├── .github
    ├── PULL_REQUEST_TEMPLATE.md
    └── workflows
    │   ├── add-pr-labels.yml
    │   ├── auto-author-assign.yml
    │   ├── check-open-prs-conflict.yml
    │   ├── check-pr-conflicts.yml
    │   ├── check-pr-message.yml
    │   ├── check-stale.yml
    │   ├── check-unused-imports.yml
    │   ├── cleanup-mirror-pr-branch.yml
    │   ├── codeql.yml
    │   ├── label-backport.yml
    │   ├── linit-j2.yml
    │   ├── mirror-pr-and-sync.yml
    │   ├── trigger-docker-image-build.yml
    │   ├── trigger-pr-mirror-repo-sync.yml
    │   └── trigger_rebuild_packages.yml
├── .gitignore
├── CODEOWNERS
├── CONTRIBUTING.md
├── LICENSE
├── LICENSE.artwork
├── Makefile
├── README.md
├── build-vyos-image
├── data
    ├── architectures
    │   ├── amd64.toml
    │   ├── arm64.toml
    │   └── armhf.toml
    ├── build-flavors
    │   └── generic.toml
    ├── build-types
    │   ├── development.toml
    │   ├── release.toml
    │   └── stream.toml
    ├── certificates
    │   └── .gitignore
    ├── defaults.toml
    ├── live-build-config
    │   ├── archives
    │   │   ├── bookworm-backports.pref.chroot
    │   │   ├── saltstack.key.chroot
    │   │   ├── vyos-dev.key.chroot
    │   │   ├── vyos-dev.pref.chroot
    │   │   └── zabbix-official-repo.key.chroot
    │   ├── bootloaders
    │   │   └── grub-pc
    │   │   │   ├── dejavu-bold-14.pf2
    │   │   │   ├── dejavu-bold-16.pf2
    │   │   │   ├── grub.cfg
    │   │   │   ├── live-theme
    │   │   │       └── theme.txt
    │   │   │   └── splash.png
    │   ├── hooks
    │   │   └── live
    │   │   │   ├── 00-manifest.binary
    │   │   │   ├── 00-mk_buildid.chroot
    │   │   │   ├── 01-interfaces.chroot
    │   │   │   ├── 01-live-serial.binary
    │   │   │   ├── 03-root_bash_completion.chroot
    │   │   │   ├── 04-locale.chroot
    │   │   │   ├── 05-event_tty.chroot
    │   │   │   ├── 07-apt.chroot
    │   │   │   ├── 08-sysconf.chroot
    │   │   │   ├── 09-live.chroot
    │   │   │   ├── 100-remove-dropbear-keys.chroot
    │   │   │   ├── 11-busybox.chroot
    │   │   │   ├── 12-udev-initramfs.chroot
    │   │   │   ├── 14-acpid.chroot
    │   │   │   ├── 15-sources_list.chroot
    │   │   │   ├── 16-fuse.chroot
    │   │   │   ├── 17-gen_initramfs.chroot
    │   │   │   ├── 18-enable-disable_services.chroot
    │   │   │   ├── 19-kernel_symlinks.chroot
    │   │   │   ├── 20-systemd_target.chroot
    │   │   │   ├── 21-pam_mkhomedir.chroot
    │   │   │   ├── 23-config_mkdir.chroot
    │   │   │   ├── 24-efi_packages.chroot
    │   │   │   ├── 30-mpls_modules.chroot
    │   │   │   ├── 30-strongswan-configs.chroot
    │   │   │   ├── 40-init-cracklib-db.chroot
    │   │   │   ├── 40-init-geoip-database.chroot
    │   │   │   ├── 90-localepurge.chroot
    │   │   │   ├── 92-strip-symbols.chroot
    │   │   │   └── 93-sb-sign-kernel.chroot
    │   ├── includes.binary
    │   │   └── isolinux
    │   │   │   ├── isolinux.cfg
    │   │   │   ├── menu.cfg
    │   │   │   └── splash.png
    │   ├── includes.chroot
    │   │   ├── etc
    │   │   │   ├── c3xxx_dev0.conf
    │   │   │   ├── c3xxx_dev1.conf
    │   │   │   ├── c3xxx_dev2.conf
    │   │   │   ├── c6xx_dev0.conf
    │   │   │   ├── c6xx_dev1.conf
    │   │   │   ├── c6xx_dev2.conf
    │   │   │   ├── d15xx_dev0.conf
    │   │   │   ├── d15xx_dev1.conf
    │   │   │   ├── d15xx_dev2.conf
    │   │   │   ├── dh895xcc_dev0.conf
    │   │   │   ├── dh895xcc_dev1.conf
    │   │   │   ├── dh895xcc_dev2.conf
    │   │   │   ├── initramfs-tools
    │   │   │   │   └── hooks
    │   │   │   │   │   └── 10-vyos-addons
    │   │   │   ├── login.defs
    │   │   │   ├── modprobe.d
    │   │   │   │   ├── intel-qat-blacklist.conf
    │   │   │   │   └── no-copybreak.conf
    │   │   │   ├── modules-load.d
    │   │   │   │   └── br-netfilter.conf
    │   │   │   ├── nsswitch.conf
    │   │   │   ├── sudoers.d
    │   │   │   │   └── openvpn
    │   │   │   └── systemd
    │   │   │   │   ├── bootchart.conf
    │   │   │   │   ├── journald.conf
    │   │   │   │   ├── system.conf
    │   │   │   │   └── system
    │   │   │   │       └── getty@tty1.service.d
    │   │   │   │           └── noclear.conf
    │   │   ├── opt
    │   │   │   └── vyatta
    │   │   │   │   └── etc
    │   │   │   │       ├── grub
    │   │   │   │           └── default-union-grub-entry
    │   │   │   │       └── install-image
    │   │   │   │           └── postinst
    │   │   └── usr
    │   │   │   └── share
    │   │   │       └── vyos
    │   │   │           └── keys
    │   │   │               ├── vyos-backup.minisign.pub
    │   │   │               ├── vyos-release.minisign.pub
    │   │   │               └── vyos-rolling-release.minisign.pub
    │   ├── package-lists
    │   │   ├── vyos-base.list.chroot
    │   │   └── vyos-utils.list.chroot
    │   └── rootfs
    │   │   └── excludes
    └── versions
├── docker-vyos
    ├── Dockerfile
    ├── README.md
    ├── vyos_install_common.sh
    ├── vyos_install_stage_01.sh
    ├── vyos_install_stage_02.sh
    └── vyos_install_stage_03.sh
├── docker
    ├── Dockerfile
    ├── arm64
    │   └── hooks
    │   │   ├── post_checkout
    │   │   └── pre_build
    ├── armhf
    │   └── hooks
    │   │   ├── post_checkout
    │   │   └── pre_build
    ├── entrypoint.sh
    └── patches
    │   └── live-build
    │       └── 0001-save-package-info.patch
├── packages
    └── .gitignore
├── scripts
    ├── check-qemu-install
    ├── image-build
    │   ├── build-vyos-image
    │   ├── defaults.py
    │   ├── raw_image.py
    │   └── utils.py
    ├── iso-to-oci
    ├── package-build
    │   ├── .gitignore
    │   ├── amazon-cloudwatch-agent
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── amazon-ssm-agent
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── aws-gwlbtun
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── bash-completion
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── blackbox_exporter
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   ├── build.sh
    │   │   └── package.toml
    │   ├── build.py
    │   ├── ddclient
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── dropbear
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   ├── package.toml
    │   │   └── patches
    │   │   │   └── dropbear
    │   │   │       └── 0001-Enable-PAM-support.patch
    │   ├── ethtool
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── frr
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   ├── package.toml
    │   │   └── patches
    │   │   │   └── frr
    │   │   │       ├── 0001-Enable-PCRE2-in-Debian-package-builds.patch
    │   │   │       ├── 0001-ldpd-Option-for-disabled-LDP-hello-message-during-TC.patch
    │   │   │       └── 0003-Clear-Babel-Config-On-Stop.patch
    │   ├── frr_exporter
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── hostap
    │   │   ├── .gitignore
    │   │   ├── README.md
    │   │   ├── build.py
    │   │   ├── build.sh
    │   │   └── package.toml
    │   ├── hsflowd
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── isc-dhcp
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   ├── package.toml
    │   │   └── patches
    │   │   │   └── isc-dhcp
    │   │   │       ├── 0001-Add-support-for-raw-IP-interface-type.patch
    │   │   │       ├── 0002-Checkpoint-improved-patch.patch
    │   │   │       ├── 0003-fix-compilation-errors.patch
    │   │   │       └── 0004-add-support-for-ARPHRD_NONE-interface-type.patch
    │   ├── kea
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   ├── package.toml
    │   │   └── patches
    │   │   │   └── isc-kea
    │   │   │       ├── 0001-Add-multithreading-test-mode.patch
    │   │   │       └── 0002-Add-ping_check-hook-library.patch
    │   ├── keepalived
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── libnss-mapuser
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── libpam-radius-auth
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── linux-kernel
    │   │   ├── .gitignore
    │   │   ├── README.md
    │   │   ├── arch
    │   │   │   ├── arm64
    │   │   │   │   └── configs
    │   │   │   │   │   └── vyos_defconfig
    │   │   │   └── x86
    │   │   │   │   └── configs
    │   │   │   │       └── vyos_defconfig
    │   │   ├── build-accel-ppp.sh
    │   │   ├── build-intel-nic.sh
    │   │   ├── build-intel-qat.sh
    │   │   ├── build-ipt-netflow.sh
    │   │   ├── build-jool.py
    │   │   ├── build-kernel.sh
    │   │   ├── build-linux-firmware.sh
    │   │   ├── build-mellanox-ofed.sh
    │   │   ├── build-nat-rtsp.sh
    │   │   ├── build-openvpn-dco.sh
    │   │   ├── build-realtek-r8152.py
    │   │   ├── build.py
    │   │   ├── package.toml
    │   │   ├── patches
    │   │   │   ├── accel-ppp
    │   │   │   │   ├── 0001-L2TP-Include-Calling-Number-to-Calling-Station-ID-RA.patch
    │   │   │   │   └── 0002-Radius-Dns-Server-IPv6-Address.patch
    │   │   │   ├── ixgbe
    │   │   │   │   ├── 0001-ixgbe-always-enable-support-for-unsupported-SFP-modu.patch
    │   │   │   │   └── 0002-BACKPORT-linux-v6.9-PATCH-ixgbe-Add-1000BASE-BX-supp.patch
    │   │   │   └── kernel
    │   │   │   │   ├── 0001-linkstate-ip-device-attribute.patch
    │   │   │   │   ├── 0002-inotify-support-for-stackable-filesystems.patch
    │   │   │   │   └── build-linux-perf-package.patch
    │   │   └── sign-modules.sh
    │   ├── ndppd
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   ├── package.toml
    │   │   └── patches
    │   │   │   └── ndppd
    │   │   │       ├── 0001-skip-route-table-if-there-is-no-auto-rule.patch
    │   │   │       └── 0002-set-vyos-version.patch
    │   ├── net-snmp
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   ├── package.toml
    │   │   └── patches
    │   │   │   └── net-snmp
    │   │   │       └── add-linux-6.7-compatibility-parsing.patch
    │   ├── netfilter
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   ├── package.toml
    │   │   └── patches
    │   │   │   └── pkg-nftables
    │   │   │       └── 0001-meta-fix-hour-decoding.patch
    │   ├── node_exporter
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── openvpn-otp
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── owamp
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── pmacct
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   ├── package.toml
    │   │   └── patches
    │   │   │   └── pmacct
    │   │   │       └── 0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch
    │   ├── podman
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── pyhumps
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── radvd
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── strongswan
    │   │   ├── .gitignore
    │   │   ├── build-vici.sh
    │   │   ├── build.py
    │   │   ├── package.toml
    │   │   └── patches
    │   │   │   └── strongswan
    │   │   │       ├── 0001-charon-add-optional-source-and-remote-overrides-for-.patch
    │   │   │       ├── 0002-vici-send-certificates-for-ike-sa-events.patch
    │   │   │       ├── 0003-vici-add-support-for-individual-sa-state-changes.patch
    │   │   │       └── 0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch
    │   ├── tacacs
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── telegraf
    │   │   ├── .gitignore
    │   │   ├── README.md
    │   │   ├── build.py
    │   │   ├── build.sh
    │   │   ├── package.toml
    │   │   └── plugins
    │   │   │   ├── inputs
    │   │   │       └── all
    │   │   │       │   └── all.go
    │   │   │   └── outputs
    │   │   │       └── all
    │   │   │           └── all.go
    │   ├── udp-broadcast-relay
    │   │   ├── build.py
    │   │   ├── package.toml
    │   │   └── patches
    │   │   │   └── udp-broadcast-relay
    │   │   │       └── 0001-Add-Debian-packaging.patch
    │   ├── vpp
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── vyos-1x
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── waagent
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    │   ├── wide-dhcpv6
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   ├── package.toml
    │   │   └── patches
    │   │   │   └── wide-dhcpv6
    │   │   │       ├── 0023-dhcpc6-support-per-interface-client-DUIDs.patch
    │   │   │       ├── 0024-bind-to-single-socket.patch
    │   │   │       └── 0025-option-to-prevent-ia-release.patch
    │   └── xen-guest-agent
    │   │   ├── .gitignore
    │   │   ├── build.py
    │   │   └── package.toml
    └── utils
    │   └── merge-flavors
└── tools
    ├── cloud-init
        └── AWS
        │   ├── 90_dpkg.cfg
        │   ├── cloud-init.list.chroot
        │   └── config.boot.default
    └── container
        └── config.boot.default


/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | <!-- All PR should follow this template to allow a clean and transparent review -->
 2 | <!-- Text placed between these delimiters is considered a comment and is not rendered -->
 3 | 
 4 | ## Change summary
 5 | <!--- Provide a general summary of your changes in the Title above -->
 6 | 
 7 | ## Types of changes
 8 | <!---
 9 | What types of changes does your code introduce? Put an 'x' in all the boxes that apply.
10 | NOTE: Markdown requires no leading or trailing whitespace inside the [ ] for checking
11 | the box, please use [x]
12 | -->
13 | - [ ] Bug fix (non-breaking change which fixes an issue)
14 | - [ ] New feature (non-breaking change which adds functionality)
15 | - [ ] Code style update (formatting, renaming)
16 | - [ ] Refactoring (no functional changes)
17 | - [ ] Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
18 | - [ ] Other (please describe):
19 | 
20 | ## Related Task(s)
21 | <!-- optional: Link to related other tasks on Phabricator. -->
22 | <!-- * https://vyos.dev/Txxxx -->
23 | 
24 | ## Related PR(s)
25 | <!-- Link here any PRs in other repositories that are required by this PR -->
26 | 
27 | ## Checklist:
28 | <!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
29 | <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
30 | <!--- The entire development process is outlined here: https://docs.vyos.io/en/latest/contributing/development.html -->
31 | - [ ] I have read the [**CONTRIBUTING**](https://github.com/vyos/vyos-1x/blob/current/CONTRIBUTING.md) document
32 | - [ ] I have linked this PR to one or more Phabricator Task(s)
33 | - [ ] My commit headlines contain a valid Task id
34 | - [ ] My change requires a change to the documentation
35 | - [ ] I have updated the documentation accordingly
36 | 


--------------------------------------------------------------------------------
/.github/workflows/add-pr-labels.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Add pull request labels
 3 | 
 4 | on:
 5 |   pull_request_target:
 6 |     branches:
 7 |       - current
 8 |       - equuleus
 9 |       - sagitta
10 | 
11 | permissions:
12 |   pull-requests: write
13 |   contents: read
14 | 
15 | jobs:
16 |   add-pr-label:
17 |     uses: vyos/.github/.github/workflows/add-pr-labels.yml@current
18 |     secrets: inherit
19 | 


--------------------------------------------------------------------------------
/.github/workflows/auto-author-assign.yml:
--------------------------------------------------------------------------------
 1 | name: "PR Triage"
 2 | on:
 3 |   pull_request_target:
 4 |     types: [opened, reopened, ready_for_review, locked]
 5 | 
 6 | 
 7 | permissions:
 8 |   pull-requests: write
 9 |   contents: read
10 | 
11 | jobs:
12 |   assign-author:
13 |     uses: vyos/.github/.github/workflows/assign-author.yml@current
14 |     secrets: inherit
15 | 


--------------------------------------------------------------------------------
/.github/workflows/check-open-prs-conflict.yml:
--------------------------------------------------------------------------------
 1 | name: "Open PRs Conflicts checker"
 2 | on:
 3 |   push:
 4 |     branches:
 5 |       - current
 6 |       - sagitta
 7 |       - circinus
 8 |   workflow_dispatch:
 9 | 
10 | permissions:
11 |   contents: read
12 |   pull-requests: write
13 | 
14 | jobs:
15 |   check-pr-conflict-call:
16 |     uses: vyos/.github/.github/workflows/check-open-prs-conflict.yml@current
17 |     secrets: inherit
18 | 


--------------------------------------------------------------------------------
/.github/workflows/check-pr-conflicts.yml:
--------------------------------------------------------------------------------
 1 | 
 2 | name: "PR Conflicts checker"
 3 | on:
 4 |   pull_request_target:
 5 |     types: [synchronize]
 6 | 
 7 | permissions:
 8 |   pull-requests: write
 9 |   contents: read
10 | 
11 | jobs:
12 |   check-pr-conflict-call:
13 |     uses: vyos/.github/.github/workflows/check-pr-merge-conflict.yml@current
14 |     secrets: inherit
15 | 


--------------------------------------------------------------------------------
/.github/workflows/check-pr-message.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Check pull request message format
 3 | 
 4 | on:
 5 |   pull_request_target:
 6 |     branches:
 7 |       - current
 8 |       - sagitta
 9 |       - equuleus
10 | 
11 | permissions:
12 |   pull-requests: write
13 |   contents: read
14 | 
15 | jobs:
16 |   check-pr-title:
17 |     uses: vyos/.github/.github/workflows/check-pr-message.yml@current
18 |     secrets: inherit
19 | 


--------------------------------------------------------------------------------
/.github/workflows/check-stale.yml:
--------------------------------------------------------------------------------
 1 | name: "Issue and PR stale management"
 2 | on:
 3 |   schedule:
 4 |   - cron: "0 0 * * *"
 5 |   workflow_dispatch:
 6 | 
 7 | permissions:
 8 |   pull-requests: write
 9 |   contents: read
10 | 
11 | jobs:
12 |   stale:
13 |     uses: vyos/.github/.github/workflows/check-stale.yml@current
14 |     secrets: inherit
15 | 


--------------------------------------------------------------------------------
/.github/workflows/check-unused-imports.yml:
--------------------------------------------------------------------------------
 1 | name: Check for unused imports using Pylint
 2 | on:
 3 |   pull_request:
 4 |     branches:
 5 |       - current
 6 |       - sagitta
 7 |       - equuleus
 8 |   workflow_dispatch:
 9 | 
10 | permissions:
11 |   pull-requests: write
12 |   contents: read
13 | 
14 | jobs:
15 |   check-unused-imports:
16 |     uses: vyos/.github/.github/workflows/check-unused-imports.yml@current
17 |     secrets: inherit
18 | 


--------------------------------------------------------------------------------
/.github/workflows/cleanup-mirror-pr-branch.yml:
--------------------------------------------------------------------------------
 1 | name: Cleanup pr mirror branch
 2 | 
 3 | on:
 4 |   pull_request:
 5 |     types: [closed]
 6 |     branches:
 7 |         - current
 8 | 
 9 | permissions:
10 |   contents: write
11 | 
12 | jobs:
13 |   call-delete-branch:
14 |     if: github.repository_owner != 'vyos'
15 |     uses: vyos/.github/.github/workflows/cleanup-mirror-pr-branch.yml@current
16 |     secrets: inherit
17 | 


--------------------------------------------------------------------------------
/.github/workflows/codeql.yml:
--------------------------------------------------------------------------------
 1 | name: "Perform CodeQL Analysis"
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [ "current", "sagitta", "equuleus" ]
 6 |   pull_request:
 7 |     # The branches below must be a subset of the branches above
 8 |     branches: [ "current" ]
 9 |   schedule:
10 |     - cron: '22 10 * * 0'
11 |   workflow_dispatch:
12 | 
13 | permissions:
14 |   actions: read
15 |   contents: read
16 |   security-events: write
17 | 
18 | jobs:
19 |   codeql-analysis-call:
20 |     uses: vyos/.github/.github/workflows/codeql-analysis.yml@current
21 |     secrets: inherit
22 |     with:
23 |       languages: "['python']"
24 | 


--------------------------------------------------------------------------------
/.github/workflows/label-backport.yml:
--------------------------------------------------------------------------------
 1 | name: Mergifyio backport
 2 | 
 3 | on: [issue_comment]
 4 | 
 5 | permissions:
 6 |   pull-requests: write
 7 |   contents: read
 8 | 
 9 | jobs:
10 |   mergifyio-backport:
11 |     uses: vyos/.github/.github/workflows/label-backport.yml@current
12 |     secrets: inherit
13 | 


--------------------------------------------------------------------------------
/.github/workflows/linit-j2.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: J2 Lint
 3 | 
 4 | on:
 5 |   pull_request:
 6 |     branches:
 7 |       - current
 8 |       - sagitta
 9 |       - equuleus
10 |   workflow_dispatch:
11 | 
12 | permissions:
13 |   pull-requests: write
14 |   contents: read
15 | 
16 | jobs:
17 |   j2lint:
18 |     uses: vyos/.github/.github/workflows/lint-j2.yml@current
19 |     secrets: inherit
20 | 


--------------------------------------------------------------------------------
/.github/workflows/mirror-pr-and-sync.yml:
--------------------------------------------------------------------------------
 1 | name: Create Mirror PR and Repo Sync
 2 | on:
 3 |   workflow_dispatch:
 4 |     inputs:
 5 |       sync_branch:
 6 |         description: 'branch to sync'
 7 |         required: true
 8 |         type: string
 9 | 
10 | permissions:
11 |   pull-requests: write
12 |   contents: write
13 | 
14 | jobs:
15 |   call-mirror-pr-and-sync:
16 |     if: github.repository_owner != 'vyos'
17 |     uses: VyOS-Networks/vyos-reusable-workflows/.github/workflows/mirror-pr-and-sync.yml@main
18 |     with:
19 |       sync_branch: ${{ inputs.sync_branch }}
20 |     secrets:
21 |       PAT: ${{ secrets.PAT }}
22 | 


--------------------------------------------------------------------------------
/.github/workflows/trigger-docker-image-build.yml:
--------------------------------------------------------------------------------
 1 | name: Trigger Docker image build
 2 | 
 3 | on:
 4 |   pull_request_target:
 5 |     types:
 6 |       - closed
 7 |     branches:
 8 |       - current
 9 | 
10 | permissions:
11 |   packages: write
12 |   contents: read
13 |   attestations: write
14 |   id-token: write
15 |   pull-requests: read
16 | 
17 | jobs:
18 |   track-changes:
19 |     if: github.event.pull_request.merged == true
20 |     runs-on: ubuntu-latest
21 |     
22 |     env:
23 |       REF: main  # Used for curl to trigger image build
24 | 
25 |     steps:
26 |       - name: Checkout vyos/vyos-build repo
27 |         uses: actions/checkout@v4
28 |         with:
29 |           ref: ${{ github.ref_name }}
30 | 
31 |       - uses: dorny/paths-filter@v3
32 |         id: changes
33 |         with:
34 |           filters: |
35 |             docker-dir:
36 |               - 'docker/**'
37 | 
38 |       - name: "Trigger Docker image build for ${{ github.ref_name }}"
39 |         if: ${{ steps.changes.outputs.docker-dir == 'true' }}
40 |         run: |
41 |           curl -L \
42 |             -X POST \
43 |             -H "Accept: application/vnd.github+json" \
44 |             -H "Authorization: Bearer ${{ secrets.PAT }}" \
45 |             -H "X-GitHub-Api-Version: 2022-11-28" \
46 |             https://api.github.com/repos/${{ secrets.REMOTE_OWNER }}/${{ secrets.REMOTE_REUSE_REPO }}/actions/workflows/build-docker-image.yml/dispatches \
47 |             -d '{"ref": "${{ env.REF }}", "inputs":{"branch":"${{ github.ref_name }}", "environment":"production"}}'


