├── .frlog ├── .github ├── PULL_REQUEST_TEMPLATE.md ├── labeler.yml ├── reviewers.yml └── workflows │ ├── auto-author-assign.yml │ ├── codeql.yml │ ├── mergifyio_backport.yml │ ├── pr-conflicts.yml │ ├── pull-request-labels.yml │ ├── pull-request-management.yml │ ├── pull-request-message-check.yml │ └── stale.yml ├── .gitignore ├── .merge-branch-exclude ├── AUTHORS ├── COPYING ├── ChangeLog ├── Makefile.am ├── NEWS ├── README ├── configure.ac ├── debian ├── README ├── autogen.sh ├── changelog ├── compat ├── control ├── copyright ├── docs ├── lintian ├── rules └── vyatta-cfg-system.postinst.in ├── scripts ├── install │ ├── install-functions │ ├── install-get-partition │ ├── install-image │ ├── install-image-existing │ ├── install-image-new │ └── install-postinst-new ├── progress-indicator ├── restricted-shell ├── snmp │ └── if-mib-alias ├── vyatta-dhcpv6-client.pl ├── vyatta-grub-setup └── vyos-persistpath └── sysconf ├── LICENSE ├── filecaps └── netdevice /.frlog: -------------------------------------------------------------------------------- 1 | Tue Dec 28 13:47:50 PST 2010: [new branch] at [debian/0.19.24] 2 | Thu Jul 7 20:55:58 PDT 2011: [new branch] at [debian/0.19.99] 3 | Sat Mar 3 02:25:37 PST 2012: [new branch] at [debian/0.19.174] 4 | Fri Oct 12 19:46:58 PDT 2012: [new branch] at [debian/0.20.41] 5 | Sat Oct 13 13:30:43 PDT 2012: [create daisy branch] at [debian/0.20.42] 6 | Fri Apr 12 09:13:35 PDT 2013: [Bugfix 8804] at [debian/0.20.42+daisy13] 7 | Thu Oct 31 13:14:18 CET 2013: [Force release] at [debian/0.20.42+daisy22] 8 | Fri Nov 1 23:54:59 CET 2013: [Test release] at [debian/0.20.42+daisy25] 9 | Sat Jan 18 01:41:11 CET 2014: [Force release] at [debian/0.20.43+hydrogen10] 10 | Sat Feb 15 16:53:18 CET 2014: [New branch] at [debian/0.20.43+hydrogen12] 11 | Wed Oct 29 22:45:39 CET 2014: [Force release] at [debian/0.20.43+vyos1+helium24] 12 | Tue Dec 23 01:55:44 CET 2014: [Force release] at [debian/0.20.44+vyos2+lithium4] 13 | Thu Apr 9 00:20:24 CEST 2015: [Force release] at [debian/0.20.44+vyos2+lithium23] 14 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | ## Change Summary 5 | 6 | 7 | ## Types of changes 8 | 13 | - [ ] Bug fix (non-breaking change which fixes an issue) 14 | - [ ] New feature (non-breaking change which adds functionality) 15 | - [ ] Code style update (formatting, renaming) 16 | - [ ] Refactoring (no functional changes) 17 | - [ ] Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component 18 | - [ ] Other (please describe): 19 | 20 | ## Related Task(s) 21 | 22 | 23 | 24 | ## Related PR(s) 25 | 26 | 27 | ## Component(s) name 28 | 29 | 30 | ## Proposed changes 31 | 32 | 33 | ## How to test 34 | 42 | 43 | ## Smoketest result 44 | 50 | 51 | ## Checklist: 52 | 53 | 54 | 55 | - [ ] I have read the [**CONTRIBUTING**](https://github.com/vyos/vyos-1x/blob/current/CONTRIBUTING.md) document 56 | - [ ] I have linked this PR to one or more Phabricator Task(s) 57 | - [ ] I have run the components [**SMOKETESTS**](https://github.com/vyos/vyos-1x/tree/current/smoketest/scripts/cli) if applicable 58 | - [ ] My commit headlines contain a valid Task id 59 | - [ ] My change requires a change to the documentation 60 | - [ ] I have updated the documentation accordingly 61 | -------------------------------------------------------------------------------- /.github/labeler.yml: -------------------------------------------------------------------------------- 1 | equuleus: 2 | - any: 3 | - base-branch: 'equuleus' 4 | current: 5 | - any: 6 | - base-branch: 'current' 7 | crux: 8 | - any: 9 | - base-branch: 'crux' 10 | sagitta: 11 | - any: 12 | - base-branch: 'sagitta' 13 | -------------------------------------------------------------------------------- /.github/reviewers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | "**/*": 3 | - team: reviewers 4 | -------------------------------------------------------------------------------- /.github/workflows/auto-author-assign.yml: -------------------------------------------------------------------------------- 1 | name: "PR Triage" 2 | on: 3 | pull_request_target: 4 | types: [opened, reopened, ready_for_review, locked] 5 | 6 | permissions: 7 | pull-requests: write 8 | 9 | jobs: 10 | # https://github.com/marketplace/actions/auto-author-assign 11 | assign-author: 12 | runs-on: ubuntu-latest 13 | steps: 14 | - name: "Assign Author to PR" 15 | uses: toshimaru/auto-author-assign@v1.6.2 16 | with: 17 | repo-token: ${{ secrets.GITHUB_TOKEN }} 18 | 19 | # https://github.com/shufo/auto-assign-reviewer-by-files 20 | assign_reviewer: 21 | runs-on: ubuntu-latest 22 | steps: 23 | - name: Request review based on files changes and/or groups the author belongs to 24 | uses: shufo/auto-assign-reviewer-by-files@v1.1.4 25 | with: 26 | token: ${{ secrets.PR_ACTION_ASSIGN_REVIEWERS }} 27 | config: .github/reviewers.yml 28 | -------------------------------------------------------------------------------- /.github/workflows/codeql.yml: -------------------------------------------------------------------------------- 1 | # For most projects, this workflow file will not need changing; you simply need 2 | # to commit it to your repository. 3 | # 4 | # You may wish to alter this file to override the set of languages analyzed, 5 | # or to provide custom queries or build logic. 6 | # 7 | # ******** NOTE ******** 8 | # We have attempted to detect the languages in your repository. Please check 9 | # the `language` matrix defined below to confirm you have the correct set of 10 | # supported CodeQL languages. 11 | # 12 | name: "CodeQL" 13 | 14 | on: 15 | push: 16 | branches: [ "current", crux, equuleus ] 17 | pull_request: 18 | # The branches below must be a subset of the branches above 19 | branches: [ "current" ] 20 | schedule: 21 | - cron: '22 10 * * 0' 22 | 23 | jobs: 24 | analyze: 25 | name: Analyze 26 | runs-on: ubuntu-latest 27 | permissions: 28 | actions: read 29 | contents: read 30 | security-events: write 31 | 32 | strategy: 33 | fail-fast: false 34 | matrix: 35 | language: [ 'python' ] 36 | # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] 37 | # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support 38 | 39 | steps: 40 | - name: Checkout repository 41 | uses: actions/checkout@v3 42 | 43 | # Initializes the CodeQL tools for scanning. 44 | - name: Initialize CodeQL 45 | uses: github/codeql-action/init@v2 46 | with: 47 | languages: ${{ matrix.language }} 48 | # If you wish to specify custom queries, you can do so here or in a config file. 49 | # By default, queries listed here will override any specified in a config file. 50 | # Prefix the list here with "+" to use these queries and those in the config file. 51 | 52 | # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs 53 | # queries: security-extended,security-and-quality 54 | 55 | 56 | # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). 57 | # If this step fails, then you should remove it and run the build manually (see below) 58 | - name: Autobuild 59 | uses: github/codeql-action/autobuild@v2 60 | 61 | # ℹ️ Command-line programs to run using the OS shell. 62 | # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun 63 | 64 | # If the Autobuild fails above, remove it and uncomment the following three lines. 65 | # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. 66 | 67 | # - run: | 68 | # echo "Run, Build Application using script" 69 | # ./location_of_script_within_repo/buildscript.sh 70 | 71 | - name: Perform CodeQL Analysis 72 | uses: github/codeql-action/analyze@v2 73 | with: 74 | category: "/language:${{matrix.language}}" 75 | -------------------------------------------------------------------------------- /.github/workflows/mergifyio_backport.yml: -------------------------------------------------------------------------------- 1 | name: Mergifyio backport 2 | 3 | on: [issue_comment] 4 | 5 | jobs: 6 | mergifyio_backport: 7 | if: github.repository == 'vyos/vyatta-cfg-system' 8 | runs-on: ubuntu-latest 9 | steps: 10 | - uses: actions/checkout@v2 11 | 12 | - uses: actions-ecosystem/action-regex-match@v2 13 | id: regex-match 14 | with: 15 | text: ${{ github.event.comment.body }} 16 | regex: '[Mm]ergifyio backport ' 17 | 18 | - uses: actions-ecosystem/action-add-labels@v1 19 | if: ${{ steps.regex-match.outputs.match != '' }} 20 | with: 21 | github_token: ${{ secrets.GITHUB_TOKEN }} 22 | labels: backport 23 | -------------------------------------------------------------------------------- /.github/workflows/pr-conflicts.yml: -------------------------------------------------------------------------------- 1 | name: "PR Conflicts checker" 2 | on: 3 | pull_request_target: 4 | types: [synchronize] 5 | 6 | jobs: 7 | Conflict_Check: 8 | name: 'Check PR status: conflicts and resolution' 9 | runs-on: ubuntu-22.04 10 | steps: 11 | - name: check if PRs are dirty 12 | uses: eps1lon/actions-label-merge-conflict@releases/2.x 13 | with: 14 | dirtyLabel: "state: conflict" 15 | removeOnDirtyLabel: "state: conflict resolved" 16 | repoToken: "${{ secrets.GITHUB_TOKEN }}" 17 | commentOnDirty: "This pull request has conflicts, please resolve those before we can evaluate the pull request." 18 | commentOnClean: "Conflicts have been resolved. A maintainer will review the pull request shortly." 19 | -------------------------------------------------------------------------------- /.github/workflows/pull-request-labels.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Add pull request labels 3 | 4 | on: 5 | pull_request_target: 6 | branches: 7 | - current 8 | - crux 9 | - equuleus 10 | - sagitta 11 | 12 | jobs: 13 | add-pr-label: 14 | name: Add PR Labels 15 | runs-on: ubuntu-20.04 16 | permissions: 17 | contents: read 18 | pull-requests: write 19 | steps: 20 | - uses: actions/labeler@v5.0.0-alpha.1 21 | -------------------------------------------------------------------------------- /.github/workflows/pull-request-management.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Build Pull Request Package 3 | 4 | on: 5 | pull_request: 6 | branches: 7 | - current 8 | - crux 9 | - equuleus 10 | 11 | jobs: 12 | j2lint: 13 | name: Validate j2 files 14 | runs-on: ubuntu-20.04 15 | steps: 16 | - uses: actions/checkout@v2 17 | timeout-minutes: 2 18 | - name: Setup J2Lint 19 | timeout-minutes: 2 20 | run: | 21 | sudo pip install git+https://github.com/aristanetworks/j2lint.git@341b5d5db86e095b622f09770cb6367a1583620e 22 | - name: Run J2lint 23 | timeout-minutes: 2 24 | run: | 25 | j2lint $GITHUB_WORKSPACE/data 26 | -------------------------------------------------------------------------------- /.github/workflows/pull-request-message-check.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Check pull request message format 3 | 4 | on: 5 | pull_request: 6 | branches: 7 | - current 8 | - crux 9 | - equuleus 10 | 11 | jobs: 12 | check-pr-title: 13 | name: Check pull request title 14 | runs-on: ubuntu-20.04 15 | steps: 16 | - uses: actions/checkout@v2 17 | timeout-minutes: 2 18 | - name: Install the requests library 19 | run: pip3 install requests 20 | - name: Check the PR title 21 | timeout-minutes: 2 22 | run: | 23 | ./scripts/check-pr-title-and-commit-messages.py '${{ github.event.pull_request.url }}' 24 | -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- 1 | name: "Issue and PR stale management" 2 | on: 3 | schedule: 4 | - cron: "0 0 * * *" 5 | 6 | jobs: 7 | stale: 8 | runs-on: ubuntu-latest 9 | if: github.repository == 'vyos/vyatta-cfg-system' 10 | steps: 11 | # Issue stale management 12 | - uses: actions/stale@v6 13 | with: 14 | repo-token: ${{ secrets.GITHUB_TOKEN }} 15 | days-before-stale: 90 16 | days-before-close: -1 17 | stale-issue-message: 'This issue is stale because it has been open 90 days with no activity. The issue will be reviewed by a maintainer and may be closed' 18 | stale-issue-label: 'state: stale' 19 | exempt-issue-labels: 'state: accepted, state: in-progress' 20 | stale-pr-message: 'This PR is stale because it has been open 30 days with no activity. The PR will be reviewed by a maintainer and may be closed' 21 | stale-pr-label: 'state: stale' 22 | exempt-pr-labels: 'state: accepted, state: in-progress' 23 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.orig 2 | *.rej 3 | *# 4 | *~ 5 | .*.swp 6 | *.[oa] 7 | *.l[oa] 8 | *.so 9 | *.libs 10 | *.deps 11 | .dirstamp 12 | aclocal.m4 13 | autom4te.cache 14 | build-stamp 15 | config 16 | config.log 17 | config.guess 18 | config.status 19 | config.sub 20 | configure 21 | confdefs.h 22 | conftest 23 | conftest.c 24 | conftest.out 25 | debian/files 26 | debian/vyatta-cfg-system 27 | debian/vyatta-cfg-system.postinst 28 | debian/*.log 29 | debian/*.substvars 30 | debian/.debhelper 31 | INSTALL 32 | Makefile.in 33 | Makefile 34 | src/hypervisor_vendor 35 | -------------------------------------------------------------------------------- /.merge-branch-exclude: -------------------------------------------------------------------------------- 1 | 47f054cb196959bb79960f3b6c1524b4ff7d32a8 2 | 28aae71fe9f3e4da64c73eea4b79c5c08c5d8f9b 3 | a139c41faf9ccc7210218fcdf637a234967a6136 4 | 08d0d9ed2d8824a446bfe6a1ba660db854f1a8f5 5 | bdbd1c9b842ad5931b33a1ccf483354a59ce8dab 6 | 04ce9d5d2bead676a9961b91cb9ec41a0ec73d38 7 | c6b895817534113809c11c85d236d3170152df4f 8 | 1cb034ae31da409a541b2275f8a8ba45e9434f9f 9 | 3c6142ffeefc1575cfa5c0a370887c2eb0784b57 10 | a2e34c14b26ed7536f7068241a48cdd5d36e29d1 11 | b0d74d951ac50ab7b5d15913331f79f2c8518286 12 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | maintainers@vyos.net 2 | -------------------------------------------------------------------------------- /COPYING: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc. 5 | 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Library General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | 294 | Copyright (C) 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License 307 | along with this program; if not, write to the Free Software 308 | Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 309 | 310 | 311 | Also add information on how to contact you by electronic and paper mail. 312 | 313 | If the program is interactive, make it output a short notice like this 314 | when it starts in an interactive mode: 315 | 316 | Gnomovision version 69, Copyright (C) year name of author 317 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 318 | This is free software, and you are welcome to redistribute it 319 | under certain conditions; type `show c' for details. 320 | 321 | The hypothetical commands `show w' and `show c' should show the appropriate 322 | parts of the General Public License. Of course, the commands you use may 323 | be called something other than `show w' and `show c'; they could even be 324 | mouse-clicks or menu items--whatever suits your program. 325 | 326 | You should also get your employer (if you work as a programmer) or your 327 | school, if any, to sign a "copyright disclaimer" for the program, if 328 | necessary. Here is a sample; alter the names: 329 | 330 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 331 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 332 | 333 | , 1 April 1989 334 | Ty Coon, President of Vice 335 | 336 | This General Public License does not permit incorporating your program into 337 | proprietary programs. If your program is a subroutine library, you may 338 | consider it more useful to permit linking proprietary applications with the 339 | library. If this is what you want to do, use the GNU Library General 340 | Public License instead of this License. 