├── .github ├── PULL_REQUEST_TEMPLATE.md └── workflows │ ├── add-pr-labels.yml │ ├── auto-author-assign.yml │ ├── check-open-prs-conflict.yml │ ├── check-pr-conflicts.yml │ ├── check-pr-message.yml │ ├── check-stale.yml │ ├── check-unused-imports.yml │ ├── cleanup-mirror-pr-branch.yml │ ├── codeql.yml │ ├── label-backport.yml │ ├── linit-j2.yml │ ├── mirror-pr-and-sync.yml │ ├── trigger-docker-image-build.yml │ ├── trigger-pr-mirror-repo-sync.yml │ └── trigger_rebuild_packages.yml ├── .gitignore ├── CODEOWNERS ├── CONTRIBUTING.md ├── LICENSE ├── LICENSE.artwork ├── Makefile ├── README.md ├── build-vyos-image ├── data ├── architectures │ ├── amd64.toml │ ├── arm64.toml │ └── armhf.toml ├── build-flavors │ └── generic.toml ├── build-types │ ├── development.toml │ ├── release.toml │ └── stream.toml ├── certificates │ └── .gitignore ├── defaults.toml ├── live-build-config │ ├── archives │ │ ├── bookworm-backports.pref.chroot │ │ ├── saltstack.key.chroot │ │ ├── vyos-dev.key.chroot │ │ ├── vyos-dev.pref.chroot │ │ └── zabbix-official-repo.key.chroot │ ├── bootloaders │ │ └── grub-pc │ │ │ ├── dejavu-bold-14.pf2 │ │ │ ├── dejavu-bold-16.pf2 │ │ │ ├── grub.cfg │ │ │ ├── live-theme │ │ │ └── theme.txt │ │ │ └── splash.png │ ├── hooks │ │ └── live │ │ │ ├── 00-manifest.binary │ │ │ ├── 00-mk_buildid.chroot │ │ │ ├── 01-interfaces.chroot │ │ │ ├── 01-live-serial.binary │ │ │ ├── 03-root_bash_completion.chroot │ │ │ ├── 04-locale.chroot │ │ │ ├── 05-event_tty.chroot │ │ │ ├── 07-apt.chroot │ │ │ ├── 08-sysconf.chroot │ │ │ ├── 09-live.chroot │ │ │ ├── 100-remove-dropbear-keys.chroot │ │ │ ├── 11-busybox.chroot │ │ │ ├── 12-udev-initramfs.chroot │ │ │ ├── 14-acpid.chroot │ │ │ ├── 15-sources_list.chroot │ │ │ ├── 16-fuse.chroot │ │ │ ├── 17-gen_initramfs.chroot │ │ │ ├── 18-enable-disable_services.chroot │ │ │ ├── 19-kernel_symlinks.chroot │ │ │ ├── 20-systemd_target.chroot │ │ │ ├── 21-pam_mkhomedir.chroot │ │ │ ├── 23-config_mkdir.chroot │ │ │ ├── 24-efi_packages.chroot │ │ │ ├── 30-mpls_modules.chroot │ │ │ ├── 30-strongswan-configs.chroot │ │ │ ├── 40-init-cracklib-db.chroot │ │ │ ├── 40-init-geoip-database.chroot │ │ │ ├── 90-localepurge.chroot │ │ │ ├── 92-strip-symbols.chroot │ │ │ └── 93-sb-sign-kernel.chroot │ ├── includes.binary │ │ └── isolinux │ │ │ ├── isolinux.cfg │ │ │ ├── menu.cfg │ │ │ └── splash.png │ ├── includes.chroot │ │ ├── etc │ │ │ ├── c3xxx_dev0.conf │ │ │ ├── c3xxx_dev1.conf │ │ │ ├── c3xxx_dev2.conf │ │ │ ├── c6xx_dev0.conf │ │ │ ├── c6xx_dev1.conf │ │ │ ├── c6xx_dev2.conf │ │ │ ├── d15xx_dev0.conf │ │ │ ├── d15xx_dev1.conf │ │ │ ├── d15xx_dev2.conf │ │ │ ├── dh895xcc_dev0.conf │ │ │ ├── dh895xcc_dev1.conf │ │ │ ├── dh895xcc_dev2.conf │ │ │ ├── initramfs-tools │ │ │ │ └── hooks │ │ │ │ │ └── 10-vyos-addons │ │ │ ├── login.defs │ │ │ ├── modprobe.d │ │ │ │ ├── intel-qat-blacklist.conf │ │ │ │ └── no-copybreak.conf │ │ │ ├── modules-load.d │ │ │ │ └── br-netfilter.conf │ │ │ ├── nsswitch.conf │ │ │ ├── sudoers.d │ │ │ │ └── openvpn │ │ │ └── systemd │ │ │ │ ├── bootchart.conf │ │ │ │ ├── journald.conf │ │ │ │ ├── system.conf │ │ │ │ └── system │ │ │ │ └── getty@tty1.service.d │ │ │ │ └── noclear.conf │ │ ├── opt │ │ │ └── vyatta │ │ │ │ └── etc │ │ │ │ ├── grub │ │ │ │ └── default-union-grub-entry │ │ │ │ └── install-image │ │ │ │ └── postinst │ │ └── usr │ │ │ └── share │ │ │ └── vyos │ │ │ └── keys │ │ │ ├── vyos-backup.minisign.pub │ │ │ ├── vyos-release.minisign.pub │ │ │ └── vyos-rolling-release.minisign.pub │ ├── package-lists │ │ ├── vyos-base.list.chroot │ │ └── vyos-utils.list.chroot │ └── rootfs │ │ └── excludes └── versions ├── docker-vyos ├── Dockerfile ├── README.md ├── vyos_install_common.sh ├── vyos_install_stage_01.sh ├── vyos_install_stage_02.sh └── vyos_install_stage_03.sh ├── docker ├── Dockerfile ├── arm64 │ └── hooks │ │ ├── post_checkout │ │ └── pre_build ├── armhf │ └── hooks │ │ ├── post_checkout │ │ └── pre_build ├── entrypoint.sh └── patches │ └── live-build │ └── 0001-save-package-info.patch ├── packages └── .gitignore ├── scripts ├── check-qemu-install ├── image-build │ ├── build-vyos-image │ ├── defaults.py │ ├── raw_image.py │ └── utils.py ├── iso-to-oci ├── package-build │ ├── .gitignore │ ├── amazon-cloudwatch-agent │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── amazon-ssm-agent │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── aws-gwlbtun │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── bash-completion │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── blackbox_exporter │ │ ├── .gitignore │ │ ├── build.py │ │ ├── build.sh │ │ └── package.toml │ ├── build.py │ ├── ddclient │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── dropbear │ │ ├── .gitignore │ │ ├── build.py │ │ ├── package.toml │ │ └── patches │ │ │ └── dropbear │ │ │ └── 0001-Enable-PAM-support.patch │ ├── ethtool │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── frr │ │ ├── .gitignore │ │ ├── build.py │ │ ├── package.toml │ │ └── patches │ │ │ └── frr │ │ │ ├── 0001-Enable-PCRE2-in-Debian-package-builds.patch │ │ │ ├── 0001-ldpd-Option-for-disabled-LDP-hello-message-during-TC.patch │ │ │ └── 0003-Clear-Babel-Config-On-Stop.patch │ ├── frr_exporter │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── hostap │ │ ├── .gitignore │ │ ├── README.md │ │ ├── build.py │ │ ├── build.sh │ │ └── package.toml │ ├── hsflowd │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── isc-dhcp │ │ ├── .gitignore │ │ ├── build.py │ │ ├── package.toml │ │ └── patches │ │ │ └── isc-dhcp │ │ │ ├── 0001-Add-support-for-raw-IP-interface-type.patch │ │ │ ├── 0002-Checkpoint-improved-patch.patch │ │ │ ├── 0003-fix-compilation-errors.patch │ │ │ └── 0004-add-support-for-ARPHRD_NONE-interface-type.patch │ ├── kea │ │ ├── .gitignore │ │ ├── build.py │ │ ├── package.toml │ │ └── patches │ │ │ └── isc-kea │ │ │ ├── 0001-Add-multithreading-test-mode.patch │ │ │ └── 0002-Add-ping_check-hook-library.patch │ ├── keepalived │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── libnss-mapuser │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── libpam-radius-auth │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── linux-kernel │ │ ├── .gitignore │ │ ├── README.md │ │ ├── arch │ │ │ ├── arm64 │ │ │ │ └── configs │ │ │ │ │ └── vyos_defconfig │ │ │ └── x86 │ │ │ │ └── configs │ │ │ │ └── vyos_defconfig │ │ ├── build-accel-ppp.sh │ │ ├── build-intel-nic.sh │ │ ├── build-intel-qat.sh │ │ ├── build-ipt-netflow.sh │ │ ├── build-jool.py │ │ ├── build-kernel.sh │ │ ├── build-linux-firmware.sh │ │ ├── build-mellanox-ofed.sh │ │ ├── build-nat-rtsp.sh │ │ ├── build-openvpn-dco.sh │ │ ├── build-realtek-r8152.py │ │ ├── build.py │ │ ├── package.toml │ │ ├── patches │ │ │ ├── accel-ppp │ │ │ │ ├── 0001-L2TP-Include-Calling-Number-to-Calling-Station-ID-RA.patch │ │ │ │ ├── 0002-Add-vrf-support-for-Framed-Route-and-Framed-IPv6-Rou.patch │ │ │ │ ├── 0002-Radius-Dns-Server-IPv6-Address.patch │ │ │ │ ├── 0003-Simplify-implementation-of-vrf-support-for-iproute_a.patch │ │ │ │ └── 0004-Fix-whitespace-in-accel-pppd-libnetlink-iputils.c.patch │ │ │ ├── ixgbe │ │ │ │ ├── 0001-ixgbe-always-enable-support-for-unsupported-SFP-modu.patch │ │ │ │ └── 0002-BACKPORT-linux-v6.9-PATCH-ixgbe-Add-1000BASE-BX-supp.patch │ │ │ └── kernel │ │ │ │ ├── 0001-linkstate-ip-device-attribute.patch │ │ │ │ ├── 0002-inotify-support-for-stackable-filesystems.patch │ │ │ │ └── build-linux-perf-package.patch │ │ └── sign-modules.sh │ ├── ndppd │ │ ├── .gitignore │ │ ├── build.py │ │ ├── package.toml │ │ └── patches │ │ │ └── ndppd │ │ │ ├── 0001-skip-route-table-if-there-is-no-auto-rule.patch │ │ │ └── 0002-set-vyos-version.patch │ ├── net-snmp │ │ ├── .gitignore │ │ ├── build.py │ │ ├── package.toml │ │ └── patches │ │ │ └── net-snmp │ │ │ └── add-linux-6.7-compatibility-parsing.patch │ ├── netfilter │ │ ├── .gitignore │ │ ├── build.py │ │ ├── package.toml │ │ └── patches │ │ │ └── pkg-nftables │ │ │ └── 0001-meta-fix-hour-decoding.patch │ ├── node_exporter │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── openvpn-otp │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── owamp │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── pmacct │ │ ├── .gitignore │ │ ├── build.py │ │ ├── package.toml │ │ └── patches │ │ │ └── pmacct │ │ │ └── 0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch │ ├── podman │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── pyhumps │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── radvd │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── strongswan │ │ ├── .gitignore │ │ ├── build-vici.sh │ │ ├── build.py │ │ ├── package.toml │ │ └── patches │ │ │ └── strongswan │ │ │ ├── 0001-charon-add-optional-source-and-remote-overrides-for-.patch │ │ │ ├── 0002-vici-send-certificates-for-ike-sa-events.patch │ │ │ ├── 0003-vici-add-support-for-individual-sa-state-changes.patch │ │ │ └── 0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch │ ├── tacacs │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── telegraf │ │ ├── .gitignore │ │ ├── README.md │ │ ├── build.py │ │ ├── build.sh │ │ ├── package.toml │ │ └── plugins │ │ │ ├── inputs │ │ │ └── all │ │ │ │ └── all.go │ │ │ └── outputs │ │ │ └── all │ │ │ └── all.go │ ├── udp-broadcast-relay │ │ ├── build.py │ │ ├── package.toml │ │ └── patches │ │ │ └── udp-broadcast-relay │ │ │ └── 0001-Add-Debian-packaging.patch │ ├── vpp │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── vyos-1x │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── waagent │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml │ ├── wide-dhcpv6 │ │ ├── .gitignore │ │ ├── build.py │ │ ├── package.toml │ │ └── patches │ │ │ └── wide-dhcpv6 │ │ │ ├── 0023-dhcpc6-support-per-interface-client-DUIDs.patch │ │ │ ├── 0024-bind-to-single-socket.patch │ │ │ └── 0025-option-to-prevent-ia-release.patch │ └── xen-guest-agent │ │ ├── .gitignore │ │ ├── build.py │ │ └── package.toml └── utils │ └── merge-flavors └── tools ├── cloud-init └── AWS │ ├── 90_dpkg.cfg │ ├── cloud-init.list.chroot │ └── config.boot.default └── container └── config.boot.default /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | ## Change summary 5 | 6 | 7 | ## Types of changes 8 | 13 | - [ ] Bug fix (non-breaking change which fixes an issue) 14 | - [ ] New feature (non-breaking change which adds functionality) 15 | - [ ] Code style update (formatting, renaming) 16 | - [ ] Refactoring (no functional changes) 17 | - [ ] Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component 18 | - [ ] Other (please describe): 19 | 20 | ## Related Task(s) 21 | 22 | 23 | 24 | ## Related PR(s) 25 | 26 | 27 | ## Checklist: 28 | 29 | 30 | 31 | - [ ] I have read the [**CONTRIBUTING**](https://github.com/vyos/vyos-1x/blob/current/CONTRIBUTING.md) document 32 | - [ ] I have linked this PR to one or more Phabricator Task(s) 33 | - [ ] My commit headlines contain a valid Task id 34 | - [ ] My change requires a change to the documentation 35 | - [ ] I have updated the documentation accordingly 36 | -------------------------------------------------------------------------------- /.github/workflows/add-pr-labels.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Add pull request labels 3 | 4 | on: 5 | pull_request_target: 6 | branches: 7 | - current 8 | - equuleus 9 | - sagitta 10 | 11 | permissions: 12 | pull-requests: write 13 | contents: read 14 | 15 | jobs: 16 | add-pr-label: 17 | uses: vyos/.github/.github/workflows/add-pr-labels.yml@current 18 | secrets: inherit 19 | -------------------------------------------------------------------------------- /.github/workflows/auto-author-assign.yml: -------------------------------------------------------------------------------- 1 | name: "PR Triage" 2 | on: 3 | pull_request_target: 4 | types: [opened, reopened, ready_for_review, locked] 5 | 6 | 7 | permissions: 8 | pull-requests: write 9 | contents: read 10 | 11 | jobs: 12 | assign-author: 13 | uses: vyos/.github/.github/workflows/assign-author.yml@current 14 | secrets: inherit 15 | -------------------------------------------------------------------------------- /.github/workflows/check-open-prs-conflict.yml: -------------------------------------------------------------------------------- 1 | name: "Open PRs Conflicts checker" 2 | on: 3 | push: 4 | branches: 5 | - current 6 | - sagitta 7 | - circinus 8 | workflow_dispatch: 9 | 10 | permissions: 11 | contents: read 12 | pull-requests: write 13 | 14 | jobs: 15 | check-pr-conflict-call: 16 | uses: vyos/.github/.github/workflows/check-open-prs-conflict.yml@current 17 | secrets: inherit 18 | -------------------------------------------------------------------------------- /.github/workflows/check-pr-conflicts.yml: -------------------------------------------------------------------------------- 1 | 2 | name: "PR Conflicts checker" 3 | on: 4 | pull_request_target: 5 | types: [synchronize] 6 | 7 | permissions: 8 | pull-requests: write 9 | contents: read 10 | 11 | jobs: 12 | check-pr-conflict-call: 13 | uses: vyos/.github/.github/workflows/check-pr-merge-conflict.yml@current 14 | secrets: inherit 15 | -------------------------------------------------------------------------------- /.github/workflows/check-pr-message.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Check pull request message format 3 | 4 | on: 5 | pull_request_target: 6 | branches: 7 | - current 8 | - sagitta 9 | - equuleus 10 | 11 | permissions: 12 | pull-requests: write 13 | contents: read 14 | 15 | jobs: 16 | check-pr-title: 17 | uses: vyos/.github/.github/workflows/check-pr-message.yml@current 18 | secrets: inherit 19 | -------------------------------------------------------------------------------- /.github/workflows/check-stale.yml: -------------------------------------------------------------------------------- 1 | name: "Issue and PR stale management" 2 | on: 3 | schedule: 4 | - cron: "0 0 * * *" 5 | workflow_dispatch: 6 | 7 | permissions: 8 | pull-requests: write 9 | contents: read 10 | 11 | jobs: 12 | stale: 13 | uses: vyos/.github/.github/workflows/check-stale.yml@current 14 | secrets: inherit 15 | -------------------------------------------------------------------------------- /.github/workflows/check-unused-imports.yml: -------------------------------------------------------------------------------- 1 | name: Check for unused imports using Pylint 2 | on: 3 | pull_request: 4 | branches: 5 | - current 6 | - sagitta 7 | - equuleus 8 | workflow_dispatch: 9 | 10 | permissions: 11 | pull-requests: write 12 | contents: read 13 | 14 | jobs: 15 | check-unused-imports: 16 | uses: vyos/.github/.github/workflows/check-unused-imports.yml@current 17 | secrets: inherit 18 | -------------------------------------------------------------------------------- /.github/workflows/cleanup-mirror-pr-branch.yml: -------------------------------------------------------------------------------- 1 | name: Cleanup pr mirror branch 2 | 3 | on: 4 | pull_request: 5 | types: [closed] 6 | branches: 7 | - current 8 | 9 | permissions: 10 | contents: write 11 | 12 | jobs: 13 | call-delete-branch: 14 | if: github.repository_owner != 'vyos' 15 | uses: vyos/.github/.github/workflows/cleanup-mirror-pr-branch.yml@current 16 | secrets: inherit 17 | -------------------------------------------------------------------------------- /.github/workflows/codeql.yml: -------------------------------------------------------------------------------- 1 | name: "Perform CodeQL Analysis" 2 | 3 | on: 4 | push: 5 | branches: [ "current", "sagitta", "equuleus" ] 6 | pull_request: 7 | # The branches below must be a subset of the branches above 8 | branches: [ "current" ] 9 | schedule: 10 | - cron: '22 10 * * 0' 11 | workflow_dispatch: 12 | 13 | permissions: 14 | actions: read 15 | contents: read 16 | security-events: write 17 | 18 | jobs: 19 | codeql-analysis-call: 20 | uses: vyos/.github/.github/workflows/codeql-analysis.yml@current 21 | secrets: inherit 22 | with: 23 | languages: "['python']" 24 | -------------------------------------------------------------------------------- /.github/workflows/label-backport.yml: -------------------------------------------------------------------------------- 1 | name: Mergifyio backport 2 | 3 | on: [issue_comment] 4 | 5 | permissions: 6 | pull-requests: write 7 | contents: read 8 | 9 | jobs: 10 | mergifyio-backport: 11 | uses: vyos/.github/.github/workflows/label-backport.yml@current 12 | secrets: inherit 13 | -------------------------------------------------------------------------------- /.github/workflows/linit-j2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: J2 Lint 3 | 4 | on: 5 | pull_request: 6 | branches: 7 | - current 8 | - sagitta 9 | - equuleus 10 | workflow_dispatch: 11 | 12 | permissions: 13 | pull-requests: write 14 | contents: read 15 | 16 | jobs: 17 | j2lint: 18 | uses: vyos/.github/.github/workflows/lint-j2.yml@current 19 | secrets: inherit 20 | -------------------------------------------------------------------------------- /.github/workflows/mirror-pr-and-sync.yml: -------------------------------------------------------------------------------- 1 | name: Create Mirror PR and Repo Sync 2 | on: 3 | workflow_dispatch: 4 | inputs: 5 | sync_branch: 6 | description: 'branch to sync' 7 | required: true 8 | type: string 9 | 10 | permissions: 11 | pull-requests: write 12 | contents: write 13 | 14 | jobs: 15 | call-mirror-pr-and-sync: 16 | if: github.repository_owner != 'vyos' 17 | uses: VyOS-Networks/vyos-reusable-workflows/.github/workflows/mirror-pr-and-sync.yml@main 18 | with: 19 | sync_branch: ${{ inputs.sync_branch }} 20 | secrets: 21 | PAT: ${{ secrets.PAT }} 22 | -------------------------------------------------------------------------------- /.github/workflows/trigger-docker-image-build.yml: -------------------------------------------------------------------------------- 1 | name: Trigger Docker image build 2 | 3 | on: 4 | pull_request_target: 5 | types: 6 | - closed 7 | branches: 8 | - current 9 | 10 | permissions: 11 | packages: write 12 | contents: read 13 | attestations: write 14 | id-token: write 15 | pull-requests: read 16 | 17 | jobs: 18 | track-changes: 19 | if: github.event.pull_request.merged == true 20 | runs-on: ubuntu-latest 21 | 22 | env: 23 | REF: main # Used for curl to trigger image build 24 | 25 | steps: 26 | - name: Checkout vyos/vyos-build repo 27 | uses: actions/checkout@v4 28 | with: 29 | ref: ${{ github.ref_name }} 30 | 31 | - uses: dorny/paths-filter@v3 32 | id: changes 33 | with: 34 | filters: | 35 | docker-dir: 36 | - 'docker/**' 37 | 38 | - name: "Trigger Docker image build for ${{ github.ref_name }}" 39 | if: ${{ steps.changes.outputs.docker-dir == 'true' }} 40 | run: | 41 | curl -L \ 42 | -X POST \ 43 | -H "Accept: application/vnd.github+json" \ 44 | -H "Authorization: Bearer ${{ secrets.PAT }}" \ 45 | -H "X-GitHub-Api-Version: 2022-11-28" \ 46 | https://api.github.com/repos/${{ secrets.REMOTE_OWNER }}/${{ secrets.REMOTE_REUSE_REPO }}/actions/workflows/build-docker-image.yml/dispatches \ 47 | -d '{"ref": "${{ env.REF }}", "inputs":{"branch":"${{ github.ref_name }}", "environment":"production"}}' -------------------------------------------------------------------------------- /.github/workflows/trigger-pr-mirror-repo-sync.yml: -------------------------------------------------------------------------------- 1 | name: Trigger Mirror PR and Repo Sync 2 | on: 3 | pull_request_target: 4 | types: 5 | - closed 6 | branches: 7 | - current 8 | 9 | permissions: 10 | pull-requests: write 11 | contents: write 12 | issues: write 13 | 14 | jobs: 15 | call-trigger-mirror-pr-repo-sync: 16 | if: github.repository_owner == 'vyos' && github.event.pull_request.merged == true 17 | uses: vyos/.github/.github/workflows/trigger-pr-mirror-repo-sync.yml@current 18 | secrets: inherit 19 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .build/config 2 | build/* 3 | config/* 4 | *.pyc 5 | packer_build/* 6 | packer_cache/* 7 | key/* 8 | packages/* 9 | !packages/*/ 10 | /testinstall*.img 11 | /testinstall*.efivars 12 | /*.qcow2 13 | /*.tar 14 | .DS_Store 15 | ._.DS_Store 16 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Users from reviewers github team 2 | # * @vyos/reviewers 3 | -------------------------------------------------------------------------------- /LICENSE.artwork: -------------------------------------------------------------------------------- 1 | # The spirit 2 | 3 | VyOS is free (as in freedom) software. We keep the source code and the build tools freely-licensed 4 | and available to everyone to inspect, modify, and distribute. 5 | The goal of VyOS is to create a network operating system available to everyone who needs it. 6 | We welcome contributions from all community members and we are happy to share our work on LTS releases 7 | with contributors. We also don't require contributors to give us exclusive rights to their contributions, 8 | and VyOS source code belongs to the entire community. 9 | 10 | However, success of a project and its ability to receive funding through commercial services 11 | rests on the reputation of its maintainers. 12 | And the "pay for binaries" LTS release model only works if access to images is actually restricted 13 | to those who support the project by purchasing a subscription or contributing. 14 | 15 | We cannot let other people and organizations exploit our reputation for gain or put it at risk 16 | by distributing modified images with VyOS branding, or compromise the LTS business model 17 | by redistributing pre-built images meant for subscription holders. 18 | 19 | We enforce that through trademarks and copyrighted artwork. 20 | 21 | Use and distribution of pre-built LTS images is governed by a EULA you can find in /usr/share/doc/vyos/EULA 22 | on the live image and in installed systems. 23 | 24 | Self-built images can be freely distributed, but only if you replace the branding with yourn own, 25 | that is, replace all artwork files that contain the VyOS logo and all end-user-visible mentions of the VyOS name. 26 | 27 | # The letter 28 | 29 | VyOS is a registered trademarks in the United States, countries of the European Union, and other countries. 30 | 31 | The copyright to the artwork files that contain the VyOS logo, such as data/live-build-config/includes.binary/isolinux/splash.png 32 | belongs to Sentrium S.L. and affiliated, all rights reserved. 33 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | SHELL := /bin/bash 2 | 3 | build_dir := build 4 | 5 | .PHONY: all 6 | all: 7 | @echo "Make what specifically?" 8 | @echo "The most common target is 'generic'" 9 | 10 | %: 11 | ./build-vyos-image $* 12 | 13 | .PHONY: checkiso 14 | .ONESHELL: 15 | checkiso: 16 | if [ ! -f build/live-image-amd64.hybrid.iso ]; then 17 | echo "Could not find build/live-image-amd64.hybrid.iso" 18 | exit 1 19 | fi 20 | 21 | .PHONY: test 22 | .ONESHELL: 23 | test: checkiso 24 | scripts/check-qemu-install --debug --configd --match="$(MATCH)" --smoketest --uefi --cpu 4 --memory 8 build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS)) 25 | 26 | .PHONY: test-no-interfaces 27 | .ONESHELL: 28 | test-no-interfaces: checkiso 29 | scripts/check-qemu-install --debug --configd --smoketest --uefi --no-interfaces --cpu 4 --memory 8 build/live-image-amd64.hybrid.iso 30 | 31 | .PHONY: test-interfaces 32 | .ONESHELL: 33 | test-interfaces: checkiso 34 | scripts/check-qemu-install --debug --configd --match="interfaces_" --smoketest --uefi build/live-image-amd64.hybrid.iso 35 | 36 | .PHONY: test-vpp 37 | .ONESHELL: 38 | test-vpp: checkiso 39 | scripts/check-qemu-install --debug --configd --match="vpp" --smoketest --uefi --cpu 4 --memory 8 build/live-image-amd64.hybrid.iso 40 | 41 | .PHONY: testc 42 | .ONESHELL: 43 | testc: checkiso 44 | scripts/check-qemu-install --debug --configd --cpu 2 --memory 7 --configtest build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS)) 45 | 46 | .PHONY: testraid 47 | .ONESHELL: 48 | testraid: checkiso 49 | scripts/check-qemu-install --debug --configd --raid build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS)) 50 | 51 | .PHONY: testsb 52 | .ONESHELL: 53 | testsb: checkiso 54 | scripts/check-qemu-install --debug --uefi --sbtest build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS)) 55 | 56 | .PHONY: testtpm 57 | .ONESHELL: 58 | testtpm: checkiso 59 | scripts/check-qemu-install --debug --tpmtest build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS)) 60 | 61 | .PHONY: qemu-live 62 | .ONESHELL: 63 | qemu-live: checkiso 64 | scripts/check-qemu-install --qemu-cmd --uefi build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS)) 65 | 66 | .PHONY: oci 67 | .ONESHELL: 68 | oci: checkiso 69 | scripts/iso-to-oci build/live-image-amd64.hybrid.iso 70 | 71 | .PHONY: clean 72 | .ONESHELL: 73 | clean: 74 | @set -e 75 | mkdir -p $(build_dir) 76 | cd $(build_dir) 77 | lb clean 78 | 79 | rm -f config/binary config/bootstrap config/chroot config/common config/source 80 | rm -f build.log 81 | rm -f vyos-*.iso 82 | rm -f *.img *.efivars 83 | rm -f *.xz 84 | rm -f *.vhd 85 | rm -f *.raw 86 | rm -f *.tar.gz 87 | rm -f *.qcow2 88 | rm -f *.mf 89 | rm -f *.ovf 90 | rm -f *.ova 91 | 92 | .PHONY: purge 93 | purge: 94 | rm -rf build packer_build packer_cache testinstall-*.img 95 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | VyOS toplevel build 2 | =================== 3 | 4 | For the most up-to-date documentation, please read the online build guide at 5 | [docs.vyos.io](https://docs.vyos.io/en/latest/contributing/build-vyos.html). 6 | 7 | # What is VyOS 8 | 9 | VyOS is an open source operating system for network devices (routers, firewalls 10 | and so on). If you want to use it in your network, check out download and 11 | installation instructions at https://docs.vyos.io/en/latest/installation/index.html 12 | 13 | If you want to modify VyOS and/or join its development, read on. 14 | 15 | # About this repository 16 | 17 | VyOS is a GNU/Linux distribution based on Debian. Just like any other 18 | distribution, it consists of multiple packages. 19 | 20 | Some packages are taken from the upstream, while other are modified or written 21 | from scratch by VyOS developers. Every package maintained by the VyOS team has 22 | its own git repository. VyOS image build is therefore a multi-step process. 23 | Packages are compiled first, then an ISO is built from Debian packages and our 24 | own packages. 25 | 26 | This is the top level repository that contains links to repositories with VyOS 27 | specific packages (organized as Git submodules) and scripts and data that are 28 | used for building those packages and the installation image. 29 | 30 | # Repository Structure 31 | 32 | There are several directories with their own purpose: 33 | 34 | * `build/` Used for temporary files used for the build and for build artifacts 35 | * `data/` Data required for building the ISO (e.g. boot splash/configs) 36 | * `packages/` This directory can hold arbitrary *.deb 37 | packages which will be embeded into the resulting ISO. 38 | Among other things those packages will be: Linux Kernel, FRR, 39 | Netfiler... 40 | * `scripts/` Scripts that are used for the build process 41 | * `tools/` Scripts that are used for maintainer's tasks automation and other 42 | purposes, but not during ISO build process 43 | 44 | # Building VyOS 45 | 46 | In order to have a single manual and not maintining multiple copies the 47 | instructions on how to build VyOS either in a Docker container or natively can 48 | be found in our [Documentation - Build VyOS](https://docs.vyos.io/en/latest/contributing/build-vyos.html). 