flavor_defs: 68 | merge_flavors(base_flavor, fd) 69 | 70 | base_flavor['packages'] = list(set(base_flavor['packages'])) 71 | for arch in base_flavor.get('architectures'): 72 | if 'packages' in base_flavor['architectures'][arch]: 73 | base_flavor['architectures'][arch]['packages'] = \ 74 | list(set(base_flavor['architectures'][arch]['packages'])) 75 | 76 | print(tomli_w.dumps(base_flavor)) 77 | -------------------------------------------------------------------------------- /docker-vyos/vyos_install_stage_02.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2020-2023 VyOS maintainers and contributors 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License version 2 or later as 7 | # published by the Free Software Foundation. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program. If not, see . 16 | 17 | # Stage 2 - install VyOS packages 18 | 19 | # load common functions 20 | . vyos_install_common.sh 21 | 22 | echo "Configuring APT repositories" 23 | prepare_apt 24 | 25 | # Get list of VyOS packages 26 | vyos_packages=( 27 | "vyos-1x" 28 | ) 29 | 30 | # Do not analyze packages, which we do not need in Docker 31 | vyos_packages_filter=( 32 | "vyos-intel*" 33 | ) 34 | vyos_packages_filtered=("$(filter_list vyos_packages[@] vyos_packages_filter[@])") 35 | 36 | # Add missed dependencies 37 | vyos_packages_filtered+=( 38 | "uuid" 39 | "jq" 40 | "yq" 41 | "systemd" 42 | ) 43 | 44 | echo "Packages for installing: ${vyos_packages_filtered[@]}" 45 | # Install VyOS packages 46 | echo "Installing VyOS packages" 47 | apt-get install -y --no-install-recommends ${vyos_packages_filtered[@]} 48 | 49 | # Create VyOS version file 50 | RELEASAE_TRAIN=$(tomlq --raw-output .release_train /tmp/defaults.toml) 51 | apt-cache show vyos-1x | awk -v release_train=${RELEASAE_TRAIN} '{ if ($1 == "Version:") version = $2 } END { build_git = "unknown" ; built_by = "Sentrium S.L." ; built_on = strftime("%F %T UTC", systime(), utc) ; "uuid -v 4" | getline build_uuid ; printf("{\"version\": \"%s\", \"build_git\": \"%s\", \"built_on\": \"%s\", \"built_by\": \"%s\", \"build_uuid\": \"%s\", \"release_train\": \"%s\"}", version, build_git, built_on, built_by, build_uuid, release_train) }' | json_pp > /usr/share/vyos/version.json 52 | 53 | # Delete what we do not need inside Docker image (this step makes packages database inconsistent) 54 | echo "Deleting what is needless in containers" 55 | dpkg -P --force-depends dosfstools efibootmgr yq jq gdisk grub-common grub-efi-amd64-bin initscripts installation-report laptop-detect libossp-uuid16 libparted2 libwireshark-data libwireshark5 mdadm parted tshark uuid 56 | dpkg -l | awk '/linux-image-/ { system("dpkg -P --force-depends " $2) }' 57 | 58 | # Delete documentation 59 | rm -rf /usr/share/doc /usr/share/doc-base 60 | 61 | echo "Deconfiguring APT repositories" 62 | cleanup_apt 63 | 64 | 65 | exit 0 66 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/build-kernel.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | CWD=$(pwd) 3 | KERNEL_SRC=linux 4 | 5 | set -e 6 | 7 | if [ ! -d ${KERNEL_SRC} ]; then 8 | echo "Linux Kernel source directory does not exists, please 'git clone'" 9 | exit 1 10 | fi 11 | 12 | cd ${KERNEL_SRC} 13 | 14 | if [ -d .git ]; then 15 | echo "I: Clean modified files - reset Git repo" 16 | git reset --hard HEAD 17 | git clean --force -d -x 18 | fi 19 | 20 | echo "I: Copy Kernel config (x86_64_vyos_defconfig) to Kernel Source" 21 | cp -rv ${CWD}/arch/ . 