341 | -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | bin_sudo_usersdir = $(bindir)/sudo-users 2 | checkparamsonrebootdir = $(bindir)/sudo-users/check-params-on-reboot.d 3 | initddir = /etc/init.d 4 | 5 | bin_SCRIPTS = 6 | sbin_SCRIPTS = 7 | sysconf_DATA = 8 | initd_SCRIPTS = 9 | bin_sudo_users_SCRIPTS = 10 | checkparamsonreboot_SCRIPTS = 11 | 12 | bin_SCRIPTS += scripts/progress-indicator 13 | bin_SCRIPTS += scripts/restricted-shell 14 | 15 | sbin_SCRIPTS += scripts/vyatta-grub-setup 16 | sbin_SCRIPTS += scripts/snmp/if-mib-alias 17 | sbin_SCRIPTS += scripts/install/install-get-partition 18 | sbin_SCRIPTS += scripts/install/install-functions 19 | sbin_SCRIPTS += scripts/install/install-image-new 20 | sbin_SCRIPTS += scripts/install/install-image-existing 21 | sbin_SCRIPTS += scripts/install/install-postinst-new 22 | sbin_SCRIPTS += scripts/install/install-image 23 | sbin_SCRIPTS += scripts/vyatta-dhcpv6-client.pl 24 | sbin_SCRIPTS += scripts/vyos-persistpath 25 | 26 | sysconf_DATA += sysconf/LICENSE 27 | sysconf_DATA += sysconf/filecaps 28 | sysconf_DATA += sysconf/netdevice 29 | 30 | rsyslogdir = /etc/rsyslog.d 31 | 32 | cpiop = find . ! -regex '\(.*~\|.*\.bak\|.*\.swp\|.*\#.*\#\)' -print0 | \ 33 | cpio -0pd 34 | 35 | install-exec-hook: 36 | -------------------------------------------------------------------------------- /NEWS: -------------------------------------------------------------------------------- 1 | None at this time 2 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | # NOTE 2 | 3 | This package is deprecated and all it's content was rewritten. You can find the 4 | new implementation here: https://github.com/vyos/vyos-1x -------------------------------------------------------------------------------- /configure.ac: -------------------------------------------------------------------------------- 1 | # Process this file with autoconf to produce a configure script. 2 | AC_PREREQ(2.59) 3 | 4 | m4_define([VERSION_ID], [m4_esyscmd([ 5 | if test -f .version ; then 6 | head -n 1 .version | tr -d \\n 7 | else 8 | echo -n 2.4 9 | fi])]) 10 | AC_INIT([vyatta-cfg-system], VERSION_ID, [maintainers@vyos.net]) 11 | 12 | test -n "$VYATTA_VERSION" || VYATTA_VERSION=$PACKAGE_VERSION 13 | 14 | AC_CONFIG_AUX_DIR([config]) 15 | AM_INIT_AUTOMAKE([gnu no-dist-gzip dist-bzip2 subdir-objects]) 16 | AC_PREFIX_DEFAULT([/opt/vyatta]) 17 | 18 | AC_ARG_ENABLE([nostrip], 19 | AC_HELP_STRING([--enable-nostrip], 20 | [include -nostrip option during packaging]), 21 | [NOSTRIP=-nostrip], [NOSTRIP=]) 22 | 23 | AC_CONFIG_FILES( 24 | [Makefile] 25 | [debian/vyatta-cfg-system.postinst]) 26 | 27 | AC_SUBST(NOSTRIP) 28 | 29 | AC_PROG_CC 30 | AC_PROG_CXX 31 | AM_PROG_AS 32 | AM_PROG_CC_C_O 33 | AC_OUTPUT 34 | 35 | -------------------------------------------------------------------------------- /debian/README: -------------------------------------------------------------------------------- 1 | The Debian Package vyatta-cfg-system 2 | ---------------------------- 3 | 4 | This package has the Vyatta systel-level configuration templates and scripts. 5 | 6 | -- An-Cheng Huang Mon, 1 Oct 2007 7 | -------------------------------------------------------------------------------- /debian/autogen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | 4 | rm -rf config 5 | rm -f aclocal.m4 config.guess config.statusconfig.sub configure INSTALL 6 | 7 | autoreconf --force --install 8 | 9 | rm -f config.sub config.guess 10 | ln -s /usr/share/misc/config.sub . 11 | ln -s /usr/share/misc/config.guess . 12 | -------------------------------------------------------------------------------- /debian/compat: -------------------------------------------------------------------------------- 1 | 10 2 | -------------------------------------------------------------------------------- /debian/control: -------------------------------------------------------------------------------- 1 | Source: vyatta-cfg-system 2 | Section: contrib/net 3 | Priority: extra 4 | Maintainer: VyOS Package Maintainers 5 | Build-Depends: debhelper (>= 5), autotools-dev, autoconf, automake, cpio 6 | Standards-Version: 3.9.1 7 | 8 | Package: vyatta-cfg-system 9 | Architecture: any 10 | Depends: adduser, 11 | dialog, 12 | sed (>= 4.1.5), 13 | perl (>= 5.10.1), 14 | libnetaddr-ip-perl, 15 | procps (>= 1:3.2.7-3), 16 | coreutils (>= 5.97-5.3), 17 | vyatta-cfg (>= 0.100.1), 18 | libc6 (>= 2.7-6), 19 | libpam-runtime (>= 1.0.1-5), 20 | vyatta-bash | bash (>= 3.1), 21 | sysv-rc, 22 | udev (>= 160-1), 23 | rsyslog | system-log-daemon, 24 | busybox, 25 | sudo, 26 | ed, 27 | installation-report, 28 | laptop-detect, 29 | mgetty, 30 | tasksel, 31 | tcpdump, 32 | mdadm, 33 | libio-socket-ssl-perl, 34 | ipvsadm (>= 1:1.24-2.1), 35 | apt-transport-https, 36 | libcap2-bin (>= 2.19), 37 | isc-dhcp-client, 38 | iproute2, 39 | curl, 40 | parted, 41 | libpam-cap, 42 | efibootmgr, 43 | libefivar0 | libefivar1, 44 | grub-efi-amd64-bin [amd64], 45 | grub-efi-arm64-bin [arm64], 46 | dosfstools, 47 | gdisk, 48 | vyatta-biosdevname, 49 | dmidecode 50 | Pre-Depends: bash-completion 51 | Suggests: util-linux (>= 2.13-5), 52 | net-tools, 53 | ncurses-bin (>= 5.5-5), 54 | ntpdate 55 | Description: VyOS system-level configuration 56 | VyOS system-level configuration utiliites, templates and scripts. 57 | -------------------------------------------------------------------------------- /debian/copyright: -------------------------------------------------------------------------------- 1 | This package was debianized by An-Cheng Huang on 2 | Thu, 18 Oct 2007 11:03:18 -0700. 3 | 4 | Modified by VyOS maintainers and contributors . 5 | 6 | The source code of the VyOS version is at: 7 | 8 | 9 | Upstream Author: 10 | 11 | 12 | 13 | Copyright: 14 | 15 | Copyright (C) 2007 Vyatta, Inc. 16 | Copyright (C) 2015 VyOS maintainers and contributors. 17 | 18 | License: 19 | 20 | This program is free software; you can redistribute it and/or modify 21 | it under the terms of the GNU General Public License as published by 22 | the Free Software Foundation; either version 2, or (at your option) 23 | any later version. 24 | 25 | This program is distributed in the hope that it will be useful, but 26 | WITHOUT ANY WARRANTY; without even the implied warranty of 27 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 28 | General Public License for more details. 29 | 30 | A copy of the GNU General Public License is available as 31 | `/usr/share/common-licenses/GPL' in the Debian GNU/Linux distribution 32 | or on the World Wide Web at `http://www.gnu.org/copyleft/gpl.html'. 33 | You can also obtain it by writing to the Free Software Foundation, 34 | Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, 35 | MA 02110-1301, USA. 36 | 37 | The Debian packaging is (C) 2007, An-Cheng Huang and 38 | is licensed under the GPL, see above. 39 | -------------------------------------------------------------------------------- /debian/docs: -------------------------------------------------------------------------------- 1 | NEWS 2 | README 3 | -------------------------------------------------------------------------------- /debian/lintian: -------------------------------------------------------------------------------- 1 | vyatta-cfg-system: file-in-unusual-dir 2 | vyatta-cfg-system: dir-or-file-in-opt 3 | -------------------------------------------------------------------------------- /debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | # -*- makefile -*- 3 | # Sample debian/rules that uses debhelper. 4 | # This file was originally written by Joey Hess and Craig Small. 5 | # As a special exception, when this file is copied by dh-make into a 6 | # dh-make output file, you may use that output file without restriction. 7 | # This special exception was added by Craig Small in version 0.37 of dh-make. 8 | 9 | # Uncomment this to turn on verbose mode. 10 | #export DH_VERBOSE=1 11 | 12 | 13 | # These are used for cross-compiling and for saving the configure script 14 | # from having to guess our platform (since we know it already) 15 | DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) 16 | DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) 17 | PACKAGE=vyatta-cfg-system 18 | PKGDIR=$(CURDIR)/debian/$(PACKAGE) 19 | 20 | CFLAGS = -Wall -g 21 | 22 | configure = ./configure 23 | configure += --host=$(DEB_HOST_GNU_TYPE) 24 | configure += --build=$(DEB_BUILD_GNU_TYPE) 25 | configure += --prefix=/opt/vyatta 26 | configure += --mandir=\$${prefix}/share/man 27 | configure += --infodir=\$${prefix}/share/info 28 | configure += CFLAGS="$(CFLAGS)" 29 | configure += LDFLAGS="-Wl,-z,defs" 30 | 31 | ifeq ($(shell dpkg --print-architecture),i386) 32 | SUBSTVARS = -Varch:Depends="grub-pc (>= 1.98+20100804)" 33 | endif 34 | 35 | ifeq ($(shell dpkg --print-architecture),amd64) 36 | SUBSTVARS = -Varch:Depends="grub-pc (>= 1.98+20100804)" 37 | endif 38 | 39 | ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) 40 | CFLAGS += -O0 41 | else 42 | CFLAGS += -O2 43 | endif 44 | 45 | configure: configure.ac Makefile.am 46 | chmod +x debian/autogen.sh 47 | debian/autogen.sh 48 | 49 | config.status: configure 50 | dh_testdir 51 | rm -f config.cache 52 | $(configure) 53 | 54 | build: build-stamp 55 | 56 | build-stamp: config.status 57 | dh_testdir 58 | $(MAKE) 59 | touch $@ 60 | 61 | clean: clean-patched 62 | 63 | # Clean everything up, including everything auto-generated 64 | # at build time that needs not to be kept around in the Debian diff 65 | clean-patched: 66 | dh_testdir 67 | dh_testroot 68 | if test -f Makefile ; then $(MAKE) clean distclean ; fi 69 | rm -f build-stamp 70 | rm -f config.status config.sub config.guess config.log 71 | rm -f aclocal.m4 configure Makefile.in Makefile INSTALL 72 | rm -rf config 73 | dh_clean 74 | 75 | install: build 76 | dh_testdir 77 | dh_testroot 78 | dh_clean -k 79 | dh_installdirs 80 | 81 | $(MAKE) DESTDIR=$(PKGDIR) install 82 | 83 | install -D --mode=0644 debian/lintian $(PKGDIR)/usr/share/lintian/overrides/$(PACKAGE) 84 | 85 | # Build architecture-independent files here. 86 | binary-indep: build install 87 | rm -f debian/files 88 | dh_testdir 89 | dh_testroot 90 | dh_installchangelogs ChangeLog 91 | dh_installdocs 92 | dh_install 93 | dh_installdebconf 94 | dh_link 95 | dh_strip 96 | dh_compress 97 | dh_fixperms 98 | dh_installdeb 99 | if [ -f "../.VYOS_DEV_BUILD" ]; then \ 100 | dh_gencontrol -- -v999.dev $(SUBSTVARS); \ 101 | else \ 102 | dh_gencontrol $(SUBSTVARS); \ 103 | fi 104 | dh_md5sums 105 | dh_builddeb 106 | 107 | # Build architecture-dependent files here. 108 | binary-arch: build install 109 | # This is an architecture independent package 110 | # so; we have nothing to do by default. 111 | 112 | binary: binary-indep binary-arch 113 | .PHONY: build clean binary-indep binary-arch binary install 114 | -------------------------------------------------------------------------------- /debian/vyatta-cfg-system.postinst.in: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | prefix=@prefix@ 4 | exec_prefix=@exec_prefix@ 5 | sysconfdir=@sysconfdir@ 6 | bindir=@bindir@ 7 | sbindir=@sbindir@ 8 | 9 | if [ "$sysconfdir" != "/etc" ]; then 10 | touch /etc/sudoers 11 | cp -p /etc/sudoers /etc/sudoers.bak 12 | 13 | # cleanup any old entries in /etc/sudoers from previous versions 14 | sed -i /etc/sudoers \ 15 | -e '/### BEGIN VYATTA/,/### END VYATTA/d' \ 16 | -e '/Cmnd_Alias IPTABLE/,/PPPOE_CMDS/d' \ 17 | -e '/sudo-users/d' \ 18 | -e '/env_keep+=VYATTA/d' || true 19 | 20 | # Set file capabilities 21 | sed -r -e '/^#/d' -e '/^[[:blank:]]*$/d' < $sysconfdir/filecaps | \ 22 | while read capability path; do 23 | touch -c $path 24 | setcap $capability $path 25 | done 26 | fi 27 | 28 | # create needed directories 29 | mkdir -p /var/log/user 30 | mkdir -p /var/core 31 | mkdir -p /opt/vyatta/etc/config/auth 32 | mkdir -p /opt/vyatta/etc/config/scripts 33 | mkdir -p /opt/vyatta/etc/config/user-data 34 | mkdir -p /opt/vyatta/etc/config/support 35 | chown -R root:vyattacfg /opt/vyatta/etc/config 36 | chmod -R 775 /opt/vyatta/etc/config 37 | mkdir -p /opt/vyatta/etc/logrotate 38 | mkdir -p /opt/vyatta/etc/netdevice.d 39 | 40 | touch /etc/environment 41 | 42 | if [ ! -f /etc/bash_completion ]; then 43 | echo "source /etc/bash_completion.d/10vyatta-op" > /etc/bash_completion 44 | echo "source /etc/bash_completion.d/20vyatta-cfg" >> /etc/bash_completion 45 | fi 46 | 47 | sed -i 's/^set /builtin set /' /etc/bash_completion 48 | 49 | dpkg-reconfigure -f noninteractive openssh-server 50 | rm -f /etc/ssh/*.broken 51 | update-rc.d -f ssh remove >/dev/null 52 | 53 | # Fix up PAM configuration for login so that invalid users are prompted 54 | # for password 55 | sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login 56 | 57 | # Change default shell for new accounts 58 | sed -i -e ':^DSHELL:s:/bin/bash:/bin/vbash:' /etc/adduser.conf 59 | 60 | # Do not allow users to change full name field (controlled by Vyatta config) 61 | sed -i -e 's/^CHFN_RESTRICT/#&/' /etc/login.defs 62 | 63 | # Only allow root to use passwd command 64 | if ! grep -q 'pam_succeed_if.so' /etc/pam.d/passwd ; then 65 | sed -i -e '/^@include/i \ 66 | password requisite pam_succeed_if.so user = root 67 | ' /etc/pam.d/passwd 68 | fi 69 | 70 | # Ask mdadm to call our own event handling daemon 71 | # Don't start mdadm daemon when running on livecd 72 | if [ -e /etc/default/mdadm ]; then 73 | sed -i 's+^DAEMON_OPTIONS=.*$+DAEMON_OPTIONS="--syslog --program /opt/vyatta/sbin/vyatta-raid-event"+' /etc/default/mdadm 74 | sed -i 's/^START_DAEMON.*$/START_DAEMON=false/' /etc/default/mdadm 75 | fi 76 | 77 | # remove unnecessary ddclient script in /etc/ppp/ip-up.d/ 78 | # this logs unnecessary messages trying to start ddclient 79 | rm -f /etc/ppp/ip-up.d/ddclient 80 | 81 | # Local Variables: 82 | # mode: shell-script 83 | # sh-indentation: 4 84 | # End: 85 | -------------------------------------------------------------------------------- /scripts/install/install-functions: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # this provides environment and functions needed by install scripts. 4 | # must be sourced by the scripts. 5 | 6 | if [ -e /etc/default/vyatta ] ; then 7 | . /etc/default/vyatta 8 | fi 9 | 10 | : ${vyatta_prefix:=/opt/vyatta} 11 | : ${vyatta_exec_prefix:=$vyatta_prefix} 12 | : ${vyatta_bindir:=${vyatta_exec_prefix}/bin} 13 | : ${vyatta_sysconfdir:=${vyatta_prefix}/etc} 14 | 15 | # trap signals so we can kill runaway progress indicators 16 | trap 'progress_indicator stop; exit 1' 1 17 | trap 'progress_indicator stop; exit 1' 2 18 | 19 | # mount point for the install root. 20 | # for union install, this is a r/w union mount. 21 | # for non-union install, this is the root partition mount. 22 | INST_ROOT=/mnt/inst_root 23 | 24 | # mount point for the writable root, i.e., the root partition. 25 | # this is only used for union install. 26 | WRITE_ROOT=/mnt/wroot 27 | 28 | # mount point for the readonly squashfs mount. 29 | # this is only used for union install. 30 | READ_ROOT=/mnt/squashfs 31 | 32 | # mount point for the ISO image. 33 | # this is only used when installing with an ISO image file 34 | # (instead of from a live CD boot). 35 | CD_ROOT=/mnt/cdrom 36 | 37 | # mount point for the squashfs image in the ISO image. 38 | # this is only used when installing with an ISO image file 39 | # (instead of from a live CD boot). 40 | CD_SQUASH_ROOT=/mnt/cdsquash 41 | 42 | # the vyatta config dir 43 | VYATTA_CFG_DIR=${vyatta_sysconfdir}/config 44 | VYATTA_NEW_CFG_DIR=/config 45 | 46 | # PROGRESS_PID can be exported by top-level script 47 | progress_indicator () { 48 | local spid=$PROGRESS_PID 49 | if [ -z "$spid" ]; then 50 | spid=$$ 51 | fi 52 | case "$1" in 53 | start) 54 | $vyatta_bindir/progress-indicator $spid & 55 | ;; 56 | *) 57 | if ! rm /tmp/pi.$spid 2>/dev/null; then 58 | sleep 1 59 | rm /tmp/pi.$spid 2>/dev/null 60 | fi 61 | sleep 1 62 | echo -n -e "\b" 63 | ;; 64 | esac 65 | } 66 | 67 | # echo to log. uses INSTALL_LOG if set. 68 | lecho () 69 | { 70 | local log=$INSTALL_LOG 71 | if [ -z "$log" ]; then 72 | log=/tmp/install-$$.log 73 | fi 74 | echo -e "$*" >>$log 75 | } 76 | 77 | # echo to both. 78 | becho () 79 | { 80 | lecho "$*" 81 | echo -e "$*" 82 | } 83 | 84 | tolower () { 85 | echo "$*" | tr '[:upper:]' '[:lower:]' 86 | } 87 | 88 | # Validates a user response. Returns the response if valid. 