49 | 50 | # Development Branches 51 | 52 | The default branch that contains the most recent VyOS code is called `current`. 53 | We may or may not eventually switch to `main`. 54 | 55 | All new code goes to the `current` branch. When a new LTS release is ready for feature freeze, a 56 | new branch is created for the release, and new code from `current` is backported 57 | to the release branch as needed. 58 | 59 | Post-1.2.0 branches are named after constellations sorted by area from smallest 60 | to largest. There are 88 of them, here's the 61 | [complete list](https://en.wikipedia.org/wiki/IAU_designated_constellations_by_area). 62 | 63 | Existing branches: 64 | 65 | * VyOS 1.4: `sagitta` (Arrow) [LTS] 66 | * VyOS 1.3: `equuleus` (Little Horse) [LTS] 67 | * VyOS 1.2: `crux` (Southern Cross) [Unsupported] 68 | 69 | The next LTS release will be VyOS 1.5 `circinus` (Compasses). 70 | -------------------------------------------------------------------------------- /build-vyos-image: -------------------------------------------------------------------------------- 1 | scripts/image-build/build-vyos-image -------------------------------------------------------------------------------- /data/architectures/amd64.toml: -------------------------------------------------------------------------------- 1 | # Packages added to images for x86 by default 2 | packages = [ 3 | "grub2", 4 | "grub-pc", 5 | "vyos-drivers-realtek-r8152", 6 | "vyos-linux-firmware", 7 | "vyos-intel-qat", 8 | "vyos-intel-ixgbe", 9 | "vyos-intel-ixgbevf", 10 | "vyos-ipt-netflow", 11 | "intel-microcode", 12 | "amd64-microcode" 13 | ] 14 | 15 | [additional_repositories.salt] 16 | architecture = "amd64" 17 | url = "https://packages.vyos.net/saltproject/debian/11/amd64/3005" 18 | distribution = "bullseye" 19 | 20 | [additional_repositories.zabbix] 21 | url = "https://repo.zabbix.com/zabbix/6.0/debian" 22 | -------------------------------------------------------------------------------- /data/architectures/arm64.toml: -------------------------------------------------------------------------------- 1 | # Packages included in ARM64 images by default 2 | packages = [ 3 | "grub-efi-arm64", 4 | ] 5 | bootloaders = "grub-efi" 6 | 7 | [additional_repositories.salt] 8 | architecture = "arm64" 9 | url = "https://packages.vyos.net/saltproject/debian/11/arm64/3005" 10 | distribution = "bullseye" 11 | 12 | [additional_repositories.zabbix] 13 | url = "https://repo.zabbix.com/zabbix/6.0/debian-arm64" 14 | -------------------------------------------------------------------------------- /data/architectures/armhf.toml: -------------------------------------------------------------------------------- 1 | additional_repositories = [ 2 | "deb [arch=armhf] https://packages.vyos.net/saltproject/debian/11/arm64/3005 bullseye main" 3 | ] 4 | 5 | # Packages included in armhf images by default 6 | packages = ["grub-efi-arm"] 7 | -------------------------------------------------------------------------------- /data/build-flavors/generic.toml: -------------------------------------------------------------------------------- 1 | # Generic (aka "universal") ISO image 2 | 3 | image_format = "iso" 4 | -------------------------------------------------------------------------------- /data/build-types/stream.toml: -------------------------------------------------------------------------------- 1 | packages = [ 2 | "gdb", 3 | "strace", 4 | "apt-rdepends", 5 | "tshark", 6 | "vim", 7 | "vyos-1x-smoketest" 8 | ] 9 | -------------------------------------------------------------------------------- /data/certificates/.gitignore: -------------------------------------------------------------------------------- 1 | *.key 2 | -------------------------------------------------------------------------------- /data/defaults.toml: -------------------------------------------------------------------------------- 1 | build_type = "development" 2 | 3 | architecture = "amd64" 4 | 5 | debian_distribution = "bookworm" 6 | 7 | debian_mirror = "http://deb.debian.org/debian" 8 | debian_security_mirror = "http://deb.debian.org/debian-security" 9 | 10 | debian_archive_areas = "main contrib non-free non-free-firmware" 11 | 12 | vyos_mirror = "https://packages.vyos.net/repositories/current" 13 | 14 | vyos_branch = "current" 15 | release_train = "current" 16 | 17 | kernel_version = "6.6.93" 18 | kernel_flavor = "vyos" 19 | bootloaders = "syslinux,grub-efi" 20 | 21 | squashfs_compression_type = "xz -Xbcj x86 -b 256k -always-use-fragments -no-recovery" 22 | 23 | website_url = "https://vyos.io" 24 | support_url = "https://support.vyos.io" 25 | bugtracker_url = "https://vyos.dev" 26 | documentation_url = "https://docs.vyos.io/en/latest" 27 | project_news_url = "https://blog.vyos.io" 28 | -------------------------------------------------------------------------------- /data/live-build-config/archives/bookworm-backports.pref.chroot: -------------------------------------------------------------------------------- 1 | Package: iproute2 2 | Pin: release n=bookworm-backports 3 | Pin-Priority: 600 4 | 5 | Package: * 6 | Pin: release n=bookworm-backports 7 | Pin-Priority: -100 8 | -------------------------------------------------------------------------------- /data/live-build-config/archives/saltstack.key.chroot: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v2 3 | 4 | mQENBFOpvpgBCADkP656H41i8fpplEEB8IeLhugyC2rTEwwSclb8tQNYtUiGdna9 5 | m38kb0OS2DDrEdtdQb2hWCnswxaAkUunb2qq18vd3dBvlnI+C4/xu5ksZZkRj+fW 6 | tArNR18V+2jkwcG26m8AxIrT+m4M6/bgnSfHTBtT5adNfVcTHqiT1JtCbQcXmwVw 7 | WbqS6v/LhcsBE//SHne4uBCK/GHxZHhQ5jz5h+3vWeV4gvxS3Xu6v1IlIpLDwUts 8 | kT1DumfynYnnZmWTGc6SYyIFXTPJLtnoWDb9OBdWgZxXfHEcBsKGha+bXO+m2tHA 9 | gNneN9i5f8oNxo5njrL8jkCckOpNpng18BKXABEBAAG0MlNhbHRTdGFjayBQYWNr 10 | YWdpbmcgVGVhbSA8cGFja2FnaW5nQHNhbHRzdGFjay5jb20+iQE4BBMBAgAiBQJT 11 | qb6YAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAOCKFJ3le/vhkqB/0Q 12 | WzELZf4d87WApzolLG+zpsJKtt/ueXL1W1KA7JILhXB1uyvVORt8uA9FjmE083o1 13 | yE66wCya7V8hjNn2lkLXboOUd1UTErlRg1GYbIt++VPscTxHxwpjDGxDB1/fiX2o 14 | nK5SEpuj4IeIPJVE/uLNAwZyfX8DArLVJ5h8lknwiHlQLGlnOu9ulEAejwAKt9CU 15 | 4oYTszYM4xrbtjB/fR+mPnYh2fBoQO4d/NQiejIEyd9IEEMd/03AJQBuMux62tjA 16 | /NwvQ9eqNgLw9NisFNHRWtP4jhAOsshv1WW+zPzu3ozoO+lLHixUIz7fqRk38q8Q 17 | 9oNR31KvrkSNrFbA3D89uQENBFOpvpgBCADJ79iH10AfAfpTBEQwa6vzUI3Eltqb 18 | 9aZ0xbZV8V/8pnuU7rqM7Z+nJgldibFk4gFG2bHCG1C5aEH/FmcOMvTKDhJSFQUx 19 | uhgxttMArXm2c22OSy1hpsnVG68G32Nag/QFEJ++3hNnbyGZpHnPiYgej3FrerQJ 20 | zv456wIsxRDMvJ1NZQB3twoCqwapC6FJE2hukSdWB5yCYpWlZJXBKzlYz/gwD/Fr 21 | GL578WrLhKw3UvnJmlpqQaDKwmV2s7MsoZogC6wkHE92kGPG2GmoRD3ALjmCvN1E 22 | PsIsQGnwpcXsRpYVCoW7e2nW4wUf7IkFZ94yOCmUq6WreWI4NggRcFC5ABEBAAGJ 23 | AR8EGAECAAkFAlOpvpgCGwwACgkQDgihSd5Xv74/NggA08kEdBkiWWwJZUZEy7cK 24 | WWcgjnRuOHd4rPeT+vQbOWGu6x4bxuVf9aTiYkf7ZjVF2lPn97EXOEGFWPZeZbH4 25 | vdRFH9jMtP+rrLt6+3c9j0M8SIJYwBL1+CNpEC/BuHj/Ra/cmnG5ZNhYebm76h5f 26 | T9iPW9fFww36FzFka4VPlvA4oB7ebBtquFg3sdQNU/MmTVV4jPFWXxh4oRDDR+8N 27 | 1bcPnbB11b5ary99F/mqr7RgQ+YFF0uKRE3SKa7a+6cIuHEZ7Za+zhPaQlzAOZlx 28 | fuBmScum8uQTrEF5+Um5zkwC7EXTdH1co/+/V/fpOtxIg4XO4kcugZefVm5ERfVS 29 | MA== 30 | =dtMN 31 | -----END PGP PUBLIC KEY BLOCK----- 32 | -------------------------------------------------------------------------------- /data/live-build-config/archives/vyos-dev.key.chroot: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v2.0.22 (GNU/Linux) 3 | 4 | mQINBF0/MrsBEADLSj4PdgHsr4FblWqQmmZD32J3EVlXrBIwi0zT1RN6V6vA81xx 5 | Qe8XNm6LXVB9kjH9Qv+MwIWWOkTYGCDg2oiIAKPRnJfKisDo4Ax3a1j2YOF6Ud2n 6 | t1bdDfSvnMnEITnMwa+BHKx3QeBoVG/8zhMeHjXy0QwHUIdKMyrX8M0JWY/sqLlv 7 | HvzEaB3PEMFGFhuJ3Dh/ZxquVVuSS2GPRyTpLTqrPSH9jG8hf8YFWBE+CHbnclZc 8 | 4NKlI5Q5yrqrUE7zGWgg3O75o6xlJpjI2TJXPPYU6llCNQi/AUIB3R34okMdyYmP 9 | dzaHBXeA+a5glikv5i0ysJgfZ/hvZgayZdAvqIxQxjzvKebmqUutay7LhgjKGRnC 10 | vdAAQ1LbkqPvbBN1oaElRiTUR6bekTFd/M8x3DWPHc0xkNps6f4sEoiFkujpsl26 11 | uGlBhf59yFzI/XhjT/04pUWa3myFhGWT4WSw8cf3o/47/CiL4TefOBTY2vSSub7V 12 | nekDG6H75i9szMMQGzry71+RzYMOWkUnnnQ6wjpHuce42zU7wKUdl2+Wrr+g2/cK 13 | NKFvHRmGLVOpcabDawWi08hHr+J6Gje9PCePfY4x0p6Idjz5YW4Q1D/XSDZZ3nni 14 | akhMO1onHLolY7jstdexhSSi7nS9bDAdnHlL7e/hJemF5G0IvLlkaXYIpQARAQAB 15 | tDJWeU9TIG1haW50YWluZXJzIChwYWNrYWdlIHNpZ25pbmcpIDxwa2dzQHZ5b3Mu 16 | bmV0PokCOQQTAQIAIwUCXT8yuwIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheA 17 | AAoJELK9zt4uv5wGFk4P/3MUhejAJrkMy8EC21P74yCxpZ8RfahML/hIy8+13mWd 18 | 480eSGrZr+mEk7pN4T+5cOV4gO9gsKlZ+9zvP8PjRqrHhdDWnA+6GZSMmwvV5C+s 19 | DDop3Wa5z6u5SXwultAEzssNtmVreXhGrB/gkpx6NsAZz9TbwVCOyfFu5di2Oued 20 | ItL6IhkLBIbOmJX1X5CD3AvXIKcRwp7L3mFYP+UE5/c3OFmIK5P1J3vvHRPQqHls 21 | BOPs7dMowfCQfNTUyUWTG74gPo9wHCnuE6QnO5b/j1dPKgz5058bK+NMFgLLdw6X 22 | pb8Z7CvQPSLr5o2KfP+LsC7Nyz4tFQukJvidZdQ/uYQ38SDXsLbmlqnQWDCtYMzu 23 | j225frdkvymwvLrroVWGfbJI2Bd+u3VoQmLdMdddnSe/+oKoh2/xBueWH/O6d4F4 24 | br+HNbhxaxhhM2JuPXB7mQTDyzl4RhD8JixV6YgjWo1/X8wfpJdB/utTbiwLdhIH 25 | q2gdI3sxDCikapQWEhHWAgW4azhzXXvo8RTwNWXtck2DBsQxsn4lANvcWwJ7fRD5 26 | FDgIcJJ+rZrA9NT1sihSjxvUWAmByOSWwdWQRm8O86tFjqm9mJ5ppIYLX5weMa6L 27 | przxbm85y5DZeeuxo297YHGbrfeRm7ko/yB+DFdnLirnblK5JI4RL94AwZjad879 28 | uQINBF0/MrsBEACmKylWG6GC+EPn+x01vA3tVDyyDcOxaRevCvCYEINv7yn7Ajc3 29 | ZaWqqNRfZheOU5hUVJjW6cv7xqaWIn9J/7vatmdeX8H1cVWpSk/e1QT1Fop7I71e 30 | 4skDn8YI6JIZgFBrqe1O3YHOQDZbMO9zR5jNpVD7XXLyGsRvjnkH/ybugBeiVCqt 31 | 7x2I8OnDQggFnBrishMjVrEmBAduE3JICC1IbCCtVG67h07E/BC7XJVgME8Hvfwl 32 | EBTo8Y6CWcrsJZfAQKU+3wi5feFVLIbhNceiGcxmi7uJML+hGoSf92Pmn7i9p5su 33 | ywy4XF+aWvd4R3CMYywOiukB3rItic7gp0tpcMK7AwessGqvD/luz2cNY1IqDKak 34 | w7jGbGUT54zKO3tpt73dYGyf3SUHQ9aNAaGuSxjq/c9v9X4KpzmAi82rt4wSkDVa 35 | /5SkxsU9aP6lql2MrZm//Pj3hjyipTLUFhndbjeJDgBRROMJdokNkFIIaweJGAg2 36 | wNwBC6HRIYXLyOsV+Azf1gqSpCEqdKVLJkBduuChtd7N9xoUahag2yya+ujwpcN6 37 | nlmnhZt+yfgi0uO2cPmsof9PkJi+cb44IAgkvG96Zj2JbLHSlGipyYTHLYS46RC4 38 | CkaF3DSwDXVU+lBqJz+WkOywpMGUKtZwPbpy7ZJVf2JL8Rf0D95sIaeICwARAQAB 39 | iQIfBBgBAgAJBQJdPzK7AhsMAAoJELK9zt4uv5wG45IP/2YEQzyn2qiqHInLEmXE 40 | R7fefmkiTy925juASQiR/LGOCSfCOnMKBMkyi63XvQuhAALU6RxgK69yLZJYWQ+a 41 | gh+vrrndCzprCM4PohuupknA8nAY+FvC5xoOZVkZ/+vUP344ukxN9Fz1d9oU3G5a 42 | luoA23G1qs7kHJw/xzN1BFNqie2mIzMAOI0Wu0BZxmYmD3Ph0KMbUD08jX6ImDF6 43 | EnqS0VhCgXfWhPBqh5TOG35Fi5ZCmupbgqBJQZg5fLIWS3Hk2qBm70FR3iLdjiYu 44 | w165hBlqcJ2YfvVBKVvMNRVB9BtF7BfzCM3/y/4V82EZ7qQJ+jE30N+/vwrAOrUd 45 | QVlFsC5eYDOkRb3XXhijXZhoKoeXTwY7TGNntavVMYZ2W4EFoX2OH8/2A7KEYhqc 46 | 3cjEJ7EoM6hkmm6xmU82oQ8Moll1SgQbkNKlZYDPMs7Ppr4zBJjnVYVcP9e1RLFO 47 | 0POJbtG7CCAstcvMu/3Yw7Il/TOGvc3TNBPrkYtriDj+B900W5sEc33iUV9VRAAi 48 | Bkfs0XMSQVIcMdquu2LGfNWBjd/YCZVQ8OzFYoZJeq18oxeZ9/tE4NE3KyUBmqil 49 | 5/WicCYtxgxByAvhN5dFn+nPfoEMQ/e9Zhs2ImrrSy12Ehg1swRjAK39NrjySDFT 50 | FhyPysWJ4aNKtAYgVuQguPTt 51 | =rJUC 52 | -----END PGP PUBLIC KEY BLOCK----- 53 | 54 | -------------------------------------------------------------------------------- /data/live-build-config/archives/vyos-dev.pref.chroot: -------------------------------------------------------------------------------- 1 | Package: * 2 | Pin: release n=current 3 | Pin-Priority: 999 4 | -------------------------------------------------------------------------------- /data/live-build-config/archives/zabbix-official-repo.key.chroot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vyos/vyos-build/3222553a260ae524a5c47801f4819a1825e999c2/data/live-build-config/archives/zabbix-official-repo.key.chroot -------------------------------------------------------------------------------- /data/live-build-config/bootloaders/grub-pc/dejavu-bold-14.pf2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vyos/vyos-build/3222553a260ae524a5c47801f4819a1825e999c2/data/live-build-config/bootloaders/grub-pc/dejavu-bold-14.pf2 -------------------------------------------------------------------------------- /data/live-build-config/bootloaders/grub-pc/dejavu-bold-16.pf2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vyos/vyos-build/3222553a260ae524a5c47801f4819a1825e999c2/data/live-build-config/bootloaders/grub-pc/dejavu-bold-16.pf2 -------------------------------------------------------------------------------- /data/live-build-config/bootloaders/grub-pc/grub.cfg: -------------------------------------------------------------------------------- 1 | set default=0 2 | set timeout=10 3 | 4 | insmod serial 5 | serial --unit=0 --speed=115200 6 | 7 | insmod gzio 8 | insmod part_msdos 9 | insmod ext2 10 | insmod efi_gop 11 | insmod efi_uga 12 | insmod png 13 | 14 | loadfont /boot/grub/dejavu-bold-16.pf2 15 | loadfont /boot/grub/dejavu-bold-14.pf2 16 | loadfont /boot/grub/unicode.pf2 17 | 18 | set gfxmode="640x480x16" 19 | set gfxpayload="640x480x16" 20 | terminal_output gfxterm 21 | 22 | set splash_img="/isolinux/splash.png" 23 | if [ -e ${splash_img} ]; then 24 | background_image ${splash_img} 25 | fi 26 | 27 | terminal_output --append serial 28 | terminal_input serial console 29 | 30 | set color_normal=light-gray/black 31 | set color_highlight=white/black 32 | 33 | # Live boot 34 | LINUX_LIVE 35 | 36 | # Installer (if any) 37 | LINUX_INSTALL 38 | -------------------------------------------------------------------------------- /data/live-build-config/bootloaders/grub-pc/live-theme/theme.txt: -------------------------------------------------------------------------------- 1 | desktop-image: "../splash.png" 2 | title-color: "#ffffff" 3 | title-font: "DejaVu Sans Bold 16" 4 | title-text: "Live Boot Menu with GRUB" 5 | message-font: "Unifont Regular 16" 6 | terminal-font: "Unifont Regular 16" 7 | 8 | #help bar at the bottom 9 | + label { 10 | top = 100%-50 11 | left = 0 12 | width = 100% 13 | height = 20 14 | text = "@KEYMAP_SHORT@" 15 | align = "center" 16 | color = "#ffffff" 17 | font = "DejaVu Sans Bold 14" 18 | } 19 | 20 | #boot menu 21 | + boot_menu { 22 | left = 10% 23 | width = 80% 24 | top = 52% 25 | height = 48%-80 26 | item_color = "#a8a8a8" 27 | item_font = "DejaVu Sans Bold 14" 28 | selected_item_color= "#ffffff" 29 | selected_item_font = "DejaVu Sans Bold 14" 30 | item_height = 16 31 | item_padding = 0 32 | item_spacing = 4 33 | icon_width = 0 34 | icon_heigh = 0 35 | item_icon_space = 0 36 | } 37 | 38 | #progress bar 39 | + progress_bar { 40 | id = "__timeout__" 41 | left = 15% 42 | top = 100%-80 43 | height = 16 44 | width = 70% 45 | font = "DejaVu Sans Regular 14" 46 | text_color = "#000000" 47 | fg_color = "#ffffff" 48 | bg_color = "#a8a8a8" 49 | border_color = "#ffffff" 50 | text = "@TIMEOUT_NOTIFICATION_LONG@" 51 | } 52 | -------------------------------------------------------------------------------- /data/live-build-config/bootloaders/grub-pc/splash.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vyos/vyos-build/3222553a260ae524a5c47801f4819a1825e999c2/data/live-build-config/bootloaders/grub-pc/splash.png -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/00-manifest.binary: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | echo I: Backwards compat packages.txt 4 | echo "ii vyatta-version " > live/packages.txt 5 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/00-mk_buildid.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # create the buildid file 3 | 4 | etcdir=/opt/vyatta/etc 5 | 6 | [ -d $etcdir ] || mkdir -p -m 0755 $etcdir 7 | rm -f $etcdir/build.txt $etcdir/iso-build.txt $etc/iso-submodules.txt 8 | 9 | ## NOTE: on live image build, these files are in the chroot/root 10 | ## however, during install, these are in /cdrom 11 | for f in iso-build.txt iso-submodules.txt ; do 12 | if [ -f /cdrom/$f ] ; then 13 | cp /cdrom/$f $etcdir 14 | elif [ -f /$f ] ; then 15 | cp /$f $etcdir 16 | else 17 | >$etcdir/$f 18 | fi 19 | done 20 | 21 | # backwards compatible symlink 22 | ln -s iso-build.txt $etcdir/build.txt 23 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/01-interfaces.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if ! grep '^auto lo' /etc/network/interfaces &> /dev/null ; then 4 | mkdir -p -m 0755 /etc/network 5 | cat >> /etc/network/interfaces <<-EOF 6 | 7 | # The loopback network interface 8 | auto lo 9 | iface lo inet loopback 10 | 11 | EOF 12 | fi 13 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/01-live-serial.binary: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | GRUB_PATH=boot/grub/grub.cfg 4 | ISOLINUX_PATH=isolinux/live.cfg 5 | 6 | KVM_CONSOLE="console=ttyS0,115200 console=tty0" 7 | SERIAL_CONSOLE="console=tty0 console=ttyS0,115200" 8 | 9 | # Grub.cfg Update 10 | GRUB_MENUENTRY=$(sed -e '/menuentry.*hotkey.*/,/^}/!d' -e 's/--hotkey=l//g' $GRUB_PATH) 11 | 12 | # Update KVM menuentry name 13 | sed -i 's/"Live system \((.*vyos)\)"/"Live system \1 - KVM console"/' $GRUB_PATH 14 | 15 | # Insert serial menuentry 16 | echo "$GRUB_MENUENTRY" | sed \ 17 | -e 's/"Live system \((.*vyos)\)"/"Live system \1 - Serial console"/' \ 18 | -e "s/$KVM_CONSOLE/$SERIAL_CONSOLE/g" >> $GRUB_PATH 19 | 20 | # Live.cfg Update 21 | ISOLINUX_MENUENTRY=$(sed -e '/label live-\(.*\)-vyos$/,/^\tappend.*/!d' $ISOLINUX_PATH) 22 | 23 | # Update KVM menuentry name 24 | sed -i 's/Live system \((.*vyos)\)/Live system \1 - KVM console/' $ISOLINUX_PATH 25 | 26 | # Insert serial menuentry 27 | echo "\n$ISOLINUX_MENUENTRY" | sed \ 28 | -e 's/live-\(.*\)-vyos/live-\1-vyos-serial/' \ 29 | -e '/^\tmenu default/d' \ 30 | -e 's/Live system \((.*vyos)\)/Live system \1 - Serial console/' \ 31 | -e "s/$KVM_CONSOLE/$SERIAL_CONSOLE/g" >> $ISOLINUX_PATH 32 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/03-root_bash_completion.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | grep -q '\(^[^#]*\)\(\.\|source\) /etc/bash_completion' root/.bashrc || \ 4 | cat <<-EOF >> root/.bashrc 5 | 6 | source /etc/bash_completion 7 | EOF 8 | 9 | sed -i 's/set $BASH_COMPLETION_ORIGINAL_V_VALUE/builtin set $BASH_COMPLETION_ORIGINAL_V_VALUE/g' /usr/share/bash-completion/bash_completion 10 | 11 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/04-locale.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | echo I: Set default locale 4 | cat <etc/default/locale 5 | LANG=en_US.UTF-8 6 | LC_ALL=C 7 | EOF 8 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/05-event_tty.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ -r etc/event.d/tty1 ] ; then 4 | echo I: Delay getty until rcX completes 5 | sed -i 's/start on runlevel /start on stopped rc/' \ 6 | etc/event.d/tty[1-6] 7 | if [ ! -r etc/event.d/ttyS0 ] && [ -c dev/ttyS0 ] ; then 8 | echo I: Enable serial console login 9 | cat <<-EOF > etc/event.d/ttyS0 10 | # ttyS0 - getty 11 | # 12 | # This service maintains a getty on ttyS0 from the point the system is 13 | # started until it is shut down again. 14 | 15 | start on stopped rc2 16 | start on stopped rc3 17 | start on stopped rc4 18 | start on stopped rc5 19 | 20 | stop on runlevel 0 21 | stop on runlevel 1 22 | stop on runlevel 6 23 | 24 | respawn 25 | exec /sbin/getty 115200 ttyS0 vt100 26 | 27 | EOF 28 | fi 29 | fi 30 | 31 | if [ -r etc/inittab ] && [ -c dev/ttyS0 ] && grep -q '^#T0:.*getty.*ttyS0' etc/inittab ; then 32 | echo I: Enable serial console login 33 | sed -i '/^#T0:/s|^#.*$|T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100|' etc/inittab 34 | fi 35 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/07-apt.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ -e /cdrom/vyatta-pubkey.gpg ] ; then 4 | apt-key add /cdrom/vyatta-pubkey.gpg 5 | elif [ -e /vyatta-pubkey.gpg ] ; then 6 | apt-key add /vyatta-pubkey.gpg 7 | rm -f /vyatta-pubkey.gpg 8 | fi 9 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/08-sysconf.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cp -f /opt/vyatta/etc/default_ssh /etc/default/ssh 4 | >/etc/pam_radius_auth.conf 5 | 6 | update_sysctl_conf () 7 | { 8 | var=$1 9 | val=$2 10 | comment=$3 11 | sysctl_conf=/etc/sysctl.conf 12 | 13 | if grep -q "^${var}[[:space:]]*=" $sysctl_conf ; then 14 | sed -i "/^${var}[[:space:]]*=/ s,=.*,= ${val}," $sysctl_conf 15 | elif grep -q "^#[[:space:]]*${var}[[:space:]]*=" $sysctl_conf ; then 16 | sed -i "/^#[[:space:]]*${var}[[:space:]]*=/ { s,^#[[:space:]]*,, ; s,[[:space:]]*=.*, = ${val},} " $sysctl_conf 17 | else 18 | cat <<-EOF >> $sysctl_conf 19 | 20 | # $comment 21 | $var = $val 22 | EOF 23 | fi 24 | } 25 | 26 | update_sysctl_conf kernel.printk "4 4 1 7" \ 27 | "the following stops low-level messages on console" 28 | 29 | # Local Variables: 30 | # mode: shell-script 31 | # sh-indentation: 4 32 | # End: 33 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/09-live.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # hack live script that tries to mount ext[23] floppies as root 4 | # remove user settings live config scripts 5 | 6 | sed -e '/ln -s "${devname}"/,/return 0/ s/^/: FIXME/' \ 7 | -i /usr/share/initramfs-tools/scripts/live 8 | 9 | rm -rf /lib/live/config/0030-live-debconfig_passwd 10 | rm -rf /lib/live/config/0030-user-setup 11 | rm -rf /lib/live/config/0040-sudo 12 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/100-remove-dropbear-keys.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Delete Dropbear SSH keys that might be generated 4 | # by postinst scripts 5 | # to prevent non-unique keys from appearing in images 6 | 7 | rm -f /etc/dropbear/dropbear_*_host_key 8 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/12-udev-initramfs.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # this was a "local patch" but patch generates a .orig file if it doesn't 4 | # apply cleanly, which is not good when all files in the hook directory are 5 | # executed. just use sed to hack the udev hook here. 6 | 7 | sed -i 's/^\(mount -n -o move \/dev .*\/dev\)$/\1 2>\/dev\/null/' \ 8 | /usr/share/initramfs-tools/scripts/init-bottom/udev 9 | 10 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/14-acpid.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # To be able to properly shutdown bare-metal servers install and 4 | # configure acpid 5 | apt-get -y install acpid 6 | 7 | cat < /etc/acpi/events/powerbtn 8 | event=button[ /]power 9 | action=/sbin/poweroff 10 | EOF 11 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/15-sources_list.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | rm -f /etc/apt/sources.list.d/*.list >/dev/null 2>&1 || true 4 | 5 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/16-fuse.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | sed -i 's/#user_allow_other/user_allow_other/g' /etc/fuse.conf 4 | chmod a+r /etc/fuse.conf 5 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/17-gen_initramfs.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | echo I: Create initramfs if it does not exist. 4 | 5 | # Kernel complains about non available nls_ascii module when booting from USB pendrive 6 | echo "nls_ascii" >> /etc/initramfs-tools/modules 7 | 8 | if [ -e /boot/initrd.img-* ]; then 9 | rm -f /boot/initrd.img-* 10 | fi 11 | 12 | KERNEL_COUNT=$(find /boot/ -type f -name vmlinuz* | wc -l) 13 | if [ "$KERNEL_COUNT" -gt 1 ]; then 14 | echo "E: there is more than one kernel image file installed!" 15 | echo "E: please make sure that kernel_version in data/defaults.toml is up to date" 16 | echo "E: if your repository is up to date, then there is a bug" 17 | fi 18 | 19 | kernel=`ls /boot | grep vmlinuz- | sed 's/vmlinuz-//g'` 20 | 21 | echo "I: Executing update-initramfs -c -k $kernel" 22 | 23 | update-initramfs -c -k $kernel 24 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/18-enable-disable_services.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | echo I: Disabling services 4 | systemctl disable syslog.service 5 | systemctl disable rsyslog.service 6 | systemctl disable arpwatch.service 7 | systemctl disable smartd.service 8 | systemctl disable kea-ctrl-agent.service 9 | systemctl disable kea-dhcp4-server.service 10 | systemctl disable kea-dhcp6-server.service 11 | systemctl disable isc-dhcp-relay.service 12 | systemctl disable nfacctd.service 13 | systemctl disable pmacctd.service 14 | systemctl disable sfacctd.service 15 | systemctl disable uacctd.service 16 | systemctl disable ssh.service 17 | systemctl disable sshguard.service 18 | systemctl disable openvpn.service 19 | systemctl disable lldpd.service 20 | systemctl disable LCDd.service 21 | systemctl disable lcdproc.service 22 | systemctl disable conntrackd.service 23 | systemctl disable 'udp-broadcast-relay@*.service' 24 | systemctl disable pdns-recursor.service 25 | systemctl disable tftpd-hpa.service 26 | systemctl disable frr.service 27 | systemctl disable salt-minion.service 28 | systemctl disable certbot.service 29 | systemctl disable certbot.timer 30 | systemctl disable nginx.service 31 | systemctl disable wpa_supplicant.service 32 | systemctl disable squid.service 33 | systemctl disable apt-daily.service 34 | systemctl disable apt-daily.timer 35 | systemctl disable apt-daily-upgrade.timer 36 | systemctl disable apt-daily-upgrade.service 37 | systemctl disable chrony.service 38 | systemctl disable igmpproxy.service 39 | systemctl disable wide-dhcpv6-client.service 40 | systemctl disable lm-sensors.service 41 | systemctl disable snmpd.service 42 | systemctl disable conserver-server.service 43 | systemctl disable dropbear.service 44 | systemctl disable fancontrol.service 45 | systemctl disable ddclient.service 46 | systemctl disable ocserv.service 47 | systemctl disable tuned.service 48 | systemctl disable radvd.service 49 | systemctl disable hostapd.service 50 | systemctl disable hsflowd.service 51 | systemctl disable keepalived.service 52 | systemctl disable ipvsadm.service 53 | systemctl disable telegraf.service 54 | systemctl disable ndppd.service 55 | systemctl disable ipsec.service 56 | systemctl disable strongswan.service 57 | systemctl disable strongswan-starter.service 58 | systemctl disable strongswan.service 59 | systemctl disable avahi-daemon.service 60 | systemctl disable atop-rotate.timer 61 | systemctl disable ModemManager.service 62 | systemctl disable dnsdist.service 63 | systemctl disable haproxy.service 64 | systemctl disable owamp-server.service 65 | systemctl disable twamp-server.service 66 | systemctl disable vyos-wan-load-balance.service 67 | systemctl disable nvmf-autoconnect.service 68 | systemctl disable dpkg-db-backup.timer 69 | systemctl disable dpkg-db-backup.service 70 | systemctl disable zabbix-agent2.service 71 | systemctl disable suricata.service 72 | systemctl disable vyconfd.service 73 | systemctl disable vpp.service 74 | systemctl disable netplug.service 75 | 76 | echo I: Enabling services 77 | systemctl enable vyos-hostsd.service 78 | systemctl enable acpid.service 79 | systemctl enable vyos-router.service 80 | systemctl enable vyos-configd.service 81 | systemctl enable vyos-grub-update.service 82 | systemctl enable vyos-commitd.service 83 | 84 | echo I: Masking services 85 | systemctl mask systemd-journald-audit.socket 86 | systemctl --global mask gpg-agent.service gpg-agent.socket gpg-agent-ssh.socket gpg-agent-extra.socket gpg-agent-browser.socket dirmngr.socket 87 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/19-kernel_symlinks.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | echo I: Creating Linux Kernel symbolic links 4 | cd /boot 5 | ln -s initrd.img-* initrd.img 6 | ln -s vmlinuz-* vmlinuz 7 | 8 | echo I: Remove Linux Kernel symbolic link to source folder 9 | rm -rf /lib/modules/*/build 10 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/20-systemd_target.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | echo I: Choose systemd multi-user.target over graphical.target 4 | systemctl set-default -f multi-user.target 5 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/21-pam_mkhomedir.