--------------------------------------------------------------------------------
/.github/workflows/trigger-pr-mirror-repo-sync.yml:
--------------------------------------------------------------------------------
 1 | name: Trigger Mirror PR and Repo Sync
 2 | on:
 3 |   pull_request_target:
 4 |       types:
 5 |         - closed
 6 |       branches:
 7 |         - current
 8 |         
 9 | permissions:
10 |   pull-requests: write
11 |   contents: write
12 |   issues: write
13 | 
14 | jobs:
15 |   call-trigger-mirror-pr-repo-sync:
16 |     if: github.repository_owner == 'vyos' && github.event.pull_request.merged == true
17 |     uses: vyos/.github/.github/workflows/trigger-pr-mirror-repo-sync.yml@current
18 |     secrets: inherit
19 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | .build/config
 2 | build/*
 3 | config/*
 4 | *.pyc
 5 | packer_build/*
 6 | packer_cache/*
 7 | key/*
 8 | packages/*
 9 | !packages/*/
10 | /testinstall*.img
11 | /testinstall*.efivars
12 | /*.qcow2
13 | /*.tar
14 | .DS_Store
15 | ._.DS_Store
16 | 


--------------------------------------------------------------------------------
/CODEOWNERS:
--------------------------------------------------------------------------------
1 | # Users from reviewers github team
2 | # * @vyos/reviewers
3 | 


--------------------------------------------------------------------------------
/LICENSE.artwork:
--------------------------------------------------------------------------------
 1 | # The spirit
 2 | 
 3 | VyOS is free (as in freedom) software. We keep the source code and the build tools freely-licensed
 4 | and available to everyone to inspect, modify, and distribute.
 5 | The goal of VyOS is to create a network operating system available to everyone who needs it.
 6 | We welcome contributions from all community members and we are happy to share our work on LTS releases
 7 | with contributors. We also don't require contributors to give us exclusive rights to their contributions,
 8 | and VyOS source code belongs to the entire community.
 9 | 
10 | However, success of a project and its ability to receive funding through commercial services
11 | rests on the reputation of its maintainers.
12 | And the "pay for binaries" LTS release model only works if access to images is actually restricted
13 | to those who support the project by purchasing a subscription or contributing.
14 | 
15 | We cannot let other people and organizations exploit our reputation for gain or put it at risk
16 | by distributing modified images with VyOS branding, or compromise the LTS business model
17 | by redistributing pre-built images meant for subscription holders.
18 | 
19 | We enforce that through trademarks and copyrighted artwork.
20 | 
21 | Use and distribution of pre-built LTS images is governed by a EULA you can find in /usr/share/doc/vyos/EULA
22 | on the live image and in installed systems. 
23 | 
24 | Self-built images can be freely distributed, but only if you replace the branding with yourn own,
25 | that is, replace all artwork files that contain the VyOS logo and all end-user-visible mentions of the VyOS name.
26 | 
27 | # The letter
28 | 
29 | VyOS is a registered trademarks in the United States, countries of the European Union, and other countries.
30 | 
31 | The copyright to the artwork files that contain the VyOS logo, such as data/live-build-config/includes.binary/isolinux/splash.png
32 | belongs to Sentrium S.L. and affiliated, all rights reserved. 
33 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | SHELL := /bin/bash
 2 | 
 3 | build_dir := build
 4 | 
 5 | .PHONY: all
 6 | all:
 7 | 	@echo "Make what specifically?"
 8 | 	@echo "The most common target is 'generic'"
 9 | 
10 | %:
11 | 	./build-vyos-image $*
12 | 
13 | .PHONY: checkiso
14 | .ONESHELL:
15 | checkiso:
16 | 	if [ ! -f build/live-image-amd64.hybrid.iso ]; then
17 | 		echo "Could not find build/live-image-amd64.hybrid.iso"
18 | 		exit 1
19 | 	fi
20 | 
21 | .PHONY: test
22 | .ONESHELL:
23 | test: checkiso
24 | 	scripts/check-qemu-install --debug --configd --match="$(MATCH)" --smoketest --uefi --cpu 4 --memory 8 build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS))
25 | 
26 | .PHONY: test-no-interfaces
27 | .ONESHELL:
28 | test-no-interfaces: checkiso
29 | 	scripts/check-qemu-install --debug --configd --smoketest --uefi --no-interfaces --cpu 4 --memory 8 build/live-image-amd64.hybrid.iso
30 | 
31 | .PHONY: test-interfaces
32 | .ONESHELL:
33 | test-interfaces: checkiso
34 | 	scripts/check-qemu-install --debug --configd --match="interfaces_" --smoketest --uefi build/live-image-amd64.hybrid.iso
35 | 
36 | .PHONY: test-vpp
37 | .ONESHELL:
38 | test-vpp: checkiso
39 | 	scripts/check-qemu-install --debug --configd --match="vpp" --smoketest --uefi --cpu 4 --memory 8 build/live-image-amd64.hybrid.iso
40 | 
41 | .PHONY: testc
42 | .ONESHELL:
43 | testc: checkiso
44 | 	scripts/check-qemu-install --debug --configd --cpu 2 --memory 7 --configtest build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS))
45 | 
46 | .PHONY: testraid
47 | .ONESHELL:
48 | testraid: checkiso
49 | 	scripts/check-qemu-install --debug --configd --raid build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS))
50 | 
51 | .PHONY: testsb
52 | .ONESHELL:
53 | testsb: checkiso
54 | 	scripts/check-qemu-install --debug --uefi --sbtest build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS))
55 | 
56 | .PHONY: testtpm
57 | .ONESHELL:
58 | testtpm: checkiso
59 | 	scripts/check-qemu-install --debug --tpmtest build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS))
60 | 
61 | .PHONY: qemu-live
62 | .ONESHELL:
63 | qemu-live: checkiso
64 | 	scripts/check-qemu-install --qemu-cmd --uefi build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS))
65 | 
66 | .PHONY: oci
67 | .ONESHELL:
68 | oci: checkiso
69 | 	scripts/iso-to-oci build/live-image-amd64.hybrid.iso
70 | 
71 | .PHONY: clean
72 | .ONESHELL:
73 | clean:
74 | 	@set -e
75 | 	mkdir -p $(build_dir)
76 | 	cd $(build_dir)
77 | 	lb clean
78 | 
79 | 	rm -f config/binary config/bootstrap config/chroot config/common config/source
80 | 	rm -f build.log
81 | 	rm -f vyos-*.iso
82 | 	rm -f *.img *.efivars
83 | 	rm -f *.xz
84 | 	rm -f *.vhd
85 | 	rm -f *.raw
86 | 	rm -f *.tar.gz
87 | 	rm -f *.qcow2
88 | 	rm -f *.mf
89 | 	rm -f *.ovf
90 | 	rm -f *.ova
91 | 
92 | .PHONY: purge
93 | purge:
94 | 	rm -rf build packer_build packer_cache testinstall-*.img
95 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | VyOS toplevel build
 2 | ===================
 3 | 
 4 | For the most up-to-date documentation, please read the online build guide at
 5 | [docs.vyos.io](https://docs.vyos.io/en/latest/contributing/build-vyos.html).
 6 | 
 7 | # What is VyOS
 8 | 
 9 | VyOS is an open source operating system for network devices (routers, firewalls
10 | and so on). If you want to use it in your network, check out download and
11 | installation instructions at https://docs.vyos.io/en/latest/installation/index.html
12 | 
13 | If you want to modify VyOS and/or join its development, read on.
14 | 
15 | # About this repository
16 | 
17 | VyOS is a GNU/Linux distribution based on Debian. Just like any other
18 | distribution, it consists of multiple packages.
19 | 
20 | Some packages are taken from the upstream, while other are modified or written
21 | from scratch by VyOS developers. Every package maintained by the VyOS team has
22 | its own git repository. VyOS image build is therefore a multi-step process.
23 | Packages are compiled first, then an ISO is built from Debian packages and our
24 | own packages.
25 | 
26 | This is the top level repository that contains links to repositories with VyOS
27 | specific packages (organized as Git submodules) and scripts and data that are
28 | used for building those packages and the installation image.
29 | 
30 | # Repository Structure
31 | 
32 | There are several directories with their own purpose:
33 | 
34 |  * `build/`    Used for temporary files used for the build and for build artifacts
35 |  * `data/`     Data required for building the ISO (e.g. boot splash/configs)
36 |  * `packages/` This directory can hold arbitrary *.deb
37 |                packages which will be embeded into the resulting ISO.
38 |                Among other things those packages will be: Linux Kernel, FRR,
39 |                Netfiler...
40 |  * `scripts/`  Scripts that are used for the build process
41 |  * `tools/`    Scripts that are used for maintainer's tasks automation and other
42 |                purposes, but not during ISO build process
43 | 
44 | # Building VyOS
45 | 
46 | In order to have a single manual and not maintining multiple copies the
47 | instructions on how to build VyOS either in a Docker container or natively can
48 | be found in our [Documentation - Build VyOS](https://docs.vyos.io/en/latest/contributing/build-vyos.html).
49 | 
50 | # Development Branches
51 | 
52 | The default branch that contains the most recent VyOS code is called `current`.
53 | We may or may not eventually switch to `main`.
54 | 
55 | All new code goes to the `current` branch. When a new LTS release is ready for feature freeze, a
56 | new branch is created for the release, and new code from `current` is backported
57 | to the release branch as needed.
58 | 
59 | Post-1.2.0 branches are named after constellations sorted by area from smallest
60 | to largest. There are 88 of them, here's the
61 | [complete list](https://en.wikipedia.org/wiki/IAU_designated_constellations_by_area).
62 | 
63 | Existing branches:
64 | 
65 | * VyOS 1.4: `sagitta` (Arrow) [LTS]
66 | * VyOS 1.3: `equuleus` (Little Horse) [LTS]
67 | * VyOS 1.2: `crux` (Southern Cross) [Unsupported]
68 | 
69 | The next LTS release will be VyOS 1.5 `circinus` (Compasses).
70 | 


--------------------------------------------------------------------------------
/build-vyos-image:
--------------------------------------------------------------------------------
1 | scripts/image-build/build-vyos-image


--------------------------------------------------------------------------------
/data/architectures/amd64.toml:
--------------------------------------------------------------------------------
 1 | # Packages added to images for x86 by default
 2 | packages = [
 3 |   "grub2",
 4 |   "grub-pc",
 5 |   "vyos-drivers-realtek-r8152",
 6 |   "vyos-linux-firmware",
 7 |   "vyos-intel-qat",
 8 |   "vyos-intel-ixgbe",
 9 |   "vyos-intel-ixgbevf",
10 |   "vyos-ipt-netflow",
11 |   "intel-microcode",
12 |   "amd64-microcode"
13 | ]
14 | 
15 | [additional_repositories.salt]
16 |   architecture = "amd64"
17 |   url = "https://packages.vyos.net/saltproject/debian/11/amd64/3005"
18 |   distribution = "bullseye"
19 | 
20 | [additional_repositories.zabbix]
21 |   url = "https://repo.zabbix.com/zabbix/6.0/debian"
22 | 


--------------------------------------------------------------------------------
/data/architectures/arm64.toml:
--------------------------------------------------------------------------------
 1 | # Packages included in ARM64 images by default
 2 | packages = [
 3 |   "grub-efi-arm64",
 4 | ]
 5 | bootloaders = "grub-efi"
 6 | 
 7 | [additional_repositories.salt]
 8 |   architecture = "arm64"
 9 |   url =	"https://packages.vyos.net/saltproject/debian/11/arm64/3005"
10 |   distribution = "bullseye"
11 | 
12 | [additional_repositories.zabbix]
13 |   url = "https://repo.zabbix.com/zabbix/6.0/debian-arm64"
14 | 


--------------------------------------------------------------------------------
/data/architectures/armhf.toml:
--------------------------------------------------------------------------------
1 | additional_repositories = [
2 |   "deb [arch=armhf] https://packages.vyos.net/saltproject/debian/11/arm64/3005 bullseye main"
3 | ]
4 | 
5 | # Packages included in armhf images by default
6 | packages = ["grub-efi-arm"]
7 | 


--------------------------------------------------------------------------------
/data/build-flavors/generic.toml:
--------------------------------------------------------------------------------
1 | # Generic (aka "universal") ISO image
2 | 
3 | image_format = "iso"
4 | 


--------------------------------------------------------------------------------
/data/build-types/stream.toml:
--------------------------------------------------------------------------------
1 | packages = [
2 |   "gdb",
3 |   "strace",
4 |   "apt-rdepends",
5 |   "tshark",
6 |   "vim",
7 |   "vyos-1x-smoketest"
8 | ]
9 | 


--------------------------------------------------------------------------------
/data/certificates/.gitignore:
--------------------------------------------------------------------------------
1 | *.key
2 | 


--------------------------------------------------------------------------------
/data/defaults.toml:
--------------------------------------------------------------------------------
 1 | build_type = "development"
 2 | 
 3 | architecture = "amd64"
 4 | 
 5 | debian_distribution = "bookworm"
 6 | 
 7 | debian_mirror = "http://deb.debian.org/debian"
 8 | debian_security_mirror = "http://deb.debian.org/debian-security"
 9 | 
10 | debian_archive_areas = "main contrib non-free non-free-firmware"
11 | 
12 | vyos_mirror = "https://packages.vyos.net/repositories/current"
13 | 
14 | vyos_branch = "current"
15 | release_train = "current"
16 | 
17 | kernel_version = "6.6.92"
18 | kernel_flavor = "vyos"
19 | bootloaders = "syslinux,grub-efi"
20 | 
21 | squashfs_compression_type = "xz -Xbcj x86 -b 256k -always-use-fragments -no-recovery"
22 | 
23 | website_url = "https://vyos.io"
24 | support_url = "https://support.vyos.io"
25 | bugtracker_url = "https://vyos.dev"
26 | documentation_url = "https://docs.vyos.io/en/latest"
27 | project_news_url = "https://blog.vyos.io"
28 | 


--------------------------------------------------------------------------------
/data/live-build-config/archives/bookworm-backports.pref.chroot:
--------------------------------------------------------------------------------
1 | Package: iproute2
2 | Pin: release n=bookworm-backports
3 | Pin-Priority: 600
4 | 
5 | Package: *
6 | Pin: release n=bookworm-backports
7 | Pin-Priority: -100
8 | 


--------------------------------------------------------------------------------
/data/live-build-config/archives/saltstack.key.chroot:
--------------------------------------------------------------------------------
 1 | -----BEGIN PGP PUBLIC KEY BLOCK-----
 2 | Version: GnuPG v2
 3 | 
 4 | mQENBFOpvpgBCADkP656H41i8fpplEEB8IeLhugyC2rTEwwSclb8tQNYtUiGdna9
 5 | m38kb0OS2DDrEdtdQb2hWCnswxaAkUunb2qq18vd3dBvlnI+C4/xu5ksZZkRj+fW
 6 | tArNR18V+2jkwcG26m8AxIrT+m4M6/bgnSfHTBtT5adNfVcTHqiT1JtCbQcXmwVw
 7 | WbqS6v/LhcsBE//SHne4uBCK/GHxZHhQ5jz5h+3vWeV4gvxS3Xu6v1IlIpLDwUts
 8 | kT1DumfynYnnZmWTGc6SYyIFXTPJLtnoWDb9OBdWgZxXfHEcBsKGha+bXO+m2tHA
 9 | gNneN9i5f8oNxo5njrL8jkCckOpNpng18BKXABEBAAG0MlNhbHRTdGFjayBQYWNr
10 | YWdpbmcgVGVhbSA8cGFja2FnaW5nQHNhbHRzdGFjay5jb20+iQE4BBMBAgAiBQJT
11 | qb6YAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAOCKFJ3le/vhkqB/0Q
12 | WzELZf4d87WApzolLG+zpsJKtt/ueXL1W1KA7JILhXB1uyvVORt8uA9FjmE083o1
13 | yE66wCya7V8hjNn2lkLXboOUd1UTErlRg1GYbIt++VPscTxHxwpjDGxDB1/fiX2o
14 | nK5SEpuj4IeIPJVE/uLNAwZyfX8DArLVJ5h8lknwiHlQLGlnOu9ulEAejwAKt9CU
15 | 4oYTszYM4xrbtjB/fR+mPnYh2fBoQO4d/NQiejIEyd9IEEMd/03AJQBuMux62tjA
16 | /NwvQ9eqNgLw9NisFNHRWtP4jhAOsshv1WW+zPzu3ozoO+lLHixUIz7fqRk38q8Q
17 | 9oNR31KvrkSNrFbA3D89uQENBFOpvpgBCADJ79iH10AfAfpTBEQwa6vzUI3Eltqb
18 | 9aZ0xbZV8V/8pnuU7rqM7Z+nJgldibFk4gFG2bHCG1C5aEH/FmcOMvTKDhJSFQUx
19 | uhgxttMArXm2c22OSy1hpsnVG68G32Nag/QFEJ++3hNnbyGZpHnPiYgej3FrerQJ
20 | zv456wIsxRDMvJ1NZQB3twoCqwapC6FJE2hukSdWB5yCYpWlZJXBKzlYz/gwD/Fr
21 | GL578WrLhKw3UvnJmlpqQaDKwmV2s7MsoZogC6wkHE92kGPG2GmoRD3ALjmCvN1E
22 | PsIsQGnwpcXsRpYVCoW7e2nW4wUf7IkFZ94yOCmUq6WreWI4NggRcFC5ABEBAAGJ
23 | AR8EGAECAAkFAlOpvpgCGwwACgkQDgihSd5Xv74/NggA08kEdBkiWWwJZUZEy7cK
24 | WWcgjnRuOHd4rPeT+vQbOWGu6x4bxuVf9aTiYkf7ZjVF2lPn97EXOEGFWPZeZbH4
25 | vdRFH9jMtP+rrLt6+3c9j0M8SIJYwBL1+CNpEC/BuHj/Ra/cmnG5ZNhYebm76h5f
26 | T9iPW9fFww36FzFka4VPlvA4oB7ebBtquFg3sdQNU/MmTVV4jPFWXxh4oRDDR+8N
27 | 1bcPnbB11b5ary99F/mqr7RgQ+YFF0uKRE3SKa7a+6cIuHEZ7Za+zhPaQlzAOZlx
28 | fuBmScum8uQTrEF5+Um5zkwC7EXTdH1co/+/V/fpOtxIg4XO4kcugZefVm5ERfVS
29 | MA==
30 | =dtMN
31 | -----END PGP PUBLIC KEY BLOCK-----
32 | 


--------------------------------------------------------------------------------
/data/live-build-config/archives/vyos-dev.key.chroot:
--------------------------------------------------------------------------------
 1 | -----BEGIN PGP PUBLIC KEY BLOCK-----
 2 | Version: GnuPG v2.0.22 (GNU/Linux)
 3 | 
 4 | mQINBF0/MrsBEADLSj4PdgHsr4FblWqQmmZD32J3EVlXrBIwi0zT1RN6V6vA81xx
 5 | Qe8XNm6LXVB9kjH9Qv+MwIWWOkTYGCDg2oiIAKPRnJfKisDo4Ax3a1j2YOF6Ud2n
 6 | t1bdDfSvnMnEITnMwa+BHKx3QeBoVG/8zhMeHjXy0QwHUIdKMyrX8M0JWY/sqLlv
 7 | HvzEaB3PEMFGFhuJ3Dh/ZxquVVuSS2GPRyTpLTqrPSH9jG8hf8YFWBE+CHbnclZc
 8 | 4NKlI5Q5yrqrUE7zGWgg3O75o6xlJpjI2TJXPPYU6llCNQi/AUIB3R34okMdyYmP
 9 | dzaHBXeA+a5glikv5i0ysJgfZ/hvZgayZdAvqIxQxjzvKebmqUutay7LhgjKGRnC
10 | vdAAQ1LbkqPvbBN1oaElRiTUR6bekTFd/M8x3DWPHc0xkNps6f4sEoiFkujpsl26
11 | uGlBhf59yFzI/XhjT/04pUWa3myFhGWT4WSw8cf3o/47/CiL4TefOBTY2vSSub7V
12 | nekDG6H75i9szMMQGzry71+RzYMOWkUnnnQ6wjpHuce42zU7wKUdl2+Wrr+g2/cK
13 | NKFvHRmGLVOpcabDawWi08hHr+J6Gje9PCePfY4x0p6Idjz5YW4Q1D/XSDZZ3nni
14 | akhMO1onHLolY7jstdexhSSi7nS9bDAdnHlL7e/hJemF5G0IvLlkaXYIpQARAQAB
15 | tDJWeU9TIG1haW50YWluZXJzIChwYWNrYWdlIHNpZ25pbmcpIDxwa2dzQHZ5b3Mu
16 | bmV0PokCOQQTAQIAIwUCXT8yuwIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheA
17 | AAoJELK9zt4uv5wGFk4P/3MUhejAJrkMy8EC21P74yCxpZ8RfahML/hIy8+13mWd
18 | 480eSGrZr+mEk7pN4T+5cOV4gO9gsKlZ+9zvP8PjRqrHhdDWnA+6GZSMmwvV5C+s
19 | DDop3Wa5z6u5SXwultAEzssNtmVreXhGrB/gkpx6NsAZz9TbwVCOyfFu5di2Oued
20 | ItL6IhkLBIbOmJX1X5CD3AvXIKcRwp7L3mFYP+UE5/c3OFmIK5P1J3vvHRPQqHls
21 | BOPs7dMowfCQfNTUyUWTG74gPo9wHCnuE6QnO5b/j1dPKgz5058bK+NMFgLLdw6X
22 | pb8Z7CvQPSLr5o2KfP+LsC7Nyz4tFQukJvidZdQ/uYQ38SDXsLbmlqnQWDCtYMzu
23 | j225frdkvymwvLrroVWGfbJI2Bd+u3VoQmLdMdddnSe/+oKoh2/xBueWH/O6d4F4
24 | br+HNbhxaxhhM2JuPXB7mQTDyzl4RhD8JixV6YgjWo1/X8wfpJdB/utTbiwLdhIH
25 | q2gdI3sxDCikapQWEhHWAgW4azhzXXvo8RTwNWXtck2DBsQxsn4lANvcWwJ7fRD5
26 | FDgIcJJ+rZrA9NT1sihSjxvUWAmByOSWwdWQRm8O86tFjqm9mJ5ppIYLX5weMa6L
27 | przxbm85y5DZeeuxo297YHGbrfeRm7ko/yB+DFdnLirnblK5JI4RL94AwZjad879
28 | uQINBF0/MrsBEACmKylWG6GC+EPn+x01vA3tVDyyDcOxaRevCvCYEINv7yn7Ajc3
29 | ZaWqqNRfZheOU5hUVJjW6cv7xqaWIn9J/7vatmdeX8H1cVWpSk/e1QT1Fop7I71e
30 | 4skDn8YI6JIZgFBrqe1O3YHOQDZbMO9zR5jNpVD7XXLyGsRvjnkH/ybugBeiVCqt
31 | 7x2I8OnDQggFnBrishMjVrEmBAduE3JICC1IbCCtVG67h07E/BC7XJVgME8Hvfwl
32 | EBTo8Y6CWcrsJZfAQKU+3wi5feFVLIbhNceiGcxmi7uJML+hGoSf92Pmn7i9p5su
33 | ywy4XF+aWvd4R3CMYywOiukB3rItic7gp0tpcMK7AwessGqvD/luz2cNY1IqDKak
34 | w7jGbGUT54zKO3tpt73dYGyf3SUHQ9aNAaGuSxjq/c9v9X4KpzmAi82rt4wSkDVa
35 | /5SkxsU9aP6lql2MrZm//Pj3hjyipTLUFhndbjeJDgBRROMJdokNkFIIaweJGAg2
36 | wNwBC6HRIYXLyOsV+Azf1gqSpCEqdKVLJkBduuChtd7N9xoUahag2yya+ujwpcN6
37 | nlmnhZt+yfgi0uO2cPmsof9PkJi+cb44IAgkvG96Zj2JbLHSlGipyYTHLYS46RC4
38 | CkaF3DSwDXVU+lBqJz+WkOywpMGUKtZwPbpy7ZJVf2JL8Rf0D95sIaeICwARAQAB
39 | iQIfBBgBAgAJBQJdPzK7AhsMAAoJELK9zt4uv5wG45IP/2YEQzyn2qiqHInLEmXE
40 | R7fefmkiTy925juASQiR/LGOCSfCOnMKBMkyi63XvQuhAALU6RxgK69yLZJYWQ+a
41 | gh+vrrndCzprCM4PohuupknA8nAY+FvC5xoOZVkZ/+vUP344ukxN9Fz1d9oU3G5a
42 | luoA23G1qs7kHJw/xzN1BFNqie2mIzMAOI0Wu0BZxmYmD3Ph0KMbUD08jX6ImDF6
43 | EnqS0VhCgXfWhPBqh5TOG35Fi5ZCmupbgqBJQZg5fLIWS3Hk2qBm70FR3iLdjiYu
44 | w165hBlqcJ2YfvVBKVvMNRVB9BtF7BfzCM3/y/4V82EZ7qQJ+jE30N+/vwrAOrUd
45 | QVlFsC5eYDOkRb3XXhijXZhoKoeXTwY7TGNntavVMYZ2W4EFoX2OH8/2A7KEYhqc
46 | 3cjEJ7EoM6hkmm6xmU82oQ8Moll1SgQbkNKlZYDPMs7Ppr4zBJjnVYVcP9e1RLFO
47 | 0POJbtG7CCAstcvMu/3Yw7Il/TOGvc3TNBPrkYtriDj+B900W5sEc33iUV9VRAAi
48 | Bkfs0XMSQVIcMdquu2LGfNWBjd/YCZVQ8OzFYoZJeq18oxeZ9/tE4NE3KyUBmqil
49 | 5/WicCYtxgxByAvhN5dFn+nPfoEMQ/e9Zhs2ImrrSy12Ehg1swRjAK39NrjySDFT
50 | FhyPysWJ4aNKtAYgVuQguPTt
51 | =rJUC
52 | -----END PGP PUBLIC KEY BLOCK-----
53 | 
54 | 