22 | 23 | KERNEL_VERSION=$(make kernelversion) 24 | KERNEL_SUFFIX=-$(awk -F "= " '/kernel_flavor/ {print $2}' ../../../../data/defaults.toml | tr -d \") 25 | KERNEL_CONFIG=arch/x86/configs/vyos_defconfig 26 | 27 | # VyOS requires some small Kernel Patches - apply them here 28 | # It's easier to habe them here and make use of the upstream 29 | # repository instead of maintaining a full Kernel Fork. 30 | # Saving time/resources is essential :-) 31 | PATCH_DIR=${CWD}/patches/kernel 32 | for patch in $(ls ${PATCH_DIR}) 33 | do 34 | echo "I: Apply Kernel patch: ${PATCH_DIR}/${patch}" 35 | patch -p1 < ${PATCH_DIR}/${patch} 36 | done 37 | 38 | # Change name of Signing Cert 39 | sed -i -e "s/CN =.*/CN=VyOS build time autogenerated kernel key/" certs/default_x509.genkey 40 | 41 | TRUSTED_KEYS_FILE=trusted_keys.pem 42 | # start with empty key file 43 | echo -n "" > $TRUSTED_KEYS_FILE 44 | CERTS=$(find ../../../data/live-build-config/includes.chroot/var/lib/shim-signed/mok -name "*.pem" -type f || true) 45 | if [ ! -z "${CERTS}" ]; then 46 | # add known public keys to Kernel certificate chain 47 | for file in $CERTS; do 48 | cat $file >> $TRUSTED_KEYS_FILE 49 | done 50 | # Force Kernel module signing and embed public keys 51 | echo "CONFIG_SYSTEM_TRUSTED_KEYRING" >> $KERNEL_CONFIG 52 | echo "CONFIG_SYSTEM_TRUSTED_KEYS=\"$TRUSTED_KEYS_FILE\"" >> $KERNEL_CONFIG 53 | fi 54 | 55 | echo "I: make vyos_defconfig" 56 | # Select Kernel configuration - currently there is only one 57 | make vyos_defconfig 58 | 59 | echo "I: Generate environment file containing Kernel variable" 60 | EPHEMERAL_KEY="/tmp/ephemeral.key" 61 | EPHEMERAL_PEM="/tmp/ephemeral.pem" 62 | cat << EOF >${CWD}/kernel-vars 63 | #!/bin/sh 64 | export KERNEL_VERSION=${KERNEL_VERSION} 65 | export KERNEL_SUFFIX=${KERNEL_SUFFIX} 66 | export KERNEL_DIR=${CWD}/${KERNEL_SRC} 67 | export EPHEMERAL_KEY=${EPHEMERAL_KEY} 68 | export EPHEMERAL_CERT=${EPHEMERAL_PEM} 69 | EOF 70 | 71 | echo "I: Build Debian Kernel package" 72 | touch .scmversion 73 | make bindeb-pkg BUILD_TOOLS=1 LOCALVERSION=${KERNEL_SUFFIX} KDEB_PKGVERSION=${KERNEL_VERSION}-1 -j $(getconf _NPROCESSORS_ONLN) 74 | 75 | # Back to the old Kernel build-scripts directory 76 | cd $CWD 77 | EPHEMERAL_KERNEL_KEY=$(grep -E "^CONFIG_MODULE_SIG_KEY=" ${KERNEL_SRC}/$KERNEL_CONFIG | awk -F= '{print $2}' | tr -d \") 78 | if test -f "${EPHEMERAL_KEY}"; then 79 | rm -f ${EPHEMERAL_KEY} 80 | fi 81 | if test -f "${EPHEMERAL_PEM}"; then 82 | rm -f ${EPHEMERAL_PEM} 83 | fi 84 | if test -f "${KERNEL_SRC}/${EPHEMERAL_KERNEL_KEY}"; then 85 | openssl rsa -in ${KERNEL_SRC}/${EPHEMERAL_KERNEL_KEY} -out ${EPHEMERAL_KEY} 86 | openssl x509 -in ${KERNEL_SRC}/${EPHEMERAL_KERNEL_KEY} -out ${EPHEMERAL_PEM} 87 | fi 88 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | VyOS toplevel build 2 | =================== 3 | 4 | For the most up-to-date documentation, please read the online build guide at 5 | [docs.vyos.io](https://docs.vyos.io/en/latest/contributing/build-vyos.html). 6 | 7 | # What is VyOS 8 | 9 | VyOS is an open source operating system for network devices (routers, firewalls 10 | and so on). If you want to use it in your network, check out download and 11 | installation instructions at https://docs.vyos.io/en/latest/installation/index.html 12 | 13 | If you want to modify VyOS and/or join its development, read on. 14 | 15 | # About this repository 16 | 17 | VyOS is a GNU/Linux distribution based on Debian. Just like any other 18 | distribution, it consists of multiple packages. 19 | 20 | Some packages are taken from the upstream, while other are modified or written 21 | from scratch by VyOS developers. Every package maintained by the VyOS team has 22 | its own git repository. VyOS image build is therefore a multi-step process. 