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | echo I: Create home directory on login. 4 | 5 | cat > /usr/share/pam-configs/mkhomedir <> /etc/modules-load.d/mpls.conf 8 | echo "mpls_iptunnel" >> /etc/modules-load.d/mpls.conf 9 | echo "mpls_router" >> /etc/modules-load.d/mpls.conf 10 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/30-strongswan-configs.chroot: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | # The Cisco Unity plugin, that implements a proprietary extension 4 | # for IPsec split tunneling, interfers with DMVPN 5 | # 6 | # Since we do not do remote access IPsec, the simplest solution 7 | # is to disable it entirely from the start. 8 | 9 | import re 10 | 11 | # Disable the 'cisco_unity' option in charon.conf 12 | with open('/etc/strongswan.d/charon.conf', 'r') as f: 13 | charon_conf = f.read() 14 | charon_conf = re.sub(r'# (cisco_unity = no)', r"\1", charon_conf) 15 | 16 | with open('/etc/strongswan.d/charon.conf', 'w') as f: 17 | f.write(charon_conf) 18 | 19 | 20 | 21 | # Prevent the 'cisco_unity' plugin from loading 22 | with open('/etc/strongswan.d/charon/unity.conf', 'r') as f: 23 | unity_conf = f.read() 24 | unity_conf = re.sub(r'load = yes', r'load = no', unity_conf) 25 | 26 | with open('/etc/strongswan.d/charon/unity.conf', 'w') as f: 27 | f.write(unity_conf) 28 | 29 | 30 | 31 | # Prevent the 'farp' plugin from loading 32 | with open('/etc/strongswan.d/charon/farp.conf', 'r') as f: 33 | farp_conf = f.read() 34 | 35 | farp_conf = re.sub(r'load = yes', r'load = no', farp_conf) 36 | 37 | with open('/etc/strongswan.d/charon/farp.conf', 'w') as f: 38 | f.write(farp_conf) 39 | 40 | 41 | # Add ike-name to logging 42 | charon_logging = """ 43 | charon { 44 | syslog { 45 | # prefix for each log message 46 | identifier = charon 47 | # use default settings to log to the LOG_DAEMON facility 48 | daemon { 49 | default = 1 50 | ike_name = yes 51 | } 52 | } 53 | } 54 | """ 55 | 56 | with open('/etc/strongswan.d/charon-logging.conf', 'w') as f: 57 | f.write(charon_logging) 58 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/40-init-cracklib-db.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | CRACKLIB_DIR=/var/cache/cracklib 4 | CRACKLIB_DB=cracklib_dict 5 | 6 | if [ ! -f "${CRACKLIB_DIR}/${CRACKLIB_DB}.pwd" ]; then 7 | echo "I: Creating the cracklib database ${CRACKLIB_DIR}/${CRACKLIB_DB}" 8 | mkdir -p $CRACKLIB_DIR 9 | 10 | /usr/sbin/create-cracklib-dict -o $CRACKLIB_DIR/$CRACKLIB_DB \ 11 | /usr/share/dict/cracklib-small 12 | fi 13 | 14 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/40-init-geoip-database.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Geolocation data provided by DB-IP.com 4 | # License: https://creativecommons.org/licenses/by/4.0/ (CC BY 4.0) 5 | 6 | DATE_SUFFIX=$(date +%Y-%m) 7 | URL="https://download.db-ip.com/free/dbip-country-lite-${DATE_SUFFIX}.csv.gz" 8 | OUT_PATH="/usr/share/vyos-geoip/dbip-country-lite.csv.gz" 9 | 10 | mkdir -p $(dirname $OUT_PATH) 11 | wget -O - $URL > $OUT_PATH 12 | 13 | if [ $? -ne 0 ]; then 14 | echo "Failed to download GeoIP database" 15 | rm $OUT_PATH 16 | fi 17 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/90-localepurge.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | LPCONF=/etc/locale.nopurge 4 | 5 | echo MANDELETE > $LPCONF 6 | echo DONTBOTHERNEWLOCALE >> $LPCONF 7 | echo SHOWFREEDSPACE >> $LPCONF 8 | echo QUICKNDIRTYCALC >> $LPCONF 9 | echo en >> $LPCONF 10 | echo en_US.UTF-8 >> $LPCONF 11 | 12 | /usr/sbin/localepurge 13 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/92-strip-symbols.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # 4 | # Discard symbols and other data from object files. 5 | # 6 | # Reference: 7 | # https://www.linuxfromscratch.org/lfs/view/systemd/chapter08/stripping.html 8 | # https://www.debian.org/doc/debian-policy/ch-files.html 9 | # 10 | 11 | # Set variables. 12 | STRIPCMD_REGULAR="strip --remove-section=.comment --remove-section=.note --preserve-dates" 13 | STRIPCMD_DEBUG="strip --strip-debug --remove-section=.comment --remove-section=.note --preserve-dates" 14 | STRIPCMD_UNNEEDED="strip --strip-unneeded --remove-section=.comment --remove-section=.note --preserve-dates" 15 | STRIPDIR_REGULAR=" 16 | " 17 | STRIPDIR_DEBUG=" 18 | " 19 | STRIPDIR_UNNEEDED=" 20 | /etc/hsflowd/modules 21 | /usr/bin 22 | /usr/lib/openvpn 23 | /usr/lib/x86_64-linux-gnu 24 | /usr/lib32 25 | /usr/lib64 26 | /usr/libx32 27 | /usr/sbin 28 | " 29 | STRIP_EXCLUDE=`dpkg-query -L libbinutils | grep '.so'` 30 | 31 | # Perform stuff. 32 | echo "Stripping symbols..." 33 | 34 | # List excluded files. 35 | echo "Exclude files: ${STRIP_EXCLUDE}" 36 | 37 | # CMD: strip 38 | for DIR in ${STRIPDIR_REGULAR}; do 39 | echo "Parse dir (strip): ${DIR}" 40 | find ${DIR} -type f -exec file {} \; | grep 'not stripped' | cut -d ":" -f 1 | while read FILE; do 41 | echo "${STRIP_EXCLUDE}" | grep -F -q -w "${FILE}" 42 | if [ $? -ne 0 ]; then 43 | echo "Strip file (strip): ${FILE}" 44 | ${STRIPCMD_REGULAR} ${FILE} 45 | fi 46 | done 47 | done 48 | 49 | # CMD: strip --strip-debug 50 | for DIR in ${STRIPDIR_DEBUG}; do 51 | echo "Parse dir (strip-debug): ${DIR}" 52 | find ${DIR} -type f -exec file {} \; | grep 'not stripped' | cut -d ":" -f 1 | while read FILE; do 53 | echo "${STRIP_EXCLUDE}" | grep -F -q -w "${FILE}" 54 | if [ $? -ne 0 ]; then 55 | echo "Strip file (strip-debug): ${FILE}" 56 | ${STRIPCMD_DEBUG} ${FILE} 57 | fi 58 | done 59 | done 60 | 61 | # CMD: strip --strip-unneeded 62 | for DIR in ${STRIPDIR_UNNEEDED}; do 63 | echo "Parse dir (strip-unneeded: ${DIR}" 64 | find ${DIR} -type f -exec file {} \; | grep 'not stripped' | cut -d ":" -f 1 | while read FILE; do 65 | echo "${STRIP_EXCLUDE}" | grep -F -q -w "${FILE}" 66 | if [ $? -ne 0 ]; then 67 | echo "Strip file (strip-unneeded): ${FILE}" 68 | ${STRIPCMD_UNNEEDED} ${FILE} 69 | fi 70 | done 71 | done 72 | 73 | # Remove binutils package. 74 | apt-get -y purge --autoremove binutils 75 | 76 | -------------------------------------------------------------------------------- /data/live-build-config/hooks/live/93-sb-sign-kernel.chroot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | SIGN_FILE=$(find /usr/lib -name sign-file) 3 | KERNEL_KEY="/var/lib/shim-signed/mok/vyos-dev-2025-linux.key" 4 | KERNEL_CERT="/var/lib/shim-signed/mok/vyos-dev-2025-linux.pem" 5 | VMLINUZ=$(readlink /boot/vmlinuz) 6 | 7 | # All Linux Kernel modules need to be cryptographically signed 8 | find /lib/modules -type f -name \*.ko | while read MODULE; do 9 | modinfo ${MODULE} | grep -q "signer:" 10 | if [ $? != 0 ]; then 11 | echo "E: Module ${MODULE} is not signed!" 12 | read -n 1 -s -r -p "Press any key to continue" 13 | fi 14 | done 15 | 16 | if [ ! -f ${KERNEL_KEY} ] && [ ! -f ${KERNEL_CERT} ]; then 17 | echo "I: Signing key for Linux Kernel not found - Secure Boot not possible" 18 | else 19 | echo "I: Signing Linux Kernel for Secure Boot" 20 | sbsign --key ${KERNEL_KEY} --cert ${KERNEL_CERT} /boot/${VMLINUZ} --output /boot/${VMLINUZ} 21 | sbverify --list /boot/${VMLINUZ} 22 | rm -f ${KERNEL_KEY} 23 | fi 24 | 25 | for cert in $(ls /var/lib/shim-signed/mok/); do 26 | if grep -rq "BEGIN PRIVATE KEY" /var/lib/shim-signed/mok/${cert}; then 27 | echo "Found private key - bailing out" 28 | exit 1 29 | fi 30 | done 31 | 32 | -------------------------------------------------------------------------------- /data/live-build-config/includes.binary/isolinux/isolinux.cfg: -------------------------------------------------------------------------------- 1 | include menu.cfg 2 | default vesamenu.c32 3 | prompt 0 4 | 5 | # Ignore the Shift/Alt/Caps Lock/Scroll Lock escape 6 | noescape 1 7 | 8 | # Wait 10 seconds unless the user types something, but 9 | # always boot after 5 minutes. 10 | timeout 100 11 | totaltimeout 3000 12 | -------------------------------------------------------------------------------- /data/live-build-config/includes.binary/isolinux/menu.cfg: -------------------------------------------------------------------------------- 1 | menu hshift 0 2 | menu width 82 3 | 4 | menu title VyOS - Boot Menu 5 | include stdmenu.cfg 6 | include live.cfg 7 | 8 | menu clear 9 | -------------------------------------------------------------------------------- /data/live-build-config/includes.binary/isolinux/splash.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vyos/vyos-build/3222553a260ae524a5c47801f4819a1825e999c2/data/live-build-config/includes.binary/isolinux/splash.png -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/c3xxx_dev0.conf: -------------------------------------------------------------------------------- 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES 2 | # VyOS config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 16384 11 | # Automatically resets the device in case of fatal error or heartbeat failure 12 | AutoResetOnError = 1 13 | # Interrupts Coalescing 14 | InterruptCoalescingEnabled = 1 15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 16 | InterruptCoalescingTimerNs = 500000 17 | 18 | 19 | [KERNEL] 20 | # Create two cryptographic instances 21 | NumberCyInstances = 16 22 | NumberDcInstances = 0 23 | # Instance 0 24 | Cy0Name = "IPSec0" 25 | Cy0IsPolled = 0 26 | Cy0CoreAffinity = 0 27 | # Instance 1 28 | Cy1Name = "IPSec1" 29 | Cy1IsPolled = 0 30 | Cy1CoreAffinity = 1 31 | # Instance 2 32 | Cy2Name = "IPSec2" 33 | Cy2IsPolled = 0 34 | Cy2CoreAffinity = 2 35 | # Instance 3 36 | Cy3Name = "IPSec3" 37 | Cy3IsPolled = 0 38 | Cy3CoreAffinity = 3 39 | # Instance 4 40 | Cy4Name = "IPSec4" 41 | Cy4IsPolled = 0 42 | Cy4CoreAffinity = 4 43 | # Instance 5 44 | Cy5Name = "IPSec5" 45 | Cy5IsPolled = 0 46 | Cy5CoreAffinity = 5 47 | # Instance 6 48 | Cy6Name = "IPSec6" 49 | Cy6IsPolled = 0 50 | Cy6CoreAffinity = 6 51 | # Instance 7 52 | Cy7Name = "IPSec7" 53 | Cy7IsPolled = 0 54 | Cy7CoreAffinity = 7 55 | # Instance 8 56 | Cy8Name = "IPSec8" 57 | Cy8IsPolled = 0 58 | Cy8CoreAffinity = 8 59 | # Instance 9 60 | Cy9Name = "IPSec9" 61 | Cy9IsPolled = 0 62 | Cy9CoreAffinity = 9 63 | # Instance 10 64 | Cy10Name = "IPSec10" 65 | Cy10IsPolled = 0 66 | Cy10CoreAffinity = 10 67 | # Instance 11 68 | Cy11Name = "IPSec11" 69 | Cy11IsPolled = 0 70 | Cy11CoreAffinity = 11 71 | # Instance 12 72 | Cy12Name = "IPSec12" 73 | Cy12IsPolled = 0 74 | Cy12CoreAffinity = 12 75 | # Instance 13 76 | Cy13Name = "IPSec13" 77 | Cy13IsPolled = 0 78 | Cy13CoreAffinity = 13 79 | # Instance 14 80 | Cy14Name = "IPSec14" 81 | Cy14IsPolled = 0 82 | Cy14CoreAffinity = 14 83 | # Instance 15 84 | Cy15Name = "IPSec15" 85 | Cy15IsPolled = 0 86 | Cy15CoreAffinity = 15 87 | 88 | 89 | # Disable QAT API 90 | [KERNEL_QAT] 91 | NumberCyInstances = 0 92 | NumberDcInstances = 0 93 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/c3xxx_dev1.conf: -------------------------------------------------------------------------------- 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES 2 | # VyOS config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 16384 11 | # Automatically resets the device in case of fatal error or heartbeat failure 12 | AutoResetOnError = 1 13 | # Interrupts Coalescing 14 | InterruptCoalescingEnabled = 1 15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 16 | InterruptCoalescingTimerNs = 500000 17 | 18 | 19 | [KERNEL] 20 | # Create two cryptographic instances 21 | NumberCyInstances = 16 22 | NumberDcInstances = 0 23 | # Instance 0 24 | Cy0Name = "IPSec0" 25 | Cy0IsPolled = 0 26 | Cy0CoreAffinity = 0 27 | # Instance 1 28 | Cy1Name = "IPSec1" 29 | Cy1IsPolled = 0 30 | Cy1CoreAffinity = 1 31 | # Instance 2 32 | Cy2Name = "IPSec2" 33 | Cy2IsPolled = 0 34 | Cy2CoreAffinity = 2 35 | # Instance 3 36 | Cy3Name = "IPSec3" 37 | Cy3IsPolled = 0 38 | Cy3CoreAffinity = 3 39 | # Instance 4 40 | Cy4Name = "IPSec4" 41 | Cy4IsPolled = 0 42 | Cy4CoreAffinity = 4 43 | # Instance 5 44 | Cy5Name = "IPSec5" 45 | Cy5IsPolled = 0 46 | Cy5CoreAffinity = 5 47 | # Instance 6 48 | Cy6Name = "IPSec6" 49 | Cy6IsPolled = 0 50 | Cy6CoreAffinity = 6 51 | # Instance 7 52 | Cy7Name = "IPSec7" 53 | Cy7IsPolled = 0 54 | Cy7CoreAffinity = 7 55 | # Instance 8 56 | Cy8Name = "IPSec8" 57 | Cy8IsPolled = 0 58 | Cy8CoreAffinity = 8 59 | # Instance 9 60 | Cy9Name = "IPSec9" 61 | Cy9IsPolled = 0 62 | Cy9CoreAffinity = 9 63 | # Instance 10 64 | Cy10Name = "IPSec10" 65 | Cy10IsPolled = 0 66 | Cy10CoreAffinity = 10 67 | # Instance 11 68 | Cy11Name = "IPSec11" 69 | Cy11IsPolled = 0 70 | Cy11CoreAffinity = 11 71 | # Instance 12 72 | Cy12Name = "IPSec12" 73 | Cy12IsPolled = 0 74 | Cy12CoreAffinity = 12 75 | # Instance 13 76 | Cy13Name = "IPSec13" 77 | Cy13IsPolled = 0 78 | Cy13CoreAffinity = 13 79 | # Instance 14 80 | Cy14Name = "IPSec14" 81 | Cy14IsPolled = 0 82 | Cy14CoreAffinity = 14 83 | # Instance 15 84 | Cy15Name = "IPSec15" 85 | Cy15IsPolled = 0 86 | Cy15CoreAffinity = 15 87 | 88 | 89 | # Disable QAT API 90 | [KERNEL_QAT] 91 | NumberCyInstances = 0 92 | NumberDcInstances = 0 93 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/c3xxx_dev2.conf: -------------------------------------------------------------------------------- 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES 2 | # VyOS config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 16384 11 | # Automatically resets the device in case of fatal error or heartbeat failure 12 | AutoResetOnError = 1 13 | # Interrupts Coalescing 14 | InterruptCoalescingEnabled = 1 15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 16 | InterruptCoalescingTimerNs = 500000 17 | 18 | 19 | [KERNEL] 20 | # Create two cryptographic instances 21 | NumberCyInstances = 16 22 | NumberDcInstances = 0 23 | # Instance 0 24 | Cy0Name = "IPSec0" 25 | Cy0IsPolled = 0 26 | Cy0CoreAffinity = 0 27 | # Instance 1 28 | Cy1Name = "IPSec1" 29 | Cy1IsPolled = 0 30 | Cy1CoreAffinity = 1 31 | # Instance 2 32 | Cy2Name = "IPSec2" 33 | Cy2IsPolled = 0 34 | Cy2CoreAffinity = 2 35 | # Instance 3 36 | Cy3Name = "IPSec3" 37 | Cy3IsPolled = 0 38 | Cy3CoreAffinity = 3 39 | # Instance 4 40 | Cy4Name = "IPSec4" 41 | Cy4IsPolled = 0 42 | Cy4CoreAffinity = 4 43 | # Instance 5 44 | Cy5Name = "IPSec5" 45 | Cy5IsPolled = 0 46 | Cy5CoreAffinity = 5 47 | # Instance 6 48 | Cy6Name = "IPSec6" 49 | Cy6IsPolled = 0 50 | Cy6CoreAffinity = 6 51 | # Instance 7 52 | Cy7Name = "IPSec7" 53 | Cy7IsPolled = 0 54 | Cy7CoreAffinity = 7 55 | # Instance 8 56 | Cy8Name = "IPSec8" 57 | Cy8IsPolled = 0 58 | Cy8CoreAffinity = 8 59 | # Instance 9 60 | Cy9Name = "IPSec9" 61 | Cy9IsPolled = 0 62 | Cy9CoreAffinity = 9 63 | # Instance 10 64 | Cy10Name = "IPSec10" 65 | Cy10IsPolled = 0 66 | Cy10CoreAffinity = 10 67 | # Instance 11 68 | Cy11Name = "IPSec11" 69 | Cy11IsPolled = 0 70 | Cy11CoreAffinity = 11 71 | # Instance 12 72 | Cy12Name = "IPSec12" 73 | Cy12IsPolled = 0 74 | Cy12CoreAffinity = 12 75 | # Instance 13 76 | Cy13Name = "IPSec13" 77 | Cy13IsPolled = 0 78 | Cy13CoreAffinity = 13 79 | # Instance 14 80 | Cy14Name = "IPSec14" 81 | Cy14IsPolled = 0 82 | Cy14CoreAffinity = 14 83 | # Instance 15 84 | Cy15Name = "IPSec15" 85 | Cy15IsPolled = 0 86 | Cy15CoreAffinity = 15 87 | 88 | 89 | # Disable QAT API 90 | [KERNEL_QAT] 91 | NumberCyInstances = 0 92 | NumberDcInstances = 0 93 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/c6xx_dev0.conf: -------------------------------------------------------------------------------- 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES 2 | # VyOS config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 16384 11 | # Automatically resets the device in case of fatal error or heartbeat failure 12 | AutoResetOnError = 1 13 | # Interrupts Coalescing 14 | InterruptCoalescingEnabled = 1 15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 16 | InterruptCoalescingTimerNs = 500000 17 | 18 | 19 | [KERNEL] 20 | # Create two cryptographic instances 21 | NumberCyInstances = 16 22 | NumberDcInstances = 0 23 | # Instance 0 24 | Cy0Name = "IPSec0" 25 | Cy0IsPolled = 0 26 | Cy0CoreAffinity = 0 27 | # Instance 1 28 | Cy1Name = "IPSec1" 29 | Cy1IsPolled = 0 30 | Cy1CoreAffinity = 1 31 | # Instance 2 32 | Cy2Name = "IPSec2" 33 | Cy2IsPolled = 0 34 | Cy2CoreAffinity = 2 35 | # Instance 3 36 | Cy3Name = "IPSec3" 37 | Cy3IsPolled = 0 38 | Cy3CoreAffinity = 3 39 | # Instance 4 40 | Cy4Name = "IPSec4" 41 | Cy4IsPolled = 0 42 | Cy4CoreAffinity = 4 43 | # Instance 5 44 | Cy5Name = "IPSec5" 45 | Cy5IsPolled = 0 46 | Cy5CoreAffinity = 5 47 | # Instance 6 48 | Cy6Name = "IPSec6" 49 | Cy6IsPolled = 0 50 | Cy6CoreAffinity = 6 51 | # Instance 7 52 | Cy7Name = "IPSec7" 53 | Cy7IsPolled = 0 54 | Cy7CoreAffinity = 7 55 | # Instance 8 56 | Cy8Name = "IPSec8" 57 | Cy8IsPolled = 0 58 | Cy8CoreAffinity = 8 59 | # Instance 9 60 | Cy9Name = "IPSec9" 61 | Cy9IsPolled = 0 62 | Cy9CoreAffinity = 9 63 | # Instance 10 64 | Cy10Name = "IPSec10" 65 | Cy10IsPolled = 0 66 | Cy10CoreAffinity = 10 67 | # Instance 11 68 | Cy11Name = "IPSec11" 69 | Cy11IsPolled = 0 70 | Cy11CoreAffinity = 11 71 | # Instance 12 72 | Cy12Name = "IPSec12" 73 | Cy12IsPolled = 0 74 | Cy12CoreAffinity = 12 75 | # Instance 13 76 | Cy13Name = "IPSec13" 77 | Cy13IsPolled = 0 78 | Cy13CoreAffinity = 13 79 | # Instance 14 80 | Cy14Name = "IPSec14" 81 | Cy14IsPolled = 0 82 | Cy14CoreAffinity = 14 83 | # Instance 15 84 | Cy15Name = "IPSec15" 85 | Cy15IsPolled = 0 86 | Cy15CoreAffinity = 15 87 | 88 | 89 | # Disable QAT API 90 | [KERNEL_QAT] 91 | NumberCyInstances = 0 92 | NumberDcInstances = 0 93 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/c6xx_dev1.conf: -------------------------------------------------------------------------------- 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES 2 | # VyOS config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 16384 11 | # Automatically resets the device in case of fatal error or heartbeat failure 12 | AutoResetOnError = 1 13 | # Interrupts Coalescing 14 | InterruptCoalescingEnabled = 1 15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 16 | InterruptCoalescingTimerNs = 500000 17 | 18 | 19 | [KERNEL] 20 | # Create two cryptographic instances 21 | NumberCyInstances = 16 22 | NumberDcInstances = 0 23 | # Instance 0 24 | Cy0Name = "IPSec0" 25 | Cy0IsPolled = 0 26 | Cy0CoreAffinity = 0 27 | # Instance 1 28 | Cy1Name = "IPSec1" 29 | Cy1IsPolled = 0 30 | Cy1CoreAffinity = 1 31 | # Instance 2 32 | Cy2Name = "IPSec2" 33 | Cy2IsPolled = 0 34 | Cy2CoreAffinity = 2 35 | # Instance 3 36 | Cy3Name = "IPSec3" 37 | Cy3IsPolled = 0 38 | Cy3CoreAffinity = 3 39 | # Instance 4 40 | Cy4Name = "IPSec4" 41 | Cy4IsPolled = 0 42 | Cy4CoreAffinity = 4 43 | # Instance 5 44 | Cy5Name = "IPSec5" 45 | Cy5IsPolled = 0 46 | Cy5CoreAffinity = 5 47 | # Instance 6 48 | Cy6Name = "IPSec6" 49 | Cy6IsPolled = 0 50 | Cy6CoreAffinity = 6 51 | # Instance 7 52 | Cy7Name = "IPSec7" 53 | Cy7IsPolled = 0 54 | Cy7CoreAffinity = 7 55 | # Instance 8 56 | Cy8Name = "IPSec8" 57 | Cy8IsPolled = 0 58 | Cy8CoreAffinity = 8 59 | # Instance 9 60 | Cy9Name = "IPSec9" 61 | Cy9IsPolled = 0 62 | Cy9CoreAffinity = 9 63 | # Instance 10 64 | Cy10Name = "IPSec10" 65 | Cy10IsPolled = 0 66 | Cy10CoreAffinity = 10 67 | # Instance 11 68 | Cy11Name = "IPSec11" 69 | Cy11IsPolled = 0 70 | Cy11CoreAffinity = 11 71 | # Instance 12 72 | Cy12Name = "IPSec12" 73 | Cy12IsPolled = 0 74 | Cy12CoreAffinity = 12 75 | # Instance 13 76 | Cy13Name = "IPSec13" 77 | Cy13IsPolled = 0 78 | Cy13CoreAffinity = 13 79 | # Instance 14 80 | Cy14Name = "IPSec14" 81 | Cy14IsPolled = 0 82 | Cy14CoreAffinity = 14 83 | # Instance 15 84 | Cy15Name = "IPSec15" 85 | Cy15IsPolled = 0 86 | Cy15CoreAffinity = 15 87 | 88 | 89 | # Disable QAT API 90 | [KERNEL_QAT] 91 | NumberCyInstances = 0 92 | NumberDcInstances = 0 93 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/c6xx_dev2.conf: -------------------------------------------------------------------------------- 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES 2 | # VyOS config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 16384 11 | # Automatically resets the device in case of fatal error or heartbeat failure 12 | AutoResetOnError = 1 13 | # Interrupts Coalescing 14 | InterruptCoalescingEnabled = 1 15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 16 | InterruptCoalescingTimerNs = 500000 17 | 18 | 19 | [KERNEL] 20 | # Create two cryptographic instances 21 | NumberCyInstances = 16 22 | NumberDcInstances = 0 23 | # Instance 0 24 | Cy0Name = "IPSec0" 25 | Cy0IsPolled = 0 26 | Cy0CoreAffinity = 0 27 | # Instance 1 28 | Cy1Name = "IPSec1" 29 | Cy1IsPolled = 0 30 | Cy1CoreAffinity = 1 31 | # Instance 2 32 | Cy2Name = "IPSec2" 33 | Cy2IsPolled = 0 34 | Cy2CoreAffinity = 2 35 | # Instance 3 36 | Cy3Name = "IPSec3" 37 | Cy3IsPolled = 0 38 | Cy3CoreAffinity = 3 39 | # Instance 4 40 | Cy4Name = "IPSec4" 41 | Cy4IsPolled = 0 42 | Cy4CoreAffinity = 4 43 | # Instance 5 44 | Cy5Name = "IPSec5" 45 | Cy5IsPolled = 0 46 | Cy5CoreAffinity = 5 47 | # Instance 6 48 | Cy6Name = "IPSec6" 49 | Cy6IsPolled = 0 50 | Cy6CoreAffinity = 6 51 | # Instance 7 52 | Cy7Name = "IPSec7" 53 | Cy7IsPolled = 0 54 | Cy7CoreAffinity = 7 55 | # Instance 8 56 | Cy8Name = "IPSec8" 57 | Cy8IsPolled = 0 58 | Cy8CoreAffinity = 8 59 | # Instance 9 60 | Cy9Name = "IPSec9" 61 | Cy9IsPolled = 0 62 | Cy9CoreAffinity = 9 63 | # Instance 10 64 | Cy10Name = "IPSec10" 65 | Cy10IsPolled = 0 66 | Cy10CoreAffinity = 10 67 | # Instance 11 68 | Cy11Name = "IPSec11" 69 | Cy11IsPolled = 0 70 | Cy11CoreAffinity = 11 71 | # Instance 12 72 | Cy12Name = "IPSec12" 73 | Cy12IsPolled = 0 74 | Cy12CoreAffinity = 12 75 | # Instance 13 76 | Cy13Name = "IPSec13" 77 | Cy13IsPolled = 0 78 | Cy13CoreAffinity = 13 79 | # Instance 14 80 | Cy14Name = "IPSec14" 81 | Cy14IsPolled = 0 82 | Cy14CoreAffinity = 14 83 | # Instance 15 84 | Cy15Name = "IPSec15" 85 | Cy15IsPolled = 0 86 | Cy15CoreAffinity = 15 87 | 88 | 89 | # Disable QAT API 90 | [KERNEL_QAT] 91 | NumberCyInstances = 0 92 | NumberDcInstances = 0 93 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/d15xx_dev0.conf: -------------------------------------------------------------------------------- 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES 2 | # VyOS config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 16384 11 | # Automatically resets the device in case of fatal error or heartbeat failure 12 | AutoResetOnError = 1 13 | # Interrupts Coalescing 14 | InterruptCoalescingEnabled = 1 15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 16 | InterruptCoalescingTimerNs = 500000 17 | 18 | 19 | [KERNEL] 20 | # Create two cryptographic instances 21 | NumberCyInstances = 16 22 | NumberDcInstances = 0 23 | # Instance 0 24 | Cy0Name = "IPSec0" 25 | Cy0IsPolled = 0 26 | Cy0CoreAffinity = 0 27 | # Instance 1 28 | Cy1Name = "IPSec1" 29 | Cy1IsPolled = 0 30 | Cy1CoreAffinity = 1 31 | # Instance 2 32 | Cy2Name = "IPSec2" 33 | Cy2IsPolled = 0 34 | Cy2CoreAffinity = 2 35 | # Instance 3 36 | Cy3Name = "IPSec3" 37 | Cy3IsPolled = 0 38 | Cy3CoreAffinity = 3 39 | # Instance 4 40 | Cy4Name = "IPSec4" 41 | Cy4IsPolled = 0 42 | Cy4CoreAffinity = 4 43 | # Instance 5 44 | Cy5Name = "IPSec5" 45 | Cy5IsPolled = 0 46 | Cy5CoreAffinity = 5 47 | # Instance 6 48 | Cy6Name = "IPSec6" 49 | Cy6IsPolled = 0 50 | Cy6CoreAffinity = 6 51 | # Instance 7 52 | Cy7Name = "IPSec7" 53 | Cy7IsPolled = 0 54 | Cy7CoreAffinity = 7 55 | # Instance 8 56 | Cy8Name = "IPSec8" 57 | Cy8IsPolled = 0 58 | Cy8CoreAffinity = 8 59 | # Instance 9 60 | Cy9Name = "IPSec9" 61 | Cy9IsPolled = 0 62 | Cy9CoreAffinity = 9 63 | # Instance 10 64 | Cy10Name = "IPSec10" 65 | Cy10IsPolled = 0 66 | Cy10CoreAffinity = 10 67 | # Instance 11 68 | Cy11Name = "IPSec11" 69 | Cy11IsPolled = 0 70 | Cy11CoreAffinity = 11 71 | # Instance 12 72 | Cy12Name = "IPSec12" 73 | Cy12IsPolled = 0 74 | Cy12CoreAffinity = 12 75 | # Instance 13 76 | Cy13Name = "IPSec13" 77 | Cy13IsPolled = 0 78 | Cy13CoreAffinity = 13 79 | # Instance 14 80 | Cy14Name = "IPSec14" 81 | Cy14IsPolled = 0 82 | Cy14CoreAffinity = 14 83 | # Instance 15 84 | Cy15Name = "IPSec15" 85 | Cy15IsPolled = 0 86 | Cy15CoreAffinity = 15 87 | 88 | 89 | # Disable QAT API 90 | [KERNEL_QAT] 91 | NumberCyInstances = 0 92 | NumberDcInstances = 0 93 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/d15xx_dev1.conf: -------------------------------------------------------------------------------- 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES 2 | # VyOS config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 16384 11 | # Automatically resets the device in case of fatal error or heartbeat failure 12 | AutoResetOnError = 1 13 | # Interrupts Coalescing 14 | InterruptCoalescingEnabled = 1 15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 16 | InterruptCoalescingTimerNs = 500000 17 | 18 | 19 | [KERNEL] 20 | # Create two cryptographic instances 21 | NumberCyInstances = 16 22 | NumberDcInstances = 0 23 | # Instance 0 24 | Cy0Name = "IPSec0" 25 | Cy0IsPolled = 0 26 | Cy0CoreAffinity = 0 27 | # Instance 1 28 | Cy1Name = "IPSec1" 29 | Cy1IsPolled = 0 30 | Cy1CoreAffinity = 1 31 | # Instance 2 32 | Cy2Name = "IPSec2" 33 | Cy2IsPolled = 0 34 | Cy2CoreAffinity = 2 35 | # Instance 3 36 | Cy3Name = "IPSec3" 37 | Cy3IsPolled = 0 38 | Cy3CoreAffinity = 3 39 | # Instance 4 40 | Cy4Name = "IPSec4" 41 | Cy4IsPolled = 0 42 | Cy4CoreAffinity = 4 43 | # Instance 5 44 | Cy5Name = "IPSec5" 45 | Cy5IsPolled = 0 46 | Cy5CoreAffinity = 5 47 | # Instance 6 48 | Cy6Name = "IPSec6" 49 | Cy6IsPolled = 0 50 | Cy6CoreAffinity = 6 51 | # Instance 7 52 | Cy7Name = "IPSec7" 53 | Cy7IsPolled = 0 54 | Cy7CoreAffinity = 7 55 | # Instance 8 56 | Cy8Name = "IPSec8" 57 | Cy8IsPolled = 0 58 | Cy8CoreAffinity = 8 59 | # Instance 9 60 | Cy9Name = "IPSec9" 61 | Cy9IsPolled = 0 62 | Cy9CoreAffinity = 9 63 | # Instance 10 64 | Cy10Name = "IPSec10" 65 | Cy10IsPolled = 0 66 | Cy10CoreAffinity = 10 67 | # Instance 11 68 | Cy11Name = "IPSec11" 69 | Cy11IsPolled = 0 70 | Cy11CoreAffinity = 11 71 | # Instance 12 72 | Cy12Name = "IPSec12" 73 | Cy12IsPolled = 0 74 | Cy12CoreAffinity = 12 75 | # Instance 13 76 | Cy13Name = "IPSec13" 77 | Cy13IsPolled = 0 78 | Cy13CoreAffinity = 13 79 | # Instance 14 80 | Cy14Name = "IPSec14" 81 | Cy14IsPolled = 0 82 | Cy14CoreAffinity = 14 83 | # Instance 15 84 | Cy15Name = "IPSec15" 85 | Cy15IsPolled = 0 86 | Cy15CoreAffinity = 15 87 | 88 | 89 | # Disable QAT API 90 | [KERNEL_QAT] 91 | NumberCyInstances = 0 92 | NumberDcInstances = 0 93 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/d15xx_dev2.conf: -------------------------------------------------------------------------------- 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES 2 | # VyOS config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 16384 11 | # Automatically resets the device in case of fatal error or heartbeat failure 12 | AutoResetOnError = 1 13 | # Interrupts Coalescing 14 | InterruptCoalescingEnabled = 1 15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 16 | InterruptCoalescingTimerNs = 500000 17 | 18 | 19 | [KERNEL] 20 | # Create two cryptographic instances 21 | NumberCyInstances = 16 22 | NumberDcInstances = 0 23 | # Instance 0 24 | Cy0Name = "IPSec0" 25 | Cy0IsPolled = 0 26 | Cy0CoreAffinity = 0 27 | # Instance 1 28 | Cy1Name = "IPSec1" 29 | Cy1IsPolled = 0 30 | Cy1CoreAffinity = 1 31 | # Instance 2 32 | Cy2Name = "IPSec2" 33 | Cy2IsPolled = 0 34 | Cy2CoreAffinity = 2 35 | # Instance 3 36 | Cy3Name = "IPSec3" 37 | Cy3IsPolled = 0 38 | Cy3CoreAffinity = 3 39 | # Instance 4 40 | Cy4Name = "IPSec4" 41 | Cy4IsPolled = 0 42 | Cy4CoreAffinity = 4 43 | # Instance 5 44 | Cy5Name = "IPSec5" 45 | Cy5IsPolled = 0 46 | Cy5CoreAffinity = 5 47 | # Instance 6 48 | Cy6Name = "IPSec6" 