--------------------------------------------------------------------------------
/data/live-build-config/archives/vyos-dev.pref.chroot:
--------------------------------------------------------------------------------
1 | Package: *
2 | Pin: release n=current
3 | Pin-Priority: 999
4 | 


--------------------------------------------------------------------------------
/data/live-build-config/archives/zabbix-official-repo.key.chroot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vyos/vyos-build/8f4b588a1d0ca99ab0350deaa1eb13fced98b12e/data/live-build-config/archives/zabbix-official-repo.key.chroot


--------------------------------------------------------------------------------
/data/live-build-config/bootloaders/grub-pc/dejavu-bold-14.pf2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vyos/vyos-build/8f4b588a1d0ca99ab0350deaa1eb13fced98b12e/data/live-build-config/bootloaders/grub-pc/dejavu-bold-14.pf2


--------------------------------------------------------------------------------
/data/live-build-config/bootloaders/grub-pc/dejavu-bold-16.pf2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vyos/vyos-build/8f4b588a1d0ca99ab0350deaa1eb13fced98b12e/data/live-build-config/bootloaders/grub-pc/dejavu-bold-16.pf2


--------------------------------------------------------------------------------
/data/live-build-config/bootloaders/grub-pc/grub.cfg:
--------------------------------------------------------------------------------
 1 | set default=0
 2 | set timeout=10
 3 | 
 4 | insmod serial
 5 | serial --unit=0 --speed=115200
 6 | 
 7 | insmod gzio
 8 | insmod part_msdos
 9 | insmod ext2
10 | insmod efi_gop
11 | insmod efi_uga
12 | insmod png
13 | 
14 | loadfont /boot/grub/dejavu-bold-16.pf2
15 | loadfont /boot/grub/dejavu-bold-14.pf2
16 | loadfont /boot/grub/unicode.pf2
17 | 
18 | set gfxmode="640x480x16"
19 | set gfxpayload="640x480x16"
20 | terminal_output gfxterm
21 | 
22 | set splash_img="/isolinux/splash.png"
23 | if [ -e ${splash_img} ]; then
24 |     background_image ${splash_img}
25 | fi
26 | 
27 | terminal_output --append serial
28 | terminal_input serial console
29 | 
30 | set color_normal=light-gray/black
31 | set color_highlight=white/black
32 | 
33 | # Live boot
34 | LINUX_LIVE
35 | 
36 | # Installer (if any)
37 | LINUX_INSTALL
38 | 


--------------------------------------------------------------------------------
/data/live-build-config/bootloaders/grub-pc/live-theme/theme.txt:
--------------------------------------------------------------------------------
 1 | desktop-image: "../splash.png"
 2 | title-color: "#ffffff"
 3 | title-font: "DejaVu Sans Bold 16"
 4 | title-text: "Live Boot Menu with GRUB"
 5 | message-font: "Unifont Regular 16"
 6 | terminal-font: "Unifont Regular 16"
 7 | 
 8 | #help bar at the bottom
 9 | + label {
10 |         top = 100%-50
11 |         left = 0
12 |         width = 100%
13 |         height = 20
14 |         text = "@KEYMAP_SHORT@"
15 |         align = "center"
16 |         color = "#ffffff"
17 | 	font = "DejaVu Sans Bold 14"
18 | }
19 | 
20 | #boot menu
21 | + boot_menu {
22 |         left = 10%
23 |         width = 80%
24 |         top = 52%
25 |         height = 48%-80
26 |         item_color = "#a8a8a8"
27 | 	item_font = "DejaVu Sans Bold 14"
28 |         selected_item_color= "#ffffff"
29 | 	selected_item_font = "DejaVu Sans Bold 14"
30 |         item_height = 16
31 |         item_padding = 0
32 |         item_spacing = 4
33 | 	icon_width = 0
34 | 	icon_heigh = 0
35 | 	item_icon_space = 0
36 | }
37 | 
38 | #progress bar
39 | + progress_bar {
40 |         id = "__timeout__"
41 |         left = 15%
42 |         top = 100%-80
43 |         height = 16
44 |         width = 70%
45 |         font = "DejaVu Sans Regular 14"
46 |         text_color = "#000000"
47 |         fg_color = "#ffffff"
48 |         bg_color = "#a8a8a8"
49 |         border_color = "#ffffff"
50 |         text = "@TIMEOUT_NOTIFICATION_LONG@"
51 | }
52 | 


--------------------------------------------------------------------------------
/data/live-build-config/bootloaders/grub-pc/splash.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vyos/vyos-build/8f4b588a1d0ca99ab0350deaa1eb13fced98b12e/data/live-build-config/bootloaders/grub-pc/splash.png


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/00-manifest.binary:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | 
3 | echo I: Backwards compat packages.txt
4 | echo "ii  vyatta-version " > live/packages.txt
5 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/00-mk_buildid.chroot:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | # create the buildid file
 3 | 
 4 | etcdir=/opt/vyatta/etc
 5 | 
 6 | [ -d $etcdir ] || mkdir -p -m 0755 $etcdir
 7 | rm -f $etcdir/build.txt $etcdir/iso-build.txt $etc/iso-submodules.txt
 8 | 
 9 | ## NOTE: on live image build, these files are in the chroot/root
10 | ##       however, during install, these are in /cdrom
11 | for f in iso-build.txt iso-submodules.txt ; do
12 |     if [ -f /cdrom/$f ] ; then
13 | 	cp /cdrom/$f $etcdir
14 |     elif [ -f /$f ] ; then
15 | 	cp /$f $etcdir
16 |     else
17 | 	>$etcdir/$f
18 |     fi
19 | done
20 | 
21 | # backwards compatible symlink
22 | ln -s iso-build.txt $etcdir/build.txt
23 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/01-interfaces.chroot:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | if ! grep '^auto lo' /etc/network/interfaces &> /dev/null ; then
 4 |     mkdir -p -m 0755 /etc/network
 5 |     cat >> /etc/network/interfaces <<-EOF
 6 | 
 7 | 	# The loopback network interface
 8 | 	auto lo
 9 | 	iface lo inet loopback
10 | 
11 | 	EOF
12 | fi
13 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/01-live-serial.binary:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | GRUB_PATH=boot/grub/grub.cfg
 4 | ISOLINUX_PATH=isolinux/live.cfg
 5 | 
 6 | KVM_CONSOLE="console=ttyS0,115200 console=tty0"
 7 | SERIAL_CONSOLE="console=tty0 console=ttyS0,115200"
 8 | 
 9 | # Grub.cfg Update
10 | GRUB_MENUENTRY=$(sed -e '/menuentry.*hotkey.*/,/^}/!d' -e 's/--hotkey=l//g' $GRUB_PATH)
11 | 
12 | # Update KVM menuentry name
13 | sed -i 's/"Live system \((.*vyos)\)"/"Live system \1 - KVM console"/' $GRUB_PATH
14 | 
15 | # Insert serial menuentry
16 | echo "$GRUB_MENUENTRY" | sed \
17 |     -e 's/"Live system \((.*vyos)\)"/"Live system \1 - Serial console"/' \
18 |     -e "s/$KVM_CONSOLE/$SERIAL_CONSOLE/g" >> $GRUB_PATH
19 | 
20 | # Live.cfg Update
21 | ISOLINUX_MENUENTRY=$(sed -e '/label live-\(.*\)-vyos$/,/^\tappend.*/!d' $ISOLINUX_PATH)
22 | 
23 | # Update KVM menuentry name
24 | sed -i 's/Live system \((.*vyos)\)/Live system \1 - KVM console/' $ISOLINUX_PATH
25 | 
26 | # Insert serial menuentry
27 | echo "\n$ISOLINUX_MENUENTRY" | sed \
28 |     -e 's/live-\(.*\)-vyos/live-\1-vyos-serial/' \
29 |     -e '/^\tmenu default/d' \
30 |     -e 's/Live system \((.*vyos)\)/Live system \1 - Serial console/' \
31 |     -e "s/$KVM_CONSOLE/$SERIAL_CONSOLE/g" >> $ISOLINUX_PATH
32 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/03-root_bash_completion.chroot:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | grep -q '\(^[^#]*\)\(\.\|source\) /etc/bash_completion' root/.bashrc || \
 4 |     cat <<-EOF >> root/.bashrc
 5 | 
 6 | 	source /etc/bash_completion
 7 | 	EOF
 8 | 
 9 | sed -i 's/set $BASH_COMPLETION_ORIGINAL_V_VALUE/builtin set $BASH_COMPLETION_ORIGINAL_V_VALUE/g' /usr/share/bash-completion/bash_completion
10 | 
11 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/04-locale.chroot:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | 
3 | echo I: Set default locale
4 | cat <<EOF >etc/default/locale
5 | LANG=en_US.UTF-8
6 | LC_ALL=C
7 | EOF
8 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/05-event_tty.chroot:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | if [ -r etc/event.d/tty1 ] ; then
 4 |     echo I: Delay getty until rcX completes
 5 |     sed -i 's/start on runlevel /start on stopped rc/' \
 6 | 	etc/event.d/tty[1-6]
 7 |     if [ ! -r etc/event.d/ttyS0 ] && [ -c dev/ttyS0 ] ; then
 8 | 	echo I: Enable serial console login
 9 | 	cat <<-EOF > etc/event.d/ttyS0
10 | 	# ttyS0 - getty
11 | 	#
12 | 	# This service maintains a getty on ttyS0 from the point the system is
13 | 	# started until it is shut down again.
14 | 
15 | 	start on stopped rc2
16 | 	start on stopped rc3
17 | 	start on stopped rc4
18 | 	start on stopped rc5
19 | 
20 | 	stop on runlevel 0
21 | 	stop on runlevel 1
22 | 	stop on runlevel 6
23 | 
24 | 	respawn
25 | 	exec /sbin/getty 115200 ttyS0 vt100
26 | 
27 | 	EOF
28 |     fi
29 | fi
30 | 
31 | if [ -r etc/inittab ] && [ -c dev/ttyS0 ] && grep -q '^#T0:.*getty.*ttyS0' etc/inittab ; then
32 |     echo I: Enable serial console login
33 |     sed -i '/^#T0:/s|^#.*$|T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100|' etc/inittab
34 | fi
35 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/07-apt.chroot:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | 
3 | if [ -e /cdrom/vyatta-pubkey.gpg ] ; then
4 |     apt-key add /cdrom/vyatta-pubkey.gpg
5 | elif [ -e /vyatta-pubkey.gpg ] ; then
6 |     apt-key add /vyatta-pubkey.gpg
7 |     rm -f /vyatta-pubkey.gpg
8 | fi
9 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/08-sysconf.chroot:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | cp -f /opt/vyatta/etc/default_ssh /etc/default/ssh
 4 | >/etc/pam_radius_auth.conf
 5 | 
 6 | update_sysctl_conf ()
 7 | {
 8 |     var=$1
 9 |     val=$2
10 |     comment=$3
11 |     sysctl_conf=/etc/sysctl.conf
12 | 
13 |     if grep -q "^${var}[[:space:]]*=" $sysctl_conf ; then
14 | 	sed -i "/^${var}[[:space:]]*=/ s,=.*,= ${val}," $sysctl_conf
15 |     elif grep -q "^#[[:space:]]*${var}[[:space:]]*=" $sysctl_conf ; then
16 | 	sed -i "/^#[[:space:]]*${var}[[:space:]]*=/ { s,^#[[:space:]]*,, ; s,[[:space:]]*=.*, = ${val},} " $sysctl_conf
17 |     else
18 | 	cat <<-EOF >> $sysctl_conf
19 | 
20 | 	# $comment
21 | 	$var = $val
22 | 	EOF
23 |     fi
24 | }
25 | 
26 | update_sysctl_conf kernel.printk "4 4 1 7" \
27 |     "the following stops low-level messages on console"
28 | 
29 | # Local Variables:
30 | # mode: shell-script
31 | # sh-indentation: 4
32 | # End:
33 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/09-live.chroot:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | # hack live script that tries to mount ext[23] floppies as root
 4 | # remove user settings live config scripts
 5 | 
 6 | sed -e '/ln -s "${devname}"/,/return 0/ s/^/: FIXME/' \
 7 |     -i /usr/share/initramfs-tools/scripts/live
 8 | 
 9 | rm -rf /lib/live/config/0030-live-debconfig_passwd
10 | rm -rf /lib/live/config/0030-user-setup
11 | rm -rf /lib/live/config/0040-sudo
12 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/100-remove-dropbear-keys.chroot:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | 
3 | # Delete Dropbear SSH keys that might be generated
4 | # by postinst scripts
5 | # to prevent non-unique keys from appearing in images
6 | 
7 | rm -f /etc/dropbear/dropbear_*_host_key
8 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/12-udev-initramfs.chroot:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | # this was a "local patch" but patch generates a .orig file if it doesn't
 4 | # apply cleanly, which is not good when all files in the hook directory are
 5 | # executed. just use sed to hack the udev hook here.
 6 | 
 7 | sed -i 's/^\(mount -n -o move \/dev .*\/dev\)$/\1 2>\/dev\/null/' \
 8 |   /usr/share/initramfs-tools/scripts/init-bottom/udev
 9 | 
10 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/14-acpid.chroot:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | # To be able to properly shutdown bare-metal servers install and
 4 | # configure acpid
 5 | apt-get -y install acpid
 6 | 
 7 | cat <<EOF > /etc/acpi/events/powerbtn
 8 | event=button[ /]power
 9 | action=/sbin/poweroff
10 | EOF
11 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/15-sources_list.chroot:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | 
3 | rm -f /etc/apt/sources.list.d/*.list >/dev/null 2>&1 || true
4 | 
5 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/16-fuse.chroot:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | 
3 | sed -i 's/#user_allow_other/user_allow_other/g' /etc/fuse.conf
4 | chmod a+r /etc/fuse.conf
5 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/17-gen_initramfs.chroot:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | echo I: Create initramfs if it does not exist.
 4 | 
 5 | # Kernel complains about non available nls_ascii module when booting from USB pendrive
 6 | echo "nls_ascii" >> /etc/initramfs-tools/modules
 7 | 
 8 | if [ -e /boot/initrd.img-* ]; then
 9 | 	rm -f /boot/initrd.img-*
10 | fi
11 | 
12 | KERNEL_COUNT=$(find /boot/ -type f -name vmlinuz* | wc -l)
13 | if [ "$KERNEL_COUNT" -gt 1 ]; then
14 |     echo "E: there is more than one kernel image file installed!"
15 |     echo "E: please make sure that kernel_version in data/defaults.toml is up to date"
16 |     echo "E: if your repository is up to date, then there is a bug"
17 | fi
18 | 
19 | kernel=`ls /boot | grep vmlinuz- | sed 's/vmlinuz-//g'`
20 | 
21 | echo "I: Executing update-initramfs -c -k $kernel"
22 | 
23 | update-initramfs -c -k $kernel
24 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/18-enable-disable_services.chroot:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | echo I: Disabling services
 4 | systemctl disable syslog.service
 5 | systemctl disable rsyslog.service
 6 | systemctl disable arpwatch.service
 7 | systemctl disable smartd.service
 8 | systemctl disable kea-ctrl-agent.service
 9 | systemctl disable kea-dhcp4-server.service
10 | systemctl disable kea-dhcp6-server.service
11 | systemctl disable isc-dhcp-relay.service
12 | systemctl disable nfacctd.service
13 | systemctl disable pmacctd.service
14 | systemctl disable sfacctd.service
15 | systemctl disable uacctd.service
16 | systemctl disable ssh.service
17 | systemctl disable sshguard.service
18 | systemctl disable openvpn.service
19 | systemctl disable lldpd.service
20 | systemctl disable LCDd.service
21 | systemctl disable lcdproc.service
22 | systemctl disable conntrackd.service
23 | systemctl disable 'udp-broadcast-relay@*.service'
24 | systemctl disable pdns-recursor.service
25 | systemctl disable tftpd-hpa.service
26 | systemctl disable frr.service
27 | systemctl disable salt-minion.service
28 | systemctl disable certbot.service
29 | systemctl disable certbot.timer
30 | systemctl disable nginx.service
31 | systemctl disable wpa_supplicant.service
32 | systemctl disable squid.service
33 | systemctl disable apt-daily.service
34 | systemctl disable apt-daily.timer
35 | systemctl disable apt-daily-upgrade.timer
36 | systemctl disable apt-daily-upgrade.service
37 | systemctl disable chrony.service
38 | systemctl disable igmpproxy.service
39 | systemctl disable wide-dhcpv6-client.service
40 | systemctl disable lm-sensors.service
41 | systemctl disable snmpd.service
42 | systemctl disable conserver-server.service
43 | systemctl disable dropbear.service
44 | systemctl disable fancontrol.service
45 | systemctl disable ddclient.service
46 | systemctl disable ocserv.service
47 | systemctl disable tuned.service
48 | systemctl disable radvd.service
49 | systemctl disable hostapd.service
50 | systemctl disable hsflowd.service
51 | systemctl disable keepalived.service
52 | systemctl disable ipvsadm.service
53 | systemctl disable telegraf.service
54 | systemctl disable ndppd.service
55 | systemctl disable ipsec.service
56 | systemctl disable strongswan.service
57 | systemctl disable strongswan-starter.service
58 | systemctl disable strongswan.service
59 | systemctl disable avahi-daemon.service
60 | systemctl disable atop-rotate.timer
61 | systemctl disable ModemManager.service
62 | systemctl disable dnsdist.service
63 | systemctl disable haproxy.service
64 | systemctl disable owamp-server.service
65 | systemctl disable twamp-server.service
66 | systemctl disable vyos-wan-load-balance.service
67 | systemctl disable nvmf-autoconnect.service
68 | systemctl disable dpkg-db-backup.timer
69 | systemctl disable dpkg-db-backup.service
70 | systemctl disable zabbix-agent2.service
71 | systemctl disable suricata.service
72 | systemctl disable vyconfd.service
73 | systemctl disable vpp.service
74 | systemctl disable netplug.service
75 | 
76 | echo I: Enabling services
77 | systemctl enable vyos-hostsd.service
78 | systemctl enable acpid.service
79 | systemctl enable vyos-router.service
80 | systemctl enable vyos-configd.service
81 | systemctl enable vyos-grub-update.service
82 | systemctl enable vyos-commitd.service
83 | 
84 | echo I: Masking services
85 | systemctl mask systemd-journald-audit.socket
86 | systemctl --global mask gpg-agent.service gpg-agent.socket gpg-agent-ssh.socket gpg-agent-extra.socket gpg-agent-browser.socket dirmngr.socket
87 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/19-kernel_symlinks.chroot:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | echo I: Creating Linux Kernel symbolic links
 4 | cd /boot
 5 | ln -s initrd.img-* initrd.img
 6 | ln -s vmlinuz-* vmlinuz
 7 | 
 8 | echo I: Remove Linux Kernel symbolic link to source folder
 9 | rm -rf /lib/modules/*/build
10 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/20-systemd_target.chroot:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | 
3 | echo I: Choose systemd multi-user.target over graphical.target
4 | systemctl set-default -f multi-user.target
5 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/21-pam_mkhomedir.chroot:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | echo I: Create home directory on login.
 4 | 
 5 | cat > /usr/share/pam-configs/mkhomedir <<EOF
 6 | Name: Create home directory during login
 7 | Default: yes
 8 | Priority: 900
 9 | Session-Type: Additional
10 | Session:
11 |         required        pam_mkhomedir.so umask=0022 skel=/etc/skel
12 | EOF
13 | sync
14 | sed -i '/mkhomedir/d' /var/lib/pam/seen
15 | pam-auth-update --package
16 | 
17 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/23-config_mkdir.chroot:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | 
3 | echo I: Create config directory.
4 | 
5 | mkdir -p /config
6 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/24-efi_packages.chroot:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | exit 0
3 | echo I: Download grub-efi packages.
4 | 
5 | mkdir -p /usr/share/vyos/packages
6 | cd /usr/share/vyos/packages
7 | aptitude download grub-efi
8 | aptitude download grub-efi-amd64
9 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/30-mpls_modules.chroot:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | # FRR LDP require loaded MPLS modules before starting FRR daemons
 4 | 
 5 | echo I: Enabling autoload MPLS modules
 6 | 
 7 | echo "mpls_gso" >> /etc/modules-load.d/mpls.conf
 8 | echo "mpls_iptunnel" >> /etc/modules-load.d/mpls.conf
 9 | echo "mpls_router" >> /etc/modules-load.d/mpls.conf
10 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/30-strongswan-configs.chroot:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | 
 3 | # The Cisco Unity plugin, that implements a proprietary extension
 4 | # for IPsec split tunneling, interfers with DMVPN
 5 | #
 6 | # Since we do not do remote access IPsec, the simplest solution
 7 | # is to disable it entirely from the start.
 8 | 
 9 | import re
10 | 
11 | # Disable the 'cisco_unity' option in charon.conf
12 | with open('/etc/strongswan.d/charon.conf', 'r') as f:
13 |     charon_conf = f.read()
14 |     charon_conf = re.sub(r'# (cisco_unity = no)', r"\1", charon_conf)
15 | 
16 | with open('/etc/strongswan.d/charon.conf', 'w') as f:
17 |     f.write(charon_conf)
18 | 
19 | 
20 | 
21 | # Prevent the 'cisco_unity' plugin from loading
22 | with open('/etc/strongswan.d/charon/unity.conf', 'r') as f:
23 |     unity_conf = f.read()
24 |     unity_conf = re.sub(r'load = yes', r'load = no', unity_conf)
25 | 
26 | with open('/etc/strongswan.d/charon/unity.conf', 'w') as f:
27 |     f.write(unity_conf)
28 | 
29 | 
30 | 
31 | # Prevent the 'farp' plugin from loading
32 | with open('/etc/strongswan.d/charon/farp.conf', 'r') as f:
33 |     farp_conf = f.read()
34 | 
35 |     farp_conf = re.sub(r'load = yes', r'load = no', farp_conf)
36 | 
37 | with open('/etc/strongswan.d/charon/farp.conf', 'w') as f:
38 |     f.write(farp_conf)
39 | 
40 | 
41 | # Add ike-name to logging
42 | charon_logging = """
43 | charon {
44 |     syslog {
45 |         # prefix for each log message
46 |         identifier = charon
47 |         # use default settings to log to the LOG_DAEMON facility
48 |         daemon {
49 |             default = 1
50 |             ike_name = yes
51 |         }
52 |     }
53 | }
54 | """
55 | 
56 | with open('/etc/strongswan.d/charon-logging.conf', 'w') as f:
57 |     f.write(charon_logging)
58 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/40-init-cracklib-db.chroot:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | CRACKLIB_DIR=/var/cache/cracklib
 4 | CRACKLIB_DB=cracklib_dict
 5 | 
 6 | if [ ! -f "${CRACKLIB_DIR}/${CRACKLIB_DB}.pwd" ]; then
 7 |   echo "I: Creating the cracklib database ${CRACKLIB_DIR}/${CRACKLIB_DB}"
 8 |   mkdir -p $CRACKLIB_DIR
 9 | 
10 |   /usr/sbin/create-cracklib-dict -o $CRACKLIB_DIR/$CRACKLIB_DB \
11 |     /usr/share/dict/cracklib-small
12 | fi
13 | 
14 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/40-init-geoip-database.chroot:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | # Geolocation data provided by DB-IP.com
 4 | # License: https://creativecommons.org/licenses/by/4.0/ (CC BY 4.0)
 5 | 
 6 | DATE_SUFFIX=$(date +%Y-%m)
 7 | URL="https://download.db-ip.com/free/dbip-country-lite-${DATE_SUFFIX}.csv.gz"
 8 | OUT_PATH="/usr/share/vyos-geoip/dbip-country-lite.csv.gz"
 9 | 
10 | mkdir -p $(dirname $OUT_PATH)
11 | wget -O - $URL > $OUT_PATH
12 | 
13 | if [ $? -ne 0 ]; then
14 |     echo "Failed to download GeoIP database"
15 |     rm $OUT_PATH
16 | fi
17 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/90-localepurge.chroot:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | LPCONF=/etc/locale.nopurge
 4 | 
 5 | echo MANDELETE > $LPCONF
 6 | echo DONTBOTHERNEWLOCALE >> $LPCONF
 7 | echo SHOWFREEDSPACE >> $LPCONF
 8 | echo QUICKNDIRTYCALC >> $LPCONF
 9 | echo en >> $LPCONF
10 | echo en_US.UTF-8 >> $LPCONF
11 | 
12 | /usr/sbin/localepurge
13 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/92-strip-symbols.chroot:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # Discard symbols and other data from object files.
 5 | #
 6 | # Reference:
 7 | # https://www.linuxfromscratch.org/lfs/view/systemd/chapter08/stripping.html
 8 | # https://www.debian.org/doc/debian-policy/ch-files.html
 9 | #
10 | 
11 | # Set variables.
12 | STRIPCMD_REGULAR="strip --remove-section=.comment --remove-section=.note --preserve-dates"
13 | STRIPCMD_DEBUG="strip --strip-debug --remove-section=.comment --remove-section=.note --preserve-dates"
14 | STRIPCMD_UNNEEDED="strip --strip-unneeded --remove-section=.comment --remove-section=.note --preserve-dates"
15 | STRIPDIR_REGULAR="
16 | "
17 | STRIPDIR_DEBUG="
18 | "
19 | STRIPDIR_UNNEEDED="
20 | /etc/hsflowd/modules
21 | /usr/bin
22 | /usr/lib/openvpn
23 | /usr/lib/x86_64-linux-gnu
24 | /usr/lib32
25 | /usr/lib64
26 | /usr/libx32
27 | /usr/sbin
28 | "
29 | STRIP_EXCLUDE=`dpkg-query -L libbinutils | grep '.so'`
30 | 
31 | # Perform stuff.
32 | echo "Stripping symbols..."
33 | 
34 | # List excluded files.
35 | echo "Exclude files: ${STRIP_EXCLUDE}"
36 | 
37 | # CMD: strip
38 | for DIR in ${STRIPDIR_REGULAR}; do
39 |   echo "Parse dir (strip): ${DIR}"
40 |   find ${DIR} -type f -exec file {} \; | grep 'not stripped' | cut -d ":" -f 1 | while read FILE; do
41 |     echo "${STRIP_EXCLUDE}" | grep -F -q -w "${FILE}"
42 |     if [ $? -ne 0 ]; then
43 |       echo "Strip file (strip): ${FILE}"
44 |       ${STRIPCMD_REGULAR} ${FILE}
45 |     fi
46 |   done
47 | done
48 | 
49 | # CMD: strip --strip-debug
50 | for DIR in ${STRIPDIR_DEBUG}; do
51 |   echo "Parse dir (strip-debug): ${DIR}"
52 |   find ${DIR} -type f -exec file {} \; | grep 'not stripped' | cut -d ":" -f 1 | while read FILE; do
53 |     echo "${STRIP_EXCLUDE}" | grep -F -q -w "${FILE}"
54 |     if [ $? -ne 0 ]; then
55 |       echo "Strip file (strip-debug): ${FILE}"
56 |       ${STRIPCMD_DEBUG} ${FILE}
57 |     fi
58 |   done
59 | done
60 | 
61 | # CMD: strip --strip-unneeded
62 | for DIR in ${STRIPDIR_UNNEEDED}; do
63 |   echo "Parse dir (strip-unneeded: ${DIR}"
64 |   find ${DIR} -type f -exec file {} \; | grep 'not stripped' | cut -d ":" -f 1 | while read FILE; do
65 |     echo "${STRIP_EXCLUDE}" | grep -F -q -w "${FILE}"
66 |     if [ $? -ne 0 ]; then
67 |       echo "Strip file (strip-unneeded): ${FILE}"
68 |       ${STRIPCMD_UNNEEDED} ${FILE}
69 |     fi
70 |   done
71 | done
72 | 
73 | # Remove binutils package.
74 | apt-get -y purge --autoremove binutils
75 | 
76 | 