89 | # Returns the default is the user just hits enter. 90 | # Returns nothing if not valid. Default parameter is $1. 91 | # Options are in $2. If options are defined return must be a member 92 | # of the enum. 93 | get_response () { 94 | local ldefault=$(tolower "$1") 95 | local loptions=$(tolower "$2") 96 | 97 | 98 | if [ "$VYATTA_PROCESS_CLIENT" == "gui2_rest" ]; then 99 | myresponse=$ldefault 100 | else 101 | # get the response from the user 102 | read myresponse 103 | myresponse=$(tolower "$myresponse") 104 | fi 105 | 106 | # Check to see if the user accepts the default 107 | if [ -z "$myresponse" ]; then 108 | echo -n $ldefault 109 | elif [ -n "$loptions" ]; then 110 | # make sure response is a valid option 111 | for token in $loptions 112 | do 113 | if [ "$token" == "$myresponse" ]; then 114 | echo -n "$myresponse" 115 | return 0 116 | fi 117 | done 118 | return 1 119 | else 120 | echo -n "$myresponse" 121 | fi 122 | 123 | return 0 124 | } 125 | 126 | # turn off any mounted swap partitions 127 | turnoffswap () { 128 | if [ -f "/proc/swaps" ]; then 129 | myresponse=$(cat /proc/swaps) 130 | if [ -n "$myresponse" ]; then 131 | lecho "turning off swaps..." 132 | swapoff -a 133 | fi 134 | fi 135 | } 136 | 137 | # Return the size of the drive in MB 138 | get_drive_size () { 139 | local ldrive=$1 140 | 141 | # Get size of disk in 1k blocks 142 | local blocks=$(sfdisk -s /dev/$ldrive) 143 | 144 | # Translate to Megabytes (SI units) 145 | local bytes=$(($blocks * 1024)) 146 | local lsize=$(($bytes / 1000000)) 147 | 148 | echo $lsize 149 | } 150 | 151 | # Probe hardrives not shown in /proc/partitions by default 152 | probe_drives () { 153 | # Find drives that may not be in /proc/partitions since not mounted 154 | drive=$(ls /sys/block | grep '[hsv]d.|nvme.|mmcblk.') 155 | 156 | # now exclude all drives that are read-only 157 | for drive in $drive; do 158 | if [ $(cat /sys/block/$drive/ro) -ne 0 ]; then 159 | output=$(mount | grep $drive) 160 | if [ -z "$output" ]; then 161 | output=$(parted -s /dev/$drive p) 162 | fi 163 | fi 164 | done 165 | } 166 | 167 | # Display text $1 before choice. 168 | # Sets the variable named by $2. 169 | # Note that select_drive should be wrapped 170 | # in the verification loop, not the included get_response. 171 | select_drive () { 172 | local msg=$1 173 | local outvar=$2 174 | local drv='' 175 | # list the drives in /proc/partitions. Remove partitions and empty lines. 176 | # the first grep pattern looks for devices named c0d0, hda, and sda. 177 | drives=$(cat /proc/partitions | \ 178 | awk '{ if ($4!="name") { print $4 } }' | \ 179 | egrep "c[0-9]d[0-9]$|[hsv]d[a-z]$|nvme[0-9]n[0-9]$|mmcblk[0-9]" | \ 180 | egrep -v "^$" | sort) 181 | 182 | #this needs more testing to decide if better than above 183 | #drives=$(lsblk -dn -o name -I8) 184 | 185 | # take the first drive as the default 186 | drv=$(echo $drives | /usr/bin/awk '{ print $1 }') 187 | 188 | # Add the drive sizes to the display to help the user decide 189 | display='' 190 | for drive in $drives; do 191 | size=$(get_drive_size $drive) 192 | display="$display $drive\t$size"MB"\n" 193 | done 194 | 195 | while true; do 196 | # Display the drives and ask the user which one to install to 197 | echo -e "$display" 198 | echo 199 | echo -n "$1 [$drv]:" 200 | response=$(get_response "$drv" "$drives") && break 201 | done 202 | eval "$outvar=$response" 203 | 204 | echo 205 | } 206 | 207 | 208 | # Add a console entry to the config file. 209 | # $1: Console device name (e.g. ttyS0) 210 | # $2: Path to config file 211 | # 212 | add_console_entry () { 213 | console_dev=$1 214 | config_file=$2 215 | sed -i -e "/console {/a \ \ 216 | device $console_dev {\n\ 217 | speed 115200\n\ 218 | }" $config_file 219 | } 220 | 221 | # $1: user name 222 | # $2: encrypted password 223 | # $3: config file 224 | set_encrypted_password () { 225 | sed -i -e \ 226 | "/ user $1 {/,/}/s/encrypted-password.*\$/encrypted-password \"$2\"/" $3 227 | } 228 | 229 | # interactively prompt user to change password for the specified account in 230 | # the specified config file 231 | # $1: account name 232 | # $2: config file 233 | change_password() { 234 | local user=$1 235 | local config=$2 236 | local pwd1="1" 237 | local pwd2="2" 238 | 239 | until [[ "$pwd1" == "$pwd2" ]]; do 240 | read -p "Enter password for user '$user':" -r -s pwd1 <>/dev/tty 2>&0 241 | echo 242 | if [[ "$pwd1" == "" ]]; then 243 | echo "'' is not a valid password" 244 | continue 245 | fi 246 | read -p "Retype password for user '$user':" -r -s pwd2 <>/dev/tty 2>&0 247 | echo 248 | 249 | if [ "$pwd1" != "$pwd2" ]; then 250 | echo "Passwords do not match" 251 | fi 252 | done 253 | 254 | # escape any slashes in resulting password 255 | local epwd=$(mkpasswd --method=sha-512 "$pwd1" | sed 's:/:\\/:g') 256 | set_encrypted_password "$user" "$epwd" "$config" 257 | } 258 | 259 | # returns true if it's a disk-based boot 260 | is_disk_based_boot() 261 | { 262 | islive=`grep boot=live /proc/cmdline` 263 | if [ -z "$islive" ]; then 264 | # Return value 0 is "true" is shell 265 | return 0 266 | else 267 | return 1 268 | fi 269 | } 270 | 271 | # returns true if it's a live cd boot 272 | is_live_cd_boot () 273 | { 274 | # Poor check, but whatever. The point is that on installed system 275 | # the image file normally is named after the current version, 276 | # while on livecd it's just "filesystem.squashfs" 277 | if grep -q -e '^overlay.*/filesystem.squashfs' /proc/mounts; then 278 | return 0 279 | else 280 | return 1 281 | fi 282 | } 283 | 284 | # returns true if it's a union-install boot 285 | is_union_install () 286 | { 287 | if is_live_cd_boot; then 288 | return 1 289 | fi 290 | if grep -q 'upperdir=/live/persistence/' /proc/mounts \ 291 | && egrep -q 'overlay / overlay ' /proc/mounts; then 292 | return 0 293 | else 294 | return 1 295 | fi 296 | } 297 | 298 | # outputs the version string of the current running version. 299 | get_cur_version () 300 | { 301 | ver=`cat /opt/vyatta/etc/version | awk '{print $2}'` 302 | if [ -z "$ver" ]; then 303 | echo "UNKNOWN" 304 | else 305 | echo $ver 306 | fi 307 | } 308 | 309 | # outputs the version string of the new version, i.e., the version that is 310 | # being installed. this can be from live CD boot or from a ISO image file. 311 | get_new_version () 312 | { 313 | ver_path=/var/lib/dpkg/status 314 | ver_file=${CD_SQUASH_ROOT}${ver_path} 315 | if [ -f "$ver_file" ]; then 316 | # CD_SQUASH_ROOT is set up => we are installing with a specified ISO 317 | # image file. use the version string from there. 318 | dpkg -l --root=${CD_SQUASH_ROOT} | \ 319 | grep "^.. vyatta-version " | awk '{print $3}' 320 | return 321 | fi 322 | 323 | ver_file=${ver_path} 324 | if is_live_cd_boot && [ -f "$ver_file" ]; then 325 | # we are installing from a live CD boot 326 | ver=`cat /opt/vyatta/etc/version | awk '{print $2}'` 327 | echo $ver 328 | return 329 | fi 330 | 331 | # couldn't find it 332 | } 333 | 334 | # Generate mount options based on the type of union mount 335 | gen_mopts () 336 | { 337 | local mnttype=$1 338 | local upper=$2 339 | local lower=$3 340 | local work=$4 341 | local mntpoint=$5 342 | 343 | case "$1" in 344 | overlay) 345 | echo "-t $mnttype -o noatime,upperdir=$upper,lowerdir=$lower,workdir=$work $mnttype $mntpoint" 346 | ;; 347 | *) 348 | echo "-t $mnttype -o noatime,dirs=$upper=rw:$lower=ro $mnttype $mntpoint" 349 | ;; 350 | esac 351 | } 352 | 353 | # try to mount. log any errors and return the appropriate status. 354 | # $1: arguments for mount 355 | try_mount () 356 | { 357 | args="$*" 358 | output=$(eval "mount $args 2>&1") 359 | status=$? 360 | if [ $status == 0 ]; then 361 | return 0 362 | fi 363 | # error 364 | cat <&1") 379 | status=$? 380 | if [ $status == 0 ]; then 381 | return 0 382 | fi 383 | # error 384 | cat </dev/null 2>&1 66 | mdadm --assemble --scan --auto=yes --symlink=no 67 | 68 | # Identify physical drives 69 | raid_drives=$(cat /proc/partitions | awk '{ if ($4!="name") { print $4 } }' \ 70 | | grep "md" | egrep -v "^$") 71 | if [ -z "$raid_drives" ]; then 72 | return 73 | fi 74 | 75 | for drive in $raid_drives; do 76 | members=`ls /sys/block/$drive/slaves` 77 | for member in $members; do 78 | cdrive=`lsblk -dn -o pkname /dev/$member` 79 | if [ "$ldrive" == "$cdrive" ]; then 80 | mdadm --stop --scan 81 | for member in $members; do 82 | drive=${member:0:3} 83 | part=${member:3:1} 84 | echo "Re-setting partition ID for RAID group $raid_drive member /dev/${member}:" 85 | if [ -d /sys/firmware/efi ]; then 86 | sgdisk --part-type /dev/$drive $part 0x83 87 | else 88 | sfdisk --part-type /dev/$drive $part 0x83 89 | fi 90 | echo "Clearing RAID superblock from RAID group $raid_drive member /dev/${member}." 91 | mdadm --zero-superblock /dev/$member 92 | done 93 | fi 94 | done 95 | done 96 | } 97 | 98 | check_for_new_raid () { 99 | # Identify physical drives 100 | driveName=() 101 | driveSize=() 102 | driveNameSize=() 103 | drives=$(cat /proc/partitions | \ 104 | awk '{ if ($4!="name") { print $4 } }' | \ 105 | egrep "c[0-9]d[0-9]$|[hsv]d[a-z]$|nvme[0-9]n[0-9]$|mmcblk[0-9]" | \ 106 | egrep -v "^$" | sort) 107 | 108 | for instdrv in $drives 109 | do 110 | if mount | grep iso9660 | grep -q $instdrv 111 | then 112 | drives=${drives//"$instdrv"/} 113 | else 114 | driveName+=("$instdrv") 115 | driveSize+=($(get_drive_size $instdrv)) 116 | driveNameSize+=("$instdrv $(get_drive_size $instdrv) MB") 117 | fi 118 | done 119 | 120 | numdrives=`echo $drives | wc -w` 121 | 122 | # Need at least two drives for RAID-1. If there are more than two 123 | # drives found we have the option to check for two drives of the same size 124 | # or configure manually. 125 | 126 | if [ $numdrives -lt 2 ]; then 127 | return 128 | elif [ $numdrives -gt 2 ]; then 129 | echo "Found ${numdrives} drives." 130 | echo -n "Would you like to configure RAID-1 mirroring? (Yes/No) [Yes]:" 131 | response=$(get_response "Yes" "Yes No Y N") 132 | if [ "$response" == "no" ] || [ "$response" == "n" ]; then 133 | echo "Ok. Not configuring RAID-1." 134 | return 135 | else 136 | echo -n "Would you like find and use 2 drives of the same size? (Yes/No) [Yes]:" 137 | response=$(get_response "Yes" "Yes No Y N") 138 | if [ "$response" == "yes" ] || [ "$response" == "y" ]; then 139 | raiddrives=$(get_size_raid) 140 | if [ -n "$raiddrives" ]; then 141 | drives=$raiddrives 142 | else 143 | echo "No drives with the same size found." 144 | echo -n "Would you like to manually select the drives? (Yes/No) [Yes]:" 145 | response=$(get_response "Yes" "Yes No Y N") 146 | if [ "$response" == "yes" ] || [ "$response" == "y" ]; then 147 | raiddrives=$(get_manual_raid) 148 | if [ -n "$raiddrives" ]; then 149 | drives=$raiddrives 150 | fi 151 | else 152 | echo "Ok. Not configuring RAID-1." 153 | return 154 | fi 155 | fi 156 | else 157 | echo -n "Would you like to manually select the drives? (Yes/No) [Yes]:" 158 | response=$(get_response "Yes" "Yes No Y N") 159 | if [ "$response" == "yes" ] || [ "$response" == "y" ]; then 160 | raiddrives=$(get_manual_raid) 161 | if [ -n "$raiddrives" ]; then 162 | drives=$raiddrives 163 | fi 164 | else 165 | echo "Ok. Not configuring RAID-1." 166 | return 167 | fi 168 | fi 169 | fi 170 | fi 171 | 172 | drive1=`echo $drives | awk '{ print $1 }'` 173 | drive2=`echo $drives | awk '{ print $2 }'` 174 | 175 | drivesize1=$(get_drive_size $drive1) 176 | drivesize2=$(get_drive_size $drive2) 177 | 178 | # Both drives must have enough space to hold our minimum root filesystem 179 | # 180 | if [ $drivesize1 -lt $ROOT_MIN -o $drivesize2 -lt $ROOT_MIN ]; then 181 | return 182 | fi 183 | 184 | echo "You have two disk drives:" 185 | echo -e "\t$drive1 \t$drivesize1 MB" 186 | echo -e "\t$drive2 \t$drivesize2 MB" 187 | 188 | echo -n "Would you like to configure RAID-1 mirroring on them? (Yes/No) [Yes]:" 189 | response=$(get_response "Yes" "Yes No Y N") 190 | if [ "$response" == "no" ] || [ "$response" == "n" ]; then 191 | echo "Ok. Not configuring RAID-1." 192 | return 193 | fi 194 | 195 | if [ $drivesize1 -ne $drivesize2 ]; then 196 | echo "Since the disks are not the same size, we will use the smaller" 197 | echo "of the two sizes in configuring the RAID-1 set. This will" 198 | echo "waste some space on the larger drive." 199 | echo "" 200 | fi 201 | 202 | # Configure RAID-1 203 | echo "This process will erase all data on both drives." 204 | echo -n "Are you sure you want to do this? (Yes/No) [No]: " 205 | response=$(get_response "No" "Yes No Y N") 206 | if [ "$response" == "no" ] || [ "$response" == "n" ]; then 207 | echo "Ok. Not configuring RAID-1." 208 | return 209 | fi 210 | 211 | config_saved='no' 212 | for drive in $drives; do 213 | echo "Deleting old partitions on drive $drive" 214 | # remove any existing partitions on that drive 215 | delete_partitions "$drive" "$config_saved" 216 | config_saved='yes' 217 | done 218 | 219 | # Need to leave space on both disks between the MBR and the start 220 | # of the first partition for grub. Grub needs to embed a large 221 | # boot image there when booting off RAID devices. 222 | # 223 | # Partition creation variables are in units of megabytes. 224 | part_start_offset=2 225 | data_dev=1 226 | 227 | if [ $drivesize1 -lt $drivesize2 ]; then 228 | root_size=$drivesize1 229 | else 230 | root_size=$drivesize2 231 | fi 232 | 233 | let root_size-=$part_start_offset 234 | 235 | for drive in $drives; do 236 | create_partitions "$drive" $root_size "no" 237 | if [ -d /sys/firmware/efi ]; then 238 | #EFI moves the data parition on RAID to 3 239 | data_dev=3 240 | echo "Create data partition: ${data_dev} on /dev/${drive}" 241 | else 242 | echo "Creating data partition: ${data_dev} on /dev/${drive}" 243 | sfdisk --part-type /dev/$drive $data_dev 0xfd >/dev/null 2>&1 244 | # mark data partition as bootable 245 | lecho "Marking /dev/$drive partition $data_dev bootable" 246 | output=$(parted -s /dev/$drive set $data_dev boot on 2>&1) 247 | lecho "$output" 248 | fi 249 | done 250 | 251 | # Must give partition device time to settle 252 | sleep 5 253 | echo 254 | 255 | for drive in $drives; do 256 | # add "p" suffix for partitions on storages like eMMC, NVME 257 | if [[ -n $(echo ${drive} | egrep "c[0-9]d[0-9]$|nvme[0-9]n[0-9]$|mmcblk[0-9]") ]]; then 258 | partprefix="p" 259 | fi 260 | echo "Erasing any previous RAID metadata that may exist on /dev/${drive}${partprefix}${data_dev}" 261 | mdadm --zero-superblock /dev/${drive}${partprefix}${data_dev} 262 | done 263 | 264 | echo "Creating RAID-1 group on partitions: /dev/${drive1}${partprefix}${data_dev} /dev/${drive2}${partprefix}${data_dev}" 265 | 266 | raid_dev=md0 267 | yes|mdadm --create /dev/$raid_dev --level=1 --raid-disks=2 --metadata=0.90 \ 268 | /dev/${drive1}${partprefix}${data_dev} /dev/${drive2}${partprefix}${data_dev} 269 | 270 | if [ $? = 0 -a -e /dev/$raid_dev ]; then 271 | echo "RAID-1 group created successfully:" 272 | cat /proc/mdstat | grep --after-context 2 ^$raid_dev | sed -e 's/^/\t/' 273 | cp /usr/share/initramfs-tools/scripts/local-block/mdadm /etc/initramfs-tools/scripts/local-top/ 274 | sed -i 's/\$((COUNT + 1))/20/g' /etc/initramfs-tools/scripts/local-top/mdadm 275 | if [ -e /usr/sbin/update-initramfs ]; then 276 | echo "Updating initramfs to include the raid config:" 277 | /usr/sbin/update-initramfs -u 278 | fi 279 | else 280 | echo "Unable to create RAID-1 group!" 281 | return 282 | fi 283 | 284 | INSTALL_DRIVE=$raid_dev 285 | ROOT_PARTITION=$INSTALL_DRIVE 286 | ROOT_PARTITION_TYPE=new 287 | 288 | # Give device time to settle... 289 | sleep 5 290 | 291 | # create the filesystem on the part 292 | make_filesystem "$ROOT_PARTITION" 293 | } 294 | 295 | # Allow the user to select a partition to work with 296 | # sets the global PARTITION 297 | # $1 is the text to display before prompt 298 | select_partition () { 299 | minsize=$1 300 | text=$2 301 | exclude=$3 302 | 303 | echo -n "Looking for appropriate partitions: " 304 | progress_indicator start 305 | 306 | # initialize out global var. using globals in this way is bad form. I know. 307 | PARTITION='' 308 | 309 | # list only the partitions in /proc/partitions. 