49 | Cy6IsPolled = 0 50 | Cy6CoreAffinity = 6 51 | # Instance 7 52 | Cy7Name = "IPSec7" 53 | Cy7IsPolled = 0 54 | Cy7CoreAffinity = 7 55 | # Instance 8 56 | Cy8Name = "IPSec8" 57 | Cy8IsPolled = 0 58 | Cy8CoreAffinity = 8 59 | # Instance 9 60 | Cy9Name = "IPSec9" 61 | Cy9IsPolled = 0 62 | Cy9CoreAffinity = 9 63 | # Instance 10 64 | Cy10Name = "IPSec10" 65 | Cy10IsPolled = 0 66 | Cy10CoreAffinity = 10 67 | # Instance 11 68 | Cy11Name = "IPSec11" 69 | Cy11IsPolled = 0 70 | Cy11CoreAffinity = 11 71 | # Instance 12 72 | Cy12Name = "IPSec12" 73 | Cy12IsPolled = 0 74 | Cy12CoreAffinity = 12 75 | # Instance 13 76 | Cy13Name = "IPSec13" 77 | Cy13IsPolled = 0 78 | Cy13CoreAffinity = 13 79 | # Instance 14 80 | Cy14Name = "IPSec14" 81 | Cy14IsPolled = 0 82 | Cy14CoreAffinity = 14 83 | # Instance 15 84 | Cy15Name = "IPSec15" 85 | Cy15IsPolled = 0 86 | Cy15CoreAffinity = 15 87 | 88 | 89 | # Disable QAT API 90 | [KERNEL_QAT] 91 | NumberCyInstances = 0 92 | NumberDcInstances = 0 93 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/dh895xcc_dev0.conf: -------------------------------------------------------------------------------- 1 | # Intel® Communications Chipset 8900 to 8920 and Intel® Atom™ Processor C2000 Product Family for Communications Infrastructure 2 | # Vyos config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 4096 11 | # Interrupt Coalescing, available only in Intel® Communications Chipset 8900 to 8920 and Intel® Atom™ Processor C2000 Product Family for Communications Infrastructure 12 | InterruptCoalescingEnabled = 1 13 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 14 | InterruptCoalescingTimerNs = 500000 15 | # Automatically resets the device in case of fatal error or heartbeat failure 16 | AutoResetOnError = 1 17 | 18 | [KERNEL] 19 | # create two cryptographic instances 20 | NumberCyInstances = 8 21 | NumberDcInstances = 0 22 | # Instance 0 23 | Cy0Name = "IPSec0" 24 | Cy0IsPolled = 0 25 | Cy0CoreAffinity = 0 26 | # Instance 1 27 | Cy1Name = "IPSec1" 28 | Cy1IsPolled = 0 29 | Cy1CoreAffinity = 1 30 | # Instance 2 31 | Cy2Name = "IPSec2" 32 | Cy2IsPolled = 0 33 | Cy2CoreAffinity = 2 34 | # Instance 3 35 | Cy3Name = "IPSec3" 36 | Cy3IsPolled = 0 37 | Cy3CoreAffinity = 3 38 | # Instance 4 39 | Cy4Name = "IPSec4" 40 | Cy4IsPolled = 0 41 | Cy4CoreAffinity = 4 42 | # Instance 5 43 | Cy5Name = "IPSec5" 44 | Cy5IsPolled = 0 45 | Cy5CoreAffinity = 5 46 | # Instance 6 47 | Cy6Name = "IPSec6" 48 | Cy6IsPolled = 0 49 | Cy6CoreAffinity = 6 50 | # Instance 7 51 | Cy7Name = "IPSec7" 52 | Cy7IsPolled = 0 53 | Cy7CoreAffinity = 7 54 | 55 | 56 | # Disable QAT API 57 | [KERNEL_QAT] 58 | NumberCyInstances = 0 59 | NumberDcInstances = 0 60 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/dh895xcc_dev1.conf: -------------------------------------------------------------------------------- 1 | # Intel® Communications Chipset 8900 to 8920 and Intel® Atom™ Processor C2000 Product Family for Communications Infrastructure 2 | # Vyos config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 4096 11 | # Interrupt Coalescing, available only in Intel® Communications Chipset 8900 to 8920 and Intel® Atom™ Processor C2000 Product Family for Communications Infrastructure 12 | InterruptCoalescingEnabled = 1 13 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 14 | InterruptCoalescingTimerNs = 500000 15 | # Automatically resets the device in case of fatal error or heartbeat failure 16 | AutoResetOnError = 1 17 | 18 | [KERNEL] 19 | # create two cryptographic instances 20 | NumberCyInstances = 8 21 | NumberDcInstances = 0 22 | # Instance 0 23 | Cy0Name = "IPSec0" 24 | Cy0IsPolled = 0 25 | Cy0CoreAffinity = 0 26 | # Instance 1 27 | Cy1Name = "IPSec1" 28 | Cy1IsPolled = 0 29 | Cy1CoreAffinity = 1 30 | # Instance 2 31 | Cy2Name = "IPSec2" 32 | Cy2IsPolled = 0 33 | Cy2CoreAffinity = 2 34 | # Instance 3 35 | Cy3Name = "IPSec3" 36 | Cy3IsPolled = 0 37 | Cy3CoreAffinity = 3 38 | # Instance 4 39 | Cy4Name = "IPSec4" 40 | Cy4IsPolled = 0 41 | Cy4CoreAffinity = 4 42 | # Instance 5 43 | Cy5Name = "IPSec5" 44 | Cy5IsPolled = 0 45 | Cy5CoreAffinity = 5 46 | # Instance 6 47 | Cy6Name = "IPSec6" 48 | Cy6IsPolled = 0 49 | Cy6CoreAffinity = 6 50 | # Instance 7 51 | Cy7Name = "IPSec7" 52 | Cy7IsPolled = 0 53 | Cy7CoreAffinity = 7 54 | 55 | 56 | # Disable QAT API 57 | [KERNEL_QAT] 58 | NumberCyInstances = 0 59 | NumberDcInstances = 0 60 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/dh895xcc_dev2.conf: -------------------------------------------------------------------------------- 1 | # Intel® Communications Chipset 8900 to 8920 and Intel® Atom™ Processor C2000 Product Family for Communications Infrastructure 2 | # Vyos config 3 | 4 | [GENERAL] 5 | ConfigVersion = 2 6 | # Enable only cryptographic service 7 | ServicesEnabled = cy 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances 9 | CyNumConcurrentSymRequests = 512 10 | CyNumConcurrentAsymRequests = 4096 11 | # Interrupt Coalescing, available only in Intel® Communications Chipset 8900 to 8920 and Intel® Atom™ Processor C2000 Product Family for Communications Infrastructure 12 | InterruptCoalescingEnabled = 1 13 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt 14 | InterruptCoalescingTimerNs = 500000 15 | # Automatically resets the device in case of fatal error or heartbeat failure 16 | AutoResetOnError = 1 17 | 18 | [KERNEL] 19 | # create two cryptographic instances 20 | NumberCyInstances = 8 21 | NumberDcInstances = 0 22 | # Instance 0 23 | Cy0Name = "IPSec0" 24 | Cy0IsPolled = 0 25 | Cy0CoreAffinity = 0 26 | # Instance 1 27 | Cy1Name = "IPSec1" 28 | Cy1IsPolled = 0 29 | Cy1CoreAffinity = 1 30 | # Instance 2 31 | Cy2Name = "IPSec2" 32 | Cy2IsPolled = 0 33 | Cy2CoreAffinity = 2 34 | # Instance 3 35 | Cy3Name = "IPSec3" 36 | Cy3IsPolled = 0 37 | Cy3CoreAffinity = 3 38 | # Instance 4 39 | Cy4Name = "IPSec4" 40 | Cy4IsPolled = 0 41 | Cy4CoreAffinity = 4 42 | # Instance 5 43 | Cy5Name = "IPSec5" 44 | Cy5IsPolled = 0 45 | Cy5CoreAffinity = 5 46 | # Instance 6 47 | Cy6Name = "IPSec6" 48 | Cy6IsPolled = 0 49 | Cy6CoreAffinity = 6 50 | # Instance 7 51 | Cy7Name = "IPSec7" 52 | Cy7IsPolled = 0 53 | Cy7CoreAffinity = 7 54 | 55 | 56 | # Disable QAT API 57 | [KERNEL_QAT] 58 | NumberCyInstances = 0 59 | NumberDcInstances = 0 60 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/initramfs-tools/hooks/10-vyos-addons: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | PREREQ="" 3 | prereqs() 4 | { 5 | echo "$PREREQ" 6 | } 7 | case $1 in 8 | prereqs) 9 | prereqs 10 | exit 0 11 | ;; 12 | esac 13 | . /usr/share/initramfs-tools/hook-functions 14 | # Begin real processing below this line 15 | 16 | # include listed modules to initramfs but not load them without the necessity 17 | manual_add_modules igb ixgbe ixgbevf i40e i40evf 18 | 19 | # include modules from file (one per line) to initramfs but not load them without the necessity 20 | # add_modules_from_file /tmp/modlist 21 | 22 | # include listed modules to initramfs and load them during the boot 23 | # force_load xxx 24 | 25 | # executable to copy to initramfs, with library dependencies 26 | copy_exec /usr/lib/x86_64-linux-gnu/libnss_dns.so.2 27 | 28 | # missing fsck in initramfs 29 | copy_exec /usr/sbin/fsck 30 | copy_exec /usr/sbin/fsck.ext2 31 | copy_exec /usr/sbin/fsck.ext3 32 | copy_exec /usr/sbin/fsck.ext4 33 | 34 | # copy other files ("other" here is a file type, so do not delete this keyword) 35 | copy_file other /etc/ssl/certs/ca-certificates.crt 36 | copy_file other /etc/ssl/openssl.cnf 37 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/modprobe.d/intel-qat-blacklist.conf: -------------------------------------------------------------------------------- 1 | blacklist intel_qat 2 | blacklist qat_c3xxx 3 | blacklist c6xx_dev0 4 | blacklist d15xx_dev0 5 | blacklist dh895xcc_dev0 6 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/modprobe.d/no-copybreak.conf: -------------------------------------------------------------------------------- 1 | # 2 | # **** License **** 3 | # This program is free software; you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License version 2 as 5 | # published by the Free Software Foundation. 6 | # 7 | # This program is distributed in the hope that it will be useful, but 8 | # WITHOUT ANY WARRANTY; without even the implied warranty of 9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 10 | # General Public License for more details. 11 | # 12 | # This code was originally developed by Vyatta, Inc. 13 | # Portions created by Vyatta are Copyright (C) 2009 Vyatta, Inc. 14 | # All Rights Reserved. 15 | # **** End License **** 16 | # 17 | # Author: Bob Gilligan 18 | # 19 | # Some network interface drivers employ a scheme known as "copybreak" 20 | # in which they make a copy of a received skb if the size of the 21 | # buffer is below a particular threshold, then return the original 22 | # receive skb back to the pool. Since these drivers initially 23 | # allocate a buffer size that is larger than the largest possible 24 | # packet, this scheme returns that large buffer to the pool quickly, 25 | # and uses a smaller one. 26 | # 27 | # The primary benefit of copybreak is better memory utilization. On 28 | # systems where the data is ultimately going to be copied out to user 29 | # space, the copybreak scheme is "low cost" because it has the side 30 | # benefit of priming the cache for that later copy. But on a router 31 | # that only touches the header fields of a received packet, the cost 32 | # can be relatively higher. And on modern systems the memory savings 33 | # is rarely an important consideration. 34 | # 35 | # Some of the drivers that employ copybreak make the feature 36 | # configurable via a module parameter. This file disables copybreak 37 | # in some of those drivers. Generally this results in an improvement 38 | # in forwarding performance for traffic using these drivers. 39 | 40 | options 3c515 rx_copybreak=0 41 | options 3c59x rx_copybreak=0 42 | options bcm63xx copybreak=0 43 | options cxgb copybreak=0 44 | options e1000 copybreak=0 45 | options e1000e copybreak=0 46 | options epic100 rx_copybreak=0 47 | options fealnx rx_copybreak=0 48 | options hamachi rx_copybreak=0 49 | options ixgb copybreak=0 50 | options natsemi rx_copybreak=0 51 | options pch_gbe copybreak=0 52 | options pcnet32 rx_copybreak=0 53 | options sis190 rx_copybreak=0 54 | options sky2 copybreak=0 55 | options starfire rx_copybreak=0 56 | options sundance rx_copybreak=0 57 | options typhoon rx_copybreak=0 58 | options via-rhine rx_copybreak=0 59 | options via-velocity rx_copybreak=0 60 | options yellowfin rx_copybreak=0 61 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/modules-load.d/br-netfilter.conf: -------------------------------------------------------------------------------- 1 | # Load br-netfilter.ko at boot 2 | br_netfilter 3 | 4 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/nsswitch.conf: -------------------------------------------------------------------------------- 1 | # /etc/nsswitch.conf 2 | # 3 | # Example configuration of GNU Name Service Switch functionality. 4 | # If you have the `glibc-doc-reference' and `info' packages installed, try: 5 | # `info libc "Name Service Switch"' for information about this file. 6 | 7 | passwd: files 8 | group: files 9 | shadow: files 10 | gshadow: files 11 | 12 | # Per T2678, commenting out myhostname 13 | hosts: files dns #myhostname 14 | networks: files 15 | 16 | protocols: db files 17 | services: db files 18 | ethers: db files 19 | rpc: db files 20 | 21 | netgroup: nis 22 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/sudoers.d/openvpn: -------------------------------------------------------------------------------- 1 | openvpn ALL=(ALL) NOPASSWD: /sbin/ip 2 | Defaults:openvpn !requiretty 3 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/systemd/bootchart.conf: -------------------------------------------------------------------------------- 1 | [Bootchart] 2 | Samples=20000 3 | Frequency=25 4 | #Relative=yes 5 | #Filter=yes 6 | #Output= 7 | #Init=/path/to/init-binary 8 | #PlotMemoryUsage=yes 9 | #PlotEntropyGraph=yes 10 | #ScaleX=100 11 | #ScaleY=20 12 | #ControlGroup=yes 13 | PerCPU=yes 14 | Cmdline=yes 15 | 16 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/systemd/journald.conf: -------------------------------------------------------------------------------- 1 | # This file is managed in vyos-build 2 | # 3 | # This file is part of systemd. 4 | # 5 | # systemd is free software; you can redistribute it and/or modify it 6 | # under the terms of the GNU Lesser General Public License as published by 7 | # the Free Software Foundation; either version 2.1 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # Entries in this file show the compile time defaults. 11 | # You can change settings by editing this file. 12 | # Defaults can be restored by simply deleting this file. 13 | # 14 | # See journald.conf(5) for details. 15 | 16 | [Journal] 17 | #Storage=persistent 18 | #Compress=yes 19 | #Seal=yes 20 | #SplitMode=uid 21 | #SyncIntervalSec=5m 22 | #RateLimitIntervalSec=30s 23 | #RateLimitBurst=1000 24 | #SystemMaxUse= 25 | #SystemKeepFree= 26 | #SystemMaxFileSize= 27 | #SystemMaxFiles=100 28 | #RuntimeMaxUse= 29 | #RuntimeKeepFree= 30 | #RuntimeMaxFileSize= 31 | #RuntimeMaxFiles=100 32 | #MaxRetentionSec= 33 | #MaxFileSec=1month 34 | ForwardToSyslog=yes 35 | #ForwardToKMsg=no 36 | #ForwardToConsole=no 37 | #ForwardToWall=yes 38 | #TTYPath=/dev/console 39 | #MaxLevelStore=debug 40 | MaxLevelSyslog=debug 41 | #MaxLevelKMsg=notice 42 | #MaxLevelConsole=info 43 | #MaxLevelWall=emerg 44 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/systemd/system.conf: -------------------------------------------------------------------------------- 1 | # This file is managed in vyos-build 2 | # 3 | # This file is part of systemd. 4 | # 5 | # systemd is free software; you can redistribute it and/or modify it 6 | # under the terms of the GNU Lesser General Public License as published by 7 | # the Free Software Foundation; either version 2.1 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # See systemd-system.conf(5) for details 11 | 12 | [Manager] 13 | #LogLevel=info 14 | #LogTarget=journal-or-kmsg 15 | #LogColor=yes 16 | #LogLocation=no 17 | #DumpCore=yes 18 | #CrashShell=no 19 | ShowStatus=yes 20 | #CrashChVT=1 21 | #CPUAffinity=1 2 22 | #JoinControllers=cpu,cpuacct net_cls,net_prio 23 | #RuntimeWatchdogSec=0 24 | #ShutdownWatchdogSec=10min 25 | #CapabilityBoundingSet= 26 | #SystemCallArchitectures= 27 | #TimerSlackNSec= 28 | #DefaultTimerAccuracySec=1min 29 | #DefaultStandardOutput=journal 30 | #DefaultStandardError=inherit 31 | #DefaultTimeoutStartSec=90s 32 | #DefaultTimeoutStopSec=90s 33 | #DefaultRestartSec=100ms 34 | #DefaultStartLimitInterval=10s 35 | #DefaultStartLimitBurst=5 36 | #DefaultEnvironment= 37 | #DefaultCPUAccounting=no 38 | #DefaultBlockIOAccounting=no 39 | #DefaultMemoryAccounting=no 40 | #DefaultLimitCPU= 41 | #DefaultLimitFSIZE= 42 | #DefaultLimitDATA= 43 | #DefaultLimitSTACK= 44 | #DefaultLimitCORE= 45 | #DefaultLimitRSS= 46 | #DefaultLimitNOFILE= 47 | #DefaultLimitAS= 48 | #DefaultLimitNPROC= 49 | #DefaultLimitMEMLOCK= 50 | #DefaultLimitLOCKS= 51 | #DefaultLimitSIGPENDING= 52 | #DefaultLimitMSGQUEUE= 53 | #DefaultLimitNICE= 54 | #DefaultLimitRTPRIO= 55 | #DefaultLimitRTTIME= 56 | StatusUnitFormat=description 57 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/etc/systemd/system/getty@tty1.service.d/noclear.conf: -------------------------------------------------------------------------------- 1 | [Service] 2 | TTYVTDisallocate=no 3 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry: -------------------------------------------------------------------------------- 1 | menuentry "VyOS (KVM console)" { 2 | linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=ttyS0,115200 console=tty0 3 | initrd /boot//initrd.img 4 | } 5 | 6 | menuentry "VyOS (Serial console)" { 7 | linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=tty0 console=ttyS0,115200 8 | initrd /boot//initrd.img 9 | } 10 | 11 | menuentry "Lost password change (KVM console)" { 12 | linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=ttyS0,115200 console=tty0 init=/opt/vyatta/sbin/standalone_root_pw_reset 13 | initrd /boot//initrd.img 14 | } 15 | 16 | menuentry "Lost password change (Serial console)" { 17 | linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=tty0 console=ttyS0,115200 init=/opt/vyatta/sbin/standalone_root_pw_reset 18 | initrd /boot//initrd.img 19 | } 20 | 21 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/opt/vyatta/etc/install-image/postinst: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source /opt/vyatta/sbin/install-functions 4 | 5 | NEWVER=`mount | grep /mnt/inst_root` 6 | NEWVER=${NEWVER#*upperdir=/live/image/boot/} 7 | NEWVER=${NEWVER%/live-rw*} 8 | 9 | # For upgrading from 1.1.8 and older: 10 | # Set the correct disk label and create persistence configs 11 | # Live CD persistence settings have changed in Debian Jessie 12 | # and the system will not find its persistence dir otherwise 13 | DISK_LABEL=`mount | grep /live/image | awk '{print $1}' | grep dev` 14 | 15 | if [ -d "/live/image" ]; then 16 | e2label "${DISK_LABEL}" persistence 17 | if [ ! -f /live/image/persistence.conf ]; then 18 | echo "/ union" > /live/image/persistence.conf 19 | fi 20 | rm -f /live/image/boot/"${NEWVER}"/live-rw/etc/fstab 21 | mv /live/image/boot/"${NEWVER}"/live-rw /live/image/boot/"${NEWVER}"/rw 22 | 23 | touch /live/image/boot/"${NEWVER}"/rw/config/.upgraded 24 | fi 25 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-backup.minisign.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: VyOS release signing key 2 | RWSw63o24QvCadaeW21Vqv6+/uzXUsNOpLlRoLRQd2NJgdOm1k1zdAb3 3 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-release.minisign.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: VyOS release signing key 2 | RWTR1ty93Oyontk6caB9WqmiQC4fgeyd/ejgRxCRGd2MQej7nqebHneP 3 | -------------------------------------------------------------------------------- /data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-rolling-release.minisign.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: minisign public key D3643767F448688 2 | RWSIhkR/dkM2DSaBRniv/bbbAf8hmDqdbOEmgXkf1RxRoxzodgKcDyGq 3 | -------------------------------------------------------------------------------- /data/live-build-config/package-lists/vyos-base.list.chroot: -------------------------------------------------------------------------------- 1 | debconf 2 | vyos-1x 3 | vyos-user-utils 4 | zstd 5 | -------------------------------------------------------------------------------- /data/live-build-config/package-lists/vyos-utils.list.chroot: -------------------------------------------------------------------------------- 1 | systemd-sysv 2 | systemd-bootchart 3 | ncurses-term 4 | kitty-terminfo 5 | binutils 6 | -------------------------------------------------------------------------------- /data/live-build-config/rootfs/excludes: -------------------------------------------------------------------------------- 1 | # Exclude various unused files and directories in order to free some space and shrink imagesize. 2 | # 3 | # For information on how to use wildcards properly (Anchored and Non-anchored excludes): 4 | # 5 | # https://github.com/plougher/squashfs-tools/blob/master/RELEASE-READMEs/README-3.3 6 | # 7 | # Note: 8 | # 9 | # - root starts without leading '/'. 10 | # 11 | 12 | # Txxx: Drop isc-dhcp helper files from /etc/default. 13 | # We use systemd to control ISC daemons from within vyos-1x. 14 | etc/default/isc-dhcp-server 15 | etc/default/isc-dhcp-relay 16 | 17 | # T2185: Clean leftover files (ddclient) from base package. 18 | etc/dhcp/dhclient-exit-hooks.d/ddclient 19 | etc/ddclient.conf 20 | 21 | # T3242: Add hook to prevent link_config redundancy call in systemd-udev. 22 | # 99-default.link rule always calls link_config thats trying to set autonegotiation and duplex even for PPP interfaces. 23 | # Need to delete this rule to prevent overhead on interface creation stage. 24 | lib/systemd/network/99-default.link 25 | 26 | # T3774: Disabled atop services. 27 | etc/cron.d/atop 28 | 29 | # T3912: Remove superfluous motd.d kernel version shell script. 30 | etc/update-motd.d/10-uname 31 | 32 | # T4415: We do not need any documentation on the system. 33 | # Copyright/licenses files are ignored for deletion. 34 | usr/share/doc/*/!(copyright*|README*) 35 | usr/share/doc-base 36 | 37 | # T5468: We do not need any manpages on the system since man-binary is missing. 38 | usr/local/man/* 39 | usr/local/share/man/* 40 | usr/share/man/* 41 | 42 | # T5511: We do not need any games on the system. 43 | usr/games/* 44 | usr/local/games/* 45 | 46 | # T5511: We do not need any caches on the system (will be recreated when needed). 47 | # T7278: We need directory created by python3-cracklib for password checks 48 | var/cache/!(cracklib) 49 | 50 | # T5511: We do not need any log-files on the system (will be recreated when needed). 51 | var/log/*.log 52 | var/log/*/*.log 53 | var/log/*/*.log.xz 54 | 55 | # T5511: We do not need any backup-files on the system (will be recreated when needed). 56 | ... *.bak 57 | ... *.old 58 | ... *.kbx~ 59 | var/lib/dpkg/*-old 60 | 61 | # T5624: Remove the Debian version file to avoid false positives from security scanners. 62 | etc/debian_version 63 | 64 | -------------------------------------------------------------------------------- /data/versions: -------------------------------------------------------------------------------- 1 | { 2 | "current": "1.5" 3 | } 4 | -------------------------------------------------------------------------------- /docker-vyos/Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax = docker/dockerfile:1 2 | 3 | # Copyright (C) 2020-2023 VyOS maintainers and contributors 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License version 2 or later as 7 | # published by the Free Software Foundation. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program. If not, see . 16 | 17 | # Define arguments for VyOS image 18 | ARG VYOS_VERSION 19 | ARG BUILD_DATE 20 | 21 | # Use Debian as base layer 22 | FROM debian:bookworm-slim 23 | 24 | LABEL authors="VyOS Maintainers " 25 | ENV DEBIAN_FRONTEND noninteractive 26 | 27 | RUN /bin/echo -e 'APT::Install-Recommends "0";\nAPT::Install-Suggests "0";' > /etc/apt/apt.conf.d/01norecommends 28 | 29 | # Base packaged needed to build packages and their package dependencies 30 | RUN apt-get update && apt-get install -y \ 31 | ca-certificates \ 32 | gnupg \ 33 | curl \ 34 | fuse-overlayfs \ 35 | jq \ 36 | yq 37 | 38 | # Copy installer script and default build settings 39 | COPY [ "data/defaults.toml", \ 40 | "data/live-build-config/archives/*", \ 41 | "docker-vyos/vyos_install_common.sh", \ 42 | "docker-vyos/vyos_install_stage_01.sh", \ 43 | "/tmp/"] 44 | COPY [ "data/architectures/*", "/tmp/architectures_triage/" ] 45 | COPY [ "data/live-build-config/hooks/live/*", "/tmp/hooks/" ] 46 | 47 | # Install VyOS dependencies 48 | WORKDIR /tmp 49 | RUN bash -c 'mv /tmp/architectures_triage/$(dpkg --print-architecture).toml /tmp && rm -rf /tmp/architectures_triage' 50 | RUN bash /tmp/vyos_install_stage_01.sh 51 | 52 | 53 | # Install VyOS specific software 54 | COPY [ "data/defaults.toml", \ 55 | "docker-vyos/vyos_install_common.sh", \ 56 | "docker-vyos/vyos_install_stage_02.sh", "/tmp/" ] 57 | COPY [ "data/architectures/*", "/tmp/architectures_triage/" ] 58 | RUN bash -c 'mv /tmp/architectures_triage/$(dpkg --print-architecture).toml /tmp && rm -rf /tmp/architectures_triage' 59 | RUN bash /tmp/vyos_install_stage_02.sh 60 | 61 | 62 | # Tune system for VyOS 63 | COPY [ "docker-vyos/vyos_install_common.sh", "docker-vyos/vyos_install_stage_03.sh", "/tmp/" ] 64 | # Copy default config 65 | COPY tools/container/config.boot.default /opt/vyatta/etc/ 66 | 67 | RUN bash /tmp/vyos_install_stage_03.sh 68 | 69 | # Delete installer scripts 70 | RUN rm -rf /tmp/* 71 | 72 | 73 | # Make changes specific to the container environment 74 | 75 | # Tell systemd that we are inside container 76 | ENV container=docker 77 | 78 | # Set proper STOPSIGNAL 79 | STOPSIGNAL SIGRTMIN+3 80 | 81 | # Run VyOS 82 | CMD [ "/lib/systemd/systemd" ] 83 | 84 | # Describe this image 85 | LABEL maintainer="support@vyos.io" \ 86 | description="VyOS for Docker" \ 87 | vendor="Sentrium S.L." \ 88 | version=${VYOS_VERSION} \ 89 | io.vyos.build-date=${BUILD_DATE} \ 90 | org.opencontainers.image.authors="support@vyos.io" \ 91 | org.opencontainers.image.created=${BUILD_DATE} \ 92 | org.opencontainers.image.version=${VYOS_VERSION} \ 93 | org.opencontainers.image.url="https://github.com/vyos/vyos-build" \ 94 | org.opencontainers.image.documentation="https://docs.vyos.io/en/latest/contributing/build-vyos.html" \ 95 | org.opencontainers.image.source="https://github.com/vyos/vyos-build" \ 96 | org.opencontainers.image.vendor="Sentrium S.L." \ 97 | org.opencontainers.image.licenses="GNU" \ 98 | org.opencontainers.image.title="vyos-build" \ 99 | org.opencontainers.image.description="VyOS for Docker" \ 100 | org.opencontainers.image.base.name="docker.io/debian/debian:${DEBIAN_VERSION}-slim" 101 | -------------------------------------------------------------------------------- /docker-vyos/README.md: -------------------------------------------------------------------------------- 1 | # VyOS as Docker container 2 | 3 | VyOS can be run as a Docker container on a Linux host with a compatible kernel. 4 | 5 | ## Build Container 6 | 7 | To build a Docker image you need to have the whole `vyos-build` repository, not 8 | only a folder with Dockerfile, because some files from this repository are 9 | required for building. 10 | 11 | Docker image with VyOS can be built on Linux host with the next command: 12 | 13 | ```console 14 | docker build --compress --file Dockerfile \ 15 | --tag vyos:version-`date -u +%Y%m%d%H%M%S` \ 16 | --build-arg BUILD_DATE="`date -u --rfc-3339=seconds`" \ 17 | --build-arg VYOS_VERSION=version \ 18 | --build-arg DEBIAN_VERSION=debian \ 19 | --progress plain .. 20 | ``` 21 | 22 | Or, if you want to rebuild completely from the scratch (without cache): 23 | 24 | ```console 25 | docker build --no-cache --pull --compress --file Dockerfile \ 26 | --tag vyos:version-`date -u +%Y%m%d%H%M%S` \ 27 | --build-arg BUILD_DATE="`date -u --rfc-3339=seconds`" \ 28 | --build-arg VYOS_VERSION=version \ 29 | --build-arg DEBIAN_VERSION=debian \ 30 | --progress plain .. 31 | ``` 32 | 33 | > **_NOTE:_** You must use proper version value for `DEBIAN_VERSION` variable. 34 | It can be only `jessie` (for VyOS 1.2) or `buster` (for VyOS 1.3). 35 | 36 | ## Run Container 37 | 38 | Docker container with VyOS can be running with the next command: 39 | 40 | ```console 41 | docker run --privileged --detach \ 42 | --volume /lib/modules:/lib/modules \ 43 | --name vyos_inside_docker vyos:version 44 | ``` 45 | 46 | You need to use the `--privileged` flag because the system actively interacts 47 | with a host kernel to perform routing operations and tune networking options. 