--------------------------------------------------------------------------------
/data/live-build-config/hooks/live/93-sb-sign-kernel.chroot:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | SIGN_FILE=$(find /usr/lib -name sign-file)
 3 | KERNEL_KEY="/var/lib/shim-signed/mok/vyos-dev-2025-linux.key"
 4 | KERNEL_CERT="/var/lib/shim-signed/mok/vyos-dev-2025-linux.pem"
 5 | VMLINUZ=$(readlink /boot/vmlinuz)
 6 | 
 7 | # All Linux Kernel modules need to be cryptographically signed
 8 | find /lib/modules -type f -name \*.ko | while read MODULE; do
 9 |     modinfo ${MODULE} | grep -q "signer:"
10 |     if [ $? != 0 ]; then
11 |         echo "E: Module ${MODULE} is not signed!"
12 |         read -n 1 -s -r -p "Press any key to continue"
13 |     fi
14 | done
15 | 
16 | if [ ! -f ${KERNEL_KEY} ] && [ ! -f ${KERNEL_CERT} ]; then
17 |     echo "I: Signing key for Linux Kernel not found - Secure Boot not possible"
18 | else
19 |     echo "I: Signing Linux Kernel for Secure Boot"
20 |     sbsign --key ${KERNEL_KEY} --cert ${KERNEL_CERT} /boot/${VMLINUZ} --output /boot/${VMLINUZ}
21 |     sbverify --list /boot/${VMLINUZ}
22 |     rm -f ${KERNEL_KEY}
23 | fi
24 | 
25 | for cert in $(ls /var/lib/shim-signed/mok/); do
26 |     if grep -rq "BEGIN PRIVATE KEY" /var/lib/shim-signed/mok/${cert}; then
27 |         echo "Found private key - bailing out"
28 |         exit 1
29 |     fi
30 | done
31 | 
32 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.binary/isolinux/isolinux.cfg:
--------------------------------------------------------------------------------
 1 | include menu.cfg
 2 | default vesamenu.c32
 3 | prompt 0
 4 | 
 5 | # Ignore the Shift/Alt/Caps Lock/Scroll Lock escape
 6 | noescape 1
 7 | 
 8 | # Wait 10 seconds unless the user types something, but
 9 | # always boot after 5 minutes.
10 | timeout 100
11 | totaltimeout 3000
12 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.binary/isolinux/menu.cfg:
--------------------------------------------------------------------------------
1 | menu hshift 0
2 | menu width 82
3 | 
4 | menu title VyOS - Boot Menu
5 | include stdmenu.cfg
6 | include live.cfg
7 | 
8 | menu clear
9 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.binary/isolinux/splash.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vyos/vyos-build/8f4b588a1d0ca99ab0350deaa1eb13fced98b12e/data/live-build-config/includes.binary/isolinux/splash.png