23 | Packages are compiled first, then an ISO is built from Debian packages and our 24 | own packages. 25 | 26 | This is the top level repository that contains links to repositories with VyOS 27 | specific packages (organized as Git submodules) and scripts and data that are 28 | used for building those packages and the installation image. 29 | 30 | # Repository Structure 31 | 32 | There are several directories with their own purpose: 33 | 34 | * `build/` Used for temporary files used for the build and for build artifacts 35 | * `data/` Data required for building the ISO (e.g. boot splash/configs) 36 | * `packages/` This directory can hold arbitrary *.deb 37 | packages which will be embeded into the resulting ISO. 38 | Among other things those packages will be: Linux Kernel, FRR, 39 | Netfiler... 40 | * `scripts/` Scripts that are used for the build process 41 | * `tools/` Scripts that are used for maintainer's tasks automation and other 42 | purposes, but not during ISO build process 43 | * `vars/` Jenkins Pipeline library for reusable functions 44 | 45 | # Building VyOS 46 | 47 | In order to have a single manual and not maintining multiple copies the 48 | instructions on how to build VyOS either in a Docker container or natively can 49 | be found in our [Documentation - Build VyOS](https://docs.vyos.io/en/latest/contributing/build-vyos.html). 50 | 51 | # Development Branches 52 | 53 | The default branch that contains the most recent VyOS code is called `current`. 54 | We may or may not eventually switch to `main`. 55 | 56 | All new code goes to the `current` branch. When a new LTS release is ready for feature freeze, a 57 | new branch is created for the release, and new code from `current` is backported 58 | to the release branch as needed. 59 | 60 | Post-1.2.0 branches are named after constellations sorted by area from smallest 61 | to largest. There are 88 of them, here's the 62 | [complete list](https://en.wikipedia.org/wiki/IAU_designated_constellations_by_area). 63 | 64 | Existing branches: 65 | 66 | * VyOS 1.4: `sagitta` (Arrow) [LTS] 67 | * VyOS 1.3: `equuleus` (Little Horse) [LTS] 68 | * VyOS 1.2: `crux` (Southern Cross) [Unsupported] 69 | 70 | The next LTS release will be VyOS 1.5 `circinus` (Compasses). 71 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/18-enable-disable_services.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | echo I: Disabling services 4 | systemctl disable arpwatch.service 5 | systemctl disable smartd.service 6 | systemctl disable kea-ctrl-agent.service 7 | systemctl disable kea-dhcp4-server.service 8 | systemctl disable kea-dhcp6-server.service 9 | systemctl disable isc-dhcp-relay.service 10 | systemctl disable nfacctd.service 11 | systemctl disable pmacctd.service 12 | systemctl disable sfacctd.service 13 | systemctl disable uacctd.service 14 | systemctl disable ssh.service 15 | systemctl disable sshguard.service 16 | systemctl disable openvpn.service 17 | systemctl disable lldpd.service 18 | systemctl disable LCDd.service 19 | systemctl disable lcdproc.service 20 | systemctl disable conntrackd.service 21 | systemctl disable 'udp-broadcast-relay@*.service' 22 | systemctl disable pdns-recursor.service 23 | systemctl disable tftpd-hpa.service 24 | systemctl disable frr.service 25 | systemctl disable salt-minion.service 26 | systemctl disable certbot.service 27 | systemctl disable certbot.timer 28 | systemctl disable nginx.service 29 | systemctl disable