48 | 49 | **Experimantal:** You can limit access to some system resources with: 50 | 51 | ```console 52 | docker run --privileged --detach \ 53 | --tmpfs /tmp \ 54 | --tmpfs /run \ 55 | --tmpfs /run/lock \ 56 | --volume /lib/modules:/lib/modules:ro \ 57 | --volume /sys/fs/cgroup:/sys/fs/cgroup:ro \ 58 | --name vyos_inside_docker vyos:version 59 | ``` 60 | 61 | ### Log into container 62 | 63 | To open VyOS CLI, you can use SSH connection to the Docker container or run 64 | on host: 65 | 66 | ```console 67 | docker exec -it vyos_inside_docker su vyos 68 | ``` 69 | 70 | ## Troubleshooting 71 | 72 | If in VyOS appears IPv6-related errors, for example, it cannot assign an IPv6 73 | address for an interface, it is necessary to enable IPv6 support in Docker. 74 | 75 | This can be done, by editing `/etc/docker/daemon.json`: 76 | 77 | ```console 78 | { 79 | "ipv6": true, 80 | "fixed-cidr-v6": "fe80::/64" 81 | } 82 | ``` 83 | -------------------------------------------------------------------------------- /docker-vyos/vyos_install_common.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2020-2023 VyOS maintainers and contributors 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License version 2 or later as 7 | # published by the Free Software Foundation. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program. If not, see . 16 | 17 | # Set environment variables 18 | export DEBIAN_FRONTEND="noninteractive" 19 | 20 | # Prepare for further tasks 21 | function prepare_apt() { 22 | # Update packages list 23 | apt-get update 24 | 25 | # Add VyOS repository to the system 26 | local APT_VYOS_MIRROR=$(tomlq --raw-output .vyos_mirror /tmp/defaults.toml) 27 | local APT_VYOS_BRANCH=$(tomlq --raw-output .vyos_branch /tmp/defaults.toml) 28 | local APT_ADDITIONAL_REPOS=$(tomlq --raw-output .additional_repositories[] /tmp/$(dpkg --print-architecture).toml) 29 | local RELEASE_TRAIN=$(tomlq --raw-output .release_train /tmp/defaults.toml) 30 | 31 | echo "APT_VYOS_MIRROR : $APT_VYOS_MIRROR" 32 | echo "APT_VYOS_BRANCH : $APT_VYOS_BRANCH" 33 | echo "APT_ADDITIONAL_REPOS : $APT_ADDITIONAL_REPOS" 34 | echo "RELEASE_TRAIN : $RELEASE_TRAIN" 35 | 36 | echo -e "deb ${APT_VYOS_MIRROR} ${APT_VYOS_BRANCH} main\n${APT_ADDITIONAL_REPOS}" > /etc/apt/sources.list.d/vyos.list 37 | cat /etc/apt/sources.list.d/vyos.list 38 | 39 | if [ ${RELEASE_TRAIN} == "equuleus" ]; then 40 | # Add backports repository 41 | echo -e "deb http://deb.debian.org/debian buster-backports main\ndeb http://deb.debian.org/debian buster-backports non-free" >> /etc/apt/sources.list.d/vyos.list 42 | fi 43 | 44 | # Copy additional repositories and preferences, if persented 45 | if grep -sq deb /tmp/*.list.chroot; then 46 | cat /tmp/*list.chroot >> /etc/apt/sources.list.d/vyos.list 47 | fi 48 | if grep -sq Package /tmp/*.pref.chroot; then 49 | for pref_file in /tmp/*.pref.chroot; do 50 | cat $pref_file >> /etc/apt/preferences.d/10vyos 51 | echo -e "\n" >> /etc/apt/preferences.d/10vyos 52 | done 53 | fi 54 | 55 | # Add GPG keys 56 | if [[ ! -e /etc/apt/trusted.gpg.d/vyos.gpg ]]; then 57 | echo "Adding GPG keys to the system" 58 | cat /tmp/*.key.chroot | apt-key --keyring /etc/apt/trusted.gpg.d/vyos.gpg add - 59 | fi 60 | 61 | # Update packages list 62 | apt-get -o Acquire::Check-Valid-Until=false update 63 | } 64 | 65 | # Cleanup APT after finish 66 | function cleanup_apt() { 67 | # Clear APT cache 68 | apt-get clean 69 | rm -rf /var/lib/apt/lists/* 70 | rm /etc/apt/sources.list.d/vyos.list 71 | if [[ -e /etc/apt/preferences.d/10vyos ]]; then 72 | rm /etc/apt/preferences.d/10vyos 73 | fi 74 | } 75 | 76 | # Filter list elements 77 | function filter_list() { 78 | local list_elements=("${!1}") 79 | local filtered_elements=("${!2}") 80 | local list_elements_filtered 81 | 82 | for list_element in "${list_elements[@]}"; do 83 | local filtered="" 84 | 85 | for filtered_element in "${filtered_elements[@]}"; do 86 | if [[ ${list_element} =~ ${filtered_element} ]]; then 87 | filtered=True 88 | fi 89 | done 90 | 91 | if [[ -z "${filtered}" ]]; then 92 | list_elements_filtered+=("${list_element}") 93 | fi 94 | done 95 | echo ${list_elements_filtered[@]} 96 | } 97 | -------------------------------------------------------------------------------- /docker-vyos/vyos_install_stage_01.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2020-2023 VyOS maintainers and contributors 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License version 2 or later as 7 | # published by the Free Software Foundation. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program. If not, see . 16 | 17 | # Stage 1 - install dependencies 18 | 19 | # load common functions 20 | . vyos_install_common.sh 21 | 22 | echo "Configuring APT repositories" 23 | prepare_apt 24 | 25 | # Get list of VyOS packages 26 | vyos_packages=( 27 | "vyos-1x" 28 | ) 29 | 30 | # Do not analyze packages, which we do not need in Docker 31 | vyos_packages_filter=( 32 | "vyos-intel*" 33 | ) 34 | vyos_packages_filtered=("$(filter_list vyos_packages[@] vyos_packages_filter[@])") 35 | echo "Packages for dependency analyzing: ${vyos_packages_filtered[@]}" 36 | 37 | # Get list of all dependencies 38 | vyos_dependencies=(`apt-get -s install --no-install-recommends ${vyos_packages_filtered[@]} | awk '/Inst/ { printf("%s ", $2) }'`) 39 | 40 | # Do not install unnecessary 41 | ignore_list=( 42 | "dosfstools" 43 | "parted" 44 | "libparted*" 45 | "efibootmgr" 46 | "gdisk" 47 | "grub-*" 48 | "laptop-detect" 49 | "installation-report" 50 | "tshark" 51 | "wireshark*" 52 | "mdadm" 53 | "keepalived" 54 | "libheartbeat2" 55 | "bmon" 56 | "crda" 57 | "ipvsadm" 58 | "iw" 59 | "pptpd" 60 | "cluster-glue" 61 | "resource-agents" 62 | "heartbeat" 63 | "podman" 64 | ) 65 | 66 | # Get list of packages from VYOS repository 67 | if ls /var/lib/apt/lists/*vyos*Packages* | grep -q gz$; then 68 | arch_cat="zcat" 69 | fi 70 | if ls /var/lib/apt/lists/*vyos*Packages* | grep -q lz4$; then 71 | arch_cat="lz4cat" 72 | echo "Installing lz4" 73 | apt-get install -y --no-install-recommends lz4 74 | fi 75 | vyos_repo_packages=(`$arch_cat /var/lib/apt/lists/*vyos*Packages* | awk '/Package:/ { printf("%s\n",$2) }'`) 76 | if [[ "${arch_cat}" == "lz4cat" ]]; then 77 | echo "Removing lz4" 78 | apt-get purge -y lz4 79 | fi 80 | # Add them to ignore list - we do not need anything from VyOS in this layer of image 81 | ignore_list=("${ignore_list[@]}" "${vyos_repo_packages[@]}") 82 | 83 | # Remove every ignore list item from installation list 84 | vyos_dependencies_filtered=("$(filter_list vyos_dependencies[@] ignore_list[@])") 85 | 86 | # Add missed dependencies 87 | vyos_dependencies_filtered+=( 88 | "liburi-perl" 89 | "locales" 90 | "libcap-ng0" 91 | "libnss-myhostname" 92 | "dbus" 93 | ) 94 | 95 | echo "Dependencies filtered list: ${vyos_dependencies_filtered[@]}" 96 | 97 | # Install delependencies 98 | echo "Installing dependencies" 99 | apt-get install -y --no-install-recommends ${vyos_dependencies_filtered[@]} 100 | 101 | echo "Deconfiguring APT repositories" 102 | cleanup_apt 103 | 104 | 105 | exit 0 106 | -------------------------------------------------------------------------------- /docker-vyos/vyos_install_stage_02.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2020-2023 VyOS maintainers and contributors 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License version 2 or later as 7 | # published by the Free Software Foundation. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program. If not, see . 16 | 17 | # Stage 2 - install VyOS packages 18 | 19 | # load common functions 20 | . vyos_install_common.sh 21 | 22 | echo "Configuring APT repositories" 23 | prepare_apt 24 | 25 | # Get list of VyOS packages 26 | vyos_packages=( 27 | "vyos-1x" 28 | ) 29 | 30 | # Do not analyze packages, which we do not need in Docker 31 | vyos_packages_filter=( 32 | "vyos-intel*" 33 | ) 34 | vyos_packages_filtered=("$(filter_list vyos_packages[@] vyos_packages_filter[@])") 35 | 36 | # Add missed dependencies 37 | vyos_packages_filtered+=( 38 | "uuid" 39 | "jq" 40 | "yq" 41 | "systemd" 42 | ) 43 | 44 | echo "Packages for installing: ${vyos_packages_filtered[@]}" 45 | # Install VyOS packages 46 | echo "Installing VyOS packages" 47 | apt-get install -y --no-install-recommends ${vyos_packages_filtered[@]} 48 | 49 | # Create VyOS version file 50 | RELEASAE_TRAIN=$(tomlq --raw-output .release_train /tmp/defaults.toml) 51 | apt-cache show vyos-1x | awk -v release_train=${RELEASAE_TRAIN} '{ if ($1 == "Version:") version = $2 } END { build_git = "unknown" ; built_by = "Sentrium S.L." ; built_on = strftime("%F %T UTC", systime(), utc) ; "uuid -v 4" | getline build_uuid ; printf("{\"version\": \"%s\", \"build_git\": \"%s\", \"built_on\": \"%s\", \"built_by\": \"%s\", \"build_uuid\": \"%s\", \"release_train\": \"%s\"}", version, build_git, built_on, built_by, build_uuid, release_train) }' | json_pp > /usr/share/vyos/version.json 52 | 53 | # Delete what we do not need inside Docker image (this step makes packages database inconsistent) 54 | echo "Deleting what is needless in containers" 55 | dpkg -P --force-depends dosfstools efibootmgr yq jq gdisk grub-common grub-efi-amd64-bin initscripts installation-report laptop-detect libossp-uuid16 libparted2 libwireshark-data libwireshark5 mdadm parted tshark uuid 56 | dpkg -l | awk '/linux-image-/ { system("dpkg -P --force-depends " $2) }' 57 | 58 | # Delete documentation 59 | rm -rf /usr/share/doc /usr/share/doc-base 60 | 61 | echo "Deconfiguring APT repositories" 62 | cleanup_apt 63 | 64 | 65 | exit 0 66 | -------------------------------------------------------------------------------- /docker-vyos/vyos_install_stage_03.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (C) 2020-2023 VyOS maintainers and contributors 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License version 2 or later as 7 | # published by the Free Software Foundation. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program. If not, see . 16 | 17 | # Stage 3 - tune the system 18 | 19 | # load common functions 20 | . vyos_install_common.sh 21 | 22 | # Add config partition marker 23 | mkdir -p /opt/vyatta/etc/config 24 | touch /opt/vyatta/etc/config/.vyatta_config 25 | 26 | # create folder for configuration mounting 27 | ln -s /opt/vyatta/etc/config /config 28 | 29 | # Delete SSH keys 30 | rm -rf /etc/ssh/ssh_host_* 31 | 32 | # Fix FUSE settings 33 | sed -i 's/#user_allow_other/user_allow_other/g' /etc/fuse.conf 34 | 35 | # Configure locale 36 | sed -i 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen 37 | dpkg-reconfigure locales 38 | update-locale LANG=en_US.UTF-8 LC_ALL=C 39 | 40 | # Tune bash and environment settings 41 | echo "source /etc/bash_completion" >> /root/.bashrc 42 | sed -i 's/set $BASH_COMPLETION_ORIGINAL_V_VALUE/builtin set $BASH_COMPLETION_ORIGINAL_V_VALUE/g' /usr/share/bash-completion/bash_completion 43 | 44 | # Run configuration hooks 45 | echo "Running system configuration hooks" 46 | hooks_list=( 47 | "18-enable-disable_services.chroot" 48 | "30-frr-configs.chroot" 49 | ) 50 | for hook in ${hooks_list[@]}; do 51 | if [[ -e /tmp/hooks/${hook} ]]; then 52 | echo "Running ${hook}" 53 | /tmp/hooks/${hook} 54 | fi 55 | done 56 | 57 | # Delete needless options from CLI 58 | CLI_DELETION=( 59 | "/opt/vyatta/share/vyatta-cfg/templates/container/" 60 | ) 61 | rm -rf ${CLI_DELETION[@]} 62 | 63 | exit 0 64 | -------------------------------------------------------------------------------- /docker/arm64/hooks/post_checkout: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # downloads a local copy of qemu on docker-hub build machines 3 | curl -L https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-arm.tar.gz | tar zxvf - -C . && mv qemu-3.0.0+resin-arm/qemu-arm-static . 4 | -------------------------------------------------------------------------------- /docker/arm64/hooks/pre_build: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Register qemu-*-static for all supported processors except the 3 | # current one, but also remove all registered binfmt_misc before 4 | docker run --rm --privileged multiarch/qemu-user-static:register --reset 5 | -------------------------------------------------------------------------------- /docker/armhf/hooks/post_checkout: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # downloads a local copy of qemu on docker-hub build machines 3 | curl -L https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-arm.tar.gz | tar zxvf - -C . && mv qemu-3.0.0+resin-arm/qemu-arm-static . 4 | -------------------------------------------------------------------------------- /docker/armhf/hooks/pre_build: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Register qemu-*-static for all supported processors except the 3 | # current one, but also remove all registered binfmt_misc before 4 | docker run --rm --privileged multiarch/qemu-user-static:register --reset 5 | -------------------------------------------------------------------------------- /docker/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | USER_NAME="vyos_bld" 5 | NEW_UID=$(stat -c "%u" .) 6 | NEW_GID=$(stat -c "%g" .) 7 | 8 | # Change effective UID to the one specified via "-e GOSU_UID=`id -u $USER`" 9 | if [ -n "$GOSU_UID" ]; then 10 | NEW_UID=$GOSU_UID 11 | fi 12 | 13 | # Change effective UID to the one specified via "-e GOSU_GID=`id -g $USER`" 14 | if [ -n "$GOSU_GID" ]; then 15 | NEW_GID=$GOSU_GID 16 | fi 17 | 18 | # Notify user about selected UID/GID 19 | echo "Current UID/GID: $NEW_UID/$NEW_GID" 20 | 21 | # Create UNIX group on the fly if it does not exist 22 | if ! grep -q $NEW_GID /etc/group; then 23 | groupadd --gid $NEW_GID $USER_NAME 24 | fi 25 | 26 | useradd --shell /bin/bash --uid $NEW_UID --gid $NEW_GID --non-unique --create-home $USER_NAME 27 | sudo chown $NEW_UID:$NEW_GID /home/$USER_NAME 28 | export HOME=/home/$USER_NAME 29 | 30 | if [ "$(id -u)" == "0" ]; then 31 | exec gosu $USER_NAME "$@" 32 | fi 33 | 34 | # Execute process 35 | exec "$@" 36 | -------------------------------------------------------------------------------- /docker/patches/live-build/0001-save-package-info.patch: -------------------------------------------------------------------------------- 1 | From 9dacc8bf99310b2216be24a42f2c0475080cf039 Mon Sep 17 00:00:00 2001 2 | From: khramshinr 3 | Date: Thu, 24 Oct 2024 14:22:57 +0600 4 | Subject: [PATCH] T6684: new Debian package repo snapshot logic 5 | 6 | Save information about all installed packages and teir source repo, including temporary packages 7 | Added functionality to store version information for temporarily installed packages. 8 | --- 9 | functions/packages.sh | 9 +++++++++ 10 | scripts/build/chroot | 6 ++++++ 11 | scripts/build/clean | 2 +- 12 | 3 files changed, 16 insertions(+), 1 deletion(-) 13 | 14 | diff --git a/functions/packages.sh b/functions/packages.sh 15 | index 2481edc25..a6c2c1e8d 100755 16 | --- a/functions/packages.sh 17 | +++ b/functions/packages.sh 18 | @@ -60,6 +60,15 @@ Install_packages () 19 | Chroot chroot "aptitude install --without-recommends ${APTITUDE_OPTIONS} ${_LB_PACKAGES}" 20 | ;; 21 | esac 22 | + 23 | + # save information about all temporary installed packages and source repos 24 | + for PACKAGE in ${_LB_PACKAGES}; do 25 | + INSTALLED_VERSION=$(Chroot chroot "apt-cache policy ${PACKAGE}" | grep 'Installed:' | awk '{print $2}') 26 | + Chroot chroot "apt-cache policy ${PACKAGE}" | sed -n '/\*\*\*/,$p' | grep -P 'http:|https:' -m 1 | \ 27 | + awk -v pkg="${PACKAGE}" -v version="${INSTALLED_VERSION}" '{print $2" "$3" "pkg" "version}' >> chroot.packages.all.info 28 | + 29 | + done 30 | + 31 | unset _LB_PACKAGES # Can clear this now 32 | } 33 | 34 | diff --git a/scripts/build/chroot b/scripts/build/chroot 35 | index a0aa10be0..700762e78 100755 36 | --- a/scripts/build/chroot 37 | +++ b/scripts/build/chroot 38 | @@ -48,6 +48,12 @@ for _PASS in install live; do 39 | fi 40 | done 41 | 42 | +# save information about all installed packages and source repos 43 | +Chroot chroot "dpkg-query -W" | while read PACKAGE; do 44 | + Chroot chroot "apt-cache policy ${PACKAGE}" | sed -n '/\*\*\*/,$p' | grep -P 'http:|https:' -m 1 | awk -v pkg="${PACKAGE}" '{print $2" "$3" "pkg}' >> chroot.packages.all.info 45 | +done 46 | + 47 | + 48 | lb chroot_includes_after_packages "${@}" 49 | lb chroot_hooks "${@}" 50 | lb chroot_hacks "${@}" 51 | diff --git a/scripts/build/clean b/scripts/build/clean 52 | index 6549fc635..4376d7525 100755 53 | --- a/scripts/build/clean 54 | +++ b/scripts/build/clean 55 | @@ -159,7 +159,7 @@ if [ "${RM_CHROOT}" = "true" ]; then 56 | 57 | rm -rf chroot chroot.tmp 58 | 59 | - rm -f chroot.packages.live chroot.packages.install 60 | + rm -f chroot.packages.live chroot.packages.install chroot.packages.all.info 61 | rm -f chroot.files 62 | 63 | rm -f "$(Installed_tmp_packages_file)" 64 | 65 | -------------------------------------------------------------------------------- /packages/.gitignore: -------------------------------------------------------------------------------- 1 | /* 2 | -------------------------------------------------------------------------------- /scripts/image-build/defaults.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2024 VyOS maintainers and contributors 2 | # 3 | # This program is free software; you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License version 2 or later as 5 | # published by the Free Software Foundation. 6 | # 7 | # This program is distributed in the hope that it will be useful, 8 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | # GNU General Public License for more details. 11 | # 12 | # You should have received a copy of the GNU General Public License 13 | # along with this program. If not, see . 14 | # 15 | # File: defaults.py 16 | # Purpose: Various default values for use in build scripts. 17 | 18 | 19 | import os 20 | import getpass 21 | import platform 22 | 23 | def get_default_build_by(): 24 | return "{user}@{host}".format(user= getpass.getuser(), host=platform.node()) 25 | 26 | # Default boot settings 27 | boot_settings: dict[str, str] = { 28 | 'timeout': '5', 29 | 'console_type': 'tty', 30 | 'console_num': '0', 31 | 'console_speed': '115200', 32 | 'bootmode': 'normal' 33 | } 34 | 35 | # Hardcoded default values 36 | HARDCODED_BUILD = { 37 | 'custom_apt_entry': [], 38 | 'custom_apt_keys': [], 39 | 'custom_package': [], 40 | 'reuse_iso': None, 41 | 'disk_size': 10, 42 | 'build_by': get_default_build_by(), 43 | 'build_comment': '', 44 | } 45 | 46 | # Relative to the repository directory 47 | 48 | BUILD_DIR = 'build' 49 | BUILD_CONFIG = os.path.join(BUILD_DIR, 'build-config.toml') 50 | 51 | DEFAULTS_FILE = 'data/defaults.toml' 52 | 53 | BUILD_TYPES_DIR = 'data/build-types' 54 | BUILD_ARCHES_DIR = 'data/architectures' 55 | BUILD_FLAVORS_DIR = 'data/build-flavors' 56 | 57 | # Relative to the build directory 58 | 59 | PBUILDER_CONFIG = 'pbuilderrc' 60 | PBUILDER_DIR = 'pbuilder' 61 | 62 | LB_CONFIG_DIR = 'config' 63 | 64 | CHROOT_INCLUDES_DIR = 'config/includes.chroot' 65 | BINARY_INCLUDES_DIR = 'config/includes.binary' 66 | ARCHIVES_DIR = 'config/archives/' 67 | 68 | VYOS_REPO_FILE = 'config/archives/vyos.list.chroot' 69 | VYOS_PIN_FILE = 'config/archives/release.pref.chroot' 70 | CUSTOM_REPO_FILE = 'config/archives/custom.list.chroot' 71 | PACKAGE_LIST_FILE = 'config/package-lists/custom.list.chroot' 72 | 73 | LOCAL_PACKAGES_PATH = 'config/packages.chroot/' 74 | -------------------------------------------------------------------------------- /scripts/image-build/utils.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2024 VyOS maintainers and contributors 2 | # 3 | # This program is free software; you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License version 2 or later as 5 | # published by the Free Software Foundation. 6 | # 7 | # This program is distributed in the hope that it will be useful, 8 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | # GNU General Public License for more details. 11 | # 12 | # You should have received a copy of the GNU General Public License 13 | # along with this program. If not, see . 14 | # 15 | # File: util.py 16 | # Purpose: 17 | # Various common functions for use in build scripts. 18 | 19 | 20 | import sys 21 | import os 22 | import shutil 23 | 24 | # Local modules 25 | import defaults 26 | import vyos 27 | 28 | def check_build_config(): 29 | if not os.path.exists(defaults.BUILD_CONFIG): 30 | print("Build config file ({file}) does not exist".format(file=defaults.BUILD_CONFIG)) 31 | print("If you are running this script by hand, you should better not. Run 'make iso' instead.") 32 | sys.exit(1) 33 | 34 | 35 | class DependencyChecker(object): 36 | def __init__(self, spec): 37 | missing_packages = self._get_missing_packages(spec['packages']) 38 | missing_binaries = self._get_missing_binaries(spec['binaries']) 39 | self.__missing = {'packages': missing_packages, 'binaries': missing_binaries} 40 | 41 | 42 | def _package_installed(self, name): 43 | result = os.system("dpkg-query -W --showformat='${{Status}}\n' {name} 2>&1 | grep 'install ok installed' >/dev/null".format(name=name)) 44 | return True if result == 0 else False 45 | 46 | def _get_missing_packages(self, packages): 47 | missing_packages = [] 48 | for p in packages: 49 | if not self._package_installed(p): 50 | missing_packages.append(p) 51 | return missing_packages 52 | 53 | def _get_missing_binaries(self, binaries): 54 | missing_binaries = [] 55 | for b in binaries: 56 | if not shutil.which(b): 57 | missing_binaries.append(b) 58 | return missing_binaries 59 | 60 | def get_missing_dependencies(self): 61 | if self.__missing['packages'] or self.__missing['binaries']: 62 | return self.__missing 63 | return None 64 | 65 | def format_missing_dependencies(self): 66 | msg = "E: There are missing system dependencies!\n" 67 | if self.__missing['packages']: 68 | msg += "E: Missing packages: " + " ".join(self.__missing['packages']) 69 | if self.__missing['binaries']: 70 | msg += "E: Missing binaries: " + " ".join(self.__missing['binaries']) 71 | return msg 72 | 73 | def check_system_dependencies(deps): 74 | checker = DependencyChecker(deps) 75 | missing = checker.get_missing_dependencies() 76 | if missing: 77 | raise OSError(checker.format_missing_dependencies()) 78 | else: 79 | pass 80 | 81 | def cmd(command): 82 | res = vyos.utils.process.call(command, shell=True) 83 | if res > 0: 84 | raise OSError(f"Command '{command}' failed") 85 | 86 | def rc_cmd(command): 87 | code, out = vyos.utils.process.rc_cmd(command, shell=True) 88 | if code > 0: 89 | raise OSError(f"Command '{command}' failed") 90 | else: 91 | return out 92 | -------------------------------------------------------------------------------- /scripts/iso-to-oci: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | function cleanup() { 4 | if [[ -d $ROOTFS ]]; then 5 | rm -rf $ROOTFS 6 | fi 7 | if [[ -d $UNSQUASHFS ]]; then 8 | rm -rf $UNSQUASHFS 9 | fi 10 | } 11 | 12 | if [[ $(/usr/bin/id -u) -ne 0 ]]; then 13 | echo "Not running as root" 14 | exit 15 | fi 16 | 17 | if [ "$#" -ne 1 ]; then 18 | echo "Illegal number of parameters" 19 | fi 20 | 21 | ISO=$1 22 | ROOTFS=rootfs 23 | UNSQUASHFS=unsquashfs 24 | 25 | # ensure clean working directory 26 | cleanup 27 | 28 | mkdir $ROOTFS $UNSQUASHFS 29 | echo "I: mount ISO $ISO" 30 | mount -t iso9660 -o loop $ISO $ROOTFS/ >/dev/null 2>&1 31 | 32 | # create directory, unpack squashfs filesystem, get ISO version 33 | # and unmount ISO 34 | echo "I: extracting squashfs content" 35 | unsquashfs -follow -dest $UNSQUASHFS/ $ROOTFS/live/filesystem.squashfs >/dev/null 2>&1 36 | VERSION=$(jq --raw-output .version $ROOTFS/version.json) 37 | umount $ROOTFS/ 38 | 39 | # fix locales for correct system configuration loading 40 | sed -i 's/^LANG=.*$/LANG=C.UTF-8/' $UNSQUASHFS/etc/default/locale 41 | 42 | # optional step: Decrease docker image size by deleting not necessary files for container 43 | rm -rf $UNSQUASHFS/boot/*.img 44 | rm -rf $UNSQUASHFS/boot/*vyos* 45 | rm -rf $UNSQUASHFS/boot/vmlinuz 46 | rm -rf $UNSQUASHFS/lib/firmware/ 47 | rm -rf $UNSQUASHFS/usr/lib/x86_64-linux-gnu/libwireshark.so* 48 | rm -rf $UNSQUASHFS/lib/modules/*amd64-vyos 49 | rm -rf $UNSQUASHFS/root/.gnupg 50 | 51 | # create a symbolic link to the configuration 52 | ln -s /opt/vyatta/etc/config $UNSQUASHFS/config 53 | 54 | # create docker image 55 | echo "I: generate OCI container image vyos-$VERSION.tar" 56 | tar -C unsquashfs -c . -f vyos-$VERSION.tar 57 | 58 | echo "I: to import the previously generated OCI image to your local images run:" 59 | echo "" 60 | echo " docker import vyos-$VERSION.tar vyos:$VERSION --change 'CMD ["/sbin/init"]'" 61 | echo "" 62 | 63 | cleanup 64 | -------------------------------------------------------------------------------- /scripts/package-build/.gitignore: -------------------------------------------------------------------------------- 1 | *.buildinfo 2 | *.build 3 | *.changes 4 | *.deb 5 | *.udeb 6 | *.dsc 7 | *.tar.gz 8 | *.tar.xz 9 | -------------------------------------------------------------------------------- /scripts/package-build/amazon-cloudwatch-agent/.gitignore: -------------------------------------------------------------------------------- 1 | /amazon-cloudwatch-agent/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/amazon-cloudwatch-agent/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/amazon-cloudwatch-agent/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "amazon-cloudwatch-agent" 3 | commit_id = "v1.300050.0" 4 | scm_url = "https://github.com/aws/amazon-cloudwatch-agent" 5 | 6 | build_cmd = """ 7 | 8 | make clean test check_secrets amazon-cloudwatch-agent-linux package-deb 9 | ARCH=$(dpkg --print-architecture) 10 | TAG=$(git describe --tags --abbrev=0) 11 | COMMIT=$(git rev-parse --short HEAD) 12 | cp ./build/bin/linux/${ARCH}/*.deb ../amazon-cloudwatch-agent_${TAG}_${COMMIT}_${ARCH}.deb 13 | 14 | """ 15 | -------------------------------------------------------------------------------- /scripts/package-build/amazon-ssm-agent/.gitignore: -------------------------------------------------------------------------------- 1 | /amazon-ssm-agent/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/amazon-ssm-agent/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/amazon-ssm-agent/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "amazon-ssm-agent" 3 | commit_id = "3.3.1311.0" 4 | scm_url = "https://github.com/aws/amazon-ssm-agent" 5 | 6 | build_cmd = """ 7 | 8 | ARCH=$(dpkg --print-architecture) 9 | TAG=$(git describe --tags --abbrev=0) 10 | COMMIT=$(git rev-parse --short HEAD) 11 | 12 | make build-linux 13 | make package-deb 14 | cp ./bin/debian_${ARCH}/*.deb ../amazon-ssm-agent_${TAG}_${COMMIT}_${ARCH}.deb 15 | 16 | """ 17 | -------------------------------------------------------------------------------- /scripts/package-build/aws-gwlbtun/.gitignore: -------------------------------------------------------------------------------- 1 | /aws-gwlbtun*/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/aws-gwlbtun/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/aws-gwlbtun/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "aws-gwlbtun" 3 | commit_id = "f78058a" 4 | scm_url = "https://github.com/aws-samples/aws-gateway-load-balancer-tunnel-handler" 5 | 6 | 7 | ## Build cmd start 8 | build_cmd = '''\ 9 | mkdir -p debian 10 | echo 'obj-*-linux-gnu/gwlbtun usr/sbin' > debian/install 11 | 12 | # changelog 13 | cat < debian/changelog 14 | aws-gwlbtun (1.0-1) unstable; urgency=low 15 | 16 | * Initial release 17 | 18 | -- Your Name Wed, 29 Aug 2024 09:00:00 +0000 19 | 20 | EOF 21 | 22 | # control 23 | /bin/bash -c "cat < debian/control 24 | Source: aws-gwlbtun 25 | Section: net 26 | Priority: optional 27 | Maintainer: VyOS Package Maintainers 28 | Build-Depends: debhelper-compat (= 13) 29 | Standards-Version: 4.5.1 30 | Homepage: https://github.com/aws-samples/aws-gateway-load-balancer-tunnel-handler 31 | 32 | Package: aws-gwlbtun 33 | Architecture: any 34 | Depends: \${shlibs:Depends}, \${misc:Depends} 35 | Description: AWS Gateway Load Balancer Tunnel Handler 36 | This is a simple package that handles tunneling for the AWS Gateway Load Balancer. 