310 | parts=$(cat /proc/partitions | awk '{ if ($4!="name") { print $4 " "} }' \ 311 | | egrep "[0-9]" | egrep -v "loop" | tr -d '\n') 312 | 313 | # remove any partitions we have already previously used 314 | if [ -n "$exclude" ]; then 315 | for part in $parts; do 316 | temp=$(echo $part | egrep -v $exclude) 317 | parts_temp="$parts_temp $temp" 318 | done 319 | parts=$parts_temp 320 | fi 321 | 322 | # Get the partition sizes for display 323 | # only show linux partitions that have sizes, i.e. remove loops 324 | display='' 325 | myparts='' 326 | for part in $parts; do 327 | if [ ${part:0:2} = "md" ]; then 328 | parttype="RAID" 329 | else 330 | rootdev=$(echo $part | sed -E 's/p?[0-9]$//g') 331 | parttype=$(fdisk -l /dev/$rootdev | grep $part | grep Linux) 332 | fi 333 | if [ -n "$parttype" ]; then 334 | lsize=$(get_drive_size $part) 335 | if [ "$lsize" -a $lsize -ge $minsize ]; then 336 | display="$display $part\t\t$lsize"MB"\n" 337 | myparts="$myparts $part" 338 | fi 339 | fi 340 | done 341 | 342 | progress_indicator stop 343 | echo "OK" 344 | 345 | if [ -n "$myparts" ]; then 346 | lpartition='' 347 | while [ -z "$lpartition" ]; do 348 | # take the first partition as the default 349 | lpartition=$(echo $myparts | /usr/bin/awk '{ print $1 }') 350 | 351 | echo "I found the following partitions suitable for the VyOS image:" 352 | echo -e "Partition\tSize" 353 | echo -e "$display" 354 | echo 355 | echo -n "$text [$lpartition]: " 356 | 357 | lpartition=$(get_response "$lpartition" "$myparts") 358 | echo 359 | done 360 | else 361 | becho "No suitable partition sizes found. Exiting..." 362 | exit 1 363 | fi 364 | PARTITION=$lpartition 365 | } 366 | 367 | rename_old_config() { 368 | files=$(find /mnt/config -mindepth 1 -type f | grep -v pre-glendale) 369 | for f in $files; do 370 | if grep -q '/\*XORP Configuration File, v1.0\*/' $f >&/dev/null; then 371 | CURTIME=$(date +%F-%H%M%S) 372 | mv $f $f.pre-glendale.$CURTIME 373 | fi 374 | done 375 | } 376 | 377 | ## save_old_config 378 | # Copy config files from /mnt/tmp to /mnt/config 379 | save_old_config() { 380 | local part=$1 381 | local response='' 382 | 383 | # Look to see if there is a config partition there 384 | while [ -z "$response" ]; do 385 | echo "$part has an old configuration directory!" 386 | echo -ne "Would you like me to save the data on it\nbefore I delete it? (Yes/No) [Yes]: " 387 | response=$(get_response "Yes" "Yes No Y N") 388 | done 389 | 390 | if [ "$response" == "yes" ] || [ "$response" == "y" ]; then 391 | mkdir -p /mnt/config 392 | if [ -d /mnt/tmp/opt/vyatta/etc/config ]; then 393 | output=$(cp -pR /mnt/tmp/opt/vyatta/etc/config/* /mnt/config) 394 | else 395 | output=$(cp -pR /mnt/tmp/* /mnt/config) 396 | fi 397 | if [ -n "$output" ]; then 398 | echo -e "Warning: error in copying the old config partition.\nSee $INSTALL_LOG for more details." 399 | lecho "Warning: error in copying the old config partition.\ncp -pR /mnt/tmp/* /mnt/config\n$output\n" 400 | fi 401 | rename_old_config 402 | fi 403 | } 404 | 405 | ## save_old_keys 406 | # Copy SSH keys from /mnt/tmp/etc/ssh /mnt/ssh 407 | save_old_keys() { 408 | local part=$1 409 | local response='' 410 | 411 | while [ -z "$response" ] 412 | do 413 | echo "$part has SSH host keys" 414 | echo -ne "Would you like me to keep SSH keys on new install? (Yes/No) [Yes]: " 415 | response=$(get_response "Yes" "Yes No Y N") 416 | done 417 | 418 | if [ "$response" == "yes" ] || [ "$response" == "y" ]; then 419 | mkdir -p /mnt/ssh 420 | output=$(cp -p /mnt/tmp/etc/ssh/ssh_host_* /mnt/ssh) 421 | 422 | if [ -n "$output" ]; then 423 | echo -e "Warning: error in copying the old ssh keys." 424 | echo -e "See $INSTALL_LOG for more details." 425 | echo "Warning: error in copying the old ssh keys." >> $INSTALL_LOG 426 | echo "cp -pR /mnt/tmp/etc/ssh/ssh_host_* /mnt/ssh" >> $INSTALL_LOG 427 | echo "$output\n">> $INSTALL_LOG 428 | return 429 | fi 430 | 431 | # reset modes on keys (should already be set) 432 | chmod 600 /mnt/ssh/*_key 2>&1 433 | chmod 644 /mnt/ssh/*.pub 2>&1 434 | echo "SSH keys have been saved." 435 | else 436 | echo "OK. SSH keys not saved." 437 | fi 438 | } 439 | 440 | save_image_config() { 441 | image_name=$1 442 | 443 | # Cleanup from possible partial last run 444 | rm -fr /mnt/config 445 | mkdir /mnt/config 446 | 447 | output=$(cp -pR /mnt/tmp/boot/$image_name/rw/config/* /mnt/config) 448 | 449 | if [ -n "$output" ]; then 450 | echo -e "Warning: error in copying the old config partition.\nSee $INSTALL_LOG for more details." 451 | lecho "Warning: error in copying the old config partition.\ncp -pR /mnt/tmp/* /mnt/config\n$output\n" 452 | fi 453 | rename_old_config 454 | } 455 | 456 | save_image_keys() { 457 | image_name=$1 458 | 459 | if [ ! -d /mnt/tmp/boot/$image_name/rw/etc/ssh ]; then 460 | echo "No SSH keys found on $image_name, so none can be saved." 461 | return; 462 | fi 463 | 464 | echo -n "Would you like to save SSH keys from $image_name too? (Yes/No) [Yes] " 465 | 466 | response=$(get_response "Yes" "Yes No Y N") 467 | if [ "$response" != "yes" ] && [ "$response" != "y" ]; then 468 | echo "OK. SSH keys not saved." 469 | return 470 | fi 471 | 472 | mkdir -p /mnt/ssh 473 | output=$(cp -p /mnt/tmp/boot/$image_name/rw/etc/ssh/ssh_host_* /mnt/ssh) 474 | 475 | if [ -n "$output" ]; then 476 | echo -e "Warning: error in copying the old ssh keys." 477 | echo -e "See $INSTALL_LOG for more details." 478 | echo "Warning: error in copying the old ssh keys." >> $INSTALL_LOG 479 | echo "cp -pR /mnt/tmp/etc/ssh/ssh_host_* /mnt/ssh" >> $INSTALL_LOG 480 | echo "$output\n">> $INSTALL_LOG 481 | return 482 | fi 483 | 484 | # reset modes on keys (should already be set) 485 | chmod 600 /mnt/ssh/*_key 2>&1 486 | chmod 644 /mnt/ssh/*.pub 2>&1 487 | 488 | echo "SSH keys have been saved." 489 | } 490 | 491 | save_old_info() { 492 | part=$1 493 | copied=0 494 | 495 | # Cleanup from possible partial last run 496 | rm -fr /mnt/config 497 | rm -fr /mnt/ssh 498 | 499 | echo "Looking for config files from previous installations on $part..." 500 | 501 | # Look to see if this is a disk-based installation config partition 502 | if [ -f /mnt/tmp/opt/vyatta/etc/config/.vyatta_config ] \ 503 | || [ -f /mnt/tmp/.vyatta_config ]; then 504 | save_old_config $1 505 | copied=1 506 | fi 507 | 508 | if [ -d /mnt/tmp/etc/ssh ]; then 509 | save_old_keys $1 510 | copied=1 511 | fi 512 | 513 | if [ $copied -eq 0 ]; then 514 | # Check for images 515 | images=() 516 | image_dirs=/mnt/tmp/boot/* 517 | 518 | for dir in $image_dirs; do 519 | if [ -f $dir/rw/config/.vyatta_config ]; then 520 | 521 | item=${dir##/mnt/tmp/boot/} 522 | images=($item ${images[@]}) 523 | fi 524 | done 525 | 526 | num_images=${#images[@]} 527 | 528 | if [ $num_images -gt 0 ]; then 529 | echo "I found the following installed system image(s) with config files on $part:" 530 | for (( i = 0; i < $num_images; i++ )); do 531 | echo " $((i + 1)): ${images[$i]}" 532 | done 533 | 534 | if [ $num_images -eq 1 ]; then 535 | echo -n "Would you like to save config information from it? (Yes/No) [Yes] " 536 | else 537 | echo -n "Would you like to save config information from one? (Yes/No) [Yes] " 538 | fi 539 | 540 | response=$(get_response "Yes" "Yes No Y N") 541 | if [ "$response" != "yes" ] && [ "$response" != "y" ]; then 542 | echo "OK. Config information not saved." 543 | return 544 | fi 545 | 546 | if [ $num_images -gt 1 ]; then 547 | image_index=-1 548 | while [ $image_index -lt 0 -o $image_index -ge $num_images ]; do 549 | echo -n "From which image would you like to save config information? (1 .. $num_images): " 550 | read num 551 | image_index=$((num - 1)) 552 | done 553 | else 554 | image_index=0 555 | fi 556 | 557 | image_name=${images[$image_index]} 558 | echo "Saving config information from image $image_name." 559 | save_image_config $image_name 560 | echo "Done." 561 | 562 | save_image_keys $image_name 563 | fi 564 | fi 565 | } 566 | 567 | 568 | # Delete all existing partitions for an automated install 569 | # $1 is the drive to delete partitions from 570 | # $2 is to save the config from only the first drive 571 | delete_partitions () { 572 | ldrive=$1 573 | config_saved=$2 574 | 575 | delete_old_raid $ldrive 576 | 577 | # get the partitions on the drive 578 | # in the first grep below we add the optional [p] in order to 579 | # accomdate cciss drives 580 | partitions=$(awk '/'$ldrive'p?[0-9]+$/ { sub(/'$ldrive'/, "") ; print $NF }' /proc/partitions) 581 | mkdir -p /mnt/tmp 582 | 583 | # now for each part, blow it away 584 | for lpart in $partitions; do 585 | dev_name=/dev/$ldrive$lpart 586 | output=$(mount -r $dev_name /mnt/tmp 2>&1) 587 | if [ $? != 0 ]; then 588 | echo "cannot mount $dev_name" 589 | lecho "Cannot mount $dev_name"."\n" 590 | lecho "mount $dev_name /mnt/tmp\n" 591 | lecho "$output" 592 | else 593 | if [ "$config_saved" == "no" ]; then 594 | save_old_info $ldrive$lpart 595 | fi 596 | umount /mnt/tmp 597 | fi 598 | 599 | # we must remove possible suffixes from a partition number before passing it to parted 600 | lpart="$(echo $lpart | sed 's/[^0-9]//')" 601 | 602 | lecho "Removing partition $lpart on /dev/$ldrive" 603 | output=$(parted -s /dev/$ldrive rm $lpart) 604 | status=$? 605 | if [ "$status" != 0 ]; then 606 | echo -e "Warning: cannot delete partition $lpart on $ldrive.\n" 607 | echo -e "Please see $INSTALL_LOG for more details." 608 | lecho "Warning: cannot delete partition $lpart on $ldrive.\n" 609 | lecho "parted /dev/$ldrive rm $lpart\n$output" 610 | fi 611 | 612 | # We add a bogus sleep here because the loop needs to wait for udev 613 | sleep 5 614 | done 615 | } 616 | 617 | # make a filesystem on the drive 618 | # $1 is the drive to format 619 | make_filesystem () { 620 | ldrive=$1 621 | 622 | echo -n "Creating filesystem on /dev/$ldrive: " 623 | lecho "Creating filesystem on /dev/$ldrive..." 624 | 625 | progress_indicator start 626 | output=$(mkfs -L persistence -t $ROOT_FSTYPE /dev/$ldrive 2>&1) 627 | status=$? 628 | if [ "$status" != 0 ]; then 629 | echo -e "Error: couldn't create the root filesystem.\nSee $INSTALL_LOG for further details.\nExiting..." 630 | lecho "Error: couldn't create the root filesystem.\n/sbin/mke2fs -j /dev/$ldrive\n$output" 631 | exit 1 632 | fi 633 | progress_indicator stop 634 | echo "OK" 635 | } 636 | 637 | # create the root partition 638 | # $1 is the install drive e.g. sda 639 | # $2 is the partition size e.g. 512 640 | # This will set the global ROOT_PARTITION 641 | create_partitions() { 642 | ldrive=$1 643 | root_part_size=$2 644 | initialize_fs=$3 645 | 646 | # Make sure there is enough space on drive 647 | size=$(get_drive_size "$ldrive") 648 | if [ "$root_part_size" -gt "$size" ]; then 649 | echo "Error: $ldrive is only $size"MB" large. Desired root is $root_part_size" 650 | exit 1 651 | fi 652 | if [ -d /sys/firmware/efi ]; then 653 | #Need room for the EFI partition. 512 is standard, but 256 is probably okay here 654 | root_part_size=$((root_part_size - 256)) 655 | 656 | ##Do GPT/EFI Setup 657 | sgdisk --zap-all /dev/$ldrive 658 | # part1 = BIOS BOOT (backwards compatibility) 659 | # part2 = EFI 660 | # part3 = ROOT 661 | sgdisk -a1 -n1:34:2047 -t1:EF02 \ 662 | -n2:2048:+256M -t2:EF00 \ 663 | -n3:0:0:+$root_part_size -t3:8300 /dev/$ldrive 664 | status=$? 665 | if [ "$status" != 0 ]; then 666 | echo -e "Error creating primary partition on $ldrive.\nPlease see $INSTALL_LOG for more details.\nExiting..." 667 | lecho "Error creating primary partition on $ldrive.\nparted /dev/$ldrive mkpart primary 0% $root_part_size\n$output" 668 | exit 1 669 | fi 670 | # set the partition number on the device. 671 | if [ -n "$( echo $ldrive | grep -E "cciss|ida|nvme|mmcblk" )" ]; then 672 | # if this is a cciss 673 | ROOT_PARTITION=$ldrive"p3" 674 | efipart=$ldrive"p2" 675 | else 676 | # else... the rest of the world 677 | ROOT_PARTITION=$ldrive"3" 678 | efipart=$ldrive"2" 679 | fi 680 | #Add the drive to the file so grub can install 681 | echo $efipart >> /tmp/efiparts.tmp 682 | else 683 | # Force FAT label creation 684 | lecho "Creating a new disklabel on $ldrive" 685 | parted -s /dev/$ldrive mklabel msdos 686 | 687 | # Make sure you can print disk info using parted 688 | parted --script /dev/$ldrive p >/dev/null 2>&1 689 | 690 | # If we still can't, something has gone terribly wrong 691 | if [ "$?" != "0" ]; then 692 | echo "Unable to read disk label. Exiting." 693 | exit 1 694 | fi 695 | 696 | lecho "Creating root partition on /dev/$ldrive" 697 | 698 | # Make the root partition 699 | # if optimal_io_size is empty use default of 2048s 700 | if [ $(cat /sys/block/$ldrive/queue/optimal_io_size) -gt 0 ]; then 701 | output=$(parted --script --align optimal /dev/$ldrive mkpart primary 0% $root_part_size) 702 | else 703 | output=$(parted --script --align optimal /dev/$ldrive mkpart primary 2048s $root_part_size) 704 | fi 705 | status=$? 706 | if [ "$status" != 0 ]; then 707 | echo -e "Error creating primary partition on $ldrive.\nPlease see $INSTALL_LOG for more details.\nExiting..." 708 | lecho "Error creating primary partition on $ldrive.\nparted /dev/$ldrive mkpart primary 0% $root_part_size\n$output" 709 | exit 1 710 | fi 711 | 712 | # set the partition number on the device. 713 | if [ -n "$( echo $ldrive | grep -E "cciss|ida|nvme|mmcblk" )" ]; then 714 | # if this is a cciss 715 | ROOT_PARTITION=$ldrive"p1" 716 | else 717 | # else... the rest of the world 718 | ROOT_PARTITION=$ldrive"1" 719 | fi 720 | fi 721 | # udev takes time to re-add the device file, so wait for it 722 | while [ ! -b "/dev/$ROOT_PARTITION" ]; do 723 | sleep 1 724 | done 725 | 726 | if [ "$initialize_fs" = "yes" ]; then 727 | # make the root and config file systems. 728 | make_filesystem "$ROOT_PARTITION" 729 | fi 730 | } 731 | 732 | # ask for user input on the parted and skip setup methods 733 | # $1 is whether or not to run parted 734 | # sets globals INSTALL_DRIVE, ROOT_PARTITION, CONFIG_PARTITION 735 | setup_method_manual() { 736 | parted=$1 737 | 738 | echo "The VyOS install needs a minimum ${ROOT_MIN}MB root" 739 | echo "with partiton type 83 (Linux)." 740 | echo -e "\n\n" 741 | 742 | # if this is parted, let the user create the partitions 743 | if [ "$parted" == 'parted' ]; then 744 | while [ -z "$INSTALL_DRIVE" ]; do 745 | # TODO: right now we only run parted on a single drive 746 | echo -e "\nI found the following drives on your system:" 747 | select_drive 'Which drive would you like to run parted on?' \ 748 | 'INSTALL_DRIVE' 749 | done 750 | 751 | # Unmount the install drive if it is mounted 752 | unmount "$INSTALL_DRIVE" 753 | 754 | # Run parted and let the user configure 755 | parted /dev/$INSTALL_DRIVE 756 | fi 757 | 758 | # Ask for the root partition and make sure it's valid 759 | while [ -z "$ROOT_PARTITION" ]; do 760 | select_partition 500 "Which partition should I install the root on?" 761 | # Note that PARTITION is defined in select partition 762 | ROOT_PARTITION=$PARTITION 763 | unmount "$ROOT_PARTITION" 764 | vd=$(grep $ROOT_PARTITION /proc/partitions | awk '{ print $4 }') 765 | 766 | if [ -z "$vd" ]; then 767 | echo 768 | echo "$ROOT_PARTITION is an invalid partition. Please try again." 769 | ROOT_PARTITION="" 770 | fi 771 | done 772 | 773 | # See if partition has old data 774 | mkdir -p /mnt/tmp 775 | 776 | # Is there an old filesystem there? 