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/c3xxx_dev0.conf:
--------------------------------------------------------------------------------
 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES
 2 | # VyOS config
 3 | 
 4 | [GENERAL]
 5 | ConfigVersion = 2
 6 | # Enable only cryptographic service
 7 | ServicesEnabled = cy
 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances
 9 | CyNumConcurrentSymRequests = 512
10 | CyNumConcurrentAsymRequests = 16384
11 | # Automatically resets the device in case of fatal error or heartbeat failure
12 | AutoResetOnError = 1
13 | # Interrupts Coalescing
14 | InterruptCoalescingEnabled = 1
15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt
16 | InterruptCoalescingTimerNs = 500000
17 | 
18 | 
19 | [KERNEL]
20 | # Create two cryptographic instances
21 | NumberCyInstances = 16
22 | NumberDcInstances = 0
23 | # Instance 0
24 | Cy0Name = "IPSec0"
25 | Cy0IsPolled = 0
26 | Cy0CoreAffinity = 0
27 | # Instance 1
28 | Cy1Name = "IPSec1"
29 | Cy1IsPolled = 0
30 | Cy1CoreAffinity = 1
31 | # Instance 2
32 | Cy2Name = "IPSec2"
33 | Cy2IsPolled = 0
34 | Cy2CoreAffinity = 2
35 | # Instance 3
36 | Cy3Name = "IPSec3"
37 | Cy3IsPolled = 0
38 | Cy3CoreAffinity = 3
39 | # Instance 4
40 | Cy4Name = "IPSec4"
41 | Cy4IsPolled = 0
42 | Cy4CoreAffinity = 4
43 | # Instance 5
44 | Cy5Name = "IPSec5"
45 | Cy5IsPolled = 0
46 | Cy5CoreAffinity = 5
47 | # Instance 6
48 | Cy6Name = "IPSec6"
49 | Cy6IsPolled = 0
50 | Cy6CoreAffinity = 6
51 | # Instance 7
52 | Cy7Name = "IPSec7"
53 | Cy7IsPolled = 0
54 | Cy7CoreAffinity = 7
55 | # Instance 8
56 | Cy8Name = "IPSec8"
57 | Cy8IsPolled = 0
58 | Cy8CoreAffinity = 8
59 | # Instance 9
60 | Cy9Name = "IPSec9"
61 | Cy9IsPolled = 0
62 | Cy9CoreAffinity = 9
63 | # Instance 10
64 | Cy10Name = "IPSec10"
65 | Cy10IsPolled = 0
66 | Cy10CoreAffinity = 10
67 | # Instance 11
68 | Cy11Name = "IPSec11"
69 | Cy11IsPolled = 0
70 | Cy11CoreAffinity = 11
71 | # Instance 12
72 | Cy12Name = "IPSec12"
73 | Cy12IsPolled = 0
74 | Cy12CoreAffinity = 12
75 | # Instance 13
76 | Cy13Name = "IPSec13"
77 | Cy13IsPolled = 0
78 | Cy13CoreAffinity = 13
79 | # Instance 14
80 | Cy14Name = "IPSec14"
81 | Cy14IsPolled = 0
82 | Cy14CoreAffinity = 14
83 | # Instance 15
84 | Cy15Name = "IPSec15"
85 | Cy15IsPolled = 0
86 | Cy15CoreAffinity = 15
87 | 
88 | 
89 | # Disable QAT API
90 | [KERNEL_QAT]
91 | NumberCyInstances = 0
92 | NumberDcInstances = 0
93 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/c3xxx_dev1.conf:
--------------------------------------------------------------------------------
 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES
 2 | # VyOS config
 3 | 
 4 | [GENERAL]
 5 | ConfigVersion = 2
 6 | # Enable only cryptographic service
 7 | ServicesEnabled = cy
 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances
 9 | CyNumConcurrentSymRequests = 512
10 | CyNumConcurrentAsymRequests = 16384
11 | # Automatically resets the device in case of fatal error or heartbeat failure
12 | AutoResetOnError = 1
13 | # Interrupts Coalescing
14 | InterruptCoalescingEnabled = 1
15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt
16 | InterruptCoalescingTimerNs = 500000
17 | 
18 | 
19 | [KERNEL]
20 | # Create two cryptographic instances
21 | NumberCyInstances = 16
22 | NumberDcInstances = 0
23 | # Instance 0
24 | Cy0Name = "IPSec0"
25 | Cy0IsPolled = 0
26 | Cy0CoreAffinity = 0
27 | # Instance 1
28 | Cy1Name = "IPSec1"
29 | Cy1IsPolled = 0
30 | Cy1CoreAffinity = 1
31 | # Instance 2
32 | Cy2Name = "IPSec2"
33 | Cy2IsPolled = 0
34 | Cy2CoreAffinity = 2
35 | # Instance 3
36 | Cy3Name = "IPSec3"
37 | Cy3IsPolled = 0
38 | Cy3CoreAffinity = 3
39 | # Instance 4
40 | Cy4Name = "IPSec4"
41 | Cy4IsPolled = 0
42 | Cy4CoreAffinity = 4
43 | # Instance 5
44 | Cy5Name = "IPSec5"
45 | Cy5IsPolled = 0
46 | Cy5CoreAffinity = 5
47 | # Instance 6
48 | Cy6Name = "IPSec6"
49 | Cy6IsPolled = 0
50 | Cy6CoreAffinity = 6
51 | # Instance 7
52 | Cy7Name = "IPSec7"
53 | Cy7IsPolled = 0
54 | Cy7CoreAffinity = 7
55 | # Instance 8
56 | Cy8Name = "IPSec8"
57 | Cy8IsPolled = 0
58 | Cy8CoreAffinity = 8
59 | # Instance 9
60 | Cy9Name = "IPSec9"
61 | Cy9IsPolled = 0
62 | Cy9CoreAffinity = 9
63 | # Instance 10
64 | Cy10Name = "IPSec10"
65 | Cy10IsPolled = 0
66 | Cy10CoreAffinity = 10
67 | # Instance 11
68 | Cy11Name = "IPSec11"
69 | Cy11IsPolled = 0
70 | Cy11CoreAffinity = 11
71 | # Instance 12
72 | Cy12Name = "IPSec12"
73 | Cy12IsPolled = 0
74 | Cy12CoreAffinity = 12
75 | # Instance 13
76 | Cy13Name = "IPSec13"
77 | Cy13IsPolled = 0
78 | Cy13CoreAffinity = 13
79 | # Instance 14
80 | Cy14Name = "IPSec14"
81 | Cy14IsPolled = 0
82 | Cy14CoreAffinity = 14
83 | # Instance 15
84 | Cy15Name = "IPSec15"
85 | Cy15IsPolled = 0
86 | Cy15CoreAffinity = 15
87 | 
88 | 
89 | # Disable QAT API
90 | [KERNEL_QAT]
91 | NumberCyInstances = 0
92 | NumberDcInstances = 0
93 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/c3xxx_dev2.conf:
--------------------------------------------------------------------------------
 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES
 2 | # VyOS config
 3 | 
 4 | [GENERAL]
 5 | ConfigVersion = 2
 6 | # Enable only cryptographic service
 7 | ServicesEnabled = cy
 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances
 9 | CyNumConcurrentSymRequests = 512
10 | CyNumConcurrentAsymRequests = 16384
11 | # Automatically resets the device in case of fatal error or heartbeat failure
12 | AutoResetOnError = 1
13 | # Interrupts Coalescing
14 | InterruptCoalescingEnabled = 1
15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt
16 | InterruptCoalescingTimerNs = 500000
17 | 
18 | 
19 | [KERNEL]
20 | # Create two cryptographic instances
21 | NumberCyInstances = 16
22 | NumberDcInstances = 0
23 | # Instance 0
24 | Cy0Name = "IPSec0"
25 | Cy0IsPolled = 0
26 | Cy0CoreAffinity = 0
27 | # Instance 1
28 | Cy1Name = "IPSec1"
29 | Cy1IsPolled = 0
30 | Cy1CoreAffinity = 1
31 | # Instance 2
32 | Cy2Name = "IPSec2"
33 | Cy2IsPolled = 0
34 | Cy2CoreAffinity = 2
35 | # Instance 3
36 | Cy3Name = "IPSec3"
37 | Cy3IsPolled = 0
38 | Cy3CoreAffinity = 3
39 | # Instance 4
40 | Cy4Name = "IPSec4"
41 | Cy4IsPolled = 0
42 | Cy4CoreAffinity = 4
43 | # Instance 5
44 | Cy5Name = "IPSec5"
45 | Cy5IsPolled = 0
46 | Cy5CoreAffinity = 5
47 | # Instance 6
48 | Cy6Name = "IPSec6"
49 | Cy6IsPolled = 0
50 | Cy6CoreAffinity = 6
51 | # Instance 7
52 | Cy7Name = "IPSec7"
53 | Cy7IsPolled = 0
54 | Cy7CoreAffinity = 7
55 | # Instance 8
56 | Cy8Name = "IPSec8"
57 | Cy8IsPolled = 0
58 | Cy8CoreAffinity = 8
59 | # Instance 9
60 | Cy9Name = "IPSec9"
61 | Cy9IsPolled = 0
62 | Cy9CoreAffinity = 9
63 | # Instance 10
64 | Cy10Name = "IPSec10"
65 | Cy10IsPolled = 0
66 | Cy10CoreAffinity = 10
67 | # Instance 11
68 | Cy11Name = "IPSec11"
69 | Cy11IsPolled = 0
70 | Cy11CoreAffinity = 11
71 | # Instance 12
72 | Cy12Name = "IPSec12"
73 | Cy12IsPolled = 0
74 | Cy12CoreAffinity = 12
75 | # Instance 13
76 | Cy13Name = "IPSec13"
77 | Cy13IsPolled = 0
78 | Cy13CoreAffinity = 13
79 | # Instance 14
80 | Cy14Name = "IPSec14"
81 | Cy14IsPolled = 0
82 | Cy14CoreAffinity = 14
83 | # Instance 15
84 | Cy15Name = "IPSec15"
85 | Cy15IsPolled = 0
86 | Cy15CoreAffinity = 15
87 | 
88 | 
89 | # Disable QAT API
90 | [KERNEL_QAT]
91 | NumberCyInstances = 0
92 | NumberDcInstances = 0
93 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/c6xx_dev0.conf:
--------------------------------------------------------------------------------
 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES
 2 | # VyOS config
 3 | 
 4 | [GENERAL]
 5 | ConfigVersion = 2
 6 | # Enable only cryptographic service
 7 | ServicesEnabled = cy
 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances
 9 | CyNumConcurrentSymRequests = 512
10 | CyNumConcurrentAsymRequests = 16384
11 | # Automatically resets the device in case of fatal error or heartbeat failure
12 | AutoResetOnError = 1
13 | # Interrupts Coalescing
14 | InterruptCoalescingEnabled = 1
15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt
16 | InterruptCoalescingTimerNs = 500000
17 | 
18 | 
19 | [KERNEL]
20 | # Create two cryptographic instances
21 | NumberCyInstances = 16
22 | NumberDcInstances = 0
23 | # Instance 0
24 | Cy0Name = "IPSec0"
25 | Cy0IsPolled = 0
26 | Cy0CoreAffinity = 0
27 | # Instance 1
28 | Cy1Name = "IPSec1"
29 | Cy1IsPolled = 0
30 | Cy1CoreAffinity = 1
31 | # Instance 2
32 | Cy2Name = "IPSec2"
33 | Cy2IsPolled = 0
34 | Cy2CoreAffinity = 2
35 | # Instance 3
36 | Cy3Name = "IPSec3"
37 | Cy3IsPolled = 0
38 | Cy3CoreAffinity = 3
39 | # Instance 4
40 | Cy4Name = "IPSec4"
41 | Cy4IsPolled = 0
42 | Cy4CoreAffinity = 4
43 | # Instance 5
44 | Cy5Name = "IPSec5"
45 | Cy5IsPolled = 0
46 | Cy5CoreAffinity = 5
47 | # Instance 6
48 | Cy6Name = "IPSec6"
49 | Cy6IsPolled = 0
50 | Cy6CoreAffinity = 6
51 | # Instance 7
52 | Cy7Name = "IPSec7"
53 | Cy7IsPolled = 0
54 | Cy7CoreAffinity = 7
55 | # Instance 8
56 | Cy8Name = "IPSec8"
57 | Cy8IsPolled = 0
58 | Cy8CoreAffinity = 8
59 | # Instance 9
60 | Cy9Name = "IPSec9"
61 | Cy9IsPolled = 0
62 | Cy9CoreAffinity = 9
63 | # Instance 10
64 | Cy10Name = "IPSec10"
65 | Cy10IsPolled = 0
66 | Cy10CoreAffinity = 10
67 | # Instance 11
68 | Cy11Name = "IPSec11"
69 | Cy11IsPolled = 0
70 | Cy11CoreAffinity = 11
71 | # Instance 12
72 | Cy12Name = "IPSec12"
73 | Cy12IsPolled = 0
74 | Cy12CoreAffinity = 12
75 | # Instance 13
76 | Cy13Name = "IPSec13"
77 | Cy13IsPolled = 0
78 | Cy13CoreAffinity = 13
79 | # Instance 14
80 | Cy14Name = "IPSec14"
81 | Cy14IsPolled = 0
82 | Cy14CoreAffinity = 14
83 | # Instance 15
84 | Cy15Name = "IPSec15"
85 | Cy15IsPolled = 0
86 | Cy15CoreAffinity = 15
87 | 
88 | 
89 | # Disable QAT API
90 | [KERNEL_QAT]
91 | NumberCyInstances = 0
92 | NumberDcInstances = 0
93 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/c6xx_dev1.conf:
--------------------------------------------------------------------------------
 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES
 2 | # VyOS config
 3 | 
 4 | [GENERAL]
 5 | ConfigVersion = 2
 6 | # Enable only cryptographic service
 7 | ServicesEnabled = cy
 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances
 9 | CyNumConcurrentSymRequests = 512
10 | CyNumConcurrentAsymRequests = 16384
11 | # Automatically resets the device in case of fatal error or heartbeat failure
12 | AutoResetOnError = 1
13 | # Interrupts Coalescing
14 | InterruptCoalescingEnabled = 1
15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt
16 | InterruptCoalescingTimerNs = 500000
17 | 
18 | 
19 | [KERNEL]
20 | # Create two cryptographic instances
21 | NumberCyInstances = 16
22 | NumberDcInstances = 0
23 | # Instance 0
24 | Cy0Name = "IPSec0"
25 | Cy0IsPolled = 0
26 | Cy0CoreAffinity = 0
27 | # Instance 1
28 | Cy1Name = "IPSec1"
29 | Cy1IsPolled = 0
30 | Cy1CoreAffinity = 1
31 | # Instance 2
32 | Cy2Name = "IPSec2"
33 | Cy2IsPolled = 0
34 | Cy2CoreAffinity = 2
35 | # Instance 3
36 | Cy3Name = "IPSec3"
37 | Cy3IsPolled = 0
38 | Cy3CoreAffinity = 3
39 | # Instance 4
40 | Cy4Name = "IPSec4"
41 | Cy4IsPolled = 0
42 | Cy4CoreAffinity = 4
43 | # Instance 5
44 | Cy5Name = "IPSec5"
45 | Cy5IsPolled = 0
46 | Cy5CoreAffinity = 5
47 | # Instance 6
48 | Cy6Name = "IPSec6"
49 | Cy6IsPolled = 0
50 | Cy6CoreAffinity = 6
51 | # Instance 7
52 | Cy7Name = "IPSec7"
53 | Cy7IsPolled = 0
54 | Cy7CoreAffinity = 7
55 | # Instance 8
56 | Cy8Name = "IPSec8"
57 | Cy8IsPolled = 0
58 | Cy8CoreAffinity = 8
59 | # Instance 9
60 | Cy9Name = "IPSec9"
61 | Cy9IsPolled = 0
62 | Cy9CoreAffinity = 9
63 | # Instance 10
64 | Cy10Name = "IPSec10"
65 | Cy10IsPolled = 0
66 | Cy10CoreAffinity = 10
67 | # Instance 11
68 | Cy11Name = "IPSec11"
69 | Cy11IsPolled = 0
70 | Cy11CoreAffinity = 11
71 | # Instance 12
72 | Cy12Name = "IPSec12"
73 | Cy12IsPolled = 0
74 | Cy12CoreAffinity = 12
75 | # Instance 13
76 | Cy13Name = "IPSec13"
77 | Cy13IsPolled = 0
78 | Cy13CoreAffinity = 13
79 | # Instance 14
80 | Cy14Name = "IPSec14"
81 | Cy14IsPolled = 0
82 | Cy14CoreAffinity = 14
83 | # Instance 15
84 | Cy15Name = "IPSec15"
85 | Cy15IsPolled = 0
86 | Cy15CoreAffinity = 15
87 | 
88 | 
89 | # Disable QAT API
90 | [KERNEL_QAT]
91 | NumberCyInstances = 0
92 | NumberDcInstances = 0
93 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/c6xx_dev2.conf:
--------------------------------------------------------------------------------
 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES
 2 | # VyOS config
 3 | 
 4 | [GENERAL]
 5 | ConfigVersion = 2
 6 | # Enable only cryptographic service
 7 | ServicesEnabled = cy
 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances
 9 | CyNumConcurrentSymRequests = 512
10 | CyNumConcurrentAsymRequests = 16384
11 | # Automatically resets the device in case of fatal error or heartbeat failure
12 | AutoResetOnError = 1
13 | # Interrupts Coalescing
14 | InterruptCoalescingEnabled = 1
15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt
16 | InterruptCoalescingTimerNs = 500000
17 | 
18 | 
19 | [KERNEL]
20 | # Create two cryptographic instances
21 | NumberCyInstances = 16
22 | NumberDcInstances = 0
23 | # Instance 0
24 | Cy0Name = "IPSec0"
25 | Cy0IsPolled = 0
26 | Cy0CoreAffinity = 0
27 | # Instance 1
28 | Cy1Name = "IPSec1"
29 | Cy1IsPolled = 0
30 | Cy1CoreAffinity = 1
31 | # Instance 2
32 | Cy2Name = "IPSec2"
33 | Cy2IsPolled = 0
34 | Cy2CoreAffinity = 2
35 | # Instance 3
36 | Cy3Name = "IPSec3"
37 | Cy3IsPolled = 0
38 | Cy3CoreAffinity = 3
39 | # Instance 4
40 | Cy4Name = "IPSec4"
41 | Cy4IsPolled = 0
42 | Cy4CoreAffinity = 4
43 | # Instance 5
44 | Cy5Name = "IPSec5"
45 | Cy5IsPolled = 0
46 | Cy5CoreAffinity = 5
47 | # Instance 6
48 | Cy6Name = "IPSec6"
49 | Cy6IsPolled = 0
50 | Cy6CoreAffinity = 6
51 | # Instance 7
52 | Cy7Name = "IPSec7"
53 | Cy7IsPolled = 0
54 | Cy7CoreAffinity = 7
55 | # Instance 8
56 | Cy8Name = "IPSec8"
57 | Cy8IsPolled = 0
58 | Cy8CoreAffinity = 8
59 | # Instance 9
60 | Cy9Name = "IPSec9"
61 | Cy9IsPolled = 0
62 | Cy9CoreAffinity = 9
63 | # Instance 10
64 | Cy10Name = "IPSec10"
65 | Cy10IsPolled = 0
66 | Cy10CoreAffinity = 10
67 | # Instance 11
68 | Cy11Name = "IPSec11"
69 | Cy11IsPolled = 0
70 | Cy11CoreAffinity = 11
71 | # Instance 12
72 | Cy12Name = "IPSec12"
73 | Cy12IsPolled = 0
74 | Cy12CoreAffinity = 12
75 | # Instance 13
76 | Cy13Name = "IPSec13"
77 | Cy13IsPolled = 0
78 | Cy13CoreAffinity = 13
79 | # Instance 14
80 | Cy14Name = "IPSec14"
81 | Cy14IsPolled = 0
82 | Cy14CoreAffinity = 14
83 | # Instance 15
84 | Cy15Name = "IPSec15"
85 | Cy15IsPolled = 0
86 | Cy15CoreAffinity = 15
87 | 
88 | 
89 | # Disable QAT API
90 | [KERNEL_QAT]
91 | NumberCyInstances = 0
92 | NumberDcInstances = 0
93 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/d15xx_dev0.conf:
--------------------------------------------------------------------------------
 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES
 2 | # VyOS config
 3 | 
 4 | [GENERAL]
 5 | ConfigVersion = 2
 6 | # Enable only cryptographic service
 7 | ServicesEnabled = cy
 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances
 9 | CyNumConcurrentSymRequests = 512
10 | CyNumConcurrentAsymRequests = 16384
11 | # Automatically resets the device in case of fatal error or heartbeat failure
12 | AutoResetOnError = 1
13 | # Interrupts Coalescing
14 | InterruptCoalescingEnabled = 1
15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt
16 | InterruptCoalescingTimerNs = 500000
17 | 
18 | 
19 | [KERNEL]
20 | # Create two cryptographic instances
21 | NumberCyInstances = 16
22 | NumberDcInstances = 0
23 | # Instance 0
24 | Cy0Name = "IPSec0"
25 | Cy0IsPolled = 0
26 | Cy0CoreAffinity = 0
27 | # Instance 1
28 | Cy1Name = "IPSec1"
29 | Cy1IsPolled = 0
30 | Cy1CoreAffinity = 1
31 | # Instance 2
32 | Cy2Name = "IPSec2"
33 | Cy2IsPolled = 0
34 | Cy2CoreAffinity = 2
35 | # Instance 3
36 | Cy3Name = "IPSec3"
37 | Cy3IsPolled = 0
38 | Cy3CoreAffinity = 3
39 | # Instance 4
40 | Cy4Name = "IPSec4"
41 | Cy4IsPolled = 0
42 | Cy4CoreAffinity = 4
43 | # Instance 5
44 | Cy5Name = "IPSec5"
45 | Cy5IsPolled = 0
46 | Cy5CoreAffinity = 5
47 | # Instance 6
48 | Cy6Name = "IPSec6"
49 | Cy6IsPolled = 0
50 | Cy6CoreAffinity = 6
51 | # Instance 7
52 | Cy7Name = "IPSec7"
53 | Cy7IsPolled = 0
54 | Cy7CoreAffinity = 7
55 | # Instance 8
56 | Cy8Name = "IPSec8"
57 | Cy8IsPolled = 0
58 | Cy8CoreAffinity = 8
59 | # Instance 9
60 | Cy9Name = "IPSec9"
61 | Cy9IsPolled = 0
62 | Cy9CoreAffinity = 9
63 | # Instance 10
64 | Cy10Name = "IPSec10"
65 | Cy10IsPolled = 0
66 | Cy10CoreAffinity = 10
67 | # Instance 11
68 | Cy11Name = "IPSec11"
69 | Cy11IsPolled = 0
70 | Cy11CoreAffinity = 11
71 | # Instance 12
72 | Cy12Name = "IPSec12"
73 | Cy12IsPolled = 0
74 | Cy12CoreAffinity = 12
75 | # Instance 13
76 | Cy13Name = "IPSec13"
77 | Cy13IsPolled = 0
78 | Cy13CoreAffinity = 13
79 | # Instance 14
80 | Cy14Name = "IPSec14"
81 | Cy14IsPolled = 0
82 | Cy14CoreAffinity = 14
83 | # Instance 15
84 | Cy15Name = "IPSec15"
85 | Cy15IsPolled = 0
86 | Cy15CoreAffinity = 15
87 | 
88 | 
89 | # Disable QAT API
90 | [KERNEL_QAT]
91 | NumberCyInstances = 0
92 | NumberDcInstances = 0
93 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/d15xx_dev1.conf:
--------------------------------------------------------------------------------
 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES
 2 | # VyOS config
 3 | 
 4 | [GENERAL]
 5 | ConfigVersion = 2
 6 | # Enable only cryptographic service
 7 | ServicesEnabled = cy
 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances
 9 | CyNumConcurrentSymRequests = 512
10 | CyNumConcurrentAsymRequests = 16384
11 | # Automatically resets the device in case of fatal error or heartbeat failure
12 | AutoResetOnError = 1
13 | # Interrupts Coalescing
14 | InterruptCoalescingEnabled = 1
15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt
16 | InterruptCoalescingTimerNs = 500000
17 | 
18 | 
19 | [KERNEL]
20 | # Create two cryptographic instances
21 | NumberCyInstances = 16
22 | NumberDcInstances = 0
23 | # Instance 0
24 | Cy0Name = "IPSec0"
25 | Cy0IsPolled = 0
26 | Cy0CoreAffinity = 0
27 | # Instance 1
28 | Cy1Name = "IPSec1"
29 | Cy1IsPolled = 0
30 | Cy1CoreAffinity = 1
31 | # Instance 2
32 | Cy2Name = "IPSec2"
33 | Cy2IsPolled = 0
34 | Cy2CoreAffinity = 2
35 | # Instance 3
36 | Cy3Name = "IPSec3"
37 | Cy3IsPolled = 0
38 | Cy3CoreAffinity = 3
39 | # Instance 4
40 | Cy4Name = "IPSec4"
41 | Cy4IsPolled = 0
42 | Cy4CoreAffinity = 4
43 | # Instance 5
44 | Cy5Name = "IPSec5"
45 | Cy5IsPolled = 0
46 | Cy5CoreAffinity = 5
47 | # Instance 6
48 | Cy6Name = "IPSec6"
49 | Cy6IsPolled = 0
50 | Cy6CoreAffinity = 6
51 | # Instance 7
52 | Cy7Name = "IPSec7"
53 | Cy7IsPolled = 0
54 | Cy7CoreAffinity = 7
55 | # Instance 8
56 | Cy8Name = "IPSec8"
57 | Cy8IsPolled = 0
58 | Cy8CoreAffinity = 8
59 | # Instance 9
60 | Cy9Name = "IPSec9"
61 | Cy9IsPolled = 0
62 | Cy9CoreAffinity = 9
63 | # Instance 10
64 | Cy10Name = "IPSec10"
65 | Cy10IsPolled = 0
66 | Cy10CoreAffinity = 10
67 | # Instance 11
68 | Cy11Name = "IPSec11"
69 | Cy11IsPolled = 0
70 | Cy11CoreAffinity = 11
71 | # Instance 12
72 | Cy12Name = "IPSec12"
73 | Cy12IsPolled = 0
74 | Cy12CoreAffinity = 12
75 | # Instance 13
76 | Cy13Name = "IPSec13"
77 | Cy13IsPolled = 0
78 | Cy13CoreAffinity = 13
79 | # Instance 14
80 | Cy14Name = "IPSec14"
81 | Cy14IsPolled = 0
82 | Cy14CoreAffinity = 14
83 | # Instance 15
84 | Cy15Name = "IPSec15"
85 | Cy15IsPolled = 0
86 | Cy15CoreAffinity = 15
87 | 
88 | 
89 | # Disable QAT API
90 | [KERNEL_QAT]
91 | NumberCyInstances = 0
92 | NumberDcInstances = 0
93 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/d15xx_dev2.conf:
--------------------------------------------------------------------------------
 1 | # INTEL® C62X CHIPSET, INTEL® ATOM™ C3000 PROCESSOR PRODUCT FAMILY, INTEL® XEON® PROCESSOR D FAMILY, INTEL® COMMUNICATION CHIPSET 8925 TO 8955 SERIES
 2 | # VyOS config
 3 | 
 4 | [GENERAL]
 5 | ConfigVersion = 2
 6 | # Enable only cryptographic service
 7 | ServicesEnabled = cy
 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances
 9 | CyNumConcurrentSymRequests = 512
10 | CyNumConcurrentAsymRequests = 16384
11 | # Automatically resets the device in case of fatal error or heartbeat failure
12 | AutoResetOnError = 1
13 | # Interrupts Coalescing
14 | InterruptCoalescingEnabled = 1
15 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt
16 | InterruptCoalescingTimerNs = 500000
17 | 
18 | 
19 | [KERNEL]
20 | # Create two cryptographic instances
21 | NumberCyInstances = 16
22 | NumberDcInstances = 0
23 | # Instance 0
24 | Cy0Name = "IPSec0"
25 | Cy0IsPolled = 0
26 | Cy0CoreAffinity = 0
27 | # Instance 1
28 | Cy1Name = "IPSec1"
29 | Cy1IsPolled = 0
30 | Cy1CoreAffinity = 1
31 | # Instance 2
32 | Cy2Name = "IPSec2"
33 | Cy2IsPolled = 0
34 | Cy2CoreAffinity = 2
35 | # Instance 3
36 | Cy3Name = "IPSec3"
37 | Cy3IsPolled = 0
38 | Cy3CoreAffinity = 3
39 | # Instance 4
40 | Cy4Name = "IPSec4"
41 | Cy4IsPolled = 0
42 | Cy4CoreAffinity = 4
43 | # Instance 5
44 | Cy5Name = "IPSec5"
45 | Cy5IsPolled = 0
46 | Cy5CoreAffinity = 5
47 | # Instance 6
48 | Cy6Name = "IPSec6"
49 | Cy6IsPolled = 0
50 | Cy6CoreAffinity = 6
51 | # Instance 7
52 | Cy7Name = "IPSec7"
53 | Cy7IsPolled = 0
54 | Cy7CoreAffinity = 7
55 | # Instance 8
56 | Cy8Name = "IPSec8"
57 | Cy8IsPolled = 0
58 | Cy8CoreAffinity = 8
59 | # Instance 9
60 | Cy9Name = "IPSec9"
61 | Cy9IsPolled = 0
62 | Cy9CoreAffinity = 9
63 | # Instance 10
64 | Cy10Name = "IPSec10"
65 | Cy10IsPolled = 0
66 | Cy10CoreAffinity = 10
67 | # Instance 11
68 | Cy11Name = "IPSec11"
69 | Cy11IsPolled = 0
70 | Cy11CoreAffinity = 11
71 | # Instance 12
72 | Cy12Name = "IPSec12"
73 | Cy12IsPolled = 0
74 | Cy12CoreAffinity = 12
75 | # Instance 13
76 | Cy13Name = "IPSec13"
77 | Cy13IsPolled = 0
78 | Cy13CoreAffinity = 13
79 | # Instance 14
80 | Cy14Name = "IPSec14"
81 | Cy14IsPolled = 0
82 | Cy14CoreAffinity = 14
83 | # Instance 15
84 | Cy15Name = "IPSec15"
85 | Cy15IsPolled = 0
86 | Cy15CoreAffinity = 15
87 | 
88 | 
89 | # Disable QAT API
90 | [KERNEL_QAT]
91 | NumberCyInstances = 0
92 | NumberDcInstances = 0
93 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/dh895xcc_dev0.conf:
--------------------------------------------------------------------------------
 1 | # Intel® Communications Chipset 8900 to 8920 and Intel® Atom™ Processor C2000 Product Family for Communications Infrastructure
 2 | # Vyos config
 3 | 
 4 | [GENERAL]
 5 | ConfigVersion = 2
 6 | # Enable only cryptographic service
 7 | ServicesEnabled = cy
 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances
 9 | CyNumConcurrentSymRequests = 512
10 | CyNumConcurrentAsymRequests = 4096
11 | # Interrupt Coalescing, available only in Intel® Communications Chipset 8900 to 8920 and Intel® Atom™ Processor C2000 Product Family for Communications Infrastructure
12 | InterruptCoalescingEnabled = 1
13 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt
14 | InterruptCoalescingTimerNs = 500000
15 | # Automatically resets the device in case of fatal error or heartbeat failure
16 | AutoResetOnError = 1
17 | 
18 | [KERNEL]
19 | # create two cryptographic instances
20 | NumberCyInstances = 8
21 | NumberDcInstances = 0
22 | # Instance 0
23 | Cy0Name = "IPSec0"
24 | Cy0IsPolled = 0
25 | Cy0CoreAffinity = 0
26 | # Instance 1
27 | Cy1Name = "IPSec1"
28 | Cy1IsPolled = 0
29 | Cy1CoreAffinity = 1
30 | # Instance 2
31 | Cy2Name = "IPSec2"
32 | Cy2IsPolled = 0
33 | Cy2CoreAffinity = 2
34 | # Instance 3
35 | Cy3Name = "IPSec3"
36 | Cy3IsPolled = 0
37 | Cy3CoreAffinity = 3
38 | # Instance 4
39 | Cy4Name = "IPSec4"
40 | Cy4IsPolled = 0
41 | Cy4CoreAffinity = 4
42 | # Instance 5
43 | Cy5Name = "IPSec5"
44 | Cy5IsPolled = 0
45 | Cy5CoreAffinity = 5
46 | # Instance 6
47 | Cy6Name = "IPSec6"
48 | Cy6IsPolled = 0
49 | Cy6CoreAffinity = 6
50 | # Instance 7
51 | Cy7Name = "IPSec7"
52 | Cy7IsPolled = 0
53 | Cy7CoreAffinity = 7
54 | 
55 | 
56 | # Disable QAT API
57 | [KERNEL_QAT]
58 | NumberCyInstances = 0
59 | NumberDcInstances = 0
60 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/dh895xcc_dev1.conf:
--------------------------------------------------------------------------------
 1 | # Intel® Communications Chipset 8900 to 8920 and Intel® Atom™ Processor C2000 Product Family for Communications Infrastructure
 2 | # Vyos config
 3 | 
 4 | [GENERAL]
 5 | ConfigVersion = 2
 6 | # Enable only cryptographic service
 7 | ServicesEnabled = cy
 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances
 9 | CyNumConcurrentSymRequests = 512
10 | CyNumConcurrentAsymRequests = 4096
11 | # Interrupt Coalescing, available only in Intel® Communications Chipset 8900 to 8920 and Intel® Atom™ Processor C2000 Product Family for Communications Infrastructure
12 | InterruptCoalescingEnabled = 1
13 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt
14 | InterruptCoalescingTimerNs = 500000
15 | # Automatically resets the device in case of fatal error or heartbeat failure
16 | AutoResetOnError = 1
17 | 
18 | [KERNEL]
19 | # create two cryptographic instances
20 | NumberCyInstances = 8
21 | NumberDcInstances = 0
22 | # Instance 0
23 | Cy0Name = "IPSec0"
24 | Cy0IsPolled = 0
25 | Cy0CoreAffinity = 0
26 | # Instance 1
27 | Cy1Name = "IPSec1"
28 | Cy1IsPolled = 0
29 | Cy1CoreAffinity = 1
30 | # Instance 2
31 | Cy2Name = "IPSec2"
32 | Cy2IsPolled = 0
33 | Cy2CoreAffinity = 2
34 | # Instance 3
35 | Cy3Name = "IPSec3"
36 | Cy3IsPolled = 0
37 | Cy3CoreAffinity = 3
38 | # Instance 4
39 | Cy4Name = "IPSec4"
40 | Cy4IsPolled = 0
41 | Cy4CoreAffinity = 4
42 | # Instance 5
43 | Cy5Name = "IPSec5"
44 | Cy5IsPolled = 0
45 | Cy5CoreAffinity = 5
46 | # Instance 6
47 | Cy6Name = "IPSec6"
48 | Cy6IsPolled = 0
49 | Cy6CoreAffinity = 6
50 | # Instance 7
51 | Cy7Name = "IPSec7"
52 | Cy7IsPolled = 0
53 | Cy7CoreAffinity = 7
54 | 
55 | 
56 | # Disable QAT API
57 | [KERNEL_QAT]
58 | NumberCyInstances = 0
59 | NumberDcInstances = 0
60 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/dh895xcc_dev2.conf:
--------------------------------------------------------------------------------
 1 | # Intel® Communications Chipset 8900 to 8920 and Intel® Atom™ Processor C2000 Product Family for Communications Infrastructure
 2 | # Vyos config
 3 | 
 4 | [GENERAL]
 5 | ConfigVersion = 2
 6 | # Enable only cryptographic service
 7 | ServicesEnabled = cy
 8 | # The number of cryptographic concurrent symmetric and asymmetric requests for cryptographic instances
 9 | CyNumConcurrentSymRequests = 512
10 | CyNumConcurrentAsymRequests = 4096
11 | # Interrupt Coalescing, available only in Intel® Communications Chipset 8900 to 8920 and Intel® Atom™ Processor C2000 Product Family for Communications Infrastructure
12 | InterruptCoalescingEnabled = 1
13 | # Wait for amount of ns before generate interrupt with cryptographic operation answer. Allows to combine multiple operations in a single interrupt
14 | InterruptCoalescingTimerNs = 500000
15 | # Automatically resets the device in case of fatal error or heartbeat failure
16 | AutoResetOnError = 1
17 | 
18 | [KERNEL]
19 | # create two cryptographic instances
20 | NumberCyInstances = 8
21 | NumberDcInstances = 0
22 | # Instance 0
23 | Cy0Name = "IPSec0"
24 | Cy0IsPolled = 0
25 | Cy0CoreAffinity = 0
26 | # Instance 1
27 | Cy1Name = "IPSec1"
28 | Cy1IsPolled = 0
29 | Cy1CoreAffinity = 1
30 | # Instance 2
31 | Cy2Name = "IPSec2"
32 | Cy2IsPolled = 0
33 | Cy2CoreAffinity = 2
34 | # Instance 3
35 | Cy3Name = "IPSec3"
36 | Cy3IsPolled = 0
37 | Cy3CoreAffinity = 3
38 | # Instance 4
39 | Cy4Name = "IPSec4"
40 | Cy4IsPolled = 0
41 | Cy4CoreAffinity = 4
42 | # Instance 5
43 | Cy5Name = "IPSec5"
44 | Cy5IsPolled = 0
45 | Cy5CoreAffinity = 5
46 | # Instance 6
47 | Cy6Name = "IPSec6"
48 | Cy6IsPolled = 0
49 | Cy6CoreAffinity = 6
50 | # Instance 7
51 | Cy7Name = "IPSec7"
52 | Cy7IsPolled = 0
53 | Cy7CoreAffinity = 7
54 | 
55 | 
56 | # Disable QAT API
57 | [KERNEL_QAT]
58 | NumberCyInstances = 0
59 | NumberDcInstances = 0
60 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/initramfs-tools/hooks/10-vyos-addons:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | PREREQ=""
 3 | prereqs()
 4 | {
 5 |     echo "$PREREQ"
 6 | }
 7 | case $1 in
 8 | prereqs)
 9 |     prereqs
10 |     exit 0
11 |     ;;
12 | esac
13 | . /usr/share/initramfs-tools/hook-functions
14 | # Begin real processing below this line
15 | 
16 | # include listed modules to initramfs but not load them without the necessity
17 | manual_add_modules igb ixgbe ixgbevf i40e i40evf
18 | 
19 | # include modules from file (one per line) to initramfs but not load them without the necessity
20 | # add_modules_from_file /tmp/modlist
21 | 
22 | # include listed modules to initramfs and load them during the boot
23 | # force_load xxx
24 | 
25 | # executable to copy to initramfs, with library dependencies
26 | copy_exec /usr/lib/x86_64-linux-gnu/libnss_dns.so.2
27 | 
28 | # missing fsck in initramfs
29 | copy_exec /usr/sbin/fsck
30 | copy_exec /usr/sbin/fsck.ext2
31 | copy_exec /usr/sbin/fsck.ext3
32 | copy_exec /usr/sbin/fsck.ext4
33 | 
34 | # copy other files ("other" here is a file type, so do not delete this keyword)
35 | copy_file other /etc/ssl/certs/ca-certificates.crt
36 | copy_file other /etc/ssl/openssl.cnf
37 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/modprobe.d/intel-qat-blacklist.conf:
--------------------------------------------------------------------------------
1 | blacklist intel_qat
2 | blacklist qat_c3xxx
3 | blacklist c6xx_dev0
4 | blacklist d15xx_dev0
5 | blacklist dh895xcc_dev0
6 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/modprobe.d/no-copybreak.conf:
--------------------------------------------------------------------------------
 1 | #
 2 | # **** License ****
 3 | # This program is free software; you can redistribute it and/or modify
 4 | # it under the terms of the GNU General Public License version 2 as
 5 | # published by the Free Software Foundation.
 6 | #
 7 | # This program is distributed in the hope that it will be useful, but
 8 | # WITHOUT ANY WARRANTY; without even the implied warranty of
 9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
10 | # General Public License for more details.
11 | #
12 | # This code was originally developed by Vyatta, Inc.
13 | # Portions created by Vyatta are Copyright (C) 2009 Vyatta, Inc.
14 | # All Rights Reserved.
15 | # **** End License ****
16 | #
17 | # Author:  Bob Gilligan <gilligan@vyatta.com>
18 | #
19 | # Some network interface drivers employ a scheme known as "copybreak"
20 | # in which they make a copy of a received skb if the size of the
21 | # buffer is below a particular threshold, then return the original
22 | # receive skb back to the pool.  Since these drivers initially
23 | # allocate a buffer size that is larger than the largest possible
24 | # packet, this scheme returns that large buffer to the pool quickly,
25 | # and uses a smaller one.
26 | #
27 | # The primary benefit of copybreak is better memory utilization.  On
28 | # systems where the data is ultimately going to be copied out to user
29 | # space, the copybreak scheme is "low cost" because it has the side
30 | # benefit of priming the cache for that later copy.  But on a router
31 | # that only touches the header fields of a received packet, the cost
32 | # can be relatively higher.  And on modern systems the memory savings
33 | # is rarely an important consideration.
34 | #
35 | # Some of the drivers that employ copybreak make the feature
36 | # configurable via a module parameter.  This file disables copybreak
37 | # in some of those drivers.  Generally this results in an improvement
38 | # in forwarding performance for traffic using these drivers.
39 | 
40 | options 3c515 rx_copybreak=0
41 | options 3c59x rx_copybreak=0
42 | options bcm63xx copybreak=0
43 | options cxgb copybreak=0
44 | options e1000 copybreak=0
45 | options e1000e copybreak=0
46 | options epic100 rx_copybreak=0
47 | options fealnx rx_copybreak=0
48 | options hamachi rx_copybreak=0
49 | options ixgb copybreak=0
50 | options natsemi rx_copybreak=0
51 | options pch_gbe copybreak=0
52 | options pcnet32 rx_copybreak=0
53 | options sis190 rx_copybreak=0
54 | options sky2 copybreak=0
55 | options starfire rx_copybreak=0
56 | options sundance rx_copybreak=0
57 | options typhoon rx_copybreak=0
58 | options via-rhine rx_copybreak=0
59 | options via-velocity rx_copybreak=0
60 | options yellowfin rx_copybreak=0
61 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/modules-load.d/br-netfilter.conf:
--------------------------------------------------------------------------------
1 | # Load br-netfilter.ko at boot
2 | br_netfilter
3 | 
4 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/nsswitch.conf:
--------------------------------------------------------------------------------
 1 | # /etc/nsswitch.conf
 2 | #
 3 | # Example configuration of GNU Name Service Switch functionality.
 4 | # If you have the `glibc-doc-reference' and `info' packages installed, try:
 5 | # `info libc "Name Service Switch"' for information about this file.
 6 | 
 7 | passwd:         files
 8 | group:          files
 9 | shadow:         files
10 | gshadow:        files
11 | 
12 | # Per T2678, commenting out myhostname
13 | hosts:          files dns #myhostname
14 | networks:       files
15 | 
16 | protocols:      db files
17 | services:       db files
18 | ethers:         db files
19 | rpc:            db files
20 | 
21 | netgroup:       nis
22 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/sudoers.d/openvpn:
--------------------------------------------------------------------------------
1 | openvpn ALL=(ALL) NOPASSWD: /sbin/ip
2 | Defaults:openvpn !requiretty
3 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/systemd/bootchart.conf:
--------------------------------------------------------------------------------
 1 | [Bootchart]
 2 | Samples=20000
 3 | Frequency=25
 4 | #Relative=yes
 5 | #Filter=yes
 6 | #Output=<folder name, defaults to /run/log>
 7 | #Init=/path/to/init-binary
 8 | #PlotMemoryUsage=yes
 9 | #PlotEntropyGraph=yes
10 | #ScaleX=100
11 | #ScaleY=20
12 | #ControlGroup=yes
13 | PerCPU=yes
14 | Cmdline=yes
15 | 
16 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/systemd/journald.conf:
--------------------------------------------------------------------------------
 1 | #  This file is managed in vyos-build
 2 | #
 3 | #  This file is part of systemd.
 4 | #
 5 | #  systemd is free software; you can redistribute it and/or modify it
 6 | #  under the terms of the GNU Lesser General Public License as published by
 7 | #  the Free Software Foundation; either version 2.1 of the License, or
 8 | #  (at your option) any later version.
 9 | #
10 | # Entries in this file show the compile time defaults.
11 | # You can change settings by editing this file.
12 | # Defaults can be restored by simply deleting this file.
13 | #
14 | # See journald.conf(5) for details.
15 | 
16 | [Journal]
17 | #Storage=persistent
18 | #Compress=yes
19 | #Seal=yes
20 | #SplitMode=uid
21 | #SyncIntervalSec=5m
22 | #RateLimitIntervalSec=30s
23 | #RateLimitBurst=1000
24 | #SystemMaxUse=
25 | #SystemKeepFree=
26 | #SystemMaxFileSize=
27 | #SystemMaxFiles=100
28 | #RuntimeMaxUse=
29 | #RuntimeKeepFree=
30 | #RuntimeMaxFileSize=
31 | #RuntimeMaxFiles=100
32 | #MaxRetentionSec=
33 | #MaxFileSec=1month
34 | ForwardToSyslog=yes
35 | #ForwardToKMsg=no
36 | #ForwardToConsole=no
37 | #ForwardToWall=yes
38 | #TTYPath=/dev/console
39 | #MaxLevelStore=debug
40 | MaxLevelSyslog=debug
41 | #MaxLevelKMsg=notice
42 | #MaxLevelConsole=info
43 | #MaxLevelWall=emerg
44 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/systemd/system.conf:
--------------------------------------------------------------------------------
 1 | #  This file is managed in vyos-build
 2 | #
 3 | #  This file is part of systemd.
 4 | #
 5 | #  systemd is free software; you can redistribute it and/or modify it
 6 | #  under the terms of the GNU Lesser General Public License as published by
 7 | #  the Free Software Foundation; either version 2.1 of the License, or
 8 | #  (at your option) any later version.
 9 | #
10 | # See systemd-system.conf(5) for details
11 | 
12 | [Manager]
13 | #LogLevel=info
14 | #LogTarget=journal-or-kmsg
15 | #LogColor=yes
16 | #LogLocation=no
17 | #DumpCore=yes
18 | #CrashShell=no
19 | ShowStatus=yes
20 | #CrashChVT=1
21 | #CPUAffinity=1 2
22 | #JoinControllers=cpu,cpuacct net_cls,net_prio
23 | #RuntimeWatchdogSec=0
24 | #ShutdownWatchdogSec=10min
25 | #CapabilityBoundingSet=
26 | #SystemCallArchitectures=
27 | #TimerSlackNSec=
28 | #DefaultTimerAccuracySec=1min
29 | #DefaultStandardOutput=journal
30 | #DefaultStandardError=inherit
31 | #DefaultTimeoutStartSec=90s
32 | #DefaultTimeoutStopSec=90s
33 | #DefaultRestartSec=100ms
34 | #DefaultStartLimitInterval=10s
35 | #DefaultStartLimitBurst=5
36 | #DefaultEnvironment=
37 | #DefaultCPUAccounting=no
38 | #DefaultBlockIOAccounting=no
39 | #DefaultMemoryAccounting=no
40 | #DefaultLimitCPU=
41 | #DefaultLimitFSIZE=
42 | #DefaultLimitDATA=
43 | #DefaultLimitSTACK=
44 | #DefaultLimitCORE=
45 | #DefaultLimitRSS=
46 | #DefaultLimitNOFILE=
47 | #DefaultLimitAS=
48 | #DefaultLimitNPROC=
49 | #DefaultLimitMEMLOCK=
50 | #DefaultLimitLOCKS=
51 | #DefaultLimitSIGPENDING=
52 | #DefaultLimitMSGQUEUE=
53 | #DefaultLimitNICE=
54 | #DefaultLimitRTPRIO=
55 | #DefaultLimitRTTIME=
56 | StatusUnitFormat=description
57 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/etc/systemd/system/getty@tty1.service.d/noclear.conf:
--------------------------------------------------------------------------------
1 | [Service]
2 | TTYVTDisallocate=no
3 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry:
--------------------------------------------------------------------------------
 1 | menuentry "VyOS  (KVM console)" {
 2 |         linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=ttyS0,115200 console=tty0
 3 |         initrd /boot//initrd.img
 4 | }
 5 | 
 6 | menuentry "VyOS  (Serial console)" {
 7 |         linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=tty0 console=ttyS0,115200
 8 |         initrd /boot//initrd.img
 9 | }
10 | 
11 | menuentry "Lost password change  (KVM console)" {
12 |         linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=ttyS0,115200 console=tty0 init=/opt/vyatta/sbin/standalone_root_pw_reset
13 |         initrd /boot//initrd.img
14 | }
15 | 
16 | menuentry "Lost password change  (Serial console)" {
17 |         linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=tty0 console=ttyS0,115200 init=/opt/vyatta/sbin/standalone_root_pw_reset
18 |         initrd /boot//initrd.img
19 | }
20 | 
21 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/opt/vyatta/etc/install-image/postinst:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | source /opt/vyatta/sbin/install-functions
 4 | 
 5 | NEWVER=`mount | grep /mnt/inst_root`
 6 | NEWVER=${NEWVER#*upperdir=/live/image/boot/}
 7 | NEWVER=${NEWVER%/live-rw*}
 8 | 
 9 | # For upgrading from 1.1.8 and older:
10 | # Set the correct disk label and create persistence configs
11 | # Live CD persistence settings have changed in Debian Jessie
12 | # and the system will not find its persistence dir otherwise
13 | DISK_LABEL=`mount | grep /live/image | awk '{print $1}' | grep dev`
14 | 
15 | if [ -d "/live/image" ]; then
16 | 	e2label "${DISK_LABEL}" persistence
17 | 	if [ ! -f /live/image/persistence.conf ]; then
18 | 		echo "/ union" > /live/image/persistence.conf
19 | 	fi
20 | 	rm -f /live/image/boot/"${NEWVER}"/live-rw/etc/fstab
21 | 	mv /live/image/boot/"${NEWVER}"/live-rw /live/image/boot/"${NEWVER}"/rw
22 | 
23 |         touch /live/image/boot/"${NEWVER}"/rw/config/.upgraded
24 | fi
25 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-backup.minisign.pub:
--------------------------------------------------------------------------------
1 | untrusted comment: VyOS release signing key
2 | RWSw63o24QvCadaeW21Vqv6+/uzXUsNOpLlRoLRQd2NJgdOm1k1zdAb3
3 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-release.minisign.pub:
--------------------------------------------------------------------------------
1 | untrusted comment: VyOS release signing key
2 | RWTR1ty93Oyontk6caB9WqmiQC4fgeyd/ejgRxCRGd2MQej7nqebHneP
3 | 