37 | EOF 38 | " 39 | 40 | # rules 41 | cat < debian/rules 42 | #!/usr/bin/make -f 43 | 44 | %: dh $@ 45 | 46 | build: 47 | dh build 48 | 49 | binary: 50 | dh binary 51 | 52 | clean: 53 | dh clean 54 | EOF 55 | 56 | chmod +x debian/rules 57 | debuild -us -uc -b 58 | ''' 59 | ## Build cmd end 60 | 61 | [dependencies] 62 | packages = [ 63 | "cmake" 64 | ] 65 | -------------------------------------------------------------------------------- /scripts/package-build/bash-completion/.gitignore: -------------------------------------------------------------------------------- 1 | /bash-completion/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/bash-completion/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/bash-completion/package.toml: -------------------------------------------------------------------------------- 1 | # VyOS CLI requires an older version of bash-completion to work 2 | 3 | [[packages]] 4 | name = "bash-completion" 5 | commit_id = "debian/2.8-6" 6 | scm_url = "https://salsa.debian.org/debian/bash-completion" 7 | 8 | build_cmd = """ 9 | 10 | # Build deb 11 | dpkg-buildpackage -b -us -uc 12 | """ 13 | -------------------------------------------------------------------------------- /scripts/package-build/blackbox_exporter/.gitignore: -------------------------------------------------------------------------------- 1 | /blackbox_exporter/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/blackbox_exporter/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/blackbox_exporter/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | CWD=$(pwd) 3 | set -e 4 | 5 | BUILD_ARCH=$(dpkg-architecture -qDEB_TARGET_ARCH) 6 | 7 | SRC="blackbox_exporter" 8 | if [ ! -d ${SRC} ]; then 9 | echo "Source directory does not exist, please 'git clone'" 10 | exit 1 11 | fi 12 | 13 | cd $SRC 14 | 15 | mkdir -p debian 16 | 17 | echo "I: Create $SRC/debian/control" 18 | cat < debian/control 19 | Source: blackbox-exporter 20 | Section: net 21 | Priority: optional 22 | Maintainer: VyOS Package Maintainers 23 | Build-Depends: debhelper-compat (= 13) 24 | Standards-Version: 4.5.1 25 | Homepage: https://github.com/prometheus/blackbox_exporter 26 | 27 | Package: blackbox-exporter 28 | Architecture: ${BUILD_ARCH} 29 | Depends: \${shlibs:Depends}, \${misc:Depends} 30 | Description: The blackbox exporter allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP, ICMP and gRPC. 31 | EOF 32 | 33 | echo "I: Create $SRC/debian/changelog" 34 | cat < debian/changelog 35 | blackbox-exporter (0.26.0) UNRELEASED; urgency=medium 36 | 37 | * Upstream package 38 | 39 | -- VyOS Maintainers Thu, 26 Sep 2024 12:35:47 +0000 40 | EOF 41 | 42 | echo "I: Create $SRC/debian/rules" 43 | cat < debian/rules 44 | #!/usr/bin/make -f 45 | 46 | clean: 47 | @# Do nothing 48 | 49 | build: 50 | @# Do nothing 51 | 52 | binary: 53 | mkdir -p debian/blackbox-exporter 54 | mkdir -p debian/blackbox-exporter/usr/sbin 55 | mkdir -p debian/blackbox-exporter/run/blackbox_exporter 56 | cp blackbox_exporter debian/blackbox-exporter/usr/sbin/blackbox_exporter 57 | dh_gencontrol 58 | dh_builddeb 59 | EOF 60 | chmod +x debian/rules 61 | 62 | echo "I: Build blackbox_exporter" 63 | go build 64 | 65 | echo "I: Build Debian Package" 66 | dpkg-buildpackage -uc -us -tc -b -d 67 | -------------------------------------------------------------------------------- /scripts/package-build/blackbox_exporter/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "blackbox_exporter" 3 | commit_id = "v0.26.0" 4 | scm_url = "https://github.com/prometheus/blackbox_exporter" 5 | build_cmd = "cd ..; y | ./build.sh" 6 | -------------------------------------------------------------------------------- /scripts/package-build/ddclient/.gitignore: -------------------------------------------------------------------------------- 1 | /ddclient/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/ddclient/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/ddclient/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "ddclient" 3 | commit_id = "debian/3.11.2-1" 4 | scm_url = "https://salsa.debian.org/debian/ddclient" 5 | -------------------------------------------------------------------------------- /scripts/package-build/dropbear/.gitignore: -------------------------------------------------------------------------------- 1 | /dropbear/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/dropbear/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/dropbear/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "dropbear" 3 | commit_id = "debian/2022.83-1+deb12u1" 4 | scm_url = "https://salsa.debian.org/debian/dropbear.git" 5 | 6 | [dependencies] 7 | packages = ["libpam0g-dev"] 8 | -------------------------------------------------------------------------------- /scripts/package-build/dropbear/patches/dropbear/0001-Enable-PAM-support.patch: -------------------------------------------------------------------------------- 1 | From 861bfb53de5909e25a952a83654c63de61af02b5 Mon Sep 17 00:00:00 2001 2 | From: Christian Breunig 3 | Date: Sun, 28 May 2023 15:45:32 +0200 4 | Subject: [PATCH] Enable PAM support 5 | 6 | --- 7 | debian/control | 1 + 8 | debian/rules | 2 +- 9 | default_options.h | 4 ++-- 10 | 3 files changed, 4 insertions(+), 3 deletions(-) 11 | 12 | diff --git a/debian/control b/debian/control 13 | index 77ea036..b252b97 100644 14 | --- a/debian/control 15 | +++ b/debian/control 16 | @@ -6,6 +6,7 @@ Build-Depends: debhelper, 17 | debhelper-compat (= 13), 18 | libtomcrypt-dev (>= 1.18.2~), 19 | libtommath-dev (>= 1.2.0~), 20 | + libpam0g-dev, 21 | libz-dev 22 | Rules-Requires-Root: no 23 | Standards-Version: 4.6.1 24 | diff --git a/debian/rules b/debian/rules 25 | index 7dab64c..ce11aa4 100755 26 | --- a/debian/rules 27 | +++ b/debian/rules 28 | @@ -24,7 +24,7 @@ endif 29 | dh $@ 30 | 31 | override_dh_auto_configure: 32 | - dh_auto_configure -- --disable-bundled-libtom \ 33 | + dh_auto_configure -- --disable-bundled-libtom --enable-pam \ 34 | CC='$(CC)' CFLAGS='$(CFLAGS)' $(CONFFLAGS) 35 | 36 | execute_before_dh_auto_build: 37 | diff --git a/default_options.h b/default_options.h 38 | index 5132775..e7d274c 100644 39 | --- a/default_options.h 40 | +++ b/default_options.h 41 | @@ -223,7 +223,7 @@ group1 in Dropbear server too */ 42 | 43 | /* Authentication Types - at least one required. 44 | RFC Draft requires pubkey auth, and recommends password */ 45 | -#define DROPBEAR_SVR_PASSWORD_AUTH 1 46 | +#define DROPBEAR_SVR_PASSWORD_AUTH 0 47 | 48 | /* Note: PAM auth is quite simple and only works for PAM modules which just do 49 | * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c). 50 | @@ -231,7 +231,7 @@ group1 in Dropbear server too */ 51 | * but there's an interface via a PAM module. It won't work for more complex 52 | * PAM challenge/response. 53 | * You can't enable both PASSWORD and PAM. */ 54 | -#define DROPBEAR_SVR_PAM_AUTH 0 55 | +#define DROPBEAR_SVR_PAM_AUTH 1 56 | 57 | /* ~/.ssh/authorized_keys authentication. 58 | * You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins. */ 59 | -- 60 | 2.30.2 61 | 62 | -------------------------------------------------------------------------------- /scripts/package-build/ethtool/.gitignore: -------------------------------------------------------------------------------- 1 | /ethtool/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/ethtool/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/ethtool/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "ethtool" 3 | commit_id = "debian/1%6.10-1" 4 | scm_url = "https://salsa.debian.org/kernel-team/ethtool" 5 | -------------------------------------------------------------------------------- /scripts/package-build/frr/.gitignore: -------------------------------------------------------------------------------- 1 | /frr/ 2 | /rtrlib/ 3 | /libyang/ 4 | -------------------------------------------------------------------------------- /scripts/package-build/frr/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/frr/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "libyang" 3 | commit_id = "v3.4.2" 4 | scm_url = "https://github.com/CESNET/libyang.git" 5 | build_cmd = "pipx run apkg build -i && find pkg/pkgs -type f -name *.deb -exec mv -t .. {} +" 6 | 7 | [[packages]] 8 | name = "rtrlib" 9 | commit_id = "v0.8.0" 10 | scm_url = "https://github.com/rtrlib/rtrlib.git" 11 | 12 | [[packages]] 13 | name = "frr" 14 | commit_id = "stable/10.2" 15 | scm_url = "https://github.com/FRRouting/frr.git" 16 | build_cmd = "sudo dpkg -i ../*.deb; dpkg-buildpackage -us -uc -tc -b -Ppkg.frr.rtrlib,pkg.frr.lua" 17 | 18 | [dependencies] 19 | packages = [ 20 | "chrpath", 21 | "gawk", 22 | "install-info", 23 | "libcap-dev", 24 | "libc-ares-dev", 25 | "libjson-c-dev", 26 | "librtr-dev", 27 | "libpam-dev", 28 | "libprotobuf-c-dev", 29 | "libpython3-dev:native", 30 | "python3-sphinx:native", 31 | "libsnmp-dev", 32 | "protobuf-c-compiler", 33 | "python3-dev:native", 34 | "texinfo", 35 | "lua5.3", 36 | "doxygen", 37 | "bison", 38 | "liblua5.3-dev", 39 | "flex", 40 | "libelf-dev" 41 | ] 42 | -------------------------------------------------------------------------------- /scripts/package-build/frr/patches/frr/0001-Enable-PCRE2-in-Debian-package-builds.patch: -------------------------------------------------------------------------------- 1 | From 21800432167ac022c01772df993efca8d4969b38 Mon Sep 17 00:00:00 2001 2 | From: Daniil Baturin 3 | Date: Wed, 6 Nov 2024 15:58:10 +0000 4 | Subject: [PATCH] Enable PCRE2 in Debian package builds 5 | 6 | --- 7 | debian/rules | 1 + 8 | 1 file changed, 1 insertion(+) 9 | 10 | diff --git a/debian/rules b/debian/rules 11 | index 43e5d7e61..1f971ab22 100755 12 | --- a/debian/rules 13 | +++ b/debian/rules 14 | @@ -69,6 +69,7 @@ override_dh_auto_configure: 15 | --enable-vty-group=frrvty \ 16 | --enable-configfile-mask=0640 \ 17 | --enable-logfile-mask=0640 \ 18 | + --enable-pcre2posix \ 19 | # end 20 | 21 | override_dh_auto_install: 22 | -- 23 | 2.47.0 24 | 25 | -------------------------------------------------------------------------------- /scripts/package-build/frr/patches/frr/0003-Clear-Babel-Config-On-Stop.patch: -------------------------------------------------------------------------------- 1 | From c3c70e87b040233263b9594d14582dfedfecc92e Mon Sep 17 00:00:00 2001 2 | From: Yaroslav Kholod 3 | Date: Wed, 18 Dec 2024 11:48:29 +0200 4 | Subject: [PATCH] #17413: Clean babeld config on stop 5 | 6 | --- 7 | babeld/babeld.c | 6 ++++++ 8 | 1 file changed, 6 insertions(+) 9 | 10 | diff --git a/babeld/babeld.c b/babeld/babeld.c 11 | index b562f0b70..6f1a9a3d7 100644 12 | --- a/babeld/babeld.c 13 | +++ b/babeld/babeld.c 14 | @@ -304,6 +304,12 @@ void babel_clean_routing_process(void) 15 | flush_all_routes(); 16 | babel_interface_close_all(); 17 | 18 | + /* Clean babel config */ 19 | + diversity_kind = DIVERSITY_NONE; 20 | + diversity_factor = BABEL_DEFAULT_DIVERSITY_FACTOR; 21 | + resend_delay = BABEL_DEFAULT_RESEND_DELAY; 22 | + smoothing_half_life = BABEL_DEFAULT_SMOOTHING_HALF_LIFE; 23 | + 24 | /* cancel events */ 25 | event_cancel(&babel_routing_process->t_read); 26 | event_cancel(&babel_routing_process->t_update); 27 | -- 28 | 2.43.0 29 | 30 | -------------------------------------------------------------------------------- /scripts/package-build/frr_exporter/.gitignore: -------------------------------------------------------------------------------- 1 | /frr_exporter/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/frr_exporter/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/frr_exporter/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "frr_exporter" 3 | commit_id = "v1.5.0" 4 | scm_url = "https://github.com/tynany/frr_exporter" 5 | 6 | build_cmd = """ 7 | 8 | # Create the install directory 9 | mkdir -p debian/usr/sbin 10 | make setup_promu 11 | go build 12 | 13 | # Move the frr_exporter binary to the install directory 14 | mv frr_exporter debian/usr/sbin 15 | 16 | # Build the Debian package 17 | fpm --input-type dir --output-type deb --name frr-exporter \ 18 | --version $(git describe --tags --always | cut -c2-) --deb-compression gz \ 19 | --maintainer "VyOS Package Maintainers " \ 20 | --description "Prometheus exporter for FRR" \ 21 | --license Apache-2.0 -C debian --package .. 22 | """ 23 | -------------------------------------------------------------------------------- /scripts/package-build/hostap/.gitignore: -------------------------------------------------------------------------------- 1 | /hostap/ 2 | /wpa/ 3 | -------------------------------------------------------------------------------- /scripts/package-build/hostap/README.md: -------------------------------------------------------------------------------- 1 | # build 2 | ``` 3 | python3 build.py 4 | ``` 5 | -------------------------------------------------------------------------------- /scripts/package-build/hostap/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/hostap/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | CWD=$(pwd) 3 | set -e 4 | 5 | SRC=hostap 6 | SRC_DEB=wpa 7 | 8 | if [ ! -d ${SRC} ]; then 9 | echo "${SRC} directory does not exists, please 'git clone'" 10 | exit 1 11 | fi 12 | if [ ! -d ${SRC_DEB} ]; then 13 | echo "${SRC_DEB} directory does not exists, please 'git clone'" 14 | exit 1 15 | fi 16 | 17 | echo "I: Copy Debian build instructions" 18 | cp -a ${SRC_DEB}/debian ${SRC} 19 | # Preserve Debian's default of allowing TLSv1.0 and legacy renegotiation for 20 | # compatibility with networks that use legacy crypto 21 | cat > ${SRC}/debian/patches/series << EOF 22 | allow-tlsv1.patch 23 | allow-legacy-renegotiation.patch 24 | EOF 25 | 26 | # Build Debian package 27 | cd ${SRC} 28 | 29 | echo "I: Ensure Debian build dependencies are met" 30 | sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends" -Ppkg.wpa.nogui,noudeb 31 | 32 | echo "I: Create new Debian Package version" 33 | version="$(git describe --tags | tr _ .)" 34 | dch -v ${version:7} "New version to support AES-GCM-256 for MACsec" -b 35 | 36 | echo "I: Build Debian hostap Package" 37 | DEB_CPPFLAGS_SET="-Wno-use-after-free -Wno-deprecated-declarations" \ 38 | dpkg-buildpackage -us -uc -tc -b -Ppkg.wpa.nogui,noudeb 39 | -------------------------------------------------------------------------------- /scripts/package-build/hostap/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "wpa" 3 | commit_id = "debian/2%2.10-12" 4 | scm_url = "https://salsa.debian.org/debian/wpa" 5 | build_cmd = "/bin/true" 6 | 7 | [[packages]] 8 | name = "hostap" 9 | commit_id = "e7172e26d" 10 | scm_url = "git://w1.fi/srv/git/hostap.git" 11 | build_cmd = "cd ..; y | ./build.sh" 12 | 13 | -------------------------------------------------------------------------------- /scripts/package-build/hsflowd/.gitignore: -------------------------------------------------------------------------------- 1 | /host-sflow/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/hsflowd/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/hsflowd/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "host-sflow" 3 | commit_id = "v2.1.11-5" 4 | scm_url = "https://github.com/sflow/host-sflow.git" 5 | build_cmd = "make deb FEATURES='PCAP DROPMON DBUS PSAMPLE VPP'" 6 | 7 | [dependencies] 8 | packages = ["libpcap0.8-dev"] 9 | -------------------------------------------------------------------------------- /scripts/package-build/isc-dhcp/.gitignore: -------------------------------------------------------------------------------- 1 | /isc-dhcp/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/isc-dhcp/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/isc-dhcp/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "isc-dhcp" 3 | commit_id = "debian/4.4.3-P1-4" 4 | scm_url = "https://salsa.debian.org/debian/isc-dhcp" 5 | 6 | [dependencies] 7 | packages = ["libpam0g-dev"] 8 | -------------------------------------------------------------------------------- /scripts/package-build/isc-dhcp/patches/isc-dhcp/0003-fix-compilation-errors.patch: -------------------------------------------------------------------------------- 1 | From 58e0d3317795987b2f1ca788645196d0e3543f88 Mon Sep 17 00:00:00 2001 2 | From: Adam Smith 3 | Date: Tue, 23 Jan 2024 21:47:00 -0500 4 | Subject: [PATCH 3/4] fix compilation errors 5 | 6 | --- 7 | common/lpf.c | 5 +++-- 8 | 1 file changed, 3 insertions(+), 2 deletions(-) 9 | 10 | diff --git a/common/lpf.c b/common/lpf.c 11 | index 75609f5..1561d71 100644 12 | --- a/common/lpf.c 13 | +++ b/common/lpf.c 14 | @@ -195,6 +195,7 @@ static void lpf_tr_filter_setup (struct interface_info *); 15 | #endif 16 | 17 | static void lpf_gen_filter_setup (struct interface_info *); 18 | +static void lpf_pureip_gen_filter_setup (struct interface_info *); 19 | 20 | void if_register_receive (info) 21 | struct interface_info *info; 22 | @@ -215,14 +216,13 @@ void if_register_receive (info) 23 | } 24 | #endif 25 | 26 | - 27 | #if defined (HAVE_TR_SUPPORT) 28 | if (info -> hw_address.hbuf [0] == HTYPE_IEEE802) 29 | lpf_tr_filter_setup (info); 30 | else 31 | #endif 32 | if (info -> hw_address.hbuf [0] == HTYPE_PUREIP) 33 | - lpf_pureip_filter_setup (info); 34 | + lpf_pureip_gen_filter_setup (info); 35 | else 36 | lpf_gen_filter_setup (info); 37 | 38 | @@ -349,6 +349,7 @@ static void lpf_pureip_gen_filter_setup (info) 39 | } 40 | } 41 | 42 | + 43 | #if defined (HAVE_TR_SUPPORT) 44 | static void lpf_tr_filter_setup (info) 45 | struct interface_info *info; 46 | -- 47 | 2.39.2 48 | 49 | -------------------------------------------------------------------------------- /scripts/package-build/isc-dhcp/patches/isc-dhcp/0004-add-support-for-ARPHRD_NONE-interface-type.patch: -------------------------------------------------------------------------------- 1 | From fd96a11b31cd05aae450ec65fde0b5c6e0b718c2 Mon Sep 17 00:00:00 2001 2 | From: Adam Smith 3 | Date: Tue, 23 Jan 2024 22:35:54 -0500 4 | Subject: [PATCH 4/4] add support for ARPHRD_NONE interface type 5 | 6 | --- 7 | common/lpf.c | 6 ++++++ 8 | 1 file changed, 6 insertions(+) 9 | 10 | diff --git a/common/lpf.c b/common/lpf.c 11 | index 1561d71..f7e84b1 100644 12 | --- a/common/lpf.c 13 | +++ b/common/lpf.c 14 | @@ -643,6 +643,12 @@ get_hw_addr(const char *name, struct hardware *hw) { 15 | hw->hlen = 1; 16 | hw->hbuf[0] = HTYPE_PUREIP; 17 | break; 18 | +#endif 19 | +#ifdef ARPHRD_NONE 20 | + case ARPHRD_NONE: 21 | + hw->hlen = 1; 22 | + hw->hbuf[0] = HTYPE_PUREIP; 23 | + break; 24 | #endif 25 | default: 26 | log_fatal("Unsupported device type %ld for \"%s\"", 27 | -- 28 | 2.39.2 29 | 30 | -------------------------------------------------------------------------------- /scripts/package-build/kea/.gitignore: -------------------------------------------------------------------------------- 1 | /isc-kea/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/kea/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/kea/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "isc-kea" 3 | commit_id = "debian/2.6.1-2" 4 | scm_url = "https://salsa.debian.org/debian/isc-kea" 5 | -------------------------------------------------------------------------------- /scripts/package-build/keepalived/.gitignore: -------------------------------------------------------------------------------- 1 | /keepalived/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/keepalived/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/keepalived/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "keepalived" 3 | commit_id = "debian/1%2.3.2-1" 4 | scm_url = "https://salsa.debian.org/debian/pkg-keepalived.git" 5 | -------------------------------------------------------------------------------- /scripts/package-build/libnss-mapuser/.gitignore: -------------------------------------------------------------------------------- 1 | /libnss-mapuser/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/libnss-mapuser/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/libnss-mapuser/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "libnss-mapuser" 3 | commit_id = "current" 4 | scm_url = "https://github.com/vyos/libnss-mapuser.git" 5 | 6 | [dependencies] 7 | packages = [ 8 | "libaudit-dev" 9 | ] 10 | -------------------------------------------------------------------------------- /scripts/package-build/libpam-radius-auth/.gitignore: -------------------------------------------------------------------------------- 1 | /libpam-radius-auth/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/libpam-radius-auth/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/libpam-radius-auth/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "libpam-radius-auth" 3 | commit_id = "current" 4 | scm_url = "https://github.com/vyos/libpam-radius-auth.git" 5 | 6 | [dependencies] 7 | packages = [ 8 | "libpam-dev", 9 | "libaudit-dev" 10 | ] 11 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/.gitignore: -------------------------------------------------------------------------------- 1 | /linux* 2 | /wireguard 3 | /wireguard-linux-compat 4 | /accel-ppp 5 | /intel-qat 6 | /linux-firmware 7 | /vyos-drivers-intel* 8 | /vyos-drivers-realtek* 9 | /ovpn-dco 10 | /nat-rtsp* 11 | /jool* 12 | /ipt-netflow* 13 | /qat* 14 | /QAT* 15 | *.tar.gz 16 | *.tar.xz 17 | /*.postinst 18 | 19 | # Intel Driver source 20 | i40e-*/ 21 | igb-*/ 22 | ethernet-linux-*/ 23 | vyos-intel-*/ 24 | vyos-linux-firmware*/ 25 | kernel-vars 26 | r8152-*.tar.bz2 27 | ephemeral.* 28 | *.buildinfo 29 | *.build 30 | *.changes 31 | *.deb 32 | *.dsc 33 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/README.md: -------------------------------------------------------------------------------- 1 | # Build 2 | ``` 3 | ./build.py --config package.toml --packages linux-kernel accel-ppp xxx 4 | ``` 5 | 6 | # About 7 | 8 | VyOS runs on a custom Linux Kernel (which is 6.6) at the time of this writing. 9 | This repository holds build scripts that are used to build the Custom Kernel 10 | (x86_64/amd64 at the moment) and all required out-of tree modules. 11 | 12 | VyOS does not utilize the build in Intel Kernel drivers for its NICs as those 13 | Kernels sometimes lack features e.g. configurable receive-side-scaling queues. 14 | On the other hand we ship additional not mainlined features as WireGuard VPN. 15 | 16 | ## Kernel 17 | 18 | The Kernel is build from the vanilla repositories hosted at https://git.kernel.org. 19 | VyOS requires two additional patches to work which are stored in the patches/kernel 20 | folder. 21 | 22 | ### Config 23 | 24 | The Kernel configuration used is [x86_64_vyos_defconfig](x86_64_vyos_defconfig) 25 | which will be copied on demand during the Pipeline run into the `arch/x86/configs`i 26 | direcotry of the Kernel source tree. 27 | 28 | Other configurations can be added in the future easily. 29 | 30 | ### Modules 31 | 32 | VyOS utilizes several Out-of-Tree modules (e.g. WireGuard, Accel-PPP and Intel 33 | network interface card drivers). Module source code is retrieved from the 34 | upstream repository and - when needed - patched so it can be build using this 35 | pipeline. 36 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/build-accel-ppp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | CWD=$(pwd) 3 | KERNEL_VAR_FILE=${CWD}/kernel-vars 4 | 5 | ACCEL_SRC=${CWD}/accel-ppp 6 | if [ ! -d ${ACCEL_SRC} ]; then 7 | echo "Accel-PPP source not found" 8 | exit 1 9 | fi 10 | 11 | if [ ! -f ${KERNEL_VAR_FILE} ]; then 12 | echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" 13 | exit 1 14 | fi 15 | 16 | cd ${ACCEL_SRC} 17 | git reset --hard HEAD 18 | git clean --force -d -x 19 | 20 | PATCH_DIR=${CWD}/patches/accel-ppp 21 | if [ -d $PATCH_DIR ]; then 22 | cd ${ACCEL_SRC} 23 | for patch in $(ls ${PATCH_DIR}) 24 | do 25 | echo "I: Apply patch: ${PATCH_DIR}/${patch}" 26 | patch -p1 < ${PATCH_DIR}/${patch} 27 | done 28 | fi 29 | 30 | . ${KERNEL_VAR_FILE} 31 | mkdir -p ${ACCEL_SRC}/build 32 | cd ${ACCEL_SRC}/build 33 | 34 | echo "I: Build Accel-PPP Debian package" 35 | cmake -DBUILD_IPOE_DRIVER=TRUE \ 36 | -DBUILD_VLAN_MON_DRIVER=TRUE \ 37 | -DCMAKE_INSTALL_PREFIX=/usr \ 38 | -DKDIR=${KERNEL_DIR} \ 39 | -DLUA=5.3 \ 40 | -DMODULES_KDIR=${KERNEL_VERSION}${KERNEL_SUFFIX} \ 41 | -DCPACK_TYPE=Debian12 .. 42 | make 43 | 44 | # Sign generated Kernel modules 45 | ${CWD}/sign-modules.sh . 46 | 47 | cpack -G DEB 48 | 49 | # rename resulting Debian package according git description 50 | mv accel-ppp*.deb ${CWD}/accel-ppp_$(git describe --always --tags)_$(dpkg --print-architecture).deb 51 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/build-intel-nic.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | CWD=$(pwd) 3 | KERNEL_VAR_FILE=${CWD}/kernel-vars 4 | 5 | if ! dpkg-architecture -iamd64; then 6 | echo "Intel drivers only buildable on amd64 platforms" 7 | exit 0 8 | fi 9 | 10 | if [ ! -f ${KERNEL_VAR_FILE} ]; then 11 | echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" 12 | exit 1 13 | fi 14 | 15 | . ${KERNEL_VAR_FILE} 16 | 17 | if [ -z $KERNEL_DIR ]; then 18 | echo "KERNEL_DIR not defined" 19 | exit 1 20 | fi 21 | 22 | DRIVER_NAME=$1 23 | cd ${CWD}/ethernet-linux-${DRIVER_NAME} 24 | if [ -d .git ]; then 25 | git clean --force -d -x 26 | git reset --hard origin/main 27 | fi 28 | 29 | DRIVER_VERSION=$(git describe | sed s/^v//) 30 | 31 | # Build up Debian related variables required for packaging 32 | DEBIAN_ARCH=$(dpkg --print-architecture) 33 | DEBIAN_DIR="${CWD}/vyos-intel-${DRIVER_NAME}_${DRIVER_VERSION}_${DEBIAN_ARCH}" 34 | DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control" 35 | DEBIAN_POSTINST="${CWD}/vyos-intel-${DRIVER_NAME}.postinst" 36 | 37 | # See https://vyos.dev/T6155 38 | # See https://vyos.dev/T6162 39 | PATCH_DIR=${CWD}/patches/${DRIVER_NAME} 40 | if [ -d $PATCH_DIR ]; then 41 | for patch in $(ls ${PATCH_DIR}) 42 | do 43 | echo "I: Apply patch: ${PATCH_DIR}/${patch}" 44 | patch -p1 < ${PATCH_DIR}/${patch} 45 | done 46 | fi 47 | 48 | echo "I: Compile Kernel module for Intel ${DRIVER_NAME} driver" 49 | make KSRC=${KERNEL_DIR} INSTALL_MOD_PATH=${DEBIAN_DIR} INSTALL_FW_PATH=${DEBIAN_DIR} -j $(getconf _NPROCESSORS_ONLN) -C src install 50 | 51 | if [ "x$?" != "x0" ]; then 52 | exit 1 53 | fi 54 | 55 | if [ -f ${DEBIAN_DIR}.deb ]; then 56 | rm ${DEBIAN_DIR}.deb 57 | fi 58 | 59 | # build Debian package 60 | echo "I: Building Debian package vyos-intel-${DRIVER_NAME}" 61 | cd ${CWD} 62 | 63 | # Sign generated Kernel modules 64 | ${CWD}/sign-modules.sh ${DEBIAN_DIR} 65 | 66 | # delete non required files which are also present in the kernel package 67 | # und thus lead to duplicated files 68 | find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f 69 | 70 | echo "#!/bin/sh" > ${DEBIAN_POSTINST} 71 | echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST} 72 | 73 | fpm --input-type dir --output-type deb --name vyos-intel-${DRIVER_NAME} \ 74 | --version ${DRIVER_VERSION} --deb-compression gz \ 75 | --maintainer "VyOS Package Maintainers " \ 76 | --description "Vendor based driver for Intel ${DRIVER_NAME}" \ 77 | --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ 78 | --license "GPL2" -C ${DEBIAN_DIR} --after-install ${DEBIAN_POSTINST} 79 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/build-ipt-netflow.