777 | if mount -r /dev/"$ROOT_PARTITION" /mnt/tmp 2>&1; then 778 | save_old_info "$ROOT_PARTITION" 779 | umount /mnt/tmp 780 | fi 781 | 782 | # create the filesystem on the part 783 | make_filesystem "$ROOT_PARTITION" 784 | 785 | # We need to set the INSTALL_DRIVE if it wasn't set when the user ran parted 786 | # We assume that we will use the boot sector of the same drive that the 787 | # partition is on. 788 | # TODO: Allow different drives to function as the boot device 789 | if [ -z "$INSTALL_DRIVE" ]; then 790 | if [ ${ROOT_PARTITION:0:2} = "md" ]; then 791 | INSTALL_DRIVE=$ROOT_PARTITION 792 | else 793 | INSTALL_DRIVE=$(echo $ROOT_PARTITION | sed 's/[0-9]//g') 794 | fi 795 | fi 796 | } 797 | 798 | # Walk the user through the auto setup method 799 | # sets globals INSTALL_DRIVE, ROOT_PARTITION 800 | setup_method_auto () { 801 | while [ -z "$INSTALL_DRIVE" ]; do 802 | echo "I found the following drives on your system:" 803 | select_drive 'Install the image on?' 'INSTALL_DRIVE' 804 | 805 | # check to make sure the drive is large enough to hold the image 806 | if [ -n "$INSTALL_DRIVE" ]; then 807 | lsize=$(get_drive_size "$INSTALL_DRIVE") 808 | total=$ROOT_MIN 809 | if [ "$total" -gt "$lsize" ]; then 810 | echo "Unfortunately, VyOS requires a total of at least $total"MB" to properly install." 811 | echo "$INSTALL_DRIVE is below the minimum required capacity and therefore, cannot be used to" 812 | echo -e "complete the installation.\n" 813 | echo "If other drives are present" 814 | echo -e "Please select another drive...\n" 815 | 816 | INSTALL_DRIVE='' 817 | fi 818 | fi 819 | done 820 | 821 | warn_of_dire_consequences 822 | 823 | echo 824 | 825 | # make sure we aren't working on a mounted part 826 | unmount "$INSTALL_DRIVE" 827 | 828 | # remove any existing partitions on that drive 829 | config_saved='no' 830 | delete_partitions "$INSTALL_DRIVE" "$config_saved" 831 | 832 | # Enforce minimum partition size requirement. 833 | local root_part_size=0 834 | while [ $ROOT_MIN -gt $root_part_size ]; do 835 | # Get the size of the drive 836 | size=$(get_drive_size $INSTALL_DRIVE) 837 | echo -n "How big of a root partition should I create? ($ROOT_MIN"MB" - $size"MB") [$size]MB: " 838 | response=$(get_response "$size") 839 | # TODO: need to have better error checking on this value 840 | # TODO: This should also probably take into account the size of the EFI partition (256MB) 841 | root_part_size=$(echo "$response" | sed 's/[^0-9]//g') 842 | if [ $root_part_size -lt $ROOT_MIN ] \ 843 | || [ $root_part_size -gt $size ]; then 844 | echo "Root partion must be between $ROOT_MIN"MB" and $size"MB"" 845 | echo 846 | root_part_size=0 847 | fi 848 | done 849 | 850 | echo 851 | 852 | # now take the data and create the partitions 853 | create_partitions "$INSTALL_DRIVE" "$root_part_size" "yes" 854 | if ! [ -d /sys/firmware/efi ]; then 855 | # mark data partition as bootable 856 | lecho "Marking /dev/$INSTALL_DRIVE partition 1 as bootable" 857 | output=$(parted -s /dev/$INSTALL_DRIVE set 1 boot on 2>&1) 858 | lecho "$output" 859 | fi 860 | # Must give partition device time to settle 861 | sleep 5 862 | } 863 | 864 | unmount () { 865 | # grab the list of mounted drives 866 | # make sure to reverse sort so as to unmount up the tree 867 | mounted=$(mount | grep "$1" | cut -f3 -d' ' | sort -r) 868 | if [ -n "$mounted" ]; then 869 | echo "I need to unmount: " 870 | echo "$mounted" 871 | 872 | response='' 873 | while [ -z "$response" ]; do 874 | echo -n "Continue (Yes/No) [No]: " 875 | response=$(get_response "No" "Yes No Y N") 876 | if [ "$response" == "no" ] || [ "$response" == "n" ]; then 877 | echo -e "Ok then. Need to unmount to continue.\nExiting..." 878 | exit 1 879 | fi 880 | done 881 | 882 | for parts in "$mounted"; do 883 | lecho "umount $parts" 884 | output=$(umount $parts) 885 | status=$? 886 | if [ "$status" != 0 ]; then 887 | echo -e "Exiting: error unmounting $parts.\nPlease see $INSTALL_LOG for more details." 888 | lecho "Exiting: error unmounting $parts.\numount $parts\n$output" 889 | exit 1 890 | fi 891 | done 892 | fi 893 | } 894 | 895 | ##### Main 896 | ## 897 | # turn off any mounted swap files 898 | turnoffswap 899 | 900 | while true; do 901 | 902 | if ! is_live_cd_boot; then 903 | # We're running on an installed system, so we don't have to find 904 | # a partition to install onto 905 | if is_union_install; then 906 | # this is a union install 907 | ROOT_PARTITION_TYPE=union 908 | else 909 | # this is an old, non-union install 910 | ROOT_PARTITION_TYPE=old 911 | fi 912 | # flag partition and drive as found but we don't actually need them 913 | ROOT_PARTITION=dummy 914 | INSTALL_DRIVE=dummy 915 | break 916 | fi 917 | 918 | # some drives don't show up in /proc/partitions so we need to bootstrap them 919 | echo -n "Probing drives: " 920 | progress_indicator start 921 | probe_drives 922 | progress_indicator stop 923 | echo "OK" 924 | 925 | # try new raid 926 | check_for_new_raid 927 | if [ -n "$ROOT_PARTITION" ]; then 928 | # got partition. done. 929 | break 930 | fi 931 | 932 | cat <$OUTFILE 971 | becho 'Done!' 972 | exit 0 973 | -------------------------------------------------------------------------------- /scripts/install/install-image: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | fail_exit () 4 | { 5 | echo "$*" 6 | echo 'Exiting...' 7 | exit 1 8 | } 9 | 10 | print_help () 11 | { 12 | echo "$*" 13 | echo "Help:" 14 | echo " --username use username for HTTP auth (optional)" 15 | echo " --password use password for HTTP auth (optional)" 16 | exit 1 17 | } 18 | 19 | clean_up () 20 | { 21 | if [ -n "$PART_FILE" ]; then 22 | rm -f $PART_FILE >&/dev/null 23 | fi 24 | umount $CD_SQUASH_ROOT >&/dev/null || true 25 | umount $CD_ROOT >&/dev/null || true 26 | umount $INST_ROOT >&/dev/null || true 27 | umount $READ_ROOT >&/dev/null || true 28 | umount $WRITE_ROOT >&/dev/null || true 29 | if [ -d "$TEMP_DIR" ]; then 30 | rm -rf $TEMP_DIR 31 | fi 32 | } 33 | 34 | sig_handler () { 35 | echo "ERROR: Signal received. Exiting..." 36 | clean_up 37 | echo "Done" 38 | trap - EXIT 39 | exit 1 40 | } 41 | 42 | exit_handler () { 43 | clean_up 44 | } 45 | 46 | # read in commandline - snipped thankfully copied from: 47 | # https://unix.stackexchange.com/a/580258 48 | VRF="default" 49 | while [ $# -gt 0 ]; do 50 | case "$1" in 51 | --url*|-u) 52 | if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` 53 | # the image to be installed. only used if installing from an installed, 54 | # running system. 55 | NEW_ISO="${1#*=}" 56 | ;; 57 | --vrf*|-v) 58 | if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` 59 | VRF="${1#*=}" 60 | ;; 61 | --username*) 62 | if [[ "$1" != *=* ]]; then shift; fi 63 | # Username and password are optional 64 | USERNAME="${1#*=}" 65 | ;; 66 | --password*) 67 | if [[ "$1" != *=* ]]; then shift; fi 68 | PASSWORD="${1#*=}" 69 | ;; 70 | --help|-h) 71 | print_help 72 | exit 0 73 | ;; 74 | *) 75 | print_help 76 | >&2 printf "Error: Invalid argument\n" 77 | exit 1 78 | ;; 79 | esac 80 | shift 81 | done 82 | 83 | # source in the functions 84 | source /opt/vyatta/sbin/install-functions 85 | 86 | if [ -f /etc/profile.d/vyos-system-proxy.sh ]; then 87 | source /etc/profile.d/vyos-system-proxy.sh 88 | fi 89 | 90 | # export INSTALL_LOG for the scripts invoked 91 | export INSTALL_LOG=/tmp/install-$$.log 92 | # export PROGRESS_PID for the scripts invoked 93 | export PROGRESS_PID=$$ 94 | 95 | # file for get-partition output 96 | PART_FILE='' 97 | 98 | # Temp directory for downloaded ISO 99 | TEMP_DIR="/var/tmp/install-image.$$" 100 | 101 | download_file () 102 | { 103 | echo 'Downloading...' 104 | (REMOTE_USERNAME=$USERNAME \ 105 | REMOTE_PASSWORD=$PASSWORD \ 106 | ip vrf exec $VRF python3 -c \ 107 | "import vyos.remote; vyos.remote.download('$1', '$2', progressbar=True, check_space=True)") 108 | echo 'Download complete.' 109 | } 110 | 111 | # Try to fetch the ISO file using a URL provided by the user. 112 | # If successful, we leave $NEW_ISO pointing to the ISO file that 113 | # was downloaded. 114 | fetch_iso_by_url () 115 | { 116 | mkdir $TEMP_DIR 117 | filename="${TEMP_DIR}/${NEW_ISO##*/}" 118 | 119 | echo "Trying to fetch ISO file from $NEW_ISO..." 120 | download_file "$filename" "$NEW_ISO" 121 | if [ $? -ne 0 ]; then 122 | fail_exit 'Failed to download the ISO file.' 123 | fi 124 | echo "Done." 125 | 126 | echo "Checking for digital signature file..." 127 | download_file "${filename}.minisig" "${NEW_ISO}.minisig" 128 | if [ $? -ne 0 ]; then 129 | download_file "${filename}.asc" "${NEW_ISO}.asc" 130 | fi 131 | if [ $? -ne 0 ]; then 132 | echo -n "Do you want to continue without signature check? (yes/no) [yes] " 133 | 134 | # In case signature file was partially downloaded... 135 | rm -f ${filename}.asc ${filename}.minisig 136 | 137 | response=$(get_response "Yes" "Yes No Y N") 138 | if [ "$response" == "no" ] || [ "$response" == "n" ]; then 139 | fail_exit 'OK. Installation will not be performed.' 140 | fi 141 | else 142 | echo "Checking digital signature..." 143 | if [ -f ${filename}.minisig ]; then 144 | minisign -V -q -p /usr/share/vyos/keys/vyos-release.minisign.pub -m ${filename} -x ${filename}.minisig 145 | if [ $? -ne 0 ]; then 146 | echo "Signature check FAILED, trying BACKUP key..." 147 | minisign -V -q -p /usr/share/vyos/keys/vyos-backup.minisign.pub -m ${filename} -x ${filename}.minisig 148 | fi 149 | fi 150 | if [ -f ${filename}.asc ]; then 151 | gpg --verify ${filename}.asc ${filename} >/dev/null 2>&1 152 | fi 153 | if [ $? -ne 0 ]; then 154 | echo "Signature check FAILED." 155 | echo -n "Do you want to continue anyway? (yes/no) [no] " 156 | response=$(get_response "No" "Yes No Y N") 157 | if [ "$response" == "no" ] || [ "$response" == "n" ]; then 158 | fail_exit 'OK. Installation will not be performed.' 159 | fi 160 | echo "OK. Proceeding with installation anyway." 161 | else 162 | echo "Digital signature is valid." 163 | fi 164 | fi 165 | 166 | NEW_ISO=$filename 167 | } 168 | 169 | # set up the specified ISO image file or URL for install 170 | set_up_new_iso () 171 | { 172 | url_scheme=${NEW_ISO%%:*} 173 | 174 | if [ "$url_scheme" != "$NEW_ISO" ]; then 175 | if [ "$url_scheme" = "http" -o "$url_scheme" = "https" -o \ 176 | "$url_scheme" = "ftp" -o "$url_scheme" = "tftp" -o \ 177 | "$url_scheme" = "scp" -o "$url_scheme" = "sftp" ]; then 178 | fetch_iso_by_url 179 | fi 180 | fi 181 | 182 | if [ ! -f "$NEW_ISO" ] || ! (grep -q ISO9660 $NEW_ISO); then 183 | fail_exit "\"$NEW_ISO\" is not a valid ISO image file." 184 | fi 185 | 186 | # make sure mount points exist 187 | mkdir -p $INST_ROOT $WRITE_ROOT $READ_ROOT $CD_ROOT $CD_SQUASH_ROOT 188 | 189 | # mount ISO 190 | margs="-o loop,ro $NEW_ISO $CD_ROOT" 191 | if ! try_mount "$margs"; then 192 | fail_exit 'Failed to mount the new image.' 193 | fi 194 | 195 | # check squash image 196 | local squash_file=$CD_ROOT/live/filesystem.squashfs 197 | if [ ! -f "$squash_file" ] \ 198 | || ! (file $squash_file | grep -q Squashfs) \ 199 | || ! grep -q '^ii vyatta-version ' $CD_ROOT/live/packages.txt; then 200 | fail_exit "\"$NEW_ISO\" is not a VyOS ISO image file." 201 | fi 202 | 203 | # Verify checksums of all files in ISO image 204 | if [ ! -f $CD_ROOT/sha256sum.txt ]; then 205 | if [ ! -f $CD_ROOT/md5sum.txt ]; then 206 | fail_exit "Checksum file not found. The image file is either corrupt or not a VyOS image." 207 | else 208 | # Falling back to MD5 since SHA256 could not be found. 209 | # This must be an older image. 210 | echo -n "Checking MD5 checksums of files on the ISO image... " 211 | sum='md5sum' 212 | fi 213 | else 214 | echo -n "Checking SHA256 checksums of files on the ISO image... " 215 | sum='sha256sum' 216 | fi 217 | 218 | resfile=$(mktemp /tmp/install-image-md5check-XXXXXXXX) 219 | (cd $CD_ROOT ; $sum -c $sum.txt > $resfile) 220 | failures=$(grep -cv 'OK$' $resfile) 221 | rm -f $resfile 222 | 223 | if [ $failures == 0 ]; then 224 | echo "OK." 225 | else 226 | echo "Failed!" 227 | echo "$failures checksum failures found!" 228 | echo "ISO image is corrupted and can not be used." 229 | exit 1 230 | fi 231 | 232 | # mount squash image 233 | margs="-o loop,ro $squash_file $CD_SQUASH_ROOT" 234 | if ! try_mount "$margs"; then 235 | fail_exit 'Failed to mount the squashfs image.' 236 | fi 237 | } 238 | 239 | # install new image into a newly-formatted partition. 240 | # will exit with error if installation fails. 241 | install_new () 242 | { 243 | local root_part=$1 244 | local inst_drv=$2 245 | 246 | if [ ! -e "/dev/$root_part" ] || [ ! -e "/dev/$inst_drv" ]; then 247 | fail_exit "Invalid drive/partition ($inst_drv and $root_part)." 248 | fi 249 | 250 | # install new image 251 | if ! /opt/vyatta/sbin/install-image-new "$root_part"; then 252 | exit 1 253 | fi 254 | 255 | # postinst operations 256 | if ! /opt/vyatta/sbin/install-postinst-new "$inst_drv" "$root_part" union; then 257 | exit 1 258 | fi 259 | } 260 | 261 | # install new image into the current boot partition. 262 | # will exit with error if installation fails. 263 | install_existing () 264 | { 265 | local ctype=$1 266 | if ! /opt/vyatta/sbin/install-image-existing "$ctype"; then 267 | exit 1 268 | fi 269 | } 270 | 271 | if [ -z "$USERNAME" ] && [ -n "$PASSWORD" ]; then 272 | fail_exit "Password cannot be specified without username." 273 | fi 274 | if [ -n "$USERNAME" ] && [ -z "$PASSWORD" ]; then 275 | fail_exit "Username cannot be specified without password." 276 | fi 277 | if [ $(id -u) != 0 ]; then 278 | fail_exit "Image installation requires root privileges!" 279 | fi 280 | 281 | trap sig_handler INT KILL 282 | trap exit_handler EXIT 283 | 284 | if is_live_cd_boot; then 285 | cat <&/dev/null 327 | rm -f $PART_FILE >&/dev/null 328 | 329 | # handle different types 330 | case "$root_part_type" in 331 | new) 332 | install_new "$root_part" "$inst_drv" 333 | exit 0 334 | ;; 335 | union|old) 336 | install_existing "$root_part_type" 337 | exit 0 338 | ;; 339 | *) 340 | fail_exit "Unknown partition type \"$root_part_type\"." 341 | ;; 342 | esac 343 | -------------------------------------------------------------------------------- /scripts/install/install-image-existing: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # this script installs a new release image into a running system. 4 | # the new ISO image must be already mounted by caller. 5 | # the script sets up a new union mount for the new release. a reboot 6 | # is then required to boot into the newly installed release. 7 | 8 | # the current install type: "union" or "old" 9 | CUR_INSTALL=$1 10 | 11 | source /opt/vyatta/sbin/install-functions 12 | 13 | failure_exit () { 14 | echo "$*" 15 | exit 1 16 | } 17 | 18 | # Determine the default menuentry index for the grub.cfg file 19 | get_grub_index () { 20 | cur_index=`grep "^set default=" $BOOT_DIR/grub/grub.cfg | \ 21 | awk -F= '{print $2}'` 22 | 23 | (( cur_index++ )) 24 | 25 | cur_line=`grep "^menuentry" $BOOT_DIR/grub/grub.cfg | \ 26 | tail -n +${cur_index} - | head -n 1 -` 27 | 28 | is_kvm=`echo $cur_line | grep KVM` 29 | is_serial=`echo $cur_line | grep Serial` 30 | 31 | # index 0 is KVM, 1 is Serial 32 | if [ -n "$is_serial" ]; then 33 | echo 1 34 | else 35 | echo 0 36 | fi 37 | } 38 | 39 | if [ $(id -u) != 0 ]; then 40 | echo "Image installation requires root privileges!" 41 | exit 1 42 | fi 43 | 44 | # On image-installed systems, the image name can be found as the 45 | # directory under "/boot" on the path to the running kernel on the 46 | # boot line. On non-image-installed systems, this yelds the 47 | # name of the kernel image file. 48 | CURVER=`awk '{print $1}' /proc/cmdline` 49 | CURVER=${CURVER#BOOT_IMAGE=/boot/} 50 | CURVER=${CURVER%/vmlinuz*} 51 | 52 | if [ -z "$CURVER" ]; then 53 | failure_exit 'Cannot find current version.' 54 | fi 55 | 56 | # get new version string. this is from the squashfs image. 57 | NEWVER=`cat ${CD_SQUASH_ROOT}/opt/vyatta/etc/version | grep "Version:" | awk '{print $2,$3}' | sed 's/[[:space:]]*$//' | sed 's/ /-/g'` 58 | NEWNAME=$NEWVER 59 | 60 | echo -n "What would you like to name this image? [$NEWNAME]: " 61 | if [ "$VYATTA_PROCESS_CLIENT" == "gui2_rest" ]; then 62 | response=$NEWNAME 63 | else 64 | read response 65 | fi 66 | if [ -n "$response" ]; then 67 | badchars=`echo $response | sed -e 's/[a-zA-Z0-9\.