wpa_supplicant.service 30 | systemctl disable squid.service 31 | systemctl disable apt-daily.service 32 | systemctl disable apt-daily.timer 33 | systemctl disable apt-daily-upgrade.timer 34 | systemctl disable apt-daily-upgrade.service 35 | systemctl disable chrony.service 36 | systemctl disable igmpproxy.service 37 | systemctl disable wide-dhcpv6-client.service 38 | systemctl disable lm-sensors.service 39 | systemctl disable snmpd.service 40 | systemctl disable conserver-server.service 41 | systemctl disable dropbear.service 42 | systemctl disable fancontrol.service 43 | systemctl disable fastnetmon.service 44 | systemctl disable ddclient.service 45 | systemctl disable ocserv.service 46 | systemctl disable tuned.service 47 | systemctl disable radvd.service 48 | systemctl disable hostapd.service 49 | systemctl disable hsflowd.service 50 | systemctl disable keepalived.service 51 | systemctl disable ipvsadm.service 52 | systemctl disable telegraf.service 53 | systemctl disable ndppd.service 54 | systemctl disable ipsec.service 55 | systemctl disable strongswan.service 56 | systemctl disable strongswan-starter.service 57 | systemctl disable strongswan.service 58 | systemctl disable avahi-daemon.service 59 | systemctl disable atop-rotate.timer 60 | systemctl disable ModemManager.service 61 | systemctl disable dnsdist.service 62 | systemctl disable haproxy.service 63 | systemctl disable owamp-server.service 64 | systemctl disable twamp-server.service 65 | systemctl disable vyos-wan-load-balance.service 66 | systemctl disable nvmf-autoconnect.service 67 | systemctl disable dpkg-db-backup.timer 68 | systemctl disable dpkg-db-backup.service 69 | systemctl disable zabbix-agent2.service 70 | systemctl disable suricata.service 71 | 72 | echo I: Enabling services 73 | systemctl enable vyos-hostsd.service 74 | systemctl enable acpid.service 75 | systemctl enable vyos-router.service 76 | systemctl enable vyos-configd.service 77 | systemctl enable vyos-grub-update.service 78 | 79 | echo I: Masking services 80 | systemctl mask systemd-journald-audit.socket 81 | systemctl --global mask gpg-agent.service gpg-agent.socket gpg-agent-ssh.socket gpg-agent-extra.socket gpg-agent-browser.socket dirmngr.socket 82 | -------------------------------------------------------------------------------- /data/live-build-config/archives/vyos-dev.key.chroot: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v2.0.22 (GNU/Linux) 3 | 4 | mQINBF0/MrsBEADLSj4PdgHsr4FblWqQmmZD32J3EVlXrBIwi0zT1RN6V6vA81xx 5 | Qe8XNm6LXVB9kjH9Qv+MwIWWOkTYGCDg2oiIAKPRnJfKisDo4Ax3a1j2YOF6Ud2n 6 | t1bdDfSvnMnEITnMwa+BHKx3QeBoVG/8zhMeHjXy0QwHUIdKMyrX8M0JWY/sqLlv 7 | HvzEaB3PEMFGFhuJ3Dh/ZxquVVuSS2GPRyTpLTqrPSH9jG8hf8YFWBE+CHbnclZc 8 | 4NKlI5Q5yrqrUE7zGWgg3O75o6xlJpjI2TJXPPYU6llCNQi/AUIB3R34okMdyYmP 9 | dzaHBXeA+a5glikv5i0ysJgfZ/hvZgayZdAvqIxQxjzvKebmqUutay7LhgjKGRnC 10 | vdAAQ1LbkqPvbBN1oaElRiTUR6bekTFd/M8x3DWPHc0xkNps6f4sEoiFkujpsl26 11 | uGlBhf59yFzI/XhjT/04pUWa3myFhGWT4WSw8cf3o/47/CiL4TefOBTY2vSSub7V 12 | nekDG6H75i9szMMQGzry71+RzYMOWkUnnnQ6wjpHuce42zU7wKUdl2+Wrr+g2/cK 13 | NKFvHRmGLVOpcabDawWi08hHr+J6Gje9PCePfY4x0p6Idjz5YW4Q1D/XSDZZ3nni 14 | akhMO1onHLolY7jstdexhSSi7nS9bDAdnHlL7e/hJemF5G0IvLlkaXYIpQARAQAB 15 | tDJWeU9TIG1haW50YWluZXJzIChwYWNrYWdlIHNpZ25pbmcpIDxwa2dzQHZ5b3Mu 16 | bmV0PokCOQQTAQIAIwUCXT8yuwIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheA 17 | AAoJELK9zt4uv5wGFk4P/3MUhejAJrkMy8EC21P74yCxpZ8RfahML/hIy8+13mWd 18 | 480eSGrZr+mEk7pN4T+5cOV4gO9gsKlZ+9zvP8PjRqrHhdDWnA+6GZSMmwvV5C+s 19 | DDop3Wa5z6u5SXwultAEzssNtmVreXhGrB/gkpx6NsAZz9TbwVCOyfFu5di2Oued 