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | CWD=$(pwd) 3 | KERNEL_VAR_FILE=${CWD}/kernel-vars 4 | 5 | IPT_NETFLOW_SRC=${CWD}/ipt-netflow 6 | if [ ! -d ${IPT_NETFLOW_SRC} ]; then 7 | echo "ipt_NETFLOW source not found" 8 | exit 1 9 | fi 10 | 11 | if [ ! -f ${KERNEL_VAR_FILE} ]; then 12 | echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" 13 | exit 1 14 | fi 15 | 16 | cd ${IPT_NETFLOW_SRC} 17 | if [ -d .git ]; then 18 | git reset --hard HEAD 19 | git clean --force -d -x 20 | fi 21 | 22 | . ${KERNEL_VAR_FILE} 23 | 24 | DRIVER_VERSION=$(git describe | sed s/^v//) 25 | 26 | # Build up Debian related variables required for packaging 27 | DEBIAN_ARCH=$(dpkg --print-architecture) 28 | DEBIAN_DIR="tmp/" 29 | DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control" 30 | DEBIAN_POSTINST="${CWD}/vyos-ipt-netflow.postinst" 31 | 32 | ./configure --enable-aggregation --kdir=${KERNEL_DIR} 33 | make all 34 | 35 | if [ "x$?" != "x0" ]; then 36 | exit 1 37 | fi 38 | 39 | if [ -f ${DEBIAN_DIR}.deb ]; then 40 | rm ${DEBIAN_DIR}.deb 41 | fi 42 | 43 | if [ ! -d ${DEBIAN_DIR} ]; then 44 | mkdir -p ${DEBIAN_DIR} 45 | fi 46 | 47 | # build Debian package 48 | echo "I: Building Debian package vyos-ipt-netflow" 49 | cp ipt_NETFLOW.ko ${DEBIAN_DIR} 50 | cp libipt_NETFLOW.so ${DEBIAN_DIR} 51 | cp libip6t_NETFLOW.so ${DEBIAN_DIR} 52 | 53 | # Sign generated Kernel modules 54 | ${CWD}/sign-modules.sh ${DEBIAN_DIR} 55 | 56 | echo "#!/bin/sh" > ${DEBIAN_POSTINST} 57 | echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST} 58 | 59 | cd ${CWD} 60 | 61 | fpm --input-type dir --output-type deb --name vyos-ipt-netflow \ 62 | --version ${DRIVER_VERSION} --deb-compression gz \ 63 | --maintainer "VyOS Package Maintainers " \ 64 | --description "ipt_NETFLOW module" \ 65 | --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ 66 | --license "GPL2" -C ${IPT_NETFLOW_SRC}/tmp --after-install ${DEBIAN_POSTINST} \ 67 | ipt_NETFLOW.ko=/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra/ipt_NETFLOW.ko \ 68 | libipt_NETFLOW.so=/lib/$(uname -m)-linux-gnu/xtables/libipt_NETFLOW.so \ 69 | libip6t_NETFLOW.so=/lib/$(uname -m)-linux-gnu/xtables/libip6t_NETFLOW.so 70 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/build-jool.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from tomllib import loads as toml_loads 4 | from requests import get 5 | from pathlib import Path 6 | from subprocess import run 7 | 8 | def find_arch() -> str: 9 | tmp=run(['dpkg-architecture', '-q', 'DEB_HOST_ARCH'], capture_output=True) 10 | return tmp.stdout.decode().strip() 11 | 12 | # dependency modifier 13 | def add_depends(package_dir: str, package_name: str, 14 | depends: list[str]) -> None: 15 | """Add dependencies to a package 16 | 17 | Args: 18 | package_dir (str): a directory where package sources are located 19 | package_name (str): a name of package 20 | depends (list[str]): a list of dependencies to add 21 | """ 22 | depends_list: str = ', '.join(depends) 23 | depends_line: str = f'misc:Depends={depends_list}\n' 24 | 25 | substvars_file = Path(f'{package_dir}/debian/{package_name}.substvars') 26 | substvars_file.write_text(depends_line) 27 | 28 | 29 | # find kernel version and source path 30 | arch: str = find_arch() 31 | defaults_file: str = Path('../../../data/defaults.toml').read_text() 32 | KERNEL_VER: str = toml_loads(defaults_file).get('kernel_version') 33 | KERNEL_FLAVOR: str = toml_loads(defaults_file).get('kernel_flavor') 34 | KERNEL_SRC: str = Path.cwd().as_posix() + '/linux' 35 | 36 | # define variables 37 | PACKAGE_NAME: str = 'jool' 38 | PACKAGE_VERSION: str = '4.1.9+bf4c7e3669' 39 | PACKAGE_DIR: str = f'{PACKAGE_NAME}-{PACKAGE_VERSION}' 40 | SOURCES_ARCHIVE: str = 'jool-4.1.9+bf4c7e3669.tar.gz' 41 | SOURCES_URL: str = f'https://github.com/NICMx/Jool/archive/7f08c42c615ed63cf0fdc1522d91aa0809f6d990.tar.gz' 42 | 43 | # download sources 44 | sources_archive = Path(SOURCES_ARCHIVE) 45 | sources_archive.write_bytes(get(SOURCES_URL).content) 46 | 47 | # prepare sources 48 | debmake_cmd: list[str] = [ 49 | 'debmake', '-e', 'support@vyos.io', '-f', 'VyOS Support', '-p', 50 | PACKAGE_NAME, '-u', PACKAGE_VERSION, '-a', SOURCES_ARCHIVE 51 | ] 52 | run(debmake_cmd) 53 | 54 | # add kernel to dependencies 55 | add_depends(PACKAGE_DIR, PACKAGE_NAME, 56 | [f'linux-image-{KERNEL_VER}-{KERNEL_FLAVOR}']) 57 | 58 | # configure build rules 59 | build_rules_text: str = f'''#!/usr/bin/make -f 60 | # config 61 | export KERNEL_DIR := {KERNEL_SRC} 62 | PACKAGE_BUILD_DIR := debian/{PACKAGE_NAME} 63 | KVER := {KERNEL_VER}-{KERNEL_FLAVOR} 64 | MODULES_DIR := extra 65 | 66 | # main packaging script based on dh7 syntax 67 | %: 68 | dh $@ 69 | 70 | override_dh_clean: 71 | dh_clean --exclude=debian/{PACKAGE_NAME}.substvars 72 | 73 | override_dh_prep: 74 | dh_prep --exclude=debian/{PACKAGE_NAME}.substvars 75 | 76 | # override_dh_auto_clean: 77 | # make -C src/mod clean 78 | 79 | override_dh_auto_build: 80 | dh_auto_build $@ 81 | make -C ${{KERNEL_DIR}} M=$$PWD/src/mod/common modules 82 | make -C ${{KERNEL_DIR}} M=$$PWD/src/mod/nat64 modules 83 | make -C ${{KERNEL_DIR}} M=$$PWD/src/mod/siit modules 84 | 85 | override_dh_auto_install: 86 | dh_auto_install $@ 87 | install -D -m 644 src/mod/common/jool_common.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool_common.ko 88 | install -D -m 644 src/mod/nat64/jool.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool.ko 89 | install -D -m 644 src/mod/siit/jool_siit.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool_siit.ko 90 | ${{KERNEL_DIR}}/../sign-modules.sh ${{PACKAGE_BUILD_DIR}}/lib 91 | ''' 92 | bild_rules = Path(f'{PACKAGE_DIR}/debian/rules') 93 | bild_rules.write_text(build_rules_text) 94 | 95 | # build a package 96 | debuild_cmd: list[str] = ['debuild'] 97 | run(debuild_cmd, cwd=PACKAGE_DIR) 98 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/build-kernel.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | CWD=$(pwd) 3 | KERNEL_SRC=linux 4 | 5 | set -e 6 | 7 | if [ ! -d ${KERNEL_SRC} ]; then 8 | echo "Linux Kernel source directory does not exists, please 'git clone'" 9 | exit 1 10 | fi 11 | 12 | cd ${KERNEL_SRC} 13 | 14 | if [ -d .git ]; then 15 | echo "I: Clean modified files - reset Git repo" 16 | git reset --hard HEAD 17 | git clean --force -d -x 18 | fi 19 | 20 | echo "I: Copy Kernel config (x86_64_vyos_defconfig) to Kernel Source" 21 | cp -rv ${CWD}/arch/ . 22 | 23 | KERNEL_VERSION=$(make kernelversion) 24 | KERNEL_SUFFIX=-$(awk -F "= " '/kernel_flavor/ {print $2}' ../../../../data/defaults.toml | tr -d \") 25 | KERNEL_CONFIG=arch/x86/configs/vyos_defconfig 26 | 27 | # VyOS requires some small Kernel Patches - apply them here 28 | # It's easier to habe them here and make use of the upstream 29 | # repository instead of maintaining a full Kernel Fork. 30 | # Saving time/resources is essential :-) 31 | PATCH_DIR=${CWD}/patches/kernel 32 | for patch in $(ls ${PATCH_DIR}) 33 | do 34 | echo "I: Apply Kernel patch: ${PATCH_DIR}/${patch}" 35 | patch -p1 < ${PATCH_DIR}/${patch} 36 | done 37 | 38 | # Change name of Signing Cert 39 | sed -i -e "s/CN =.*/CN=VyOS Networks build time autogenerated Kernel key/" certs/default_x509.genkey 40 | 41 | TRUSTED_KEYS_FILE=trusted_keys.pem 42 | # start with empty key file 43 | echo -n "" > $TRUSTED_KEYS_FILE 44 | GIT_ROOT=$(git rev-parse --show-toplevel) 45 | CERTS=$(find ${GIT_ROOT}/data/certificates -name "*.pem" -type f || true) 46 | if [ ! -z "${CERTS}" ]; then 47 | # add known public keys to Kernel certificate chain 48 | for file in $CERTS; do 49 | cat $file >> $TRUSTED_KEYS_FILE 50 | done 51 | # Force Kernel module signing and embed public keys 52 | echo "CONFIG_SYSTEM_TRUSTED_KEYRING" >> $KERNEL_CONFIG 53 | echo "CONFIG_SYSTEM_TRUSTED_KEYS=\"$TRUSTED_KEYS_FILE\"" >> $KERNEL_CONFIG 54 | fi 55 | 56 | echo "I: make vyos_defconfig" 57 | # Select Kernel configuration - currently there is only one 58 | make vyos_defconfig 59 | 60 | echo "I: Generate environment file containing Kernel variable" 61 | EPHEMERAL_KEY="/tmp/ephemeral.key" 62 | EPHEMERAL_PEM="/tmp/ephemeral.pem" 63 | cat << EOF >${CWD}/kernel-vars 64 | #!/bin/sh 65 | export KERNEL_VERSION=${KERNEL_VERSION} 66 | export KERNEL_SUFFIX=${KERNEL_SUFFIX} 67 | export KERNEL_DIR=${CWD}/${KERNEL_SRC} 68 | export EPHEMERAL_KEY=${EPHEMERAL_KEY} 69 | export EPHEMERAL_CERT=${EPHEMERAL_PEM} 70 | EOF 71 | 72 | echo "I: Build Debian Kernel package" 73 | touch .scmversion 74 | make bindeb-pkg BUILD_TOOLS=1 LOCALVERSION=${KERNEL_SUFFIX} KDEB_PKGVERSION=${KERNEL_VERSION}-1 -j $(getconf _NPROCESSORS_ONLN) 75 | 76 | # Back to the old Kernel build-scripts directory 77 | cd $CWD 78 | EPHEMERAL_KERNEL_KEY=$(grep -E "^CONFIG_MODULE_SIG_KEY=" ${KERNEL_SRC}/$KERNEL_CONFIG | awk -F= '{print $2}' | tr -d \") 79 | if test -f "${EPHEMERAL_KEY}"; then 80 | rm -f ${EPHEMERAL_KEY} 81 | fi 82 | if test -f "${EPHEMERAL_PEM}"; then 83 | rm -f ${EPHEMERAL_PEM} 84 | fi 85 | if test -f "${KERNEL_SRC}/${EPHEMERAL_KERNEL_KEY}"; then 86 | openssl rsa -in ${KERNEL_SRC}/${EPHEMERAL_KERNEL_KEY} -out ${EPHEMERAL_KEY} 87 | openssl x509 -in ${KERNEL_SRC}/${EPHEMERAL_KERNEL_KEY} -out ${EPHEMERAL_PEM} 88 | fi 89 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/build-nat-rtsp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | CWD=$(pwd) 3 | KERNEL_VAR_FILE=${CWD}/kernel-vars 4 | 5 | SRC=${CWD}/nat-rtsp 6 | if [ ! -d ${SRC} ]; then 7 | echo "nat-rtsp source not found" 8 | exit 1 9 | fi 10 | 11 | if [ ! -f ${KERNEL_VAR_FILE} ]; then 12 | echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" 13 | exit 1 14 | fi 15 | 16 | . ${KERNEL_VAR_FILE} 17 | 18 | cd ${SRC} 19 | git reset --hard HEAD 20 | git clean --force -d -x 21 | make KERNELDIR=$KERNEL_DIR 22 | 23 | # Copy binary to package directory 24 | DEBIAN_DIR=tmp/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra 25 | mkdir -p ${DEBIAN_DIR} 26 | cp nf_conntrack_rtsp.ko nf_nat_rtsp.ko ${DEBIAN_DIR} 27 | 28 | DEBIAN_POSTINST="${CWD}/vyos-nat-rtsp.postinst" 29 | echo "#!/bin/sh" > ${DEBIAN_POSTINST} 30 | echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST} 31 | 32 | # Sign generated Kernel modules 33 | ${CWD}/sign-modules.sh ${DEBIAN_DIR} 34 | 35 | # Build Debian Package 36 | fpm --input-type dir --output-type deb --name nat-rtsp \ 37 | --version $(git describe --tags --always) --deb-compression gz \ 38 | --maintainer "VyOS Package Maintainers " \ 39 | --description "Connection tracking and NAT support for RTSP" \ 40 | --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ 41 | --after-install ${DEBIAN_POSTINST} \ 42 | --license "GPL2" --chdir tmp 43 | 44 | mv *.deb .. 45 | 46 | if [ -f ${DEBIAN_POSTINST} ]; then 47 | rm -f ${DEBIAN_POSTINST} 48 | fi 49 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/build-openvpn-dco.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | CWD=$(pwd) 3 | KERNEL_VAR_FILE=${CWD}/kernel-vars 4 | 5 | SRC=${CWD}/ovpn-dco 6 | if [ ! -d ${SRC} ]; then 7 | echo "OpenVPN DCO source not found" 8 | exit 1 9 | fi 10 | 11 | if [ ! -f ${KERNEL_VAR_FILE} ]; then 12 | echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" 13 | exit 1 14 | fi 15 | 16 | . ${KERNEL_VAR_FILE} 17 | 18 | cd ${SRC} 19 | git reset --hard HEAD 20 | git clean --force -d -x 21 | make KERNEL_SRC=$KERNEL_DIR 22 | 23 | # Copy binary to package directory 24 | DEBIAN_DIR=tmp/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra 25 | mkdir -p ${DEBIAN_DIR} 26 | cp drivers/net/ovpn-dco/ovpn-dco-v2.ko ${DEBIAN_DIR} 27 | 28 | # Sign generated Kernel modules 29 | ${CWD}/sign-modules.sh ${DEBIAN_DIR} 30 | 31 | # Build Debian Package 32 | fpm --input-type dir --output-type deb --name openvpn-dco \ 33 | --version $(git describe | sed s/^v//) --deb-compression gz \ 34 | --maintainer "VyOS Package Maintainers " \ 35 | --description "OpenVPN Data Channel Offload" \ 36 | --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ 37 | --license "GPL2" --chdir tmp 38 | 39 | mv *.deb .. 40 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/build-realtek-r8152.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import os 4 | from tomllib import loads as toml_loads 5 | from requests import get 6 | from pathlib import Path 7 | from subprocess import run 8 | 9 | CWD = os.getcwd() 10 | 11 | # dependency modifier 12 | def add_depends(package_dir: str, package_name: str, 13 | depends: list[str]) -> None: 14 | """Add dependencies to a package 15 | Args: 16 | package_dir (str): a directory where package sources are located 17 | package_name (str): a name of package 18 | depends (list[str]): a list of dependencies to add 19 | """ 20 | depends_list: str = ', '.join(depends) 21 | depends_line: str = f'misc:Depends={depends_list}\n' 22 | 23 | substvars_file = Path(f'{package_dir}/debian/{package_name}.substvars') 24 | substvars_file.write_text(depends_line) 25 | 26 | 27 | # find kernel version and source path 28 | defaults_file: str = Path('../../../data/defaults.toml').read_text() 29 | architecture_file: str = Path('../../../data/architectures/amd64.toml').read_text() 30 | KERNEL_VER: str = toml_loads(defaults_file).get('kernel_version') 31 | KERNEL_FLAVOR: str = toml_loads(defaults_file).get('kernel_flavor') 32 | KERNEL_SRC: str = Path.cwd().as_posix() + '/linux' 33 | # define variables 34 | PACKAGE_NAME: str = 'vyos-drivers-realtek-r8152' 35 | PACKAGE_VERSION: str = '2.18.1' 36 | PACKAGE_DIR: str = f'{PACKAGE_NAME}-{PACKAGE_VERSION}' 37 | SOURCES_ARCHIVE: str = 'r8152-2.18.1.tar.bz2' 38 | SOURCES_URL: str = f'https://packages.vyos.net/source-mirror/r8152-2.18.1.tar.bz2' 39 | 40 | # download sources 41 | sources_archive = Path(SOURCES_ARCHIVE) 42 | sources_archive.write_bytes(get(SOURCES_URL).content) 43 | 44 | # prepare sources 45 | debmake_cmd: list[str] = [ 46 | 'debmake', '-e', 'support@vyos.io', '-f', 'VyOS Support', '-p', 47 | PACKAGE_NAME, '-u', PACKAGE_VERSION, '-a', SOURCES_ARCHIVE 48 | ] 49 | run(debmake_cmd) 50 | 51 | # add kernel to dependencies 52 | add_depends(PACKAGE_DIR, PACKAGE_NAME, 53 | [f'linux-image-{KERNEL_VER}-{KERNEL_FLAVOR}']) 54 | 55 | # configure build rules 56 | build_rules_text: str = '''#!/usr/bin/make -f 57 | # config 58 | export KERNELDIR := {KERNEL_SRC} 59 | PACKAGE_BUILD_DIR := debian/{PACKAGE_NAME} 60 | KVER := {KERNEL_VER}-{KERNEL_FLAVOR} 61 | MODULES_DIR := updates/drivers/net/usb 62 | # main packaging script based on dh7 syntax 63 | %: 64 | \tdh $@ 65 | 66 | override_dh_clean: 67 | \tdh_clean --exclude=debian/{PACKAGE_NAME}.substvars 68 | 69 | override_dh_prep: 70 | \tdh_prep --exclude=debian/{PACKAGE_NAME}.substvars 71 | 72 | override_dh_auto_clean: 73 | \tmake clean 74 | 75 | override_dh_auto_build: 76 | \techo "KERNELDIR=${{KERNELDIR}}" 77 | \techo "CURDIR=${{CURDIR}}" 78 | \tmake -C ${{KERNELDIR}} M=${{CURDIR}} modules 79 | 80 | override_dh_auto_install: 81 | \tinstall -D -m 644 r8152.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/r8152.ko 82 | \t${{KERNELDIR}}/../sign-modules.sh ${{PACKAGE_BUILD_DIR}}/lib 83 | \tinstall -D -m 644 50-usb-realtek-net.rules ${{PACKAGE_BUILD_DIR}}/etc/udev/rules.d/50-usb-realtek-net.rules 84 | '''.format(KERNEL_SRC=KERNEL_SRC, PACKAGE_NAME=PACKAGE_NAME, KERNEL_VER=KERNEL_VER, KERNEL_FLAVOR=KERNEL_FLAVOR) 85 | 86 | build_rules_path = Path(f'{PACKAGE_DIR}/debian/rules') 87 | build_rules_path.write_text(build_rules_text, encoding='utf-8') 88 | 89 | # build a package 90 | debuild_cmd: list[str] = ['debuild'] 91 | run(debuild_cmd, cwd=PACKAGE_DIR, check=True) 92 | 93 | # Sign generated Kernel modules 94 | clean_cmd: list[str] = ['rm', '-rf', PACKAGE_DIR] 95 | run(clean_cmd, cwd=CWD, check=True) 96 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/package.toml: -------------------------------------------------------------------------------- 1 | # [defaults] 2 | # We get the kernel_version from vyos-build/data/defaults.toml 3 | # kernel_version = "6.6.47" 4 | # kernel_flavor = "amd64-vyos" 5 | 6 | 7 | [[packages]] 8 | name = "linux-kernel" 9 | commit_id = "" # Uses defaults.kernel_version 10 | scm_url = "" 11 | build_cmd = "build_kernel" 12 | 13 | [[packages]] 14 | name = "linux-firmware" 15 | commit_id = "20240610" 16 | scm_url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git" 17 | build_cmd = "build_linux_firmware" 18 | 19 | [[packages]] 20 | name = "accel-ppp" 21 | commit_id = "1.13.0" 22 | scm_url = "https://github.com/accel-ppp/accel-ppp.git" 23 | build_cmd = "build_accel_ppp" 24 | 25 | [[packages]] 26 | name = "ovpn-dco" 27 | commit_id = "v0.2.20231117" 28 | scm_url = "https://github.com/OpenVPN/ovpn-dco" 29 | build_cmd = "build_openvpn_dco" 30 | 31 | [[packages]] 32 | name = "nat-rtsp" 33 | commit_id = "475af0a" 34 | scm_url = "https://github.com/maru-sama/rtsp-linux.git" 35 | build_cmd = "build_nat_rtsp" 36 | 37 | [[packages]] 38 | name = "qat" 39 | commit_id = "" 40 | scm_url = "" 41 | build_cmd = "build_intel_qat" 42 | 43 | [[packages]] 44 | name = "igb" 45 | commit_id = "v5.18.7" 46 | scm_url = "https://github.com/intel/ethernet-linux-igb" 47 | build_cmd = "build_intel_igb" 48 | 49 | [[packages]] 50 | name = "ixgbe" 51 | commit_id = "v6.0.5" 52 | scm_url = "https://github.com/intel/ethernet-linux-ixgbe" 53 | build_cmd = "build_intel_ixgbe" 54 | 55 | [[packages]] 56 | name = "ixgbevf" 57 | commit_id = "v5.0.2" 58 | scm_url = "http://github.com/intel/ethernet-linux-ixgbevf" 59 | build_cmd = "build_intel_ixgbevf" 60 | 61 | [[packages]] 62 | name = "jool" 63 | commit_id = "" 64 | scm_url = "" 65 | build_cmd = "build_jool" 66 | 67 | [[packages]] 68 | name = "mlnx" 69 | commit_id = "" 70 | scm_url = "" 71 | build_cmd = "build_mellanox_ofed" 72 | 73 | [[packages]] 74 | name = "realtek-r8152" 75 | commit_id = "" 76 | scm_url = "" 77 | build_cmd = "build_realtek_r8152" 78 | 79 | [[packages]] 80 | name = "ipt-netflow" 81 | commit_id = "0eb2092e93" 82 | scm_url = "https://github.com/aabc/ipt-netflow" 83 | build_cmd = "build_ipt_netflow" 84 | 85 | [dependencies] 86 | packages = [ 87 | "cmake", 88 | "gnupg2", 89 | "rsync", 90 | "libelf-dev", 91 | "libncurses5-dev", 92 | "flex", 93 | "bison", 94 | "bc", 95 | "kmod", 96 | "cpio", 97 | "dwarves", 98 | "nasm", 99 | "rdfind", 100 | "pciutils", 101 | "yasm", 102 | "libudev-dev", 103 | "ruby", 104 | "ruby-dev", 105 | "rubygems", 106 | "build-essential", 107 | "libdw-dev", 108 | "libunwind-dev", 109 | "systemtap-sdt-dev", 110 | "libslang2-dev", 111 | "python-dev-is-python3", 112 | "libzstd-dev", 113 | "libcap-dev", 114 | "libnuma-dev", 115 | "libbabeltrace-ctf-dev", 116 | "libpfm4-dev", 117 | "libtraceevent-dev", 118 | "liblua5.3-dev", 119 | "libssl3", 120 | "libssl-dev", 121 | "libpcre3-dev", 122 | "libnl-genl-3-dev", 123 | "libxtables-dev", 124 | "asciidoc-base" 125 | ] 126 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/patches/accel-ppp/0004-Fix-whitespace-in-accel-pppd-libnetlink-iputils.c.patch: -------------------------------------------------------------------------------- 1 | From a959ab0c0d659a8b314b98bb577a79ec9ed3542c Mon Sep 17 00:00:00 2001 2 | From: Chris Hills 3 | Date: Tue, 11 Jul 2023 10:14:52 +0100 4 | Subject: [PATCH 4/4] Fix whitespace in accel-pppd/libnetlink/iputils.c 5 | 6 | (cherry picked from commit 10d2fba58928dcb4604a04169cbb3a8c9e8a172f) 7 | --- 8 | accel-pppd/libnetlink/iputils.c | 2 +- 9 | 1 file changed, 1 insertion(+), 1 deletion(-) 10 | 11 | diff --git a/accel-pppd/libnetlink/iputils.c b/accel-pppd/libnetlink/iputils.c 12 | index 60eca8b..afe2380 100644 13 | --- a/accel-pppd/libnetlink/iputils.c 14 | +++ b/accel-pppd/libnetlink/iputils.c 15 | @@ -551,7 +551,7 @@ int __export iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw 16 | #ifdef HAVE_VRF 17 | __u32 rt_table = ipvrf_get_table(vrf_name); 18 | #else 19 | - __u32 rt_table = RT_TABLE_MAIN; 20 | + __u32 rt_table = RT_TABLE_MAIN; 21 | #endif 22 | 23 | req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); 24 | -- 25 | 2.39.5 26 | 27 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/patches/ixgbe/0001-ixgbe-always-enable-support-for-unsupported-SFP-modu.patch: -------------------------------------------------------------------------------- 1 | From a3ebb453f4a8c95fe3674d09646edb93946d450a Mon Sep 17 00:00:00 2001 2 | From: Christian Breunig 3 | Date: Sat, 15 Feb 2025 09:17:10 +0100 4 | Subject: [PATCH] ixgbe: always enable support for unsupported SFP+ modules 5 | 6 | --- 7 | src/ixgbe_param.c | 10 +++++++--- 8 | 1 file changed, 7 insertions(+), 3 deletions(-) 9 | 10 | diff --git a/src/ixgbe_param.c b/src/ixgbe_param.c 11 | index bba03ae..3f29492 100644 12 | --- a/src/ixgbe_param.c 13 | +++ b/src/ixgbe_param.c 14 | @@ -307,7 +307,7 @@ IXGBE_PARAM(LRO, "Large Receive Offload (0,1), default 0 = off"); 15 | * Default Value: 0 16 | */ 17 | IXGBE_PARAM(allow_unsupported_sfp, "Allow unsupported and untested " 18 | - "SFP+ modules on 82599 based adapters, default 0 = Disable"); 19 | + "SFP+ modules on 82599 based adapters, default 1 = Enable"); 20 | 21 | /* Enable/disable support for DMA coalescing 22 | * 23 | @@ -1135,8 +1135,8 @@ void ixgbe_check_options(struct ixgbe_adapter *adapter) 24 | struct ixgbe_option opt = { 25 | .type = enable_option, 26 | .name = "allow_unsupported_sfp", 27 | - .err = "defaulting to Disabled", 28 | - .def = OPTION_DISABLED 29 | + .err = "defaulting to Enabled", 30 | + .def = OPTION_ENABLED 31 | }; 32 | #ifdef module_param_array 33 | if (num_allow_unsupported_sfp > bd) { 34 | @@ -1152,7 +1152,11 @@ void ixgbe_check_options(struct ixgbe_adapter *adapter) 35 | } 36 | #ifdef module_param_array 37 | } else { 38 | + if (opt.def == OPTION_ENABLED) { 39 | + adapter->hw.allow_unsupported_sfp = true; 40 | + } else { 41 | adapter->hw.allow_unsupported_sfp = false; 42 | + } 43 | } 44 | #endif 45 | } 46 | -- 47 | 2.39.5 48 | 49 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/patches/kernel/build-linux-perf-package.patch: -------------------------------------------------------------------------------- 1 | diff --git c/scripts/package/builddeb i/scripts/package/builddeb 2 | index d7dd0d04c70c..6f4a9a7c2c62 100755 3 | --- c/scripts/package/builddeb 4 | +++ i/scripts/package/builddeb 5 | @@ -182,6 +182,16 @@ install_libc_headers () { 6 | mv $pdir/usr/include/asm $pdir/usr/include/$host_arch/ 7 | } 8 | 9 | +install_perf () { 10 | + pdir=$1 11 | + 12 | + rm -rf $pdir 13 | + 14 | + $MAKE -C tools/ perf_install prefix=$pdir/usr 15 | + mv tools/perf/$pdir/usr $srctree/$pdir 16 | + 17 | +} 18 | + 19 | rm -f debian/files 20 | 21 | packages_enabled=$(dh_listpackages) 22 | @@ -199,6 +209,8 @@ do 23 | install_libc_headers debian/linux-libc-dev;; 24 | linux-headers-*) 25 | install_kernel_headers debian/linux-headers ${package#linux-headers-};; 26 | + linux-perf-*) 27 | + install_perf debian/linux-perf ${package};; 28 | esac 29 | done 30 | 31 | @@ -213,6 +225,8 @@ do 32 | create_package ${package} debian/linux-libc-dev;; 33 | linux-headers-*) 34 | create_package ${package} debian/linux-headers;; 35 | + linux-perf-*) 36 | + create_package ${package} debian/linux-perf;; 37 | esac 38 | done 39 | 40 | diff --git c/scripts/package/mkdebian i/scripts/package/mkdebian 41 | index 5044224cf671..21f98ae50be0 100755 42 | --- c/scripts/package/mkdebian 43 | +++ i/scripts/package/mkdebian 44 | @@ -238,6 +238,18 @@ Description: Linux support headers for userspace development 45 | Multi-Arch: same 46 | EOF 47 | 48 | +cat <> debian/control 49 | + 50 | +Package: linux-perf-$version 51 | +Section: devel 52 | +Architecture: $debarch 53 | +Depends: \${shlibs:Depends} 54 | +Description: Performance analysis tools for Linux $version 55 | + This package contains the 'perf' performance analysis tools for Linux 56 | + kernel version $version . 57 | +Multi-Arch: same 58 | +EOF 59 | + 60 | if is_enabled CONFIG_MODULES; then 61 | cat <> debian/control 62 | 63 | -------------------------------------------------------------------------------- /scripts/package-build/linux-kernel/sign-modules.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | BASE_DIR=$(dirname $0) 4 | MODULE_DIR=$1 5 | . ${BASE_DIR}/kernel-vars 6 | 7 | SIGN_FILE="${KERNEL_DIR}/scripts/sign-file" 8 | 9 | if [ -f ${EPHEMERAL_KEY} ] && [ -f ${EPHEMERAL_CERT} ]; then 10 | find ${MODULE_DIR} -type f -name \*.ko | while read MODULE; do 11 | echo "I: Signing ${MODULE} ..." 12 | ${SIGN_FILE} sha512 ${EPHEMERAL_KEY} ${EPHEMERAL_CERT} ${MODULE} 13 | done 14 | fi 15 | 16 | -------------------------------------------------------------------------------- /scripts/package-build/ndppd/.gitignore: -------------------------------------------------------------------------------- 1 | /ndppd/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/ndppd/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/ndppd/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "ndppd" 3 | commit_id = "debian/0.2.5-6" 4 | scm_url = "https://salsa.debian.org/debian/ndppd" 5 | -------------------------------------------------------------------------------- /scripts/package-build/ndppd/patches/ndppd/0001-skip-route-table-if-there-is-no-auto-rule.patch: -------------------------------------------------------------------------------- 1 | From b148ba055245cec5007ee91dd3ffbfeb58d49c5a Mon Sep 17 00:00:00 2001 2 | From: Henning Surmeier 3 | Date: Sun, 9 Jan 2022 20:35:15 +0100 4 | Subject: [PATCH 1/2] skip route table if there is no auto rule 5 | 6 | --- 7 | src/ndppd.cc | 3 ++- 8 | src/rule.cc | 8 ++++++++ 9 | src/rule.h | 4 ++++ 10 | 3 files changed, 14 insertions(+), 1 deletion(-) 11 | 12 | diff --git a/src/ndppd.cc b/src/ndppd.cc 13 | index bec9656..b303721 100644 14 | --- a/src/ndppd.cc 15 | +++ b/src/ndppd.cc 16 | @@ -304,7 +304,8 @@ int main(int argc, char* argv[], char* env[]) 17 | t1.tv_sec = t2.tv_sec; 18 | t1.tv_usec = t2.tv_usec; 19 | 20 | - route::update(elapsed_time); 21 | + if (rule::any_auto()) 22 | + route::update(elapsed_time); 23 | session::update_all(elapsed_time); 24 | } 25 | 26 | diff --git a/src/rule.cc b/src/rule.cc 27 | index 9e72480..a1e8376 100644 28 | --- a/src/rule.cc 29 | +++ b/src/rule.cc 30 | @@ -24,6 +24,8 @@ 31 | 32 | NDPPD_NS_BEGIN 33 | 34 | +bool rule::_any_aut = false; 35 | + 36 | rule::rule() 37 | { 38 | } 39 | @@ -49,6 +51,7 @@ ptr rule::create(const ptr& pr, const address& addr, bool aut) 40 | ru->_pr = pr; 41 | ru->_addr = addr; 42 | ru->_aut = aut; 43 | + _any_aut = _any_aut || aut; 44 | 45 | logger::debug() 46 | << "rule::create() if=" << pr->ifa()->name().c_str() << ", addr=" << addr 47 | @@ -57,6 +60,11 @@ ptr rule::create(const ptr& pr, const address& addr, bool aut) 48 | return ru; 49 | } 50 | 51 | +bool rule::any_auto() 52 | +{ 53 | + return _any_aut; 54 | +} 55 | + 56 | const address& rule::addr() const 57 | { 58 | return _addr; 59 | diff --git a/src/rule.h b/src/rule.h 60 | index 6663066..ca2aa36 100644 61 | --- a/src/rule.h 62 | +++ b/src/rule.h 63 | @@ -42,6 +42,8 @@ public: 64 | 65 | bool check(const address& addr) const; 66 | 67 | + static bool any_auto(); 68 | + 69 | private: 70 | weak_ptr _ptr; 71 | 72 | @@ -53,6 +55,8 @@ private: 73 | 74 | bool _aut; 75 | 76 | + static bool _any_aut; 77 | + 78 | rule(); 79 | }; 80 | 81 | -- 82 | 2.34.1 83 | 84 | -------------------------------------------------------------------------------- /scripts/package-build/ndppd/patches/ndppd/0002-set-vyos-version.patch: -------------------------------------------------------------------------------- 1 | From b0789cf679b0179d37e22f5a936af273d982abeb Mon Sep 17 00:00:00 2001 2 | From: Henning Surmeier 3 | Date: Tue, 11 Jan 2022 13:05:47 +0100 4 | Subject: [PATCH 2/2] set -vyos version 5 | 6 | --- 7 | src/ndppd.h | 2 +- 8 | 1 file changed, 1 insertion(+), 1 deletion(-) 9 | 10 | diff --git a/src/ndppd.h b/src/ndppd.h 11 | index 008726c..61ed950 100644 12 | --- a/src/ndppd.h 13 | +++ b/src/ndppd.h 14 | @@ -21,7 +21,7 @@ 15 | #define NDPPD_NS_BEGIN namespace ndppd { 16 | #define NDPPD_NS_END } 17 | 18 | -#define NDPPD_VERSION "0.2.4" 19 | +#define NDPPD_VERSION "0.2.5-vyos" 20 | 21 | #include 22 | 23 | -- 24 | 2.34.1 25 | 26 | -------------------------------------------------------------------------------- /scripts/package-build/net-snmp/.gitignore: -------------------------------------------------------------------------------- 1 | /net-snmp/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/net-snmp/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/net-snmp/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "net-snmp" 3 | commit_id = "debian/5.9.4+dfsg-1" 4 | scm_url = "https://salsa.debian.org/debian/net-snmp" 5 | build_cmd = "dpkg-buildpackage -us -uc -tc -b || true" 6 | -------------------------------------------------------------------------------- /scripts/package-build/netfilter/.gitignore: -------------------------------------------------------------------------------- 1 | /pkg-libnftnl/ 2 | /pkg-nftables/ 3 | -------------------------------------------------------------------------------- /scripts/package-build/netfilter/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/netfilter/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "pkg-libnftnl" 3 | commit_id = "debian/1.2.6-2" 4 | scm_url = "https://salsa.debian.org/pkg-netfilter-team/pkg-libnftnl.git" 5 | 6 | [[packages]] 7 | name = "pkg-nftables" 8 | commit_id = "debian/1.0.9-1" 9 | scm_url = "https://salsa.debian.org/pkg-netfilter-team/pkg-nftables.git" 10 | 11 | build_cmd = """ 12 | sudo dpkg -i ../libnftnl*.deb 13 | sudo mk-build-deps --install --tool 'apt-get --yes --no-install-recommends' 14 | dpkg-buildpackage -uc -us -tc -b 15 | """ 16 | 17 | [dependencies] 18 | packages = [ 19 | "asciidoc-base", 20 | "bison" 21 | ] 22 | -------------------------------------------------------------------------------- /scripts/package-build/node_exporter/.gitignore: -------------------------------------------------------------------------------- 1 | node_exporter/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/node_exporter/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/node_exporter/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "node_exporter" 3 | commit_id = "v1.9.1" 4 | scm_url = "https://github.com/prometheus/node_exporter" 5 | 6 | build_cmd = """ 7 | 8 | # Create the install directory 9 | mkdir -p debian/usr/sbin 10 | make build 11 | 12 | # Move the node_exporter binary to the install directory 13 | mv node_exporter debian/usr/sbin 14 | 15 | # Build the Debian package 16 | fpm --input-type dir --output-type deb --name node-exporter \ 17 | --version $(git describe --tags --always | cut -c2-) --deb-compression gz \ 18 | --maintainer "VyOS Package Maintainers " \ 19 | --description "Prometheus exporter for machine metrics" \ 20 | --license Apache-2.0 -C debian --package .. 