\_+-]//g'` 68 | if [ -n "$badchars" ]; then 69 | echo "Image name must be composed of a-z, A-Z, 0-9, or one of ._+-" 70 | exit 1 71 | fi 72 | NEWNAME=$response 73 | fi 74 | 75 | if [ -z "$NEWNAME" ]; then 76 | failure_exit 'Invalid image name.' 77 | fi 78 | 79 | # Validate image name 80 | if [ "$NEWNAME" = "grub" -o "${NEWNAME:0:7}" = "vmlinuz" -o \ 81 | "${NEWNAME:0:6}" = "initrd" -o "${NEWNAME:0:10}" = "System.map" -o \ 82 | "$NEWNAME" = "Old-non-image-installation" ]; then 83 | echo "Can't use $NEWNAME. It is a reserved image name." 84 | exit 1; 85 | fi 86 | 87 | echo "OK. This image will be named: $NEWNAME" 88 | 89 | # this is the default if current install is union 90 | 91 | if [ "$CUR_INSTALL" == 'old' ]; then 92 | BOOT_DIR=/boot 93 | elif [ "$CUR_INSTALL" == 'union' ]; then 94 | BOOT_DIR=`/opt/vyatta/sbin/vyos-persistpath`/boot 95 | else 96 | echo 'Invalid current install type. Exiting...' 97 | exit 1 98 | fi 99 | 100 | if [ -d $BOOT_DIR/$NEWNAME ]; then 101 | if [ "$CURVER" = "$NEWNAME" ]; then 102 | echo "$NEWNAME is the image you are currently running. Can't" 103 | echo "Re-install over the running image." 104 | exit 1 105 | fi 106 | 107 | echo "An image named $NEWNAME is already installed on this system." 108 | echo "Proceeding with this installation will delete this copy of" 109 | echo "$NEWNAME and replace it with a new copy." 110 | echo -n "Do you want to replace it? (Yes/No) [No]: " 111 | resp=$(get_response "No" "Yes No Y N") 112 | if [ "$resp" != 'yes' ] && [ "$resp" != 'y' ]; then 113 | echo "OK. Will not replace $NEWNAME" 114 | echo "Exiting..." 115 | exit 1 116 | fi 117 | fi 118 | 119 | # 120 | # Check to make sure we have enough space to install image... 121 | # 122 | space_avail=`df -k / | tail -1 | awk '{ print $4 }'` 123 | space_needed=`du -s ${CD_ROOT}/live | awk '{ print $1 }'` 124 | 125 | if [ $space_avail -le $space_needed ]; then 126 | echo "We do not have enough disk space to install this image!" 127 | echo "We need $space_needed KB, but we only have $space_avail KB." 128 | echo "Exiting..." 129 | exit 1 130 | fi 131 | 132 | # start the install 133 | echo "Installing \"$NEWNAME\" image." 134 | 135 | # create the new release directories 136 | REL_ROOT=$BOOT_DIR/$NEWNAME 137 | RW_DIR="$REL_ROOT/rw" 138 | if ! mkdir -p "$RW_DIR"; then 139 | failure_exit 'Cannot create directory for new release.' 140 | fi 141 | 142 | WORK_DIR="$REL_ROOT/work" 143 | mkdir -p "$WORK_DIR" 144 | 145 | # copy the squashfs image and boot files 146 | echo "Copying new release files..." 147 | squash_img=${CD_ROOT}/live/filesystem.squashfs 148 | boot_dir=${CD_SQUASH_ROOT}/boot 149 | boot_files=$(find $boot_dir -maxdepth 1 -type f -o -type l 2>/dev/null) 150 | if [ ! -f "$squash_img" ] || [ -z "$boot_files" ]; then 151 | becho 'Cannot find the files. Exiting...' 152 | exit 1 153 | fi 154 | target_squash=$REL_ROOT/$NEWVER.squashfs 155 | cp -p $squash_img $target_squash >&/dev/null 156 | cp --no-dereference --preserve=all $boot_files $REL_ROOT/ >&/dev/null 157 | 158 | # mount copied squashfs 159 | if ! try_mount "-o loop,ro $target_squash $READ_ROOT"; then 160 | rm -rf $REL_ROOT 161 | failure_exit 'Failed to mount new squashfs image.' 162 | fi 163 | 164 | # set up root for postinst 165 | margs=$(gen_mopts "overlay" $RW_DIR $READ_ROOT $WORK_DIR $INST_ROOT) 166 | if ! try_mount "$margs"; then 167 | rm -rf $REL_ROOT 168 | failure_exit 'Failed to set up root directory for postinst.' 169 | fi 170 | 171 | # 172 | # Check to make sure we have enough space to copy the config and data dirs... 173 | # 174 | space_avail=`df -k / | tail -1 | awk '{ print $4 }'` 175 | if [ -e $${VYATTA_NEW_CFG_DIR}/data ]; then 176 | space_needed_data=`du -s ${VYATTA_NEW_CFG_DIR}/data | awk '{ print $1 }'` 177 | else 178 | space_needed_data=0 179 | fi 180 | space_needed_configdata=`du -s ${VYATTA_NEW_CFG_DIR} | awk '{ print $1 }'` 181 | space_needed_config=$(($space_needed_configdata - $space_needed_data)) 182 | 183 | # save current config dir if needed 184 | if [ $space_avail -gt $space_needed_configdata ]; then 185 | resp='' 186 | while [ -z "$resp" ]; do 187 | echo 'Would you like to save the current configuration ' 188 | echo -n 'directory and config file? (Yes/No) [Yes]: ' 189 | resp=$(get_response "Yes" "Yes No Y N") 190 | if [ "$resp" == 'yes' ] || [ "$resp" == 'y' ]; then 191 | echo 'Copying current configuration...' 192 | ndir=${INST_ROOT}/${VYATTA_CFG_DIR} 193 | mkdir -p $ndir 194 | find $VYATTA_CFG_DIR -maxdepth 1 -mindepth 1 \ 195 | -exec cp '-a' '{}' "$ndir/" ';' 196 | 197 | # Set the upgraded flag 198 | touch $ndir/.upgraded 199 | 200 | chgrp -R vyattacfg $ndir 201 | chmod -R 775 $ndir 202 | 203 | # Return original permissions for private files in config/auth. T2713 204 | rsync -a ${VYATTA_CFG_DIR}/auth/ ${ndir}/auth/ 205 | 206 | fi 207 | done 208 | else 209 | echo 'There is not enough space to save the current configuration directory.' 210 | echo -n 'Would you like to continue without saving it? (Yes/No) [No]: ' 211 | resp=$(get_response "No" "Yes No Y N") 212 | if [ "$resp" == 'yes' ] || [ "$resp" == 'y' ]; then 213 | echo "OK. Proceeding without saving current config directory." 214 | else 215 | rm -rf $REL_ROOT 216 | failure_exit "OK. Exiting." 217 | fi 218 | fi 219 | 220 | if [ -d /etc/ssh ]; then 221 | resp='' 222 | while [ -z "$resp" ]; do 223 | echo 'Would you like to save the SSH host keys from your ' 224 | echo -n 'current configuration? (Yes/No) [Yes]: ' 225 | resp=$(get_response "Yes" "Yes No Y N") 226 | if [ "$resp" == 'yes' ] || [ "$resp" == 'y' ]; then 227 | echo 'Copying SSH keys...' 228 | ndir=${INST_ROOT}/etc/ssh 229 | mkdir -p $ndir 230 | cp -p /etc/ssh/ssh_host* $ndir 231 | fi 232 | done 233 | fi 234 | 235 | # postinst hook 236 | PI_SCRIPT=${INST_ROOT}${vyatta_sysconfdir}/install-image/postinst 237 | if [ -e "$PI_SCRIPT" ]; then 238 | echo "Running post-install script..." 239 | $PI_SCRIPT $INST_ROOT 240 | fi 241 | 242 | # set up grub entry (if provided) 243 | DEF_GRUB=${INST_ROOT}${vyatta_sysconfdir}/grub/default-union-grub-entry 244 | if [ -e "$DEF_GRUB" ]; then 245 | echo "Setting up grub configuration..." 246 | new_index=$(get_grub_index) 247 | 248 | def_grub_vers=/tmp/def_grub.$$ 249 | cp $DEF_GRUB $def_grub_vers 250 | sed -i "s/menuentry \"VyOS.*(/menuentry \"VyOS $NEWNAME (/" $def_grub_vers 251 | sed -i "s/menuentry \"Lost password change.*(/menuentry \"Lost password change $NEWNAME (/" $def_grub_vers 252 | sed -i "s%/boot/[A-Za-z0-9\.\-]*%/boot/${NEWNAME}%g" $def_grub_vers 253 | 254 | old_grub_cfg=$BOOT_DIR/grub/grub.cfg 255 | new_grub_cfg=/tmp/grub.cfg.$$ 256 | sed -n '/^menuentry/q;p' $old_grub_cfg >$new_grub_cfg 257 | cat $def_grub_vers >> $new_grub_cfg 258 | sed -n '/^menuentry/,${p}' $old_grub_cfg >>$new_grub_cfg 259 | sed -i "s/^set default=[0-9]\+$/set default=$new_index/" $new_grub_cfg 260 | for tty in ttyS ttyUSB; do 261 | x=1 262 | declare -i x 263 | for line in $(cat $old_grub_cfg); do 264 | oldtty=$(echo -e $line | egrep -o "console=${tty}.*," | sed 's/,$//') 265 | if [ -n "$oldtty" ]; then 266 | awk -i inplace "/console=${tty}/{count++;if(count==$x){sub(\"console=${tty}0\",\"$(echo -e ${oldtty})\")}}; { print }" $new_grub_cfg 267 | sync 268 | x+=1 269 | fi 270 | done 271 | done 272 | mv $new_grub_cfg $old_grub_cfg 273 | 274 | # Update the default image symlink used by Xen 275 | if [ -L $BOOT_DIR/%%default_image ]; then 276 | mv $BOOT_DIR/%%default_image $BOOT_DIR/%%default_image.orig 277 | ln -s $NEWNAME $BOOT_DIR/%%default_image 278 | fi 279 | fi 280 | 281 | # unmount filesystems 282 | if ! try_unmount "--read-only $INST_ROOT $READ_ROOT"; then 283 | failure_exit 'Failed to unmount new squashfs image.' 284 | fi 285 | 286 | # sync underlaying filesystems 287 | sync 288 | 289 | logger -p local3.warning -t "SystemImage" "System Image $NEWNAME has been added and made the default boot image" 290 | 291 | echo 'Done.' 292 | 293 | # done 294 | exit 0 295 | -------------------------------------------------------------------------------- /scripts/install/install-image-new: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ $(id -u) != 0 ]; then 4 | echo "Image installation requires root privileges!" 5 | exit 1 6 | fi 7 | 8 | # source in the functions 9 | source /opt/vyatta/sbin/install-functions 10 | 11 | # the INSTALL_LOG env var should be exported by the "caller". 12 | # it will be used to log messages. 13 | 14 | # the install partition e.g. sda1 15 | ROOT_PARTITION=$1 16 | 17 | becho "Mounting /dev/$ROOT_PARTITION..." 18 | 19 | # mount the partition 20 | mkdir -p $WRITE_ROOT 21 | if ! try_mount "/dev/$ROOT_PARTITION $WRITE_ROOT"; then 22 | echo 'Exiting...' 23 | exit 1 24 | fi 25 | 26 | version=$(get_new_version) 27 | image_name=$version 28 | if [ -z "$image_name" ]; then 29 | echo 'Cannot find new version. Exiting...' 30 | exit 1 31 | fi 32 | 33 | echo -n "What would you like to name this image? [$image_name]: " 34 | if [ "$VYATTA_PROCESS_CLIENT" == "gui2_rest" ]; then 35 | response=$NEWNAME 36 | else 37 | read response 38 | fi 39 | if [ -n "$response" ]; then 40 | badchars=`echo $response | sed -e 's/[a-zA-Z0-9\.\_+-]//g'` 41 | if [ -n "$badchars" ]; then 42 | echo "Image name must be composed of a-z, A-Z, 0-9, or one of ._+-" 43 | exit 1 44 | fi 45 | image_name=$response 46 | fi 47 | 48 | # Validate image name 49 | if [ "$image_name" = "grub" -o "${image_name:0:7}" = "vmlinuz" -o \ 50 | "${image_name:0:6}" = "initrd" -o "${image_name:0:10}" = "System.map" -o \ 51 | "$image_name" = "Old-non-image-installation" ]; then 52 | echo "Can't use $image_name. It is a reserved image name." 53 | exit 1; 54 | fi 55 | 56 | if [ -z "$image_name" ]; then 57 | failure_exit 'Invalid image name.' 58 | fi 59 | 60 | echo "OK. This image will be named: $image_name" 61 | 62 | # make the dir for the new version 63 | mkdir -p $WRITE_ROOT/boot/$image_name 64 | # make dir for backing store 65 | rw_dir=$WRITE_ROOT/boot/$image_name/rw 66 | mkdir -p $rw_dir 67 | work_dir=$WRITE_ROOT/boot/$image_name/work 68 | mkdir -p $work_dir 69 | 70 | echo Copying squashfs image... 71 | # these are the defaults if installing from a specified ISO image file. 72 | # in such cases, the ISO image has already been mounted by caller. 73 | squash_img=${CD_ROOT}/live/filesystem.squashfs 74 | boot_dir=${CD_SQUASH_ROOT}/boot 75 | boot_files=$(find $boot_dir -maxdepth 1 -type f -o -type l 2>/dev/null) 76 | if [ ! -f "$squash_img" ] || [ -z "$boot_files" ]; then 77 | # maybe installing from a live CD boot? 78 | squash_img=/lib/live/mount/medium/live/filesystem.squashfs 79 | boot_dir=/boot 80 | boot_files=$(find $boot_dir -maxdepth 1 -type f -o -type l 2>/dev/null) 81 | if [ ! -f "$squash_img" ] || [ -z "$boot_files" ]; then 82 | # not a live CD boot either. give up. 83 | becho 'Cannot find the squashfs image. Exiting...' 84 | exit 1 85 | fi 86 | fi 87 | 88 | target_squash=$WRITE_ROOT/boot/$image_name/$version.squashfs 89 | cp -p $squash_img $target_squash 90 | echo Copying kernel and initrd images... 91 | cp -dp $boot_files $WRITE_ROOT/boot/$image_name/ 92 | 93 | # create persistence.conf file 94 | echo "/ union" > $WRITE_ROOT/persistence.conf 95 | 96 | # set up union root for postinst 97 | mkdir -p $INST_ROOT $READ_ROOT 98 | if ! try_mount "-o loop,ro -t squashfs $target_squash $READ_ROOT"; then 99 | echo 'Exiting...' 100 | exit 1 101 | fi 102 | margs=$(gen_mopts "overlay" $rw_dir $READ_ROOT $work_dir $INST_ROOT) 103 | if ! try_mount "$margs"; then 104 | echo 'Exiting...' 105 | exit 1 106 | fi 107 | 108 | becho "Done!" 109 | 110 | exit 0 111 | 112 | -------------------------------------------------------------------------------- /scripts/install/install-postinst-new: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # postinst operations for installation on a "new" partition, i.e., full grub 4 | # setup needed, etc. 5 | 6 | if [ `whoami` != 'root' ] ; then 7 | echo "This script must be run with root privileges." 8 | exit 1 9 | fi 10 | 11 | # source in the functions 12 | source /opt/vyatta/sbin/install-functions 13 | 14 | # the INSTALL_LOG env var should be exported by the "caller". 15 | # it will be used to log messages. 16 | 17 | # the base install drive e.g. sda 18 | INSTALL_DRIVE=$1 19 | # the install partition e.g. sda1 20 | ROOT_PARTITION=$2 21 | # install type: "union" or "old" 22 | INSTALL_TYPE=$3 23 | 24 | # Default user 25 | DEFAULT_USER=vyos 26 | 27 | GRUB_ARCH=x86_64-efi 28 | if [ $(uname -m) = "aarch64" ]; then 29 | GRUB_ARCH=arm64-efi 30 | fi 31 | 32 | # copy configuration to the config directory 33 | copy_config () { 34 | local cfg_dir=${INST_ROOT}${VYATTA_CFG_DIR} 35 | 36 | # create the config directory 37 | mkdir -p $cfg_dir 38 | chgrp vyattacfg $cfg_dir 39 | chmod 775 $cfg_dir 40 | 41 | # create our config partition marker 42 | touch $cfg_dir/.vyatta_config 43 | 44 | if [ -d /mnt/config ]; then 45 | echo "Copying old configurations to config partition." 46 | cp -a /mnt/config/* $cfg_dir/ >&/dev/null 47 | else 48 | # Find the config files and give the user the option to copy config files 49 | # TODO: this needs cleaned up 50 | 51 | # First candidate: The config file on the running system. Note 52 | # that this will include any changes made and saved by the user, 53 | # as well as changes such as interface MAC addresses automatically 54 | # generated by the user. So it is the first choice. 55 | if [ -f "${VYATTA_CFG_DIR}/config.boot" ]; then 56 | config=${VYATTA_CFG_DIR}/config.boot 57 | fi 58 | 59 | # Third candidate: The default config file 60 | DEF_CONF=$vyatta_sysconfdir/config.boot.default 61 | if [ -f $DEF_CONF ]; then 62 | config="$config $DEF_CONF" 63 | fi 64 | 65 | if [ -n "$config" ]; then 66 | echo "I found the following configuration files:" 67 | for file in $config; do 68 | echo " $file" 69 | done 70 | 71 | default=$(echo -e $config | awk '{ print $1 }') 72 | 73 | while [ -z "$configfile" ]; do 74 | echo -n "Which one should I copy to $INSTALL_DRIVE? [$default]: " 75 | configfile=$(get_response "$default" "$config") 76 | done 77 | 78 | echo 79 | echo "Copying $configfile to $INSTALL_DRIVE." 80 | cp -p $configfile $cfg_dir/config.boot >&/dev/null 81 | if [ $? != 0 ]; then 82 | lecho "Error copying file $configfile to config directory. Exiting..." 83 | exit 1 84 | fi 85 | fi 86 | fi 87 | 88 | # set the permissions on the new config file 89 | if [ -f "$cfg_dir/config.boot" ]; then 90 | chgrp vyattacfg $cfg_dir/config.boot 91 | chmod 775 $cfg_dir/config.boot 92 | fi 93 | 94 | # copy ssh keys 95 | if [ -d /mnt/ssh ]; then 96 | echo "Copying SSH keys." 97 | cp -p /mnt/ssh/* ${INST_ROOT}/etc/ssh 98 | fi 99 | } 100 | 101 | # setup grub on the boot sector of a user selected drive 102 | install_grub () { 103 | grub_inst_drv='' 104 | raid_slaves='' 105 | 106 | if [ ${INSTALL_DRIVE:0:2} == "md" ]; then 107 | raid_slaves=`ls /sys/block/${INSTALL_DRIVE}/slaves` 108 | grub_inst_drv="md raid" 109 | fi 110 | 111 | mkdir -p $grub_root/boot/grub 112 | 113 | # Let the user choose the boot sector 114 | while [ -z "$grub_inst_drv" ] 115 | do 116 | echo "I need to install the GRUB boot loader." 117 | echo "I found the following drives on your system:" 118 | select_drive "Which drive should GRUB modify the boot partition on?" \ 119 | 'grub_inst_drv' 120 | done 121 | 122 | echo -n "Setting up grub: " 123 | lecho "Setting up grub..." 124 | 125 | # Install grub in the boot sector of the primary drive, or if the installation 126 | # target is a raid setup, then install it into the boot sector of all slave 127 | # members. 128 | 129 | progress_indicator start 130 | 131 | if [ -f "/tmp/efiparts.tmp" ]; then 132 | mkdir -p $grub_root/boot/efi 133 | readarray parts < /tmp/efiparts.tmp 134 | part_length=${#parts[@]} 135 | bootloader_name="VyOS" 136 | I=0 137 | for part in "${parts[@]}" 138 | do 139 | #Name the bootloaders something different if we have a RAID 140 | if [ "$part_length" -gt "1" ]; then 141 | bootloader_name="VyOS (RAID disk $I)" 142 | ((I++)) 143 | fi 144 | mkdosfs -F 32 -s 1 -n EFI /dev/$part >&/dev/null 145 | mount /dev/$part $grub_root/boot/efi 146 | output=$(grub-install --no-floppy --recheck --target="${GRUB_ARCH}" --force-extra-removable --root-directory=$grub_root --efi-directory=$grub_root/boot/efi --bootloader-id="$bootloader_name" --no-uefi-secure-boot 2>&1) 147 | umount $grub_root/boot/efi 148 | ##TODO DO we need these to be in fstab?? 