20 | ItL6IhkLBIbOmJX1X5CD3AvXIKcRwp7L3mFYP+UE5/c3OFmIK5P1J3vvHRPQqHls 21 | BOPs7dMowfCQfNTUyUWTG74gPo9wHCnuE6QnO5b/j1dPKgz5058bK+NMFgLLdw6X 22 | pb8Z7CvQPSLr5o2KfP+LsC7Nyz4tFQukJvidZdQ/uYQ38SDXsLbmlqnQWDCtYMzu 23 | j225frdkvymwvLrroVWGfbJI2Bd+u3VoQmLdMdddnSe/+oKoh2/xBueWH/O6d4F4 24 | br+HNbhxaxhhM2JuPXB7mQTDyzl4RhD8JixV6YgjWo1/X8wfpJdB/utTbiwLdhIH 25 | q2gdI3sxDCikapQWEhHWAgW4azhzXXvo8RTwNWXtck2DBsQxsn4lANvcWwJ7fRD5 26 | FDgIcJJ+rZrA9NT1sihSjxvUWAmByOSWwdWQRm8O86tFjqm9mJ5ppIYLX5weMa6L 27 | przxbm85y5DZeeuxo297YHGbrfeRm7ko/yB+DFdnLirnblK5JI4RL94AwZjad879 28 | uQINBF0/MrsBEACmKylWG6GC+EPn+x01vA3tVDyyDcOxaRevCvCYEINv7yn7Ajc3 29 | ZaWqqNRfZheOU5hUVJjW6cv7xqaWIn9J/7vatmdeX8H1cVWpSk/e1QT1Fop7I71e 30 | 4skDn8YI6JIZgFBrqe1O3YHOQDZbMO9zR5jNpVD7XXLyGsRvjnkH/ybugBeiVCqt 31 | 7x2I8OnDQggFnBrishMjVrEmBAduE3JICC1IbCCtVG67h07E/BC7XJVgME8Hvfwl 32 | EBTo8Y6CWcrsJZfAQKU+3wi5feFVLIbhNceiGcxmi7uJML+hGoSf92Pmn7i9p5su 33 | ywy4XF+aWvd4R3CMYywOiukB3rItic7gp0tpcMK7AwessGqvD/luz2cNY1IqDKak 34 | w7jGbGUT54zKO3tpt73dYGyf3SUHQ9aNAaGuSxjq/c9v9X4KpzmAi82rt4wSkDVa 35 | /5SkxsU9aP6lql2MrZm//Pj3hjyipTLUFhndbjeJDgBRROMJdokNkFIIaweJGAg2 36 | wNwBC6HRIYXLyOsV+Azf1gqSpCEqdKVLJkBduuChtd7N9xoUahag2yya+ujwpcN6 37 | nlmnhZt+yfgi0uO2cPmsof9PkJi+cb44IAgkvG96Zj2JbLHSlGipyYTHLYS46RC4 38 | CkaF3DSwDXVU+lBqJz+WkOywpMGUKtZwPbpy7ZJVf2JL8Rf0D95sIaeICwARAQAB 39 | iQIfBBgBAgAJBQJdPzK7AhsMAAoJELK9zt4uv5wG45IP/2YEQzyn2qiqHInLEmXE 40 | R7fefmkiTy925juASQiR/LGOCSfCOnMKBMkyi63XvQuhAALU6RxgK69yLZJYWQ+a 41 | gh+vrrndCzprCM4PohuupknA8nAY+FvC5xoOZVkZ/+vUP344ukxN9Fz1d9oU3G5a 42 | luoA23G1qs7kHJw/xzN1BFNqie2mIzMAOI0Wu0BZxmYmD3Ph0KMbUD08jX6ImDF6 43 | EnqS0VhCgXfWhPBqh5TOG35Fi5ZCmupbgqBJQZg5fLIWS3Hk2qBm70FR3iLdjiYu 44 | w165hBlqcJ2YfvVBKVvMNRVB9BtF7BfzCM3/y/4V82EZ7qQJ+jE30N+/vwrAOrUd 45 | QVlFsC5eYDOkRb3XXhijXZhoKoeXTwY7TGNntavVMYZ2W4EFoX2OH8/2A7KEYhqc 46 | 3cjEJ7EoM6hkmm6xmU82oQ8Moll1SgQbkNKlZYDPMs7Ppr4zBJjnVYVcP9e1RLFO 47 | 0POJbtG7CCAstcvMu/3Yw7Il/TOGvc3TNBPrkYtriDj+B900W5sEc33iUV9VRAAi 48 | Bkfs0XMSQVIcMdquu2LGfNWBjd/YCZVQ8OzFYoZJeq18oxeZ9/tE4NE3KyUBmqil 49 | 5/WicCYtxgxByAvhN5dFn+nPfoEMQ/e9Zhs2ImrrSy12Ehg1swRjAK39NrjySDFT 50 | FhyPysWJ4aNKtAYgVuQguPTt 51 | =rJUC 52 | -----END PGP PUBLIC KEY BLOCK----- 53 | 54 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-release.pub.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v2.0.22 (GNU/Linux) 3 | 4 | mQINBFXKsiIBEACyid9PR/v56pSRG8VgQyRwvzoI7rLErZ8BCQA2WFxA6+zNy+6G 5 | +0E/6XAOzE+VHli+wtJpiVJwAh+wWuqzOmv9css2fdJxpMW87pJAS2i3EVVVf6ab 6 | wU848JYLGzc9y7gZrnT1m2fNh4MXkZBNDp780WpOZx8roZq5X+j+Y5hk5KcLiBn/ 7 | lh9Zoh8yzrWDSXQsz0BGoAbVnLUEWyo0tcRcHuC0eLx6oNG/IHvd/+kxWB1uULHU 8 | SlB/6vcx56lLqgzywkmhP01050ZDyTqrFRIfrvw6gLQaWlgR3lB93txvF/sz87Il 9 | VblV7e6HEyVUQxedDS8ikOyzdb5r9a6Zt/j8ZPSntFNM6OcKAI7U1nDD3FVOhlVn 10 | 7lhUiNc+/qjC+pR9CrZjr/BTWE7Zpi6/kzeH4eAkfjyALj18oC5udJDjXE5daTL3 11 | k9difHf74VkZm29Cy9M3zPckOZpsGiBl8YQsf+RXSBMDVYRKZ1BNNLDofm4ZGijK 12 | mriXcaY+VIeVB26J8m8y0zN4/ZdioJXRcy72c1KusRt8e/TsqtC9UFK05YpzRm5R 13 | /nwxDFYb7EdY/vHUFOmfwXLaRvyZtRJ9LwvRUAqgRbbRZg3ET/tn6JZk8hqx3e1M 14 | IxuskOB19t5vWyAo/TLGIFw44SErrq9jnpqgclTSRgFjcjHEm061r4vjoQARAQAB 15 | tDZWeU9TIE1haW50YWluZXJzIChWeU9TIFJlbGVhc2UpIDxtYWludGFpbmVyc0B2 16 | eW9zLm5ldD6JAjgEEwECACIFAlXKsiICGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B 17 | AheAAAoJEP0iAoWg/m1+xbgP+QEDYZi5dA4IPY+vU1L95Bavju2m2o35TSUDPg5B 18 | jfAGuhbsNUceU+l/yUlxjpKEmvshyW3GHR5QzUaKGup/ZDBo1CBxZNhpSlFida2E 19 | KAYTx4vHk3MRXcntiAj/hIJwRtzCUp5UQIqHoU8dmHoHOkKEP+zhJuR6E2s+WwDr 20 | nTwE6eRa0g/AHY+chj2Je6flpPm2CKoTfUE7a2yBBU3wPq3rGtsQgVxPAxHRZz7A 21 | w4AjH3NM1Uo3etuiDnGkJAuoKKb1J4X3w2QlbwlR4cODLKhJXHIufwaGtRwEin9S 22 | 1l2bL8V3gy2Hv3D2t9TQZuR5NUHsibJRXLSa8WnSCcc6Bij5aqfdpYB+YvKH/rIm 23 | GvYPmLZDfKGkx0JE4/qtfFjiPJ5VE7BxNyliEw/rnQsxWAGPqLlL61SD8w5jGkw3 24 | CinwO3sccTVcPz9b6A1RsbBVhTJJX5lcPn1lkOEVwQ7l8bRhOKCMe0P53qEDcLCd 25 | KcXNnAFbVes9u+kfUQ4oxS0G2JS9ISVNmune+uv+JR7KqSdOuRYlyXA9uTjgWz4y 26 | Cs7RS+CpkJFqrqOtS1rmuDW9Ea4PA8ygGlisM5d/AlVkniHz/2JYtgetiLCj9mfE 27 | MzQpgnldNSPumKqJ3wwmCNisE+lXQ5UXCaoaeqF/qX1ykybQn41LQ+0xT5Uvy7sL 28 | 9IwGuQINBFXKsiIBEACg2mP3QYkXdgWTK5JyTGyttE6bDC9uqsK8dc1J66Tjd5Ly 29 | Be0amO+88GHXa0o5Smwk2QNoxsRR41G/D/eAeGsuOEYnePROEr3tcLnDjo4KLgQ+ 30 | H69zRPn77sdP3A34Jgp+QIzByJWM7Cnim31quQP3qal2QdpGJcT/jDJWdticN76a 31 | Biaz+HN13LyvZM+DWhUDttbjAJc+TEwF9YzIrU+3AzkTRDWkRh4kNIQxjlpNzvho 32 | 9V75riVqg2vtgPwttPEhOLb0oMzy4ADdfezrfVvvMb4M4kY9npu4MlSkNTM97F/I 33 | QKy90JuSUIjE05AO+PDXJF4Fd5dcpmukLV/2nV0WM2LAERpJUuAgkZN6pNUFVISR 34 | +nSfgR7wvqeDY9NigHrJqJbSEgaBUs6RTk5hait2wnNKLJajlu3aQ2/QfRT/kG3h 35 | ClKUz3Ju7NCURmFE6mfsdsVrlIsEjHr/dPbXRswXgC9FLlXpWgAEDYi9Wdxxz8o9 36 | JDWrVYdKRGG+OpLFh8AP6QL3YnZF+p1oxGUQ5ugXauAJ9YS55pbzaUFP8oOO2P1Q 37 | BeYnKRs1GcMI8KWtE/fze9C9gZ7Dqju7ZFEyllM4v3lzjhT8muMSAhw41J22mSx6 38 | VRkQVRIAvPDFES45IbB6EEGhDDg4pD2az8Q7i7Uc6/olEmpVONSOZEEPsQe/2wAR 39 | AQABiQIfBBgBAgAJBQJVyrIiAhsMAAoJEP0iAoWg/m1+niUQAKTxwJ9PTAfB+XDk 40 | 3qH3n+T49O2wP3fhBI0EGhJp9Xbx29G7qfEeqcQm69/qSq2/0HQOc+w/g8yy71jA 41 | 6rPuozCraoN7Im09rQ2NqIhPK/1w5ZvgNVC0NtcMigX9MiSARePKygAHOPHtrhyO 42 | rJQyu8E3cV3VRT4qhqIqXs8Ydc9vL3ZrJbhcHQuSLdZxM1k+DahCJgwWabDCUizm 43 | sVP3epAP19FP8sNtHi0P1LC0kq6/0qJot+4iBiRwXMervCD5ExdOm2ugvSgghdYN 44 | BikFHvmsCxbZAQjykQ6TMn+vkmcEz4fGAn4L7Nx4paKEtXaAFO8TJmFjOlGUthEm 45 | CtHDKjCTh9WV4pwG2WnXuACjnJcs6LcK377EjWU25H4y1ff+NDIUg/DWfSS85iIc 46 | UgkOlQO6HJy0O96L5uxn7VJpXNYFa20lpfTVZv7uu3BC3RW/FyOYsGtSiUKYq6cb 47 | CMxGTfFxGeynwIlPRlH68BqH6ctR/mVdo+5UIWsChSnNd1GreIEI6p2nBk3mc7jZ 48 | 7pTEHpjarwOjs/S/lK+vLW53CSFimmW4lw3MwqiyAkxl0tHAT7QMHH9Rgw2HF/g6 49 | XD76fpFdMT856dsuf+j2uuJFlFe5B1fERBzeU18MxML0VpDmGFEaxxypfACeI/iu 50 | 8vzPzaWHhkOkU8/J/Ci7+vNtUOZb 51 | =Ld8S 52 | -----END PGP PUBLIC KEY BLOCK----- 53 | -------------------------------------------------------------------------------- /docker-vyos/vyos_install_stage_01.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2020-2023 VyOS maintainers and contributors 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License version 2 or later as 7 | # published by the Free Software Foundation. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program. If not, see . 16 | 17 | # Stage 1 - install dependencies 18 | 19 | # load common functions 20 | . vyos_install_common.sh 21 | 22 | echo "Configuring APT repositories" 23 | prepare_apt 24 | 25 | # Get list of VyOS packages 26 | vyos_packages=( 27 | "vyos-1x" 28 | ) 29 | 30 | # Do not analyze packages, which we do not need in Docker 31 | vyos_packages_filter=( 32 | "vyos-intel*" 33 | ) 34 | vyos_packages_filtered=("$(filter_list vyos_packages[@] vyos_packages_filter[@])") 35 | echo "Packages for dependency analyzing: ${vyos_packages_filtered[@]}" 36 | 37 | # Get list of all dependencies 38 | vyos_dependencies=(`apt-get -s install --no-install-recommends ${vyos_packages_filtered[@]} | awk '/Inst/ { printf("%s ", $2) }'`) 39 | 40 | # Do not install unnecessary 41 | ignore_list=( 42 | "dosfstools" 43 | "parted" 44 | "libparted*" 45 | "efibootmgr" 46 | "gdisk" 47 | "grub-*" 48 | "laptop-detect" 49 | "installation-report" 50 | "tshark" 51 | "wireshark*" 52 | "mdadm" 53 | "keepalived" 54 | "libheartbeat2" 55 | "bmon" 56 | "crda" 57 | "ipvsadm" 58 | "iw" 59 | "pptpd" 60 | "cluster-glue" 61 | "resource-agents" 62 | "heartbeat" 63 | "podman" 64 | ) 65 | 66 | # Get list of packages from VYOS repository 67 | if ls /var/lib/apt/lists/*vyos*Packages* | grep -q gz$; then 68 | arch_cat="zcat" 69 | fi 70 | if ls /var/lib/apt/lists/*vyos*Packages* | grep -q lz4$; then 71 | arch_cat="lz4cat" 72 | echo "Installing lz4" 73 | apt-get install -y --no-install-recommends lz4 74 | fi 75 | vyos_repo_packages=(`$arch_cat /var/lib/apt/lists/*vyos*Packages* | awk '/Package:/ { printf("%s\n",$2) }'`) 76 | if [[ "${arch_cat}" == "lz4cat" ]]; then 77 | echo "Removing lz4" 78 | apt-get purge -y lz4 79 | fi 80 | # Add them to ignore list - we do not need anything from VyOS in this layer of image 81 | ignore_list=("${ignore_list[@]}" "${vyos_repo_packages[@]}") 82 | 83 | # Remove every ignore list item from installation list 84 | vyos_dependencies_filtered=("$(filter_list vyos_dependencies[@] ignore_list[@])") 85 | 86 | # Add missed dependencies 87 | vyos_dependencies_filtered+=( 88 | "liburi-perl" 89 | "locales" 90 | "libcap-ng0" 91 | "libnss-myhostname" 92 | "dbus" 93 | ) 94 | 95 | echo "Dependencies filtered list: ${vyos_dependencies_filtered[@]}" 96 | 97 | # Install delependencies 98 | echo "Installing dependencies" 99 | apt-get install -y --no-install-recommends ${vyos_dependencies_filtered[@]} 100 | 101 | echo "Deconfiguring APT repositories" 102 | cleanup_apt 103 | 104 | 105 | exit 0 106 | -------------------------------------------------------------------------------- /scripts/image-build/utils.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2024 VyOS maintainers and contributors 2 | # 3 | # This program is free software; you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License version 2 or later as 5 | # published by the Free Software Foundation. 6 | # 7 | # This program is distributed in the hope that it will be useful, 8 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | # GNU General Public License for more details. 11 | # 12 | # You should have received a copy of the GNU General Public License 13 | # along with this program. If not, see . 14 | # 15 | # File: util.py 16 | # Purpose: 17 | # Various common functions for use in build scripts. 18 | 19 | 20 | import sys 21 | import os 22 | import shutil 23 | 24 | # Local modules 25 | import defaults 26 | import vyos 27 | 28 | def check_build_config(): 29 | if not os.path.exists(defaults.BUILD_CONFIG): 30 | print("Build config file ({file}) does not exist".format(file=defaults.BUILD_CONFIG)) 31 | print("If you are running this script by hand, you should better not. Run 'make iso' instead.") 32 | sys.exit(1) 33 | 34 | 35 | class DependencyChecker(object): 36 | def __init__(self, spec): 37 | missing_packages = self._get_missing_packages(spec['packages']) 38 | missing_binaries = self._get_missing_binaries(spec['binaries']) 39 | self.__missing = {'packages': missing_packages, 'binaries': missing_binaries} 40 | 41 | 42 | def _package_installed(self, name): 43 | result = os.system("dpkg-query -W --showformat='${{Status}}\n' {name} 2>&1 | grep 'install ok installed' >/dev/null".format(name=name)) 44 | return True if result == 0 else False 45 | 46 | def _get_missing_packages(self, packages): 47 | missing_packages = [] 48 | for p in packages: 49 | if not self._package_installed(p): 50 | missing_packages.append(p) 51 | return missing_packages 52 | 53 | def _get_missing_binaries(self, binaries): 54 | missing_binaries = [] 55 | for b in binaries: 56 | if not shutil.which(b): 57 | missing_binaries.append(b) 58 | return missing_binaries 59 | 60 | def get_missing_dependencies(self): 61 | if self.