21 | """ 22 | -------------------------------------------------------------------------------- /scripts/package-build/openvpn-otp/.gitignore: -------------------------------------------------------------------------------- 1 | /openvpn-otp/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/openvpn-otp/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/openvpn-otp/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "openvpn-otp" 3 | commit_id = "9781ff1" 4 | scm_url = "https://github.com/evgeny-gridasov/openvpn-otp" 5 | 6 | # build_cmd = "cd ..; ./build-openvpn-otp.sh" 7 | build_cmd = """ 8 | ./autogen.sh 9 | ./configure --prefix=/usr 10 | make 11 | mkdir -p usr/lib/openvpn 12 | cp src/.libs/openvpn-otp.so usr/lib/openvpn 13 | 14 | fpm --input-type dir --output-type deb --name openvpn-otp \ 15 | --maintainer "VyOS Package Maintainers " \ 16 | --description "OpenVPN OTP Authentication support." \ 17 | --depends openvpn --architecture $(dpkg --print-architecture) \ 18 | --version $(git describe --tags --always | cut -c2-) --deb-compression gz usr 19 | """ 20 | 21 | 22 | [dependencies] 23 | packages = [ 24 | "debhelper", 25 | "libssl-dev", 26 | "openvpn" 27 | ] 28 | -------------------------------------------------------------------------------- /scripts/package-build/owamp/.gitignore: -------------------------------------------------------------------------------- 1 | /owamp/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/owamp/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/owamp/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "owamp" 3 | commit_id = "v4.4.6" 4 | scm_url = "https://github.com/perfsonar/owamp" 5 | -------------------------------------------------------------------------------- /scripts/package-build/pmacct/.gitignore: -------------------------------------------------------------------------------- 1 | /pmacct/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/pmacct/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/pmacct/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "pmacct" 3 | commit_id = "debian/1.7.7-1" 4 | scm_url = "https://salsa.debian.org/debian/pmacct.git" 5 | -------------------------------------------------------------------------------- /scripts/package-build/pmacct/patches/pmacct/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch: -------------------------------------------------------------------------------- 1 | From 58900c9d0f98f224577c28dc2323061d33823f39 Mon Sep 17 00:00:00 2001 2 | From: Paolo Lucente 3 | Date: Fri, 4 Mar 2022 22:07:29 +0000 4 | Subject: [PATCH] * fix, pmacctd: SEGV when ICMP/ICMPv6 traffic was processed 5 | and 'flows' primitive was enabled. To address Issue #586 6 | 7 | --- 8 | src/nl.c | 12 +++--------- 9 | 1 file changed, 3 insertions(+), 9 deletions(-) 10 | 11 | diff --git a/src/nl.c b/src/nl.c 12 | index c42689ed..6a3da94b 100644 13 | --- a/src/nl.c 14 | +++ b/src/nl.c 15 | @@ -1,6 +1,6 @@ 16 | /* 17 | pmacct (Promiscuous mode IP Accounting package) 18 | - pmacct is Copyright (C) 2003-2021 by Paolo Lucente 19 | + pmacct is Copyright (C) 2003-2022 by Paolo Lucente 20 | */ 21 | 22 | /* 23 | @@ -293,10 +293,7 @@ int ip_handler(register struct packet_ptrs *pptrs) 24 | } 25 | } 26 | else { 27 | - if (pptrs->l4_proto != IPPROTO_ICMP) { 28 | - pptrs->tlh_ptr = dummy_tlhdr; 29 | - } 30 | - 31 | + pptrs->tlh_ptr = dummy_tlhdr; 32 | if (off < caplen) pptrs->payload_ptr = ptr; 33 | } 34 | 35 | @@ -479,10 +476,7 @@ int ip6_handler(register struct packet_ptrs *pptrs) 36 | } 37 | } 38 | else { 39 | - if (pptrs->l4_proto != IPPROTO_ICMPV6) { 40 | - pptrs->tlh_ptr = dummy_tlhdr; 41 | - } 42 | - 43 | + pptrs->tlh_ptr = dummy_tlhdr; 44 | if (off < caplen) pptrs->payload_ptr = ptr; 45 | } 46 | 47 | -- 48 | 2.34.1 49 | 50 | -------------------------------------------------------------------------------- /scripts/package-build/podman/.gitignore: -------------------------------------------------------------------------------- 1 | /podman/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/podman/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/podman/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "podman" 3 | commit_id = "v4.9.5" 4 | scm_url = "https://github.com/containers/podman" 5 | 6 | #build_cmd = "cd ..; ./build.sh" 7 | build_cmd = """ 8 | make install.tools 9 | make podman-release 10 | 11 | tar xf podman-release-$(dpkg --print-architecture).tar.gz 12 | VERSION=$(ls -d podman-v* | cut -c9-) 13 | 14 | fpm --input-type dir --output-type deb --name podman \ 15 | --version $VERSION --deb-compression gz \ 16 | --maintainer "VyOS Package Maintainers " \ 17 | --description "Engine to run OCI-based containers in Pods" \ 18 | --depends conmon --depends crun --depends netavark --depends libgpgme11 \ 19 | --depends fuse-overlayfs --depends golang-github-containers-common \ 20 | --license "Apache License 2.0" -C podman-v$VERSION --package .. 21 | """ 22 | 23 | [dependencies] 24 | packages = [ 25 | "libseccomp-dev", 26 | "libgpgme-dev" 27 | ] 28 | -------------------------------------------------------------------------------- /scripts/package-build/pyhumps/.gitignore: -------------------------------------------------------------------------------- 1 | /humps/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/pyhumps/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/pyhumps/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "humps" 3 | commit_id = "v3.8.0" 4 | scm_url = "https://github.com/nficano/humps.git" 5 | build_cmd = "python3 setup.py --command-packages=stdeb.command bdist_deb; cp deb_dist/*.deb .." 6 | -------------------------------------------------------------------------------- /scripts/package-build/radvd/.gitignore: -------------------------------------------------------------------------------- 1 | /radvd/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/radvd/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/radvd/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "radvd" 3 | commit_id = "v2.20" 4 | scm_url = "https://github.com/radvd-project/radvd" 5 | 6 | #build_cmd = "cd ..; ./build.sh" 7 | build_cmd = """ 8 | ./autogen.sh 9 | ./configure 10 | make 11 | 12 | install --directory debian/lib/systemd/system debian/usr/sbin 13 | install --mode 0644 radvd.service debian/lib/systemd/system 14 | install --strip --mode 0755 radvd debian/usr/sbin 15 | 16 | # Version' field value 'v0.14-20-g613277f': version number does not start with digit 17 | # "cut" first character from version string 18 | fpm --input-type dir --output-type deb --name radvd \ 19 | --version $(git describe --always | cut -c2- | tr _ -) --deb-compression gz \ 20 | --maintainer "VyOS Package Maintainers " \ 21 | --description "RADVD router advertisement daemon" \ 22 | --license "RADVD" -C debian --package .. 23 | """ 24 | -------------------------------------------------------------------------------- /scripts/package-build/strongswan/.gitignore: -------------------------------------------------------------------------------- 1 | /strongswan/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/strongswan/build-vici.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | CWD=$(pwd) 3 | set -e 4 | 5 | SRC="strongswan/src/libcharon/plugins/vici/python" 6 | if [ ! -d ${SRC} ]; then 7 | echo "Source directory does not exist, please 'git clone'" 8 | exit 1 9 | fi 10 | 11 | cd ${SRC} 12 | 13 | mkdir -p debian 14 | 15 | # Create control file 16 | echo "I: create $SRC/debian/control" 17 | cat < debian/control 18 | Source: strongswan 19 | Section: python 20 | Priority: optional 21 | Maintainer: VyOS Package Maintainers 22 | Build-Depends: debhelper (>= 9), python3, python3-setuptools 23 | Standards-Version: 3.9.6 24 | 25 | Package: python3-vici 26 | Architecture: all 27 | Depends: \${misc:Depends}, \${python3:Depends} 28 | Description: Native Python interface for strongSwan's VICI protocol 29 | EOF 30 | 31 | # Create rules file 32 | echo "I: create $SRC/debian/rules" 33 | cat < debian/rules 34 | #!/usr/bin/make -f 35 | 36 | %: 37 | dh \$@ --with python3 38 | EOF 39 | chmod +x debian/rules 40 | 41 | echo '10' > debian/compat 42 | 43 | # Add the 'install' file to copy the vici package to the correct directory 44 | echo "I: create $SRC/debian/install" 45 | cat < debian/install 46 | vici /usr/lib/python3/dist-packages/ 47 | EOF 48 | 49 | # Copy changelog 50 | cp ../../../../../debian/changelog debian/ 51 | 52 | # Build the package 53 | echo "I: Build Debian Package" 54 | dpkg-buildpackage -uc -us -tc -b -d 55 | 56 | # Copy the resulting .deb packages 57 | echo "I: copy packages" 58 | cp ../*.deb ../../../../../../ 59 | -------------------------------------------------------------------------------- /scripts/package-build/strongswan/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/strongswan/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "strongswan" 3 | commit_id = "debian/5.9.11-2" 4 | scm_url = "https://salsa.debian.org/debian/strongswan.git" 5 | 6 | # build_cmd = "cd ..; yes | ./build.sh; ./build-vici.sh" 7 | build_cmd = """ 8 | export DEBEMAIL="maintainers@vyos.net" 9 | export DEBFULLNAME="VyOS Package Maintainers" 10 | 11 | dch -v "5.9.11-2+vyos0" "Patchset for DMVPN support" -b 12 | dpkg-buildpackage -uc -us -tc -b -d 13 | cd ..; ./build-vici.sh 14 | """ 15 | 16 | [dependencies] 17 | packages = [ 18 | "bison", 19 | "bzip2", 20 | "debhelper-compat", 21 | "dh-apparmor", 22 | "dpkg-dev", 23 | "flex", 24 | "gperf", 25 | "libiptc-dev", 26 | "libcap-dev", 27 | "libcurl3-dev", 28 | "libgcrypt20-dev", 29 | "libgmp3-dev", 30 | "libkrb5-dev", 31 | "libldap2-dev", 32 | "libnm-dev", 33 | "libpam0g-dev", 34 | "libsqlite3-dev", 35 | "libssl-dev", 36 | "libsystemd-dev", 37 | "libtool", 38 | "libtss2-dev", 39 | "libxml2-dev", 40 | "pkg-config", 41 | "po-debconf", 42 | "systemd", 43 | "libsystemd-dev", 44 | "tzdata" 45 | ] 46 | -------------------------------------------------------------------------------- /scripts/package-build/tacacs/.gitignore: -------------------------------------------------------------------------------- 1 | /libnss-tacplus/ 2 | /libpam-tacplus/ 3 | /libtacplus-map/ 4 | -------------------------------------------------------------------------------- /scripts/package-build/tacacs/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/tacacs/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "libtacplus-map" 3 | commit_id = "master" 4 | scm_url = "https://github.com/vyos/libtacplus-map.git" 5 | build_cmd = "dpkg-buildpackage -us -uc -tc -b" 6 | 7 | [[packages]] 8 | name = "libpam-tacplus" 9 | commit_id = "master" 10 | scm_url = "https://github.com/vyos/libpam-tacplus.git" 11 | build_cmd = "sudo dpkg -i ../libtacplus-map*.deb; dpkg-buildpackage -us -uc -tc -b" 12 | 13 | [[packages]] 14 | name = "libnss-tacplus" 15 | commit_id = "master" 16 | scm_url = "https://github.com/vyos/libnss-tacplus.git" 17 | build_cmd = "sudo dpkg -i ../libtac*.deb ../libpam-tacplus*.deb; dpkg-buildpackage -us -uc -tc -b" 18 | 19 | [dependencies] 20 | packages = [ 21 | "libpam-dev", 22 | "autoconf-archive", 23 | "libaudit-dev" 24 | ] 25 | -------------------------------------------------------------------------------- /scripts/package-build/telegraf/.gitignore: -------------------------------------------------------------------------------- 1 | /telegraf/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/telegraf/README.md: -------------------------------------------------------------------------------- 1 | # build 2 | ``` 3 | python3 build.py 4 | ``` 5 | -------------------------------------------------------------------------------- /scripts/package-build/telegraf/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/telegraf/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | CWD=$(pwd) 3 | set -e 4 | 5 | BUILD_ARCH=$(dpkg-architecture -qDEB_TARGET_ARCH) 6 | 7 | SRC=telegraf 8 | if [ ! -d ${SRC} ]; then 9 | echo "Source directory does not exists, please 'git clone'" 10 | exit 1 11 | fi 12 | 13 | PLUGIN_DIR=${CWD}/plugins 14 | 15 | echo "I: Selecting Input plugins" 16 | cp ${PLUGIN_DIR}/inputs/all/all.go ${SRC}/plugins/inputs/all/all.go 17 | 18 | echo "I: Selecting Output plugins" 19 | cp ${PLUGIN_DIR}/outputs/all/all.go ${SRC}/plugins/outputs/all/all.go 20 | 21 | echo "I: Build Debian ${BUILD_ARCH} package" 22 | cd ${SRC} 23 | export PATH=/opt/go/bin:$PATH 24 | 25 | # Generate default telegraf config 26 | go run ./cmd/telegraf config > etc/telegraf.conf 27 | LDFLAGS=-w make "${BUILD_ARCH}.deb" 28 | -------------------------------------------------------------------------------- /scripts/package-build/telegraf/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "telegraf" 3 | commit_id = "v1.28.3" 4 | scm_url = "https://github.com/influxdata/telegraf.git" 5 | build_cmd = "cd ..; ./build.sh; cp telegraf/build/dist/*.deb ." 6 | -------------------------------------------------------------------------------- /scripts/package-build/telegraf/plugins/outputs/all/all.go: -------------------------------------------------------------------------------- 1 | package all 2 | 3 | import ( 4 | //Blank imports for plugins to register themselves 5 | _ "github.com/influxdata/telegraf/plugins/outputs/azure_data_explorer" 6 | _ "github.com/influxdata/telegraf/plugins/outputs/http" 7 | _ "github.com/influxdata/telegraf/plugins/outputs/influxdb_v2" 8 | _ "github.com/influxdata/telegraf/plugins/outputs/prometheus_client" 9 | ) 10 | -------------------------------------------------------------------------------- /scripts/package-build/udp-broadcast-relay/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/udp-broadcast-relay/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "udp-broadcast-relay" 3 | commit_id = "9a0f13b4b5938bfe0af0d0d4e99dfc127c068e28" 4 | scm_url = "https://github.com/nomeata/udp-broadcast-relay" 5 | 6 | apply_patches = false 7 | 8 | build_cmd = """ 9 | for patch in ../patches/udp-broadcast-relay/*.patch; do 10 | echo "I: build_cmd applying patch $patch..." 11 | git -c user.email=maintainers@vyos.net -c user.name=vyos am "$patch" || { echo "Failed to apply patch $patch"; exit 1; } 12 | done 13 | 14 | dpkg-buildpackage -uc -us -tc -b -d 15 | """ 16 | 17 | [dependencies] 18 | packages = [ 19 | "debhelper-compat", 20 | "dpkg-dev", 21 | ] 22 | -------------------------------------------------------------------------------- /scripts/package-build/vpp/.gitignore: -------------------------------------------------------------------------------- 1 | /vpp/ 2 | /vyos-vpp-patches/ 3 | -------------------------------------------------------------------------------- /scripts/package-build/vpp/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/vpp/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "vyos-vpp-patches" 3 | commit_id = "current" 4 | scm_url = "https://github.com/vyos/vyos-vpp-patches" 5 | build_cmd = "/bin/true" 6 | apply_patches = false 7 | 8 | [[packages]] 9 | name = "vpp" 10 | commit_id = "stable/2410" 11 | scm_url = "https://github.com/FDio/vpp" 12 | # Skip apply patches by build.py as we use them in build_cmd 13 | apply_patches = false 14 | 15 | pre_build_hook = """ 16 | mkdir -p ../patches/vpp/ 17 | rsync -av ../vyos-vpp-patches/patches/vpp/ ../patches/vpp/ 18 | """ 19 | 20 | build_cmd = """ 21 | # Patches for vpp should applied here 22 | for patch in ../patches/vpp/*.patch; do 23 | echo "I: build_cmd applying patch $patch..." 24 | git -c user.email=maintainers@vyos.net -c user.name=vyos am "$patch" || { echo "Failed to apply patch $patch"; exit 1; } 25 | done 26 | 27 | make UNATTENDED=yes install-dep 28 | make pkg-deb 29 | cp build-root/*.deb ../ 30 | """ 31 | 32 | [dependencies] 33 | packages = [ 34 | "llvm" 35 | ] 36 | -------------------------------------------------------------------------------- /scripts/package-build/vyos-1x/.gitignore: -------------------------------------------------------------------------------- 1 | /vyos-1x/ 2 | /vyos-vpp/ 3 | -------------------------------------------------------------------------------- /scripts/package-build/vyos-1x/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/vyos-1x/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "vyos-vpp" 3 | commit_id = "current" 4 | scm_url = "https://github.com/vyos/vyos-vpp.git" 5 | build_cmd = "/bin/true" 6 | 7 | [[packages]] 8 | name = "vyos-1x" 9 | commit_id = "current" 10 | scm_url = "https://github.com/vyos/vyos-1x.git" 11 | build_cmd = "rsync -av --exclude='.git' --exclude='.github' --exclude='README*' --exclude='LICENSE' --exclude='*.md' ../vyos-vpp/ ./; dpkg-buildpackage -us -uc -F" 12 | -------------------------------------------------------------------------------- /scripts/package-build/waagent/.gitignore: -------------------------------------------------------------------------------- 1 | /waagent/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/waagent/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/waagent/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "waagent" 3 | commit_id = "debian/2.9.1.1-2" 4 | scm_url = "https://salsa.debian.org/cloud-team/waagent.git" 5 | 6 | [dependencies] 7 | packages = ["dpkg-source-gitarchive"] 8 | -------------------------------------------------------------------------------- /scripts/package-build/wide-dhcpv6/.gitignore: -------------------------------------------------------------------------------- 1 | /wide-dhcpv6/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/wide-dhcpv6/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/wide-dhcpv6/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "wide-dhcpv6" 3 | commit_id = "debian/20080615-23" 4 | scm_url = "https://salsa.debian.org/debian/wide-dhcpv6" 5 | -------------------------------------------------------------------------------- /scripts/package-build/wide-dhcpv6/patches/wide-dhcpv6/0024-bind-to-single-socket.patch: -------------------------------------------------------------------------------- 1 | diff --git a/dhcp6c.c b/dhcp6c.c 2 | index 1caaaa5..04ce9c5 100644 3 | --- a/dhcp6c.c 4 | +++ b/dhcp6c.c 5 | @@ -217,6 +217,12 @@ main(argc, argv) 6 | argv[0]); 7 | exit(1); 8 | } 9 | + 10 | + if (setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, argv[0], strlen(argv[0])) != 0) { 11 | + debug_printf(LOG_ERR, FNAME, "failed to bind %s", argv[0]); 12 | + exit(1); 13 | + } 14 | + 15 | argv++; 16 | } 17 | 18 | -------------------------------------------------------------------------------- /scripts/package-build/xen-guest-agent/.gitignore: -------------------------------------------------------------------------------- 1 | /xen-guest-agent/ 2 | -------------------------------------------------------------------------------- /scripts/package-build/xen-guest-agent/build.py: -------------------------------------------------------------------------------- 1 | ../build.py -------------------------------------------------------------------------------- /scripts/package-build/xen-guest-agent/package.toml: -------------------------------------------------------------------------------- 1 | [[packages]] 2 | name = "xen-guest-agent" 3 | commit_id = "0.4.0" 4 | scm_url = "https://gitlab.com/xen-project/xen-guest-agent" 5 | 6 | 7 | build_cmd = """ 8 | # changelog 9 | cat < debian/changelog 10 | xen-guest-agent (0.4.0) UNRELEASED; urgency=medium 11 | 12 | * Upstream package 13 | 14 | -- VyOS Maintainers Thu, 26 Sep 2024 12:35:47 +0000 15 | 16 | EOF 17 | 18 | # Apply the patch to modify the debian/rules file 19 | sed -i 's|../xen-guest-agent-$(UPSTREAM_VERSION)-linux-$(DEB_TARGET_GNU_CPU)|target/release/xen-guest-agent|' debian/rules 20 | 21 | sudo apt-get -y install --no-install-recommends libclang-dev libxen-dev 22 | # Install rust 23 | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain stable --profile default --no-modify-path 24 | 25 | # Set PATH for Cargo 26 | export PATH="$HOME/.cargo/bin:$PATH" 27 | rustup update 28 | cd xen-guest-agent 29 | cargo update 30 | 31 | # Build deb 32 | cargo build -F static --profile release 33 | dpkg-buildpackage -b -us -uc 34 | """ 35 | -------------------------------------------------------------------------------- /scripts/utils/merge-flavors: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # 3 | # Copyright (C) 2024 VyOS maintainers and contributors 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License version 2 or later as 7 | # published by the Free Software Foundation. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program. If not, see . 16 | # 17 | # Purpose: merges multiple flavor files into one 18 | 19 | import sys 20 | 21 | import tomli 22 | import tomli_w 23 | 24 | def load_flavor(file_path): 25 | with open(file_path, 'rb') as f: 26 | flavor_def = tomli.load(f) 27 | 28 | return flavor_def 29 | 30 | # XXX: at the moment, this script is only used 31 | # to produce a meta-flavor for collecting packages 32 | # used in multiple flavors, 33 | # so it ignores all other flavor fields for now 34 | def merge_flavors(l, r): 35 | if 'packages' in r: 36 | l['packages'] += r['packages'] 37 | 38 | for arch in r.get('architectures', []): 39 | if arch not in l['architectures']: 40 | l['architectures'][arch] = {} 41 | 42 | if 'packages' not in l['architectures'][arch]: 43 | l['architectures'][arch]['packages'] = [] 44 | 45 | if 'packages' in r['architectures'][arch]: 46 | l['architectures'][arch]['packages'] += \ 47 | r['architectures'][arch]['packages'] 48 | 49 | return l 50 | 51 | if __name__ == '__main__': 52 | if len(sys.argv) < 3: 53 | print("Please specify a base flavor and a list of flavor files to merge!") 54 | sys.exit(1) 55 | 56 | base_flavor = load_flavor(sys.argv[1]) 57 | 58 | if 'architectures' not in base_flavor: 59 | base_flavor['architectures'] = {} 60 | 61 | if 'packages' not in base_flavor: 62 | base_flavor['packages'] = [] 63 | 64 | flavor_files = sys.argv[2:] 65 | flavor_defs = map(load_flavor, flavor_files) 66 | 67 | for fd in flavor_defs: 68 | merge_flavors(base_flavor, fd) 69 | 70 | base_flavor['packages'] = list(set(base_flavor['packages'])) 71 | for arch in base_flavor.get('architectures'): 72 | if 'packages' in base_flavor['architectures'][arch]: 73 | base_flavor['architectures'][arch]['packages'] = \ 74 | list(set(base_flavor['architectures'][arch]['packages'])) 75 | 76 | print(tomli_w.dumps(base_flavor)) 77 | -------------------------------------------------------------------------------- /tools/cloud-init/AWS/90_dpkg.cfg: -------------------------------------------------------------------------------- 1 | # to update this file, run dpkg-reconfigure cloud-init 2 | datasource_list: [ Ec2 ] 3 | -------------------------------------------------------------------------------- /tools/cloud-init/AWS/cloud-init.list.chroot: -------------------------------------------------------------------------------- 1 | cloud-init 2 | awscli 3 | -------------------------------------------------------------------------------- /tools/cloud-init/AWS/config.boot.default: -------------------------------------------------------------------------------- 1 | system { 2 | host-name vyos 3 | login { 4 | user vyos { 5 | authentication { 6 | encrypted-password "*" 7 | plaintext-password "" 8 | } 9 | level admin 10 | } 11 | } 12 | option { 13 | reboot-on-upgrade-failure 5 14 | } 15 | syslog { 16 | local { 17 | facility all { 18 | level info 19 | } 20 | facility protocols { 21 | level debug 22 | } 23 | } 24 | } 25 | ntp { 26 | server "time1.vyos.net" 27 | server "time2.vyos.net" 28 | server "time3.vyos.net" 29 | } 30 | console { 31 | device ttyS0 { 32 | speed 115200 33 | } 34 | } 35 | config-management { 36 | commit-revisions 100 37 | } 38 | } 39 | 40 | interfaces { 41 | loopback lo { 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /tools/container/config.boot.default: -------------------------------------------------------------------------------- 1 | system { 2 | host-name vyos 3 | login { 4 | user vyos { 5 | authentication { 6 | encrypted-password "*" 7 | plaintext-password "" 8 | } 9 | level admin 10 | } 11 | } 12 | syslog { 13 | local { 14 | facility all { 15 | level info 16 | } 17 | facility protocols { 18 | level debug 19 | } 20 | } 21 | } 22 | ntp { 23 | server "time1.vyos.net" 24 | server "time2.vyos.net" 25 | server "time3.vyos.net" 26 | } 27 | console { 28 | device ttyS0 { 29 | speed 115200 30 | } 31 | } 32 | config-management { 33 | commit-revisions 100 34 | } 35 | } 36 | 37 | interfaces { 38 | loopback lo { 39 | } 40 | } 41 | --------------------------------------------------------------------------------