149 | # 150 | #This is what I've used in the past 151 | #if [ $I -gt 0 ]; then 152 | # RAIDPART="#" 153 | #fi 154 | #echo "${RAIDPART}PARTUUID=$(blkid -s PARTUUID -o value $part) /boot/efi vfat defaults 0 1" >> /etc/fstab 155 | done 156 | rm /tmp/efiparts.tmp 157 | else 158 | if [[ $grub_inst_drv == "md raid" ]]; then 159 | for slave in $raid_slaves; do 160 | grub_inst_drv=$(lsblk --noempty --dedup PKNAME --nodeps --noheadings --output PKNAME /dev/${slave}) 161 | output=$(grub-install --no-floppy --recheck --root-directory=$grub_root \ 162 | /dev/$grub_inst_drv 2>&1) 163 | lecho "$output" 164 | done 165 | else 166 | output=$(grub-install --no-floppy --recheck --root-directory=$grub_root \ 167 | /dev/$grub_inst_drv 2>&1) 168 | lecho "$output" 169 | fi 170 | fi 171 | 172 | progress_indicator stop 173 | 174 | output=$(/opt/vyatta/sbin/vyatta-grub-setup $grub_setup_args \ 175 | "$ROOT_PARTITION" '' $grub_root 2>&1) 176 | ret=$? 177 | lecho "$output" 178 | if [ $ret == 0 ]; then 179 | echo 'OK' 180 | else 181 | echo 'Grub failed to install!' 182 | exit 1 183 | fi 184 | } 185 | 186 | setup_xen_extras () { 187 | echo "Setting up config files for Xen..." 188 | 189 | # Get the root device that will hold the root filesystem 190 | rootdev="xvda1" 191 | echo -n "Root filesystem device [$rootdev]: " 192 | response=$(get_response "$rootdev"); 193 | rootdev=$response 194 | echo "Using $rootdev" 195 | 196 | # Set up /boot/grub/menu.lst for use by pygrub 197 | grubfile=$grub_root/boot/grub/menu.lst 198 | echo "timeout 5" >> $grubfile 199 | echo "" >> $grubfile 200 | echo "title vyatta-virt" >> $grubfile 201 | echo "root (hd0,0)" >> $grubfile 202 | echo "kernel $xen_grub_boot_path/vmlinuz root=/dev/$rootdev boot=live vyos-union=$xen_grub_boot_path console=hvc0" >> $grubfile 203 | echo "initrd $xen_grub_boot_path/initrd.img" >> $grubfile 204 | 205 | # Add symlink pointing to default image 206 | ln -s $image_name $grub_root/boot/%%default_image 207 | 208 | # Add console port entry for the Xen PV console 209 | add_console_entry hvc0 "${INST_ROOT}${VYATTA_CFG_DIR}/config.boot" 210 | } 211 | 212 | check_for_xen_extras () { 213 | manuf=`/usr/sbin/dmidecode -s system-manufacturer` 214 | prod=`/usr/sbin/dmidecode -s system-product-name` 215 | if [ "$manuf" = "Xen" -a "$prod" = "HVM domU" ]; then 216 | echo "You are installing to a $manuf $prod virtual machine." 217 | echo "Would you like to set up config files to prepare for the" 218 | echo -n "conversion to PV domU? [No]: " 219 | response=$(get_response "No" "Yes No Y N") 220 | if [ "$response" == "yes" ] || [ "$response" == "y" ]; then 221 | setup_xen_extras 222 | fi 223 | fi 224 | } 225 | 226 | ##### Main 227 | 228 | version=$(get_new_version) 229 | if [ -z "$version" ]; then 230 | echo 'Cannot find new version. Exiting...' 231 | exit 1 232 | fi 233 | 234 | array=( $WRITE_ROOT/boot/* ) 235 | image_name=${array[0]} 236 | image_name=${image_name#$WRITE_ROOT/boot/} 237 | 238 | # these are the defaults for "union" 239 | grub_root=$WRITE_ROOT 240 | grub_setup_args="-u $image_name" 241 | xen_grub_boot_path="/boot/%%default_image" 242 | if [ "$INSTALL_TYPE" == 'old' ]; then 243 | grub_root=$INST_ROOT 244 | grub_setup_args="-v $version" 245 | xen_grub_boot_path="/boot" 246 | elif [ "$INSTALL_TYPE" != 'union' ]; then 247 | echo 'Invalid install type. Exiting...' 248 | exit 1 249 | fi 250 | 251 | # Copy the config files saved from earlier steps 252 | copy_config 253 | 254 | # Modify config to match system 255 | # Assume user wants to keep password from old config 256 | if [ ! -d /mnt/config ]; then 257 | # Disable root login 258 | set_encrypted_password root "*" "${INST_ROOT}${VYATTA_CFG_DIR}/config.boot" 259 | 260 | echo "Enter password for administrator account" 261 | change_password $DEFAULT_USER "${INST_ROOT}${VYATTA_CFG_DIR}/config.boot" 262 | fi 263 | 264 | # Install grub 265 | install_grub 266 | 267 | if [ ! -d /sys/firmware/efi ]; then 268 | # Perform additional configuration if installing on Xen 269 | check_for_xen_extras 270 | fi 271 | 272 | # 273 | # Only start the mdadm daemon if we have the root filesystem running 274 | # on a RAID set. Since this script is the only way that the root filesystem 275 | # ever gets set up, we can do this configuration here. 276 | # 277 | MDADM_CONFIG_FILE=${INST_ROOT}/etc/default/mdadm 278 | if [ -f "$MDADM_CONFIG_FILE" ]; then 279 | if [ "${INSTALL_DRIVE:0:2}" = "md" ]; then 280 | sed -i -e 's/^START_DAEMON.*$/START_DAEMON=true/' \ 281 | -e 's/^AUTOSTART=.*$/AUTOSTART=true/' $MDADM_CONFIG_FILE 282 | else 283 | sed -i -e 's/^START_DAEMON.*$/START_DAEMON=false/' \ 284 | -e 's/^AUTOSTART=.*$/AUTOSTART=true/' $MDADM_CONFIG_FILE 285 | fi 286 | fi 287 | 288 | if [ "$INSTALL_TYPE" != 'union' ]; then 289 | WRITE_ROOT='' 290 | fi 291 | 292 | becho "Done! Please reboot now." 293 | 294 | exit 0 295 | 296 | -------------------------------------------------------------------------------- /scripts/progress-indicator: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Propeller progress indicator 3 | FRAME="A" 4 | PID=$1 5 | 6 | touch "/tmp/pi.$PID" 7 | while [ -f "/tmp/pi.$PID" ]; 8 | do 9 | case $FRAME in 10 | A) echo -n -e "\b" 11 | echo -n '|' 12 | FRAME=B;; 13 | B) echo -n -e "\b" 14 | echo -n '/' 15 | FRAME=C;; 16 | C) echo -n -e "\b" 17 | echo -n '-' 18 | FRAME=D;; 19 | D) echo -n -e "\b" 20 | echo -n '\' 21 | FRAME=A;; 22 | esac 23 | sleep 1 24 | done 25 | -------------------------------------------------------------------------------- /scripts/restricted-shell: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ $# != 0 ]; then 4 | echo "Remote command execution is not allowed for operator level users" 5 | args=($@) 6 | args_str=$(IFS=" " ; echo "${args[*]}") 7 | logger "Operator level user $USER attempted remote command execution: $args_str" 8 | exit 1 9 | fi 10 | 11 | exec vbash 12 | -------------------------------------------------------------------------------- /scripts/snmp/if-mib-alias: -------------------------------------------------------------------------------- 1 | #! /usr/bin/perl 2 | 3 | # **** License **** 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License version 2 as 6 | # published by the Free Software Foundation. 7 | # 8 | # This program is distributed in the hope that it will be useful, but 9 | # WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 11 | # General Public License for more details. 12 | # 13 | # This code was originally developed by Vyatta, Inc. 14 | # Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. 15 | # All Rights Reserved. 16 | # 17 | # Author: Stephen Hemminger 18 | # Date: October 2010 19 | # Description: script is run as net-snmp extension to read interface alias 20 | # 21 | # **** End License **** 22 | 23 | use strict; 24 | use warnings; 25 | use feature "switch"; 26 | no warnings 'experimental::smartmatch'; 27 | 28 | # Collect interface all alias values 29 | sub get_alias { 30 | my @interfaces; 31 | 32 | open (my $ip, '-|', 'ip li') 33 | or die "Can't run ip command\n"; 34 | my $index; 35 | while(<$ip>) { 36 | if (/^(\d+): ([^:]*): /) { 37 | $index = $1; 38 | $interfaces[$index] = $2; 39 | } elsif (/^ +alias (.*)$/) { 40 | $interfaces[$index] = $1; 41 | } 42 | } 43 | close $ip; 44 | return @interfaces; 45 | } 46 | 47 | sub get_oid { 48 | my $oid = shift; 49 | die "Not a valid Object ID: $oid" 50 | unless ($oid =~ /.(\d+)$/); 51 | 52 | my $ifindex = $1; 53 | my @interfaces = get_alias(); 54 | 55 | my $ifalias = $interfaces[$ifindex]; 56 | print "$oid\nstring\n$ifalias\n" if $ifalias; 57 | } 58 | 59 | # OID of ifAlias [RFC2863] 60 | my $BASE = '.1.3.6.1.2.1.31.1.1.1.18'; 61 | 62 | sub get_next { 63 | my $oid = shift; 64 | 65 | return get_next("$BASE.0") 66 | if ($oid eq $BASE); 67 | 68 | die "Not a valid Object ID: $oid" 69 | unless ($oid =~ /^(\S*)\.(\d+)$/); 70 | 71 | my $base = $1; 72 | my $ifindex = $2; 73 | my @interfaces = get_alias(); 74 | 75 | while (++$ifindex <= $#interfaces) { 76 | my $ifalias = $interfaces[$ifindex]; 77 | if ($ifalias) { 78 | print "$base.$ifindex\nstring\n$ifalias\n"; 79 | last; 80 | } 81 | } 82 | } 83 | 84 | sub ifindextoname { 85 | my $ifindex = shift; 86 | 87 | open (my $ip, '-|', 'ip li') 88 | or die "Can't run ip command\n"; 89 | my $index; 90 | while(<$ip>) { 91 | next unless (/^(\d+): ([^:]*): /); 92 | return $2 if ($1 == $ifindex); 93 | } 94 | return; 95 | } 96 | 97 | sub set_oid { 98 | my ($oid, $target, $value) = @_; 99 | die "Not a valid Object ID: $oid" 100 | unless ($oid =~ /\.(\d+)$/); 101 | my $ifindex = $1; 102 | unless ($target eq 'string') { 103 | print "wrong-type\n"; 104 | return; 105 | } 106 | 107 | my $ifname = ifindextoname($ifindex); 108 | if ($ifname) { 109 | system("ip li set $ifname alias '$value' >/dev/null 2>&1"); 110 | print "not-writeable\n" if ($? != 0); 111 | } 112 | } 113 | 114 | sub usage { 115 | warn "Usage: $0 {-g|-n} OID\n"; 116 | warn " $0 -s OID TARGET VALUE\n"; 117 | exit 1; 118 | } 119 | 120 | usage unless $#ARGV >= 1; 121 | 122 | given ($ARGV[0]) { 123 | when ('-g') { get_oid ($ARGV[1]); } 124 | when ('-n') { get_next ($ARGV[1]); } 125 | when ('-s') { set_oid ($ARGV[1], $ARGV[2], $ARGV[3]); } 126 | default { 127 | warn "$ARGV[0] unknown flag\n"; 128 | usage; 129 | } 130 | } 131 | -------------------------------------------------------------------------------- /scripts/vyatta-dhcpv6-client.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # 3 | # Module: vyatta-dhcpv6-client.pl 4 | # 5 | # **** License **** 6 | # This program is free software; you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License version 2 as 8 | # published by the Free Software Foundation. 9 | # 10 | # This program is distributed in the hope that it will be useful, but 11 | # WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | # General Public License for more details. 14 | # 15 | # This code was originally developed by Vyatta, Inc. 16 | # Copyright (C) 2010 Vyatta, Inc. 17 | # All Rights Reserved. 18 | # 19 | # Author: Bob Gilligan 20 | # Date: April 2010 21 | # Description: Start and stop DHCPv6 client daemon for an interface. 22 | # 23 | # **** End License **** 24 | # 25 | # 26 | 27 | use strict; 28 | use warnings; 29 | 30 | use lib "/opt/vyatta/share/perl5/"; 31 | use Sys::Hostname; 32 | use Vyatta::Config; 33 | use Vyatta::Interface; 34 | use Getopt::Long; 35 | 36 | sub gen_conf_file { 37 | my ($conffile, $ifname) = @_; 38 | my $FD_WR; 39 | 40 | open($FD_WR, '>', $conffile) 41 | or die "Can't write config file: $conffile : $!\n"; 42 | 43 | my $date = localtime; 44 | my $user = getpwuid($<); 45 | 46 | print $FD_WR "# This file was auto-generated by the Vyatta\n"; 47 | print $FD_WR "# configuration sub-system. Do not edit it.\n"; 48 | print $FD_WR "\n"; 49 | print $FD_WR "# Generated on $date by $user\n"; 50 | print $FD_WR "#\n"; 51 | print $FD_WR "interface \"$ifname\" {\n"; 52 | 53 | my $intf = new Vyatta::Interface($ifname) 54 | or die "Can't find interface $ifname\n"; 55 | my $level = $intf->path() . ' dhcpv6-options'; 56 | 57 | my $config = new Vyatta::Config; 58 | $config->setLevel($level); 59 | 60 | my $duid = ''; 61 | if($config->inSession()) { 62 | $duid = $config->returnValue('duid'); 63 | } else { 64 | $duid = $config->returnEffectiveValue('duid'); 65 | } 66 | 67 | if($duid) { 68 | print $FD_WR " send dhcp6.client-id $duid;\n"; 69 | } 70 | # my $hostname = hostname; 71 | # print $FD_WR " send host-name \"$hostname\";\n"; 72 | # print $FD_WR " send dhcp6.oro 1, 2, 7, 12, 13, 23, 24, 39;\n"; 73 | print $FD_WR "}\n"; 74 | close $FD_WR; 75 | } 76 | 77 | sub usage { 78 | print "Usage: $0 --ifname=ethX --{start|stop|renew|release}\n"; 79 | exit 1; 80 | } 81 | 82 | 83 | # 84 | # Main Section 85 | # 86 | 87 | my $start_flag; # Start the daemon 88 | my $stop_flag; # Stop the daemon and delete all config files 89 | my $release_flag; # Stop the daemon, but leave config file 90 | my $renew_flag; # Re-start the daemon. Functionally same as start_flag 91 | my $ifname; 92 | my $temporary; 93 | my $params_only; 94 | 95 | GetOptions("start" => \$start_flag, 96 | "stop" => \$stop_flag, 97 | "release" => \$release_flag, 98 | "renew" => \$renew_flag, 99 | "ifname=s" => \$ifname, 100 | "temporary" => \$temporary, 101 | "parameters-only" => \$params_only 102 | ) or usage(); 103 | 104 | die "Error: Interface name must be specified with --ifname parameter.\n" 105 | unless $ifname; 106 | 107 | my $pidfile = "/var/lib/dhcp/dhclient_v6_$ifname.pid"; 108 | my $leasefile = "/var/lib/dhcp/dhclient_v6_$ifname.leases"; 109 | my $conffile = "/var/lib/dhcp/dhclient_v6_$ifname.conf"; 110 | my $cmdname = "/sbin/dhclient"; 111 | 112 | if ($release_flag) { 113 | die "DHCPv6 client is not configured on interface $ifname.\n" 114 | unless (-e $conffile); 115 | 116 | die "DHCPv6 client is already released on interface $ifname.\n" 117 | unless (-e $pidfile); 118 | } 119 | 120 | if ($renew_flag) { 121 | die "DHCPv6 client is not configured on interface $ifname.\n" 122 | unless (-e $conffile); 123 | } 124 | 125 | if (defined($stop_flag) || defined ($release_flag)) { 126 | # Stop dhclient -6 on $ifname 127 | 128 | printf("Stopping daemon...\n"); 129 | system("$cmdname -6 -cf $conffile -pf $pidfile -lf $leasefile -x $ifname"); 130 | 131 | # Delete files it leaves behind... 132 | printf("Deleting related files...\n"); 133 | unlink($pidfile); 134 | if (defined $stop_flag) { 135 | # If just releasing, leave the config file around as a flag that 136 | # DHCPv6 remains configured on this interface. 137 | unlink($conffile); 138 | } 139 | } 140 | 141 | if (defined($start_flag) || defined ($renew_flag)) { 142 | 143 | # Generate the DHCP client config file... 144 | gen_conf_file($conffile, $ifname); 145 | 146 | # First, kill any previous instance of dhclient running on this interface 147 | # 148 | printf("Stopping old daemon...\n"); 149 | system("$cmdname -6 -pf $pidfile -x $ifname"); 150 | 151 | # Wait for IPv6 duplicate address detection to finish, dhclient won't start otherwise 152 | # https://phabricator.vyos.net/T903 153 | for (my $attempt_count = 0; $attempt_count <= 60; $attempt_count++) { 154 | # Check for any non-tentative addresses (exit code 0 if any exist, 1 otherwise) 155 | if (system("test -n \"\$(ip -6 -o addr show dev $ifname scope link -tentative)\"") != 0) { 156 | # No non-tentative address found, sleep and retry or exit 157 | if ($attempt_count == 0) { 158 | print "Duplicate address detection incomplete, waiting\n" 159 | } 160 | 161 | if ($attempt_count < 60) { 162 | sleep(1); 163 | next; 164 | } else { 165 | print "Error: No non-tentative address was found for interface $ifname\n"; 166 | exit 1; 167 | } 168 | } else { 169 | # Address found, exit loop 170 | last; 171 | } 172 | } 173 | 174 | 175 | if (defined($temporary) && defined($params_only)) { 176 | print "Error: temporary and parameters-only options are mutually exclusive!\n"; 177 | exit 1; 178 | } 179 | 180 | my $temp_opt = defined($temporary) ? "-T" : ""; 181 | my $po_opt = defined($params_only) ? "-S" : ""; 182 | 183 | printf("Starting new daemon...\n"); 184 | exec "$cmdname -6 $temp_opt $po_opt -nw -cf $conffile -pf $pidfile -lf $leasefile $ifname" 185 | or die "Can't exec $cmdname"; 186 | } 187 | -------------------------------------------------------------------------------- /scripts/vyatta-grub-setup: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Module: grup-setup 4 | # 5 | # **** License **** 6 | # This program is free software; you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License version 2 as 8 | # published by the Free Software Foundation. 