--------------------------------------------------------------------------------
/data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-rolling-release.minisign.pub:
--------------------------------------------------------------------------------
1 | untrusted comment: minisign public key D3643767F448688
2 | RWSIhkR/dkM2DSaBRniv/bbbAf8hmDqdbOEmgXkf1RxRoxzodgKcDyGq
3 | 


--------------------------------------------------------------------------------
/data/live-build-config/package-lists/vyos-base.list.chroot:
--------------------------------------------------------------------------------
1 | debconf
2 | vyos-1x
3 | vyos-user-utils
4 | zstd
5 | 


--------------------------------------------------------------------------------
/data/live-build-config/package-lists/vyos-utils.list.chroot:
--------------------------------------------------------------------------------
1 | systemd-sysv
2 | systemd-bootchart
3 | ncurses-term
4 | kitty-terminfo
5 | binutils
6 | 


--------------------------------------------------------------------------------
/data/live-build-config/rootfs/excludes:
--------------------------------------------------------------------------------
 1 | # Exclude various unused files and directories in order to free some space and shrink imagesize.
 2 | #
 3 | # For information on how to use wildcards properly (Anchored and Non-anchored excludes):
 4 | #
 5 | # https://github.com/plougher/squashfs-tools/blob/master/RELEASE-READMEs/README-3.3
 6 | #
 7 | # Note:
 8 | #
 9 | # - root starts without leading '/'.
10 | #
11 | 
12 | # Txxx: Drop isc-dhcp helper files from /etc/default.
13 | # We use systemd to control ISC daemons from within vyos-1x.
14 | etc/default/isc-dhcp-server
15 | etc/default/isc-dhcp-relay
16 | 
17 | # T2185: Clean leftover files (ddclient) from base package.
18 | etc/dhcp/dhclient-exit-hooks.d/ddclient
19 | etc/ddclient.conf
20 | 
21 | # T3242: Add hook to prevent link_config redundancy call in systemd-udev.
22 | # 99-default.link rule always calls link_config thats trying to set autonegotiation and duplex even for PPP interfaces.
23 | # Need to delete this rule to prevent overhead on interface creation stage.
24 | lib/systemd/network/99-default.link
25 | 
26 | # T3774: Disabled atop services.
27 | etc/cron.d/atop
28 | 
29 | # T3912: Remove superfluous motd.d kernel version shell script.
30 | etc/update-motd.d/10-uname
31 | 
32 | # T4415: We do not need any documentation on the system.
33 | # Copyright/licenses files are ignored for deletion.
34 | usr/share/doc/*/!(copyright*|README*)
35 | usr/share/doc-base
36 | 
37 | # T5468: We do not need any manpages on the system since man-binary is missing.
38 | usr/local/man/*
39 | usr/local/share/man/*
40 | usr/share/man/*
41 | 
42 | # T5511: We do not need any games on the system.
43 | usr/games/*
44 | usr/local/games/*
45 | 
46 | # T5511: We do not need any caches on the system (will be recreated when needed).
47 | # T7278: We need directory created by python3-cracklib for password checks
48 | var/cache/!(cracklib)
49 | 
50 | # T5511: We do not need any log-files on the system (will be recreated when needed).
51 | var/log/*.log
52 | var/log/*/*.log
53 | var/log/*/*.log.xz
54 | 
55 | # T5511: We do not need any backup-files on the system (will be recreated when needed).
56 | ... *.bak
57 | ... *.old
58 | ... *.kbx~
59 | var/lib/dpkg/*-old
60 | 
61 | # T5624: Remove the Debian version file to avoid false positives from security scanners.
62 | etc/debian_version
63 | 
64 | 


--------------------------------------------------------------------------------
/data/versions:
--------------------------------------------------------------------------------
1 | {
2 |     "current": "1.5"
3 | }
4 | 


--------------------------------------------------------------------------------
/docker-vyos/Dockerfile:
--------------------------------------------------------------------------------
  1 | # syntax = docker/dockerfile:1
  2 | 
  3 | # Copyright (C) 2020-2023 VyOS maintainers and contributors
  4 | #
  5 | # This program is free software; you can redistribute it and/or modify
  6 | # it under the terms of the GNU General Public License version 2 or later as
  7 | # published by the Free Software Foundation.
  8 | #
  9 | # This program is distributed in the hope that it will be useful,
 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 12 | # GNU General Public License for more details.
 13 | #
 14 | # You should have received a copy of the GNU General Public License
 15 | # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 16 | 
 17 | # Define arguments for VyOS image
 18 | ARG VYOS_VERSION
 19 | ARG BUILD_DATE
 20 | 
 21 | # Use Debian as base layer
 22 | FROM debian:bookworm-slim
 23 | 
 24 | LABEL authors="VyOS Maintainers <maintainers@vyos.io>"
 25 | ENV DEBIAN_FRONTEND noninteractive
 26 | 
 27 | RUN /bin/echo -e 'APT::Install-Recommends "0";\nAPT::Install-Suggests "0";' > /etc/apt/apt.conf.d/01norecommends
 28 | 
 29 | # Base packaged needed to build packages and their package dependencies
 30 | RUN apt-get update && apt-get install -y \
 31 |       ca-certificates \
 32 |       gnupg \
 33 |       curl \
 34 |       fuse-overlayfs \
 35 |       jq \
 36 |       yq
 37 | 
 38 | # Copy installer script and default build settings
 39 | COPY [ "data/defaults.toml", \
 40 |        "data/live-build-config/archives/*", \
 41 |        "docker-vyos/vyos_install_common.sh", \
 42 |        "docker-vyos/vyos_install_stage_01.sh", \
 43 |        "/tmp/"]
 44 | COPY [ "data/architectures/*", "/tmp/architectures_triage/" ]
 45 | COPY [ "data/live-build-config/hooks/live/*", "/tmp/hooks/" ]
 46 | 
 47 | # Install VyOS dependencies
 48 | WORKDIR /tmp
 49 | RUN bash -c 'mv /tmp/architectures_triage/$(dpkg --print-architecture).toml /tmp && rm -rf /tmp/architectures_triage'
 50 | RUN bash /tmp/vyos_install_stage_01.sh
 51 | 
 52 | 
 53 | # Install VyOS specific software
 54 | COPY [ "data/defaults.toml", \
 55 |        "docker-vyos/vyos_install_common.sh", \
 56 |        "docker-vyos/vyos_install_stage_02.sh", "/tmp/" ]
 57 | COPY [ "data/architectures/*", "/tmp/architectures_triage/" ]
 58 | RUN bash -c 'mv /tmp/architectures_triage/$(dpkg --print-architecture).toml /tmp && rm -rf /tmp/architectures_triage'
 59 | RUN bash /tmp/vyos_install_stage_02.sh
 60 | 
 61 | 
 62 | # Tune system for VyOS
 63 | COPY [ "docker-vyos/vyos_install_common.sh", "docker-vyos/vyos_install_stage_03.sh", "/tmp/" ]
 64 | # Copy default config
 65 | COPY tools/container/config.boot.default /opt/vyatta/etc/
 66 | 
 67 | RUN bash /tmp/vyos_install_stage_03.sh
 68 | 
 69 | # Delete installer scripts
 70 | RUN rm -rf /tmp/*
 71 | 
 72 | 
 73 | # Make changes specific to the container environment
 74 | 
 75 | # Tell systemd that we are inside container
 76 | ENV container=docker
 77 | 
 78 | # Set proper STOPSIGNAL
 79 | STOPSIGNAL SIGRTMIN+3
 80 | 
 81 | # Run VyOS
 82 | CMD [ "/lib/systemd/systemd" ]
 83 | 
 84 | # Describe this image
 85 | LABEL maintainer="support@vyos.io" \
 86 |       description="VyOS for Docker" \
 87 |       vendor="Sentrium S.L." \
 88 |       version=${VYOS_VERSION} \
 89 |       io.vyos.build-date=${BUILD_DATE} \
 90 |       org.opencontainers.image.authors="support@vyos.io" \
 91 |       org.opencontainers.image.created=${BUILD_DATE} \
 92 |       org.opencontainers.image.version=${VYOS_VERSION} \
 93 |       org.opencontainers.image.url="https://github.com/vyos/vyos-build" \
 94 |       org.opencontainers.image.documentation="https://docs.vyos.io/en/latest/contributing/build-vyos.html" \
 95 |       org.opencontainers.image.source="https://github.com/vyos/vyos-build" \
 96 |       org.opencontainers.image.vendor="Sentrium S.L." \
 97 |       org.opencontainers.image.licenses="GNU" \
 98 |       org.opencontainers.image.title="vyos-build" \
 99 |       org.opencontainers.image.description="VyOS for Docker" \
100 |       org.opencontainers.image.base.name="docker.io/debian/debian:${DEBIAN_VERSION}-slim"
101 | 