__missing['packages'] or self.__missing['binaries']: 62 | return self.__missing 63 | return None 64 | 65 | def format_missing_dependencies(self): 66 | msg = "E: There are missing system dependencies!\n" 67 | if self.__missing['packages']: 68 | msg += "E: Missing packages: " + " ".join(self.__missing['packages']) 69 | if self.__missing['binaries']: 70 | msg += "E: Missing binaries: " + " ".join(self.__missing['binaries']) 71 | return msg 72 | 73 | def check_system_dependencies(deps): 74 | checker = DependencyChecker(deps) 75 | missing = checker.get_missing_dependencies() 76 | if missing: 77 | raise OSError(checker.format_missing_dependencies()) 78 | else: 79 | pass 80 | 81 | def cmd(command): 82 | res = vyos.utils.process.call(command, shell=True) 83 | if res > 0: 84 | raise OSError(f"Command '{command}' failed") 85 | 86 | def rc_cmd(command): 87 | code, out = vyos.utils.process.rc_cmd(command, shell=True) 88 | if code > 0: 89 | raise OSError(f"Command '{command}' failed") 90 | else: 91 | return out 92 | -------------------------------------------------------------------------------- /Jenkinsfile.docker: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env groovy 2 | // Copyright (C) 2019-2021 VyOS maintainers and contributors 3 | // 4 | // This program is free software; you can redistribute it and/or modify 5 | // in order to easy exprort images built to "external" world 6 | // it under the terms of the GNU General Public License version 2 or later as 7 | // published by the Free Software Foundation. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program. If not, see . 16 | @NonCPS 17 | 18 | // Using a version specifier library, use 'current' branch. The underscore (_) 19 | // is not a typo! You need this underscore if the line immediately after the 20 | // @Library annotation is not an import statement! 21 | @Library('vyos-build@current')_ 22 | setDescription() 23 | 24 | pipeline { 25 | agent none 26 | environment { 27 | GIT_BRANCH_NAME = getGitBranchName() 28 | } 29 | options { 30 | disableConcurrentBuilds() 31 | timeout(time: 240, unit: 'MINUTES') 32 | timestamps() 33 | buildDiscarder(logRotator(numToKeepStr: '20')) 34 | } 35 | stages { 36 | stage('Build containers') { 37 | when { 38 | beforeOptions true 39 | beforeAgent true 40 | // Only run ISO image build process of explicit user request or 41 | // once a night triggered by the timer. 42 | anyOf { 43 | changeset pattern: "**/docker/*" 44 | changeset pattern: "**/Jenkinsfile.docker" 45 | triggeredBy cause: "UserIdCause" 46 | } 47 | } 48 | parallel { 49 | stage('x86_64') { 50 | agent { 51 | label "ec2_amd64" 52 | } 53 | steps { 54 | script { 55 | DOCKER_IMAGE_AMD64 = "vyos/vyos-build:" + env.GIT_BRANCH_NAME 56 | sh "docker build --no-cache --tag ${DOCKER_IMAGE_AMD64} docker" 57 | if (! isCustomBuild()) { 58 | withDockerRegistry([credentialsId: "DockerHub"]) { 59 | sh "docker push ${DOCKER_IMAGE_AMD64}" 60 | } 61 | } 62 | } 63 | } 64 | } 65 | stage('arm64') { 66 | agent { 67 | label "ec2_arm64" 68 | } 69 | steps { 70 | script { 71 | DOCKER_IMAGE_ARM64 = "vyos/vyos-build:" + env.GIT_BRANCH_NAME + "-arm64" 72 | sh "docker build --no-cache --tag ${DOCKER_IMAGE_ARM64} --build-arg ARCH=arm64v8/ docker" 73 | if (! isCustomBuild()) { 74 | withDockerRegistry([credentialsId: "DockerHub"]) { 75 | sh "docker push ${DOCKER_IMAGE_ARM64}" 76 | } 77 | } 78 | } 79 | } 80 | } 81 | } 82 | } 83 | } 84 | } 85 | --------------------------------------------------------------------------------