9 | # 10 | # This program is distributed in the hope that it will be useful, but 11 | # WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | # General Public License for more details. 14 | # 15 | # This code was originally developed by Vyatta, Inc. 16 | # Portions created by Vyatta are Copyright (C) 2006, 2007 Vyatta, Inc. 17 | # All Rights Reserved. 18 | # 19 | # Author: Robert Bays 20 | # Date: 2006 21 | # Description: 22 | # 23 | # **** End License **** 24 | # 25 | # Vyatta grub customization setup script. 26 | # 27 | # 28 | 29 | # 30 | # Usage: 31 | # 32 | # vyatta-grub-setup [ -u ] [ -v ] 33 | # 34 | # The -u and -v flags are mutually exclusive. 35 | # 36 | 37 | 38 | # The OS version we are installing 39 | version="" 40 | 41 | UNION="false" 42 | while getopts u:v: c 43 | do 44 | case $c in 45 | u) 46 | UNION=true; 47 | livedir=$OPTARG; 48 | version=$livedir 49 | ;; 50 | v) 51 | version=$OPTARG 52 | ;; 53 | esac 54 | done 55 | shift `expr $OPTIND - 1` 56 | 57 | ROOT_PARTITION="$1" 58 | GRUB_OPTIONS="$2" 59 | ROOTFSDIR="$3" 60 | 61 | [ "$ROOT_PARTITION" ] || exit 1 62 | 63 | # Grub options 64 | if [ "$GRUB_OPTIONS" ]; then 65 | GRUB_OPTIONS="$GRUB_OPTIONS rootdelay=5" 66 | else 67 | GRUB_OPTIONS="rootdelay=5" 68 | fi 69 | 70 | # Path to standalone root password reset script 71 | pass_reset=/opt/vyatta/sbin/standalone_root_pw_reset 72 | 73 | # Output to both console (last device is /dev/console) 74 | vty_console="console=ttyS0,115200 console=tty0" 75 | serial_console="console=tty0 console=ttyS0,115200" 76 | usb_console="console=tty0 console=ttyUSB0,115200" 77 | 78 | # If vga_logo is set, enable use of the VGA monitor for displaying the 79 | # logo during boot. The "vga=" boot command specifies a VGA mode that 80 | # is encoded as shown below. We pick a value that is likely to work 81 | # on most systems. (Disabled on Xen) 82 | # See kernel Documentation/fb/vesafb.txt for resolution constants 83 | #VGA_LOGO="vga=785" 84 | 85 | # Disable SELinux when doing maintance operations 86 | NOSELINUX="selinux=0" 87 | 88 | # get list of kernels, except Xen 89 | kernel_versions=$(ls $ROOTFSDIR/boot/vmlinuz-* 2> /dev/null | grep -v xen | awk -F/ '{ print $5 }' | sed 's/vmlinuz//g' | sort -r) 90 | 91 | # get xen kernel info 92 | xen_kernel_version=$(ls $ROOTFSDIR/boot/vmlinuz*-xen* 2> /dev/null | awk -F/ '{ print $5 }' | sed 's/vmlinuz//g' | sort -r) 93 | xen_version=$(ls $ROOTFSDIR/boot/xen-*.gz 2> /dev/null | head -1 | awk -F/ '{ print $5 }' | sort -r) 94 | 95 | TTY=$(tty) 96 | if [ -n "$SUDO_USER" ]; then 97 | DEV=$(sudo who | grep "$SUDO_USER" | grep tty | awk '{print $2;}') 98 | if [ -n "$DEV" ]; then 99 | TTY="/dev/$DEV" 100 | fi 101 | fi 102 | 103 | # Figure out whether we are running on the serial or KVM console: 104 | if [ "$TTY" == "/dev/ttyS0" ]; then 105 | # Since user is running on serial console, make that the default. 106 | default_console=1 107 | elif [ "$TTY" == "/dev/ttyUSB0" ]; then 108 | # Since user is running on usb console, make that the default. 109 | default_console=2 110 | else 111 | # Since user is running on KVM console, make that the default 112 | default_console=0 113 | fi 114 | 115 | if eval "$UNION"; then 116 | GRUB_OPTIONS="boot=live rootdelay=5 noautologin net.ifnames=0 biosdevname=0 vyos-union=/boot/$livedir" 117 | union_xen_kernel_version=$(ls $ROOTFSDIR/boot/$livedir/vmlinuz*-xen* \ 118 | 2>/dev/null \ 119 | | awk -F/ '{ print $6 }' \ 120 | | sed 's/vmlinuz//g' | sort -r) 121 | union_xen_version=$(ls $ROOTFSDIR/boot/$livedir/xen-*.gz 2> /dev/null \ 122 | | head -1 | awk -F/ '{ print $6 }' | sort -r) 123 | union_kernel_versions=$(ls $ROOTFSDIR/boot/$livedir/vmlinuz-* \ 124 | 2> /dev/null | grep -v xen \ 125 | | awk -F/ '{ print $6 }' | sed 's/vmlinuz//g' \ 126 | | sort -r) 127 | else 128 | # Read UUID off of filesystem and use it to tell GRUB where to mount drive 129 | # This allows device to move around and grub will still find it 130 | uuid=$(dumpe2fs -h /dev/${ROOT_PARTITION} 2>/dev/null | awk '/^Filesystem UUID/ {print $3}') 131 | if [ -z "$uuid" ] 132 | then 133 | # TODO: use /proc/mount if dumpe2fs fails 134 | echo "Unable to read filesystem UUID. Exiting." 135 | exit 1 136 | else 137 | GRUB_OPTIONS="$GRUB_OPTIONS root=UUID=$uuid ro" 138 | fi 139 | fi 140 | 141 | if [ -n "$xen_kernel_version" ] || [ -n "$union_xen_kernel_version" ]; then 142 | # xen kernel exists. default to the first xen kernel. 143 | default_console=0 144 | fi 145 | 146 | if [ ${ROOT_PARTITION:0:2} = "md" ]; then 147 | # Select the first disk in the RAID group to look for diag partition on 148 | root_disks=`echo /sys/block/$ROOT_PARTITION/slaves/*` 149 | root_disk=`echo ${root_disks} | awk '{ print $1 }'` 150 | root_disk=${root_disk##*/} 151 | root_disk=${root_disk:0:${#root_disk}-1} 152 | else 153 | # Shave off the partition number to get the disk name 154 | root_disk=${ROOT_PARTITION:0:${#ROOT_PARTITION}-1} 155 | fi 156 | 157 | ( 158 | # create the grub.cfg file for grub 159 | # The "default=" line selects which boot option will be used by default. 160 | # Numbering starts at 0 for the first option. 161 | echo -e "# Generated by $0 at `date`" 162 | echo -e "set default=$default_console" 163 | echo "set timeout=5" 164 | # set serial console options 165 | echo -e "serial --unit=0 --speed=115200" 166 | echo "terminal_output --append serial" 167 | echo "terminal_input serial console" 168 | 169 | # EFI needs a few extra modules 170 | if [ -d /sys/firmware/efi ]; then 171 | echo -e "insmod efi_gop" 172 | echo -e "insmod efi_uga" 173 | fi 174 | 175 | if [ ${ROOT_PARTITION:0:2} = "md" ]; then 176 | if [ -d /sys/firmware/efi ]; then 177 | uuid_root_disk=`/sbin/tune2fs -l /dev/${root_disk}3 | grep UUID | awk '{print $3}'` 178 | else 179 | uuid_root_disk=`/sbin/tune2fs -l /dev/${root_disk}1 | grep UUID | awk '{print $3}'` 180 | fi 181 | uuid_root_md=`/sbin/tune2fs -l /dev/md${ROOT_PARTITION#md} | grep UUID | awk '{print $3}'` 182 | echo "" 183 | echo -e "insmod part_msdos" 184 | echo -e "insmod diskfilter" 185 | echo -e "insmod ext2" 186 | echo -e "insmod mdraid1x" 187 | echo -e "set root='mduuid/${uuid_root_disk}'" 188 | echo -e "search --no-floppy --fs-uuid --set=root ${uuid_root_md}" 189 | fi 190 | 191 | # create xen kernels if they exist 192 | XEN_OPTS='dom0_mem=512M xenheap_megabytes=128' 193 | if [ -n "$xen_kernel_version" ]; then 194 | for xversion in $xen_kernel_version; do 195 | echo 196 | echo 197 | echo -e "menuentry \"VyOS Xen linux$xversion dom0\" {" 198 | echo -e "\tmultiboot /boot/$xen_version $XEN_OPTS" 199 | echo -e "\tmodule /boot/vmlinuz$xversion $GRUB_OPTIONS $vty_console" 200 | echo -e "\tmodule /boot/initrd.img$xversion" 201 | echo -e "}" 202 | done 203 | fi 204 | 205 | if [ -n "$union_xen_kernel_version" ]; then 206 | for xversion in $union_xen_kernel_version; do 207 | echo 208 | echo 209 | echo -e "menuentry \"VyOS Xen linux$xversion dom0\" {" 210 | echo -e "\tmultiboot /boot/$livedir/$union_xen_version $XEN_OPTS" 211 | echo -e "\tmodule /boot/$livedir/vmlinuz$xversion $GRUB_OPTIONS $vty_console" 212 | echo -e "\tmodule /boot/$livedir/initrd.img$xversion" 213 | echo -e "}" 214 | done 215 | fi 216 | 217 | if eval "$UNION"; then 218 | # UNION case 219 | if [ -e "$ROOTFSDIR/boot/$livedir/vmlinuz" -a \ 220 | -e "$ROOTFSDIR/boot/$livedir/initrd.img" ]; then 221 | echo 222 | echo -e "menuentry \"VyOS $version linux (KVM console)\" {" 223 | echo -e "\tlinux /boot/$livedir/vmlinuz $GRUB_OPTIONS $VGA_LOGO $vty_console" 224 | echo -e "\tinitrd /boot/$livedir/initrd.img" 225 | echo -e "}" 226 | echo 227 | echo -e "menuentry \"VyOS $version linux (Serial console)\" {" 228 | echo -e "\tlinux /boot/$livedir/vmlinuz $GRUB_OPTIONS $serial_console" 229 | echo -e "\tinitrd /boot/$livedir/initrd.img" 230 | echo -e "}" 231 | echo 232 | echo -e "menuentry \"VyOS $version linux (USB console)\" {" 233 | echo -e "\tlinux /boot/$livedir/vmlinuz $GRUB_OPTIONS $usb_console" 234 | echo -e "\tinitrd /boot/$livedir/initrd.img" 235 | echo -e "}" 236 | 237 | elif [ -n "$union_kernel_versions" ]; then 238 | for kversion in $union_kernel_versions; do 239 | echo 240 | echo -e "menuentry \"VyOS $version linux$kversion (KVM console)\" {" 241 | echo -e "\tlinux /boot/$livedir/vmlinuz$kversion $GRUB_OPTIONS $VGA_LOGO $vty_console" 242 | echo -e "\tinitrd /boot/$livedir/initrd.img$kversion" 243 | echo -e "}" 244 | echo 245 | echo -e "menuentry \"VyOS $version linux$kversion (Serial console)\" {" 246 | echo -e "\tlinux /boot/$livedir/vmlinuz$kversion $GRUB_OPTIONS $serial_console" 247 | echo -e "\tinitrd /boot/$livedir/initrd.img$kversion" 248 | echo -e "}" 249 | echo 250 | echo -e "menuentry \"VyOS $version linux$kversion (USB console)\" {" 251 | echo -e "\tlinux /boot/$livedir/vmlinuz$kversion $GRUB_OPTIONS $usb_console" 252 | echo -e "\tinitrd /boot/$livedir/initrd.img$kversion" 253 | echo -e "}" 254 | done 255 | fi 256 | else 257 | # Non-UNION case 258 | if [ -f "$ROOTFSDIR/boot/vmlinuz" ]; then 259 | # Set first system boot option. Make KVM the default console in this one. 260 | echo -e "menuentry \"VyOS $version (KVM console)\" {" 261 | echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $VGA_LOGO $vty_console" 262 | echo -e "\tinitrd /boot/initrd.img" 263 | echo -e "}" 264 | 265 | # Set the second system boot option. 266 | # Make the serial port be the default console in this one. 267 | echo 268 | echo -e "menuentry \"VyOS $version (Serial console)\" {" 269 | echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $serial_console" 270 | echo -e "\tinitrd /boot/initrd.img" 271 | echo -e "}" 272 | echo 273 | echo -e "menuentry \"VyOS $version (USB console)\" {" 274 | echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $usb_console" 275 | echo -e "\tinitrd /boot/initrd.img" 276 | echo -e "}" 277 | elif [ -n "$kernel_versions" ]; then 278 | for kversion in $kernel_versions; do 279 | echo 280 | echo -e "menuentry \"VyOS $version linux$kversion (KVM console)\" {" 281 | echo -e "\tlinux /boot/vmlinuz$kversion $GRUB_OPTIONS $VGA_LOGO $vty_console" 282 | echo -e "\tinitrd /boot/initrd.img$kversion" 283 | echo -e "}" 284 | echo 285 | echo -e "menuentry \"VyOS $version linux$kversion (Serial console)\" {" 286 | echo -e "\tlinux /boot/vmlinuz$kversion $GRUB_OPTIONS $serial_console" 287 | echo -e "\tinitrd /boot/initrd.img$kversion" 288 | echo -e "}" 289 | echo 290 | echo -e "menuentry \"VyOS $version linux$kversion (USB console)\" {" 291 | echo -e "\tlinux /boot/vmlinuz$kversion $GRUB_OPTIONS $usb_console" 292 | echo -e "\tinitrd /boot/initrd.img$kversion" 293 | echo -e "}" 294 | done 295 | fi 296 | fi 297 | 298 | # Set options for root password reset. Offer 299 | # options for both serial and KVM console. 300 | reset_boot_path=/boot 301 | if eval "$UNION"; then 302 | reset_boot_path=/boot/$livedir 303 | fi 304 | 305 | echo 306 | echo -e "menuentry \"Lost password change $version (KVM console)\" {" 307 | echo -e "\tlinux $reset_boot_path/vmlinuz $GRUB_OPTIONS $NOSELINUX $vty_console init=$pass_reset" 308 | echo -e "\tinitrd $reset_boot_path/initrd.img" 309 | echo -e "}" 310 | 311 | echo 312 | echo -e "menuentry \"Lost password change $version (Serial console)\" {" 313 | echo -e "\tlinux $reset_boot_path/vmlinuz $GRUB_OPTIONS $NOSELINUX $serial_console init=$pass_reset" 314 | echo -e "\tinitrd $reset_boot_path/initrd.img" 315 | echo -e "}" 316 | 317 | echo 318 | echo -e "menuentry \"Lost password change $version (USB console)\" {" 319 | echo -e "\tlinux $reset_boot_path/vmlinuz $GRUB_OPTIONS $NOSELINUX $usb_console init=$pass_reset" 320 | echo -e "\tinitrd $reset_boot_path/initrd.img" 321 | echo -e "}" 322 | 323 | ) >"$ROOTFSDIR"/boot/grub/grub.cfg 324 | 325 | ( [ -s /boot/grub/menu.lst ] && 326 | upgrade-from-grub-legacy && 327 | rm -f /boot/grub/menu.lst* 328 | ) || true 329 | -------------------------------------------------------------------------------- /scripts/vyos-persistpath: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if grep -q -e '^overlay.*/filesystem.squashfs' /proc/mounts; then 4 | # Live CD boot 5 | exit 2 6 | 7 | elif grep -q 'upperdir=/live/persistence/' /proc/mounts && egrep -q 'overlay / overlay ' /proc/mounts; then 8 | # union boot 9 | 10 | boot_device=`grep -o 'upperdir=/live/persistence/[^/]*/boot' /proc/mounts | cut -d / -f 4` 11 | persist_path="/lib/live/mount/persistence/$boot_device" 12 | 13 | echo $persist_path 14 | exit 0 15 | else 16 | # old style boot 17 | 18 | exit 1 19 | fi -------------------------------------------------------------------------------- /sysconf/LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc. 5 | 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Library General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | 294 | Copyright (C) 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License 307 | along with this program; if not, write to the Free Software 308 | Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 309 | 310 | 311 | Also add information on how to contact you by electronic and paper mail. 312 | 313 | If the program is interactive, make it output a short notice like this 314 | when it starts in an interactive mode: 315 | 316 | Gnomovision version 69, Copyright (C) year name of author 317 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 318 | This is free software, and you are welcome to redistribute it 319 | under certain conditions; type `show c' for details. 320 | 321 | The hypothetical commands `show w' and `show c' should show the appropriate 322 | parts of the General Public License. Of course, the commands you use may 323 | be called something other than `show w' and `show c'; they could even be 324 | mouse-clicks or menu items--whatever suits your program. 325 | 326 | You should also get your employer (if you work as a programmer) or your 327 | school, if any, to sign a "copyright disclaimer" for the program, if 328 | necessary. Here is a sample; alter the names: 329 | 330 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 331 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 332 | 333 | , 1 April 1989 334 | Ty Coon, President of Vice 335 | 336 | This General Public License does not permit incorporating your program into 337 | proprietary programs. If your program is a subroutine library, you may 338 | consider it more useful to permit linking proprietary applications with the 339 | library. If this is what you want to do, use the GNU Library General 340 | Public License instead of this License. 341 | -------------------------------------------------------------------------------- /sysconf/filecaps: -------------------------------------------------------------------------------- 1 | # List of files that get special attribute labeling 2 | 3 | # Network related utilities 4 | cap_net_admin=pe /sbin/ethtool 5 | cap_net_admin=pe /sbin/tc 6 | cap_net_admin=pe /bin/ip 7 | # handles /sbin/iptables and /sbin/ip6tables symlink target 8 | cap_net_admin=pe /sbin/xtables-legacy-multi 9 | cap_net_admin=pe /sbin/xtables-nft-multi 10 | cap_net_admin=pe /usr/sbin/conntrack 11 | cap_net_admin=pe /usr/sbin/arp 12 | 13 | # Raw sockets 14 | cap_net_raw=pe /usr/bin/tcpdump 15 | 16 | # Allow changes to system settings 17 | cap_net_admin,cap_sys_admin=pe /sbin/sysctl 18 | 19 | # Module install 20 | cap_sys_module=pe /bin/kmod 21 | 22 | # Set time 23 | cap_sys_time=pe /bin/date 24 | -------------------------------------------------------------------------------- /sysconf/netdevice: -------------------------------------------------------------------------------- 1 | # device name to CLI path matching 2 | lo loopback 3 | eth ethernet 4 | lan ethernet 5 | eno ethernet 6 | ens ethernet 7 | enp ethernet 8 | enx ethernet 9 | ifb input 10 | peth pseudo-ethernet 11 | br bridge 12 | bond bonding 13 | vtun openvpn 14 | tun tunnel 15 | vti vti 16 | wlan wireless 17 | wwan wwan 18 | pppoe pppoe 19 | dum dummy 20 | l2tpeth l2tpv3 21 | vxlan vxlan 22 | wg wireguard 23 | gnv geneve 24 | macsec macsec 25 | --------------------------------------------------------------------------------