--------------------------------------------------------------------------------
/docker-vyos/README.md:
--------------------------------------------------------------------------------
 1 | # VyOS as Docker container
 2 | 
 3 | VyOS can be run as a Docker container on a Linux host with a compatible kernel.
 4 | 
 5 | ## Build Container
 6 | 
 7 | To build a Docker image you need to have the whole `vyos-build` repository, not
 8 | only a folder with Dockerfile, because some files from this repository are
 9 | required for building.
10 | 
11 | Docker image with VyOS can be built on Linux host with the next command:
12 | 
13 | ```console
14 | docker build --compress --file Dockerfile \
15 |   --tag vyos:version-`date -u +%Y%m%d%H%M%S` \
16 |   --build-arg BUILD_DATE="`date -u --rfc-3339=seconds`" \
17 |   --build-arg VYOS_VERSION=version \
18 |   --build-arg DEBIAN_VERSION=debian \
19 |   --progress plain ..
20 | ```
21 | 
22 | Or, if you want to rebuild completely from the scratch (without cache):
23 | 
24 | ```console
25 | docker build --no-cache --pull --compress --file Dockerfile \
26 |   --tag vyos:version-`date -u +%Y%m%d%H%M%S` \
27 |   --build-arg BUILD_DATE="`date -u --rfc-3339=seconds`" \
28 |   --build-arg VYOS_VERSION=version \
29 |   --build-arg DEBIAN_VERSION=debian \
30 |   --progress plain ..
31 | ```
32 | 
33 | > **_NOTE:_** You must use proper version value for `DEBIAN_VERSION` variable.
34 |   It can be only `jessie` (for VyOS 1.2) or `buster` (for VyOS 1.3).
35 | 
36 | ## Run Container
37 | 
38 | Docker container with VyOS can be running with the next command:
39 | 
40 | ```console
41 | docker run --privileged --detach \
42 |   --volume /lib/modules:/lib/modules \
43 |   --name vyos_inside_docker vyos:version
44 | ```
45 | 
46 | You need to use the `--privileged` flag because the system actively interacts
47 | with a host kernel to perform routing operations and tune networking options.
48 | 
49 | **Experimantal:** You can limit access to some system resources with:
50 | 
51 | ```console
52 | docker run --privileged --detach \
53 |    --tmpfs /tmp \
54 |    --tmpfs /run \
55 |    --tmpfs /run/lock \
56 |    --volume /lib/modules:/lib/modules:ro \
57 |    --volume /sys/fs/cgroup:/sys/fs/cgroup:ro \
58 |    --name vyos_inside_docker vyos:version
59 | ```
60 | 
61 | ### Log into container
62 | 
63 | To open VyOS CLI, you can use SSH connection to the Docker container or run
64 | on host:
65 | 
66 | ```console
67 | docker exec -it vyos_inside_docker su vyos
68 | ```
69 | 
70 | ## Troubleshooting
71 | 
72 | If in VyOS appears IPv6-related errors, for example, it cannot assign an IPv6
73 | address for an interface, it is necessary to enable IPv6 support in Docker.
74 | 
75 | This can be done, by editing `/etc/docker/daemon.json`:
76 | 
77 | ```console
78 | {
79 |     "ipv6": true,
80 |     "fixed-cidr-v6": "fe80::/64"
81 | }
82 | ```
83 | 


--------------------------------------------------------------------------------
/docker-vyos/vyos_install_common.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Copyright (C) 2020-2023 VyOS maintainers and contributors
 4 | #
 5 | # This program is free software; you can redistribute it and/or modify
 6 | # it under the terms of the GNU General Public License version 2 or later as
 7 | # published by the Free Software Foundation.
 8 | #
 9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program.  If not, see <http://www.gnu.org/licenses/>.
16 | 
17 | # Set environment variables
18 | export DEBIAN_FRONTEND="noninteractive"
19 | 
20 | # Prepare for further tasks
21 | function prepare_apt() {
22 |     # Update packages list
23 |     apt-get update
24 | 
25 |     # Add VyOS repository to the system
26 |     local APT_VYOS_MIRROR=$(tomlq --raw-output .vyos_mirror /tmp/defaults.toml)
27 |     local APT_VYOS_BRANCH=$(tomlq --raw-output .vyos_branch /tmp/defaults.toml)
28 |     local APT_ADDITIONAL_REPOS=$(tomlq --raw-output .additional_repositories[] /tmp/$(dpkg --print-architecture).toml)
29 |     local RELEASE_TRAIN=$(tomlq --raw-output .release_train /tmp/defaults.toml)
30 | 
31 |     echo "APT_VYOS_MIRROR      : $APT_VYOS_MIRROR"
32 |     echo "APT_VYOS_BRANCH      : $APT_VYOS_BRANCH"
33 |     echo "APT_ADDITIONAL_REPOS : $APT_ADDITIONAL_REPOS"
34 |     echo "RELEASE_TRAIN        : $RELEASE_TRAIN"
35 | 
36 |     echo -e "deb ${APT_VYOS_MIRROR} ${APT_VYOS_BRANCH} main\n${APT_ADDITIONAL_REPOS}" > /etc/apt/sources.list.d/vyos.list
37 |     cat /etc/apt/sources.list.d/vyos.list
38 | 
39 |     if [ ${RELEASE_TRAIN} == "equuleus" ]; then
40 |         # Add backports repository
41 |         echo -e "deb http://deb.debian.org/debian buster-backports main\ndeb http://deb.debian.org/debian buster-backports non-free" >> /etc/apt/sources.list.d/vyos.list
42 |     fi
43 | 
44 |     # Copy additional repositories and preferences, if persented
45 |     if grep -sq deb /tmp/*.list.chroot; then
46 |         cat /tmp/*list.chroot >> /etc/apt/sources.list.d/vyos.list
47 |     fi
48 |     if grep -sq Package /tmp/*.pref.chroot; then
49 |         for pref_file in /tmp/*.pref.chroot; do
50 |             cat $pref_file >> /etc/apt/preferences.d/10vyos
51 |             echo -e "\n" >> /etc/apt/preferences.d/10vyos
52 |         done
53 |     fi
54 | 
55 |     # Add GPG keys
56 |     if [[ ! -e /etc/apt/trusted.gpg.d/vyos.gpg ]]; then
57 |         echo "Adding GPG keys to the system"
58 |         cat /tmp/*.key.chroot | apt-key --keyring /etc/apt/trusted.gpg.d/vyos.gpg add -
59 |     fi
60 | 
61 |     # Update packages list
62 |     apt-get -o Acquire::Check-Valid-Until=false update
63 | }
64 | 
65 | # Cleanup APT after finish
66 | function cleanup_apt() {
67 |     # Clear APT cache
68 |     apt-get clean
69 |     rm -rf /var/lib/apt/lists/*
70 |     rm /etc/apt/sources.list.d/vyos.list
71 |     if [[ -e /etc/apt/preferences.d/10vyos ]]; then
72 |         rm /etc/apt/preferences.d/10vyos
73 |     fi
74 | }
75 | 
76 | # Filter list elements
77 | function filter_list() {
78 |     local list_elements=("${!1}")
79 |     local filtered_elements=("${!2}")
80 |     local list_elements_filtered
81 | 
82 |     for list_element in "${list_elements[@]}"; do
83 |         local filtered=""
84 | 
85 |         for filtered_element in "${filtered_elements[@]}"; do
86 |             if [[ ${list_element} =~ ${filtered_element} ]]; then
87 |                 filtered=True
88 |             fi
89 |         done
90 | 
91 |         if [[ -z "${filtered}" ]]; then
92 |             list_elements_filtered+=("${list_element}")
93 |         fi
94 |     done
95 |     echo ${list_elements_filtered[@]}
96 | }
97 | 


--------------------------------------------------------------------------------
/docker-vyos/vyos_install_stage_01.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | # Copyright (C) 2020-2023 VyOS maintainers and contributors
  4 | #
  5 | # This program is free software; you can redistribute it and/or modify
  6 | # it under the terms of the GNU General Public License version 2 or later as
  7 | # published by the Free Software Foundation.
  8 | #
  9 | # This program is distributed in the hope that it will be useful,
 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 12 | # GNU General Public License for more details.
 13 | #
 14 | # You should have received a copy of the GNU General Public License
 15 | # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 16 | 
 17 | # Stage 1 - install dependencies
 18 | 
 19 | # load common functions
 20 | . vyos_install_common.sh
 21 | 
 22 | echo "Configuring APT repositories"
 23 | prepare_apt
 24 | 
 25 | # Get list of VyOS packages
 26 | vyos_packages=(
 27 |     "vyos-1x"
 28 |     )
 29 | 
 30 | # Do not analyze packages, which we do not need in Docker
 31 | vyos_packages_filter=(
 32 |     "vyos-intel*"
 33 |     )
 34 | vyos_packages_filtered=("$(filter_list vyos_packages[@] vyos_packages_filter[@])")
 35 | echo "Packages for dependency analyzing: ${vyos_packages_filtered[@]}"
 36 | 
 37 | # Get list of all dependencies
 38 | vyos_dependencies=(`apt-get -s install --no-install-recommends ${vyos_packages_filtered[@]} | awk '/Inst/ { printf("%s ", $2) }'`)
 39 | 
 40 | # Do not install unnecessary
 41 | ignore_list=(
 42 |     "dosfstools"
 43 |     "parted"
 44 |     "libparted*"
 45 |     "efibootmgr"
 46 |     "gdisk"
 47 |     "grub-*"
 48 |     "laptop-detect"
 49 |     "installation-report"
 50 |     "tshark"
 51 |     "wireshark*"
 52 |     "mdadm"
 53 |     "keepalived"
 54 |     "libheartbeat2"
 55 |     "bmon"
 56 |     "crda"
 57 |     "ipvsadm"
 58 |     "iw"
 59 |     "pptpd"
 60 |     "cluster-glue"
 61 |     "resource-agents"
 62 |     "heartbeat"
 63 |     "podman"
 64 |     )
 65 | 
 66 | # Get list of packages from VYOS repository
 67 | if ls /var/lib/apt/lists/*vyos*Packages* | grep -q gz$; then
 68 |     arch_cat="zcat"
 69 | fi
 70 | if ls /var/lib/apt/lists/*vyos*Packages* | grep -q lz4$; then
 71 |     arch_cat="lz4cat"
 72 |     echo "Installing lz4"
 73 |     apt-get install -y --no-install-recommends lz4
 74 | fi
 75 | vyos_repo_packages=(`$arch_cat /var/lib/apt/lists/*vyos*Packages* | awk '/Package:/ { printf("%s\n",$2) }'`)
 76 | if [[ "${arch_cat}" == "lz4cat" ]]; then
 77 |     echo "Removing lz4"
 78 |     apt-get purge -y lz4
 79 | fi
 80 | # Add them to ignore list - we do not need anything from VyOS in this layer of image
 81 | ignore_list=("${ignore_list[@]}" "${vyos_repo_packages[@]}")
 82 | 
 83 | # Remove every ignore list item from installation list
 84 | vyos_dependencies_filtered=("$(filter_list vyos_dependencies[@] ignore_list[@])")
 85 | 
 86 | # Add missed dependencies
 87 | vyos_dependencies_filtered+=(
 88 |     "liburi-perl"
 89 |     "locales"
 90 |     "libcap-ng0"
 91 |     "libnss-myhostname"
 92 |     "dbus"
 93 |     )
 94 | 
 95 | echo "Dependencies filtered list: ${vyos_dependencies_filtered[@]}"
 96 | 
 97 | # Install delependencies
 98 | echo "Installing dependencies"
 99 | apt-get install -y --no-install-recommends ${vyos_dependencies_filtered[@]}
100 | 
101 | echo "Deconfiguring APT repositories"
102 | cleanup_apt
103 | 
104 | 
105 | exit 0
106 | 


--------------------------------------------------------------------------------
/docker-vyos/vyos_install_stage_02.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Copyright (C) 2020-2023 VyOS maintainers and contributors
 4 | #
 5 | # This program is free software; you can redistribute it and/or modify
 6 | # it under the terms of the GNU General Public License version 2 or later as
 7 | # published by the Free Software Foundation.
 8 | #
 9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program.  If not, see <http://www.gnu.org/licenses/>.
16 | 
17 | # Stage 2 - install VyOS packages
18 | 
19 | # load common functions
20 | . vyos_install_common.sh
21 | 
22 | echo "Configuring APT repositories"
23 | prepare_apt
24 | 
25 | # Get list of VyOS packages
26 | vyos_packages=(
27 |     "vyos-1x"
28 |     )
29 | 
30 | # Do not analyze packages, which we do not need in Docker
31 | vyos_packages_filter=(
32 |     "vyos-intel*"
33 |     )
34 | vyos_packages_filtered=("$(filter_list vyos_packages[@] vyos_packages_filter[@])")
35 | 
36 | # Add missed dependencies
37 | vyos_packages_filtered+=(
38 |     "uuid"
39 |     "jq"
40 |     "yq"
41 |     "systemd"
42 |     )
43 | 
44 | echo "Packages for installing: ${vyos_packages_filtered[@]}"
45 | # Install VyOS packages
46 | echo "Installing VyOS packages"
47 | apt-get install -y --no-install-recommends ${vyos_packages_filtered[@]}
48 | 
49 | # Create VyOS version file
50 | RELEASAE_TRAIN=$(tomlq --raw-output .release_train /tmp/defaults.toml)
51 | apt-cache show vyos-1x | awk -v release_train=${RELEASAE_TRAIN} '{ if ($1 == "Version:") version = $2 } END { build_git = "unknown" ; built_by = "Sentrium S.L." ; built_on = strftime("%F %T UTC", systime(), utc) ; "uuid -v 4" | getline build_uuid ; printf("{\"version\": \"%s\", \"build_git\": \"%s\", \"built_on\": \"%s\", \"built_by\": \"%s\", \"build_uuid\": \"%s\", \"release_train\": \"%s\"}", version, build_git, built_on, built_by, build_uuid, release_train) }' | json_pp > /usr/share/vyos/version.json
52 | 
53 | # Delete what we do not need inside Docker image (this step makes packages database inconsistent)
54 | echo "Deleting what is needless in containers"
55 | dpkg -P --force-depends dosfstools efibootmgr yq jq gdisk grub-common grub-efi-amd64-bin initscripts installation-report laptop-detect libossp-uuid16 libparted2 libwireshark-data libwireshark5 mdadm parted tshark uuid
56 | dpkg -l | awk '/linux-image-/ { system("dpkg -P --force-depends " $2) }'
57 | 
58 | # Delete documentation
59 | rm -rf /usr/share/doc /usr/share/doc-base
60 | 
61 | echo "Deconfiguring APT repositories"
62 | cleanup_apt
63 | 
64 | 
65 | exit 0
66 | 


--------------------------------------------------------------------------------
/docker-vyos/vyos_install_stage_03.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Copyright (C) 2020-2023 VyOS maintainers and contributors
 4 | #
 5 | # This program is free software; you can redistribute it and/or modify
 6 | # it under the terms of the GNU General Public License version 2 or later as
 7 | # published by the Free Software Foundation.
 8 | #
 9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program.  If not, see <http://www.gnu.org/licenses/>.
16 | 
17 | # Stage 3 - tune the system
18 | 
19 | # load common functions
20 | . vyos_install_common.sh
21 | 
22 | # Add config partition marker
23 | mkdir -p /opt/vyatta/etc/config
24 | touch /opt/vyatta/etc/config/.vyatta_config
25 | 
26 | # create folder for configuration mounting
27 | ln -s /opt/vyatta/etc/config /config
28 | 
29 | # Delete SSH keys
30 | rm -rf /etc/ssh/ssh_host_*
31 | 
32 | # Fix FUSE settings
33 | sed -i 's/#user_allow_other/user_allow_other/g' /etc/fuse.conf
34 | 
35 | # Configure locale
36 | sed -i 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen
37 | dpkg-reconfigure locales
38 | update-locale LANG=en_US.UTF-8 LC_ALL=C
39 | 
40 | # Tune bash and environment settings
41 | echo "source /etc/bash_completion" >> /root/.bashrc
42 | sed -i 's/set $BASH_COMPLETION_ORIGINAL_V_VALUE/builtin set $BASH_COMPLETION_ORIGINAL_V_VALUE/g' /usr/share/bash-completion/bash_completion
43 | 
44 | # Run configuration hooks
45 | echo "Running system configuration hooks"
46 | hooks_list=(
47 |     "18-enable-disable_services.chroot"
48 |     "30-frr-configs.chroot"
49 |     )
50 | for hook in ${hooks_list[@]}; do
51 |     if [[ -e /tmp/hooks/${hook} ]]; then
52 |         echo "Running ${hook}"
53 |         /tmp/hooks/${hook}
54 |     fi
55 | done
56 | 
57 | # Delete needless options from CLI
58 |  CLI_DELETION=(
59 |      "/opt/vyatta/share/vyatta-cfg/templates/container/"
60 |      )
61 |  rm -rf ${CLI_DELETION[@]}
62 | 
63 | exit 0
64 | 


--------------------------------------------------------------------------------
/docker/arm64/hooks/post_checkout:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # downloads a local copy of qemu on docker-hub build machines
3 | curl -L https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-arm.tar.gz | tar zxvf - -C . && mv qemu-3.0.0+resin-arm/qemu-arm-static .
4 | 


--------------------------------------------------------------------------------
/docker/arm64/hooks/pre_build:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Register qemu-*-static for all supported processors except the 
3 | # current one, but also remove all registered binfmt_misc before
4 | docker run --rm --privileged multiarch/qemu-user-static:register --reset
5 | 


--------------------------------------------------------------------------------
/docker/armhf/hooks/post_checkout:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # downloads a local copy of qemu on docker-hub build machines
3 | curl -L https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-arm.tar.gz | tar zxvf - -C . && mv qemu-3.0.0+resin-arm/qemu-arm-static .
4 | 


--------------------------------------------------------------------------------
/docker/armhf/hooks/pre_build:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Register qemu-*-static for all supported processors except the 
3 | # current one, but also remove all registered binfmt_misc before
4 | docker run --rm --privileged multiarch/qemu-user-static:register --reset
5 | 


--------------------------------------------------------------------------------
/docker/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | USER_NAME="vyos_bld"
 5 | NEW_UID=$(stat -c "%u" .)
 6 | NEW_GID=$(stat -c "%g" .)
 7 | 
 8 | # Change effective UID to the one specified via "-e GOSU_UID=`id -u $USER`"
 9 | if [ -n "$GOSU_UID" ]; then
10 |     NEW_UID=$GOSU_UID
11 | fi
12 | 
13 | # Change effective UID to the one specified via "-e GOSU_GID=`id -g $USER`"
14 | if [ -n "$GOSU_GID" ]; then
15 |     NEW_GID=$GOSU_GID
16 | fi
17 | 
18 | # Notify user about selected UID/GID
19 | echo "Current UID/GID: $NEW_UID/$NEW_GID"
20 | 
21 | # Create UNIX group on the fly if it does not exist
22 | if ! grep -q $NEW_GID /etc/group; then
23 |     groupadd --gid $NEW_GID $USER_NAME
24 | fi
25 | 
26 | useradd --shell /bin/bash --uid $NEW_UID --gid $NEW_GID --non-unique --create-home $USER_NAME
27 | sudo chown $NEW_UID:$NEW_GID /home/$USER_NAME
28 | export HOME=/home/$USER_NAME
29 | 
30 | if [ "$(id -u)" == "0" ]; then
31 |     exec gosu $USER_NAME "$@"
32 | fi
33 | 
34 | # Execute process
35 | exec "$@"
36 | 


--------------------------------------------------------------------------------
/docker/patches/live-build/0001-save-package-info.patch:
--------------------------------------------------------------------------------
 1 | From 9dacc8bf99310b2216be24a42f2c0475080cf039 Mon Sep 17 00:00:00 2001
 2 | From: khramshinr <khramshinr@gmail.com>
 3 | Date: Thu, 24 Oct 2024 14:22:57 +0600
 4 | Subject: [PATCH] T6684: new Debian package repo snapshot logic
 5 | 
 6 | Save information about all installed packages and teir source repo, including temporary packages
 7 | Added functionality to store version information for temporarily installed packages.
 8 | ---
 9 |  functions/packages.sh | 9 +++++++++
10 |  scripts/build/chroot  | 6 ++++++
11 |  scripts/build/clean   | 2 +-
12 |  3 files changed, 16 insertions(+), 1 deletion(-)
13 | 
14 | diff --git a/functions/packages.sh b/functions/packages.sh
15 | index 2481edc25..a6c2c1e8d 100755
16 | --- a/functions/packages.sh
17 | +++ b/functions/packages.sh
18 | @@ -60,6 +60,15 @@ Install_packages ()
19 |  			Chroot chroot "aptitude install --without-recommends ${APTITUDE_OPTIONS} ${_LB_PACKAGES}"
20 |  			;;
21 |  	esac
22 | +
23 | +  # save information about all temporary installed packages and source repos
24 | +	for PACKAGE in ${_LB_PACKAGES}; do
25 | +		INSTALLED_VERSION=$(Chroot chroot "apt-cache policy ${PACKAGE}" | grep 'Installed:' | awk '{print $2}')
26 | +		Chroot chroot "apt-cache policy ${PACKAGE}"  | sed -n '/\*\*\*/,$p' | grep -P 'http:|https:' -m 1 | \
27 | +		awk -v pkg="${PACKAGE}" -v version="${INSTALLED_VERSION}" '{print $2" "$3" "pkg" "version}' >> chroot.packages.all.info
28 | +
29 | +	done
30 | +
31 |  	unset _LB_PACKAGES # Can clear this now
32 |  }
33 |  
34 | diff --git a/scripts/build/chroot b/scripts/build/chroot
35 | index a0aa10be0..700762e78 100755
36 | --- a/scripts/build/chroot
37 | +++ b/scripts/build/chroot
38 | @@ -48,6 +48,12 @@ for _PASS in install live; do
39 |  	fi
40 |  done
41 |  
42 | +# save information about all installed packages and source repos
43 | +Chroot chroot "dpkg-query -W" | while read PACKAGE; do
44 | +  Chroot chroot "apt-cache policy ${PACKAGE}"  | sed -n '/\*\*\*/,$p' | grep -P 'http:|https:' -m 1 | awk -v pkg="${PACKAGE}" '{print $2" "$3" "pkg}' >> chroot.packages.all.info
45 | +done
46 | +
47 | +
48 |  lb chroot_includes_after_packages "${@}"
49 |  lb chroot_hooks "${@}"
50 |  lb chroot_hacks "${@}"
51 | diff --git a/scripts/build/clean b/scripts/build/clean
52 | index 6549fc635..4376d7525 100755
53 | --- a/scripts/build/clean
54 | +++ b/scripts/build/clean
55 | @@ -159,7 +159,7 @@ if [ "${RM_CHROOT}" = "true" ]; then
56 |  
57 |  	rm -rf chroot chroot.tmp
58 |  
59 | -	rm -f chroot.packages.live chroot.packages.install
60 | +	rm -f chroot.packages.live chroot.packages.install chroot.packages.all.info
61 |  	rm -f chroot.files
62 |  
63 |  	rm -f "$(Installed_tmp_packages_file)"
64 | 
65 | 


--------------------------------------------------------------------------------
/packages/.gitignore:
--------------------------------------------------------------------------------
1 | /*
2 | 


--------------------------------------------------------------------------------
/scripts/image-build/defaults.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2024 VyOS maintainers and contributors
 2 | #
 3 | # This program is free software; you can redistribute it and/or modify
 4 | # it under the terms of the GNU General Public License version 2 or later as
 5 | # published by the Free Software Foundation.
 6 | #
 7 | # This program is distributed in the hope that it will be useful,
 8 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
 9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
10 | # GNU General Public License for more details.
11 | #
12 | # You should have received a copy of the GNU General Public License
13 | # along with this program.  If not, see <http://www.gnu.org/licenses/>.
14 | #
15 | # File: defaults.py
16 | # Purpose: Various default values for use in build scripts.
17 | 
18 | 
19 | import os
20 | import getpass
21 | import platform
22 | 
23 | def get_default_build_by():
24 |     return "{user}@{host}".format(user= getpass.getuser(), host=platform.node())
25 | 
26 | # Default boot settings
27 | boot_settings: dict[str, str] = {
28 |     'timeout': '5',
29 |     'console_type': 'tty',
30 |     'console_num': '0',
31 |     'console_speed': '115200',
32 |     'bootmode': 'normal'
33 | }
34 | 
35 | # Hardcoded default values
36 | HARDCODED_BUILD = {
37 |     'custom_apt_entry': [],
38 |     'custom_apt_keys': [],
39 |     'custom_package': [],
40 |     'reuse_iso': None,
41 |     'disk_size': 10,
42 |     'build_by': get_default_build_by(),
43 |     'build_comment': '',
44 | }
45 | 
46 | # Relative to the repository directory
47 | 
48 | BUILD_DIR = 'build'
49 | BUILD_CONFIG = os.path.join(BUILD_DIR, 'build-config.toml')
50 | 
51 | DEFAULTS_FILE = 'data/defaults.toml'
52 | 
53 | BUILD_TYPES_DIR = 'data/build-types'
54 | BUILD_ARCHES_DIR = 'data/architectures'
55 | BUILD_FLAVORS_DIR = 'data/build-flavors'
56 | 
57 | # Relative to the build directory
58 | 
59 | PBUILDER_CONFIG = 'pbuilderrc'
60 | PBUILDER_DIR = 'pbuilder'
61 | 
62 | LB_CONFIG_DIR = 'config'
63 | 
64 | CHROOT_INCLUDES_DIR = 'config/includes.chroot'
65 | BINARY_INCLUDES_DIR = 'config/includes.binary'
66 | ARCHIVES_DIR = 'config/archives/'
67 | 
68 | VYOS_REPO_FILE = 'config/archives/vyos.list.chroot'
69 | VYOS_PIN_FILE = 'config/archives/release.pref.chroot'
70 | CUSTOM_REPO_FILE = 'config/archives/custom.list.chroot'
71 | PACKAGE_LIST_FILE = 'config/package-lists/custom.list.chroot'
72 | 
73 | LOCAL_PACKAGES_PATH = 'config/packages.chroot/'
74 | 


--------------------------------------------------------------------------------
/scripts/image-build/utils.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2024 VyOS maintainers and contributors
 2 | #
 3 | # This program is free software; you can redistribute it and/or modify
 4 | # it under the terms of the GNU General Public License version 2 or later as
 5 | # published by the Free Software Foundation.
 6 | #
 7 | # This program is distributed in the hope that it will be useful,
 8 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
 9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
10 | # GNU General Public License for more details.
11 | #
12 | # You should have received a copy of the GNU General Public License
13 | # along with this program.  If not, see <http://www.gnu.org/licenses/>.
14 | #
15 | # File: util.py
16 | # Purpose:
17 | #   Various common functions for use in build scripts.
18 | 
19 | 
20 | import sys
21 | import os
22 | import shutil
23 | 
24 | # Local modules
25 | import defaults
26 | import vyos
27 | 
28 | def check_build_config():
29 |     if not os.path.exists(defaults.BUILD_CONFIG):
30 |         print("Build config file ({file}) does not exist".format(file=defaults.BUILD_CONFIG))
31 |         print("If you are running this script by hand, you should better not. Run 'make iso' instead.")
32 |         sys.exit(1)
33 | 
34 | 
35 | class DependencyChecker(object):
36 |     def __init__(self, spec):
37 |         missing_packages = self._get_missing_packages(spec['packages'])
38 |         missing_binaries = self._get_missing_binaries(spec['binaries'])
39 |         self.__missing = {'packages': missing_packages, 'binaries': missing_binaries}
40 | 
41 | 
42 |     def _package_installed(self, name):
43 |         result = os.system("dpkg-query -W --showformat='${{Status}}\n' {name} 2>&1 | grep 'install ok installed' >/dev/null".format(name=name))
44 |         return True if result == 0 else False
45 | 
46 |     def _get_missing_packages(self, packages):
47 |         missing_packages = []
48 |         for p in packages:
49 |             if not self._package_installed(p):
50 |                 missing_packages.append(p)
51 |         return missing_packages
52 | 
53 |     def _get_missing_binaries(self, binaries):
54 |         missing_binaries = []
55 |         for b in binaries:
56 |             if not shutil.which(b):
57 |                 missing_binaries.append(b)
58 |         return missing_binaries
59 | 
60 |     def get_missing_dependencies(self):
61 |         if self.__missing['packages'] or self.__missing['binaries']:
62 |             return self.__missing
63 |         return None
64 | 
65 |     def format_missing_dependencies(self):
66 |         msg = "E: There are missing system dependencies!\n"
67 |         if self.__missing['packages']:
68 |             msg += "E: Missing packages: " + " ".join(self.__missing['packages'])
69 |         if self.__missing['binaries']:
70 |             msg += "E: Missing binaries: " + " ".join(self.__missing['binaries'])
71 |         return msg
72 | 
73 | def check_system_dependencies(deps):
74 |     checker = DependencyChecker(deps)
75 |     missing = checker.get_missing_dependencies()
76 |     if missing:
77 |         raise OSError(checker.format_missing_dependencies())
78 |     else:
79 |         pass
80 | 
81 | def cmd(command):
82 |     res = vyos.utils.process.call(command, shell=True)
83 |     if res > 0:
84 |         raise OSError(f"Command '{command}' failed")
85 | 
86 | def rc_cmd(command):
87 |     code, out = vyos.utils.process.rc_cmd(command, shell=True)
88 |     if code > 0:
89 |         raise OSError(f"Command '{command}' failed")
90 |     else:
91 |         return out
92 | 


--------------------------------------------------------------------------------
/scripts/iso-to-oci:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | function cleanup() {
 4 |     if [[ -d $ROOTFS ]]; then
 5 |         rm -rf $ROOTFS
 6 |     fi
 7 |     if [[ -d $UNSQUASHFS ]]; then
 8 |         rm -rf $UNSQUASHFS
 9 |     fi
10 | }
11 | 
12 | if [[ $(/usr/bin/id -u) -ne 0 ]]; then
13 |     echo "Not running as root"
14 |     exit
15 | fi
16 | 
17 | if [ "$#" -ne 1 ]; then
18 |     echo "Illegal number of parameters"
19 | fi
20 | 
21 | ISO=$1
22 | ROOTFS=rootfs
23 | UNSQUASHFS=unsquashfs
24 | 
25 | # ensure clean working directory
26 | cleanup
27 | 
28 | mkdir $ROOTFS $UNSQUASHFS
29 | echo "I: mount ISO $ISO"
30 | mount -t iso9660 -o loop $ISO $ROOTFS/ >/dev/null 2>&1
31 | 
32 | # create directory, unpack squashfs filesystem, get ISO version
33 | # and unmount ISO
34 | echo "I: extracting squashfs content"
35 | unsquashfs -follow -dest $UNSQUASHFS/ $ROOTFS/live/filesystem.squashfs >/dev/null 2>&1
36 | VERSION=$(jq --raw-output .version $ROOTFS/version.json)
37 | umount $ROOTFS/
38 | 
39 | # fix locales for correct system configuration loading
40 | sed -i 's/^LANG=.*$/LANG=C.UTF-8/' $UNSQUASHFS/etc/default/locale
41 | 
42 | # optional step: Decrease docker image size by deleting not necessary files for container
43 | rm -rf $UNSQUASHFS/boot/*.img
44 | rm -rf $UNSQUASHFS/boot/*vyos*
45 | rm -rf $UNSQUASHFS/boot/vmlinuz
46 | rm -rf $UNSQUASHFS/lib/firmware/
47 | rm -rf $UNSQUASHFS/usr/lib/x86_64-linux-gnu/libwireshark.so*
48 | rm -rf $UNSQUASHFS/lib/modules/*amd64-vyos
49 | rm -rf $UNSQUASHFS/root/.gnupg
50 | 
51 | # create a symbolic link to the configuration
52 | ln -s /opt/vyatta/etc/config $UNSQUASHFS/config
53 | 
54 | # create docker image
55 | echo "I: generate OCI container image vyos-$VERSION.tar"
56 | tar -C unsquashfs -c . -f vyos-$VERSION.tar
57 | 
58 | echo "I: to import the previously generated OCI image to your local images run:"
59 | echo ""
60 | echo "   docker import vyos-$VERSION.tar vyos:$VERSION --change 'CMD ["/sbin/init"]'"
61 | echo ""
62 | 
63 | cleanup
64 | 


--------------------------------------------------------------------------------
/scripts/package-build/.gitignore:
--------------------------------------------------------------------------------
1 | *.buildinfo
2 | *.build
3 | *.changes
4 | *.deb
5 | *.udeb
6 | *.dsc
7 | *.tar.gz
8 | *.tar.xz
9 | 


--------------------------------------------------------------------------------
/scripts/package-build/amazon-cloudwatch-agent/.gitignore:
--------------------------------------------------------------------------------
1 | /amazon-cloudwatch-agent/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/amazon-cloudwatch-agent/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/amazon-cloudwatch-agent/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "amazon-cloudwatch-agent"
 3 | commit_id = "v1.300050.0"
 4 | scm_url = "https://github.com/aws/amazon-cloudwatch-agent"
 5 | 
 6 | build_cmd = """
 7 | 
 8 | make clean test check_secrets amazon-cloudwatch-agent-linux package-deb
 9 | ARCH=$(dpkg --print-architecture)
10 | TAG=$(git describe --tags --abbrev=0)
11 | COMMIT=$(git rev-parse --short HEAD)
12 | cp ./build/bin/linux/${ARCH}/*.deb ../amazon-cloudwatch-agent_${TAG}_${COMMIT}_${ARCH}.deb
13 | 
14 | """
15 | 


--------------------------------------------------------------------------------
/scripts/package-build/amazon-ssm-agent/.gitignore:
--------------------------------------------------------------------------------
1 | /amazon-ssm-agent/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/amazon-ssm-agent/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/amazon-ssm-agent/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "amazon-ssm-agent"
 3 | commit_id = "3.3.1311.0"
 4 | scm_url = "https://github.com/aws/amazon-ssm-agent"
 5 | 
 6 | build_cmd = """
 7 | 
 8 | ARCH=$(dpkg --print-architecture)
 9 | TAG=$(git describe --tags --abbrev=0)
10 | COMMIT=$(git rev-parse --short HEAD)
11 | 
12 | make build-linux
13 | make package-deb
14 | cp ./bin/debian_${ARCH}/*.deb ../amazon-ssm-agent_${TAG}_${COMMIT}_${ARCH}.deb
15 | 
16 | """
17 | 


--------------------------------------------------------------------------------
/scripts/package-build/aws-gwlbtun/.gitignore:
--------------------------------------------------------------------------------
1 | /aws-gwlbtun*/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/aws-gwlbtun/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/aws-gwlbtun/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "aws-gwlbtun"
 3 | commit_id = "f78058a"
 4 | scm_url = "https://github.com/aws-samples/aws-gateway-load-balancer-tunnel-handler"
 5 | 
 6 | 
 7 | ## Build cmd start
 8 | build_cmd = '''\
 9 | mkdir -p debian
10 | echo 'obj-*-linux-gnu/gwlbtun usr/sbin' > debian/install
11 | 
12 | # changelog
13 | cat <<EOF > debian/changelog
14 | aws-gwlbtun (1.0-1) unstable; urgency=low
15 | 
16 |   * Initial release
17 | 
18 |  -- Your Name <your.email@example.com>  Wed, 29 Aug 2024 09:00:00 +0000
19 | 
20 | EOF
21 | 
22 | # control
23 | /bin/bash -c "cat <<EOF > debian/control
24 | Source: aws-gwlbtun
25 | Section: net
26 | Priority: optional
27 | Maintainer: VyOS Package Maintainers <maintainers@vyos.net>
28 | Build-Depends: debhelper-compat (= 13)
29 | Standards-Version: 4.5.1
30 | Homepage: https://github.com/aws-samples/aws-gateway-load-balancer-tunnel-handler
31 | 
32 | Package: aws-gwlbtun
33 | Architecture: any
34 | Depends: \${shlibs:Depends}, \${misc:Depends}
35 | Description: AWS Gateway Load Balancer Tunnel Handler
36 |  This is a simple package that handles tunneling for the AWS Gateway Load Balancer.
37 | EOF
38 | "
39 | 
40 | # rules
41 | cat <<EOF > debian/rules
42 | #!/usr/bin/make -f
43 | 
44 | %: dh $@
45 | 
46 | build:
47 | 	dh build
48 | 
49 | binary:
50 | 	dh binary
51 | 
52 | clean:
53 | 	dh clean
54 | EOF
55 | 
56 | chmod +x debian/rules
57 | debuild -us -uc -b
58 | '''
59 | ## Build cmd end
60 | 
61 | [dependencies]
62 | packages = [
63 |     "cmake"
64 | ]
65 | 


--------------------------------------------------------------------------------
/scripts/package-build/bash-completion/.gitignore:
--------------------------------------------------------------------------------
1 | /bash-completion/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/bash-completion/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/bash-completion/package.toml:
--------------------------------------------------------------------------------
 1 | # VyOS CLI requires an older version of bash-completion to work
 2 | 
 3 | [[packages]]
 4 | name = "bash-completion"
 5 | commit_id = "debian/2.8-6"
 6 | scm_url = "https://salsa.debian.org/debian/bash-completion"
 7 | 
 8 | build_cmd = """
 9 | 
10 | # Build deb
11 | dpkg-buildpackage -b -us -uc
12 | """
13 | 


--------------------------------------------------------------------------------
/scripts/package-build/blackbox_exporter/.gitignore:
--------------------------------------------------------------------------------
1 | /blackbox_exporter/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/blackbox_exporter/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/blackbox_exporter/build.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | CWD=$(pwd)
 3 | set -e
 4 | 
 5 | BUILD_ARCH=$(dpkg-architecture -qDEB_TARGET_ARCH)
 6 | 
 7 | SRC="blackbox_exporter"
 8 | if [ ! -d ${SRC} ]; then
 9 |     echo "Source directory does not exist, please 'git clone'"
10 |     exit 1
11 | fi
12 | 
13 | cd $SRC
14 | 
15 | mkdir -p debian
16 | 
17 | echo "I: Create $SRC/debian/control"
18 | cat <<EOF > debian/control
19 | Source: blackbox-exporter
20 | Section: net
21 | Priority: optional
22 | Maintainer: VyOS Package Maintainers <maintainers@vyos.net>
23 | Build-Depends: debhelper-compat (= 13)
24 | Standards-Version: 4.5.1
25 | Homepage: https://github.com/prometheus/blackbox_exporter
26 | 
27 | Package: blackbox-exporter
28 | Architecture: ${BUILD_ARCH}
29 | Depends: \${shlibs:Depends}, \${misc:Depends}
30 | Description: The blackbox exporter allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP, ICMP and gRPC.
31 | EOF
32 | 
33 | echo "I: Create $SRC/debian/changelog"
34 | cat <<EOF > debian/changelog
35 | blackbox-exporter (0.26.0) UNRELEASED; urgency=medium
36 | 
37 |   * Upstream package
38 | 
39 |  -- VyOS Maintainers <maintainers@vyos.io>  Thu, 26 Sep 2024 12:35:47 +0000
40 | EOF
41 | 
42 | echo "I: Create $SRC/debian/rules"
43 | cat <<EOF > debian/rules
44 | #!/usr/bin/make -f
45 | 
46 | clean:
47 | 	@# Do nothing
48 | 
49 | build:
50 | 	@# Do nothing
51 | 
52 | binary:
53 | 	mkdir -p debian/blackbox-exporter
54 | 	mkdir -p debian/blackbox-exporter/usr/sbin
55 | 	mkdir -p debian/blackbox-exporter/run/blackbox_exporter
56 | 	cp blackbox_exporter debian/blackbox-exporter/usr/sbin/blackbox_exporter
57 | 	dh_gencontrol
58 | 	dh_builddeb
59 | EOF
60 | chmod +x debian/rules
61 | 
62 | echo "I: Build blackbox_exporter"
63 | go build
64 | 
65 | echo "I: Build Debian Package"
66 | dpkg-buildpackage -uc -us -tc -b -d
67 | 


--------------------------------------------------------------------------------
/scripts/package-build/blackbox_exporter/package.toml:
--------------------------------------------------------------------------------
1 | [[packages]]
2 | name = "blackbox_exporter"
3 | commit_id = "v0.26.0"
4 | scm_url = "https://github.com/prometheus/blackbox_exporter"
5 | build_cmd = "cd ..; y | ./build.sh"
6 | 


--------------------------------------------------------------------------------
/scripts/package-build/ddclient/.gitignore:
--------------------------------------------------------------------------------
1 | /ddclient/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/ddclient/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/ddclient/package.toml:
--------------------------------------------------------------------------------
1 | [[packages]]
2 | name = "ddclient"
3 | commit_id = "debian/3.11.2-1"
4 | scm_url = "https://salsa.debian.org/debian/ddclient"
5 | 


--------------------------------------------------------------------------------
/scripts/package-build/dropbear/.gitignore:
--------------------------------------------------------------------------------
1 | /dropbear/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/dropbear/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/dropbear/package.toml:
--------------------------------------------------------------------------------
1 | [[packages]]
2 | name = "dropbear"
3 | commit_id = "debian/2022.83-1+deb12u1"
4 | scm_url = "https://salsa.debian.org/debian/dropbear.git"
5 | 
6 | [dependencies]
7 | packages = ["libpam0g-dev"]
8 | 


--------------------------------------------------------------------------------
/scripts/package-build/dropbear/patches/dropbear/0001-Enable-PAM-support.patch:
--------------------------------------------------------------------------------
 1 | From 861bfb53de5909e25a952a83654c63de61af02b5 Mon Sep 17 00:00:00 2001
 2 | From: Christian Breunig <christian@breunig.cc>
 3 | Date: Sun, 28 May 2023 15:45:32 +0200
 4 | Subject: [PATCH] Enable PAM support
 5 | 
 6 | ---
 7 |  debian/control    | 1 +
 8 |  debian/rules      | 2 +-
 9 |  default_options.h | 4 ++--
10 |  3 files changed, 4 insertions(+), 3 deletions(-)
11 | 
12 | diff --git a/debian/control b/debian/control
13 | index 77ea036..b252b97 100644
14 | --- a/debian/control
15 | +++ b/debian/control
16 | @@ -6,6 +6,7 @@ Build-Depends: debhelper,
17 |                 debhelper-compat (= 13),
18 |                 libtomcrypt-dev (>= 1.18.2~),
19 |                 libtommath-dev (>= 1.2.0~),
20 | +               libpam0g-dev,
21 |                 libz-dev
22 |  Rules-Requires-Root: no
23 |  Standards-Version: 4.6.1
24 | diff --git a/debian/rules b/debian/rules
25 | index 7dab64c..ce11aa4 100755
26 | --- a/debian/rules
27 | +++ b/debian/rules
28 | @@ -24,7 +24,7 @@ endif
29 |  	dh $@
30 |  
31 |  override_dh_auto_configure:
32 | -	dh_auto_configure -- --disable-bundled-libtom \
33 | +	dh_auto_configure -- --disable-bundled-libtom --enable-pam \
34 |  	  CC='$(CC)' CFLAGS='$(CFLAGS)' $(CONFFLAGS)
35 |  
36 |  execute_before_dh_auto_build:
37 | diff --git a/default_options.h b/default_options.h
38 | index 5132775..e7d274c 100644
39 | --- a/default_options.h
40 | +++ b/default_options.h
41 | @@ -223,7 +223,7 @@ group1 in Dropbear server too */
42 |  
43 |  /* Authentication Types - at least one required.
44 |     RFC Draft requires pubkey auth, and recommends password */
45 | -#define DROPBEAR_SVR_PASSWORD_AUTH 1
46 | +#define DROPBEAR_SVR_PASSWORD_AUTH 0
47 |  
48 |  /* Note: PAM auth is quite simple and only works for PAM modules which just do
49 |   * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
50 | @@ -231,7 +231,7 @@ group1 in Dropbear server too */
51 |   * but there's an interface via a PAM module. It won't work for more complex
52 |   * PAM challenge/response.
53 |   * You can't enable both PASSWORD and PAM. */
54 | -#define DROPBEAR_SVR_PAM_AUTH 0
55 | +#define DROPBEAR_SVR_PAM_AUTH 1
56 |  
57 |  /* ~/.ssh/authorized_keys authentication.
58 |   * You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins. */
59 | -- 
60 | 2.30.2
61 | 
62 | 


--------------------------------------------------------------------------------
/scripts/package-build/ethtool/.gitignore:
--------------------------------------------------------------------------------
1 | /ethtool/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/ethtool/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/ethtool/package.toml:
--------------------------------------------------------------------------------
1 | [[packages]]
2 | name = "ethtool"
3 | commit_id = "debian/1%6.10-1"
4 | scm_url = "https://salsa.debian.org/kernel-team/ethtool"
5 | 


--------------------------------------------------------------------------------
/scripts/package-build/frr/.gitignore:
--------------------------------------------------------------------------------
1 | /frr/
2 | /rtrlib/
3 | /libyang/
4 | 


--------------------------------------------------------------------------------
/scripts/package-build/frr/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/frr/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "libyang"
 3 | commit_id = "v3.4.2"
 4 | scm_url = "https://github.com/CESNET/libyang.git"
 5 | build_cmd = "pipx run apkg build -i && find pkg/pkgs -type f -name *.deb -exec mv -t .. {} +"
 6 | 
 7 | [[packages]]
 8 | name = "rtrlib"
 9 | commit_id = "v0.8.0"
10 | scm_url = "https://github.com/rtrlib/rtrlib.git"
11 | 
12 | [[packages]]
13 | name = "frr"
14 | commit_id = "stable/10.2"
15 | scm_url = "https://github.com/FRRouting/frr.git"
16 | build_cmd = "sudo dpkg -i ../*.deb; dpkg-buildpackage -us -uc -tc -b -Ppkg.frr.rtrlib,pkg.frr.lua"
17 | 
18 | [dependencies]
19 | packages = [
20 |     "chrpath",
21 |     "gawk",
22 |     "install-info",
23 |     "libcap-dev",
24 |     "libc-ares-dev",
25 |     "libjson-c-dev",
26 |     "librtr-dev",
27 |     "libpam-dev",
28 |     "libprotobuf-c-dev",
29 |     "libpython3-dev:native",
30 |     "python3-sphinx:native",
31 |     "libsnmp-dev",
32 |     "protobuf-c-compiler",
33 |     "python3-dev:native",
34 |     "texinfo",
35 |     "lua5.3",
36 |     "doxygen",
37 |     "bison",
38 |     "liblua5.3-dev",
39 |     "flex",
40 |     "libelf-dev"
41 | ]
42 | 


--------------------------------------------------------------------------------
/scripts/package-build/frr/patches/frr/0001-Enable-PCRE2-in-Debian-package-builds.patch:
--------------------------------------------------------------------------------
 1 | From 21800432167ac022c01772df993efca8d4969b38 Mon Sep 17 00:00:00 2001
 2 | From: Daniil Baturin <daniil@baturin.org>
 3 | Date: Wed, 6 Nov 2024 15:58:10 +0000
 4 | Subject: [PATCH] Enable PCRE2 in Debian package builds
 5 | 
 6 | ---
 7 |  debian/rules | 1 +
 8 |  1 file changed, 1 insertion(+)
 9 | 
10 | diff --git a/debian/rules b/debian/rules
11 | index 43e5d7e61..1f971ab22 100755
12 | --- a/debian/rules
13 | +++ b/debian/rules
14 | @@ -69,6 +69,7 @@ override_dh_auto_configure:
15 |  		--enable-vty-group=frrvty \
16 |  		--enable-configfile-mask=0640 \
17 |  		--enable-logfile-mask=0640 \
18 | +		--enable-pcre2posix \
19 |  		# end
20 |  
21 |  override_dh_auto_install:
22 | -- 
23 | 2.47.0
24 | 
25 | 


--------------------------------------------------------------------------------
/scripts/package-build/frr/patches/frr/0003-Clear-Babel-Config-On-Stop.patch:
--------------------------------------------------------------------------------
 1 | From c3c70e87b040233263b9594d14582dfedfecc92e Mon Sep 17 00:00:00 2001
 2 | From: Yaroslav Kholod <y.kholod@vyos.io>
 3 | Date: Wed, 18 Dec 2024 11:48:29 +0200
 4 | Subject: [PATCH] #17413: Clean babeld config on stop
 5 | 
 6 | ---
 7 |  babeld/babeld.c | 6 ++++++
 8 |  1 file changed, 6 insertions(+)
 9 | 
10 | diff --git a/babeld/babeld.c b/babeld/babeld.c
11 | index b562f0b70..6f1a9a3d7 100644
12 | --- a/babeld/babeld.c
13 | +++ b/babeld/babeld.c
14 | @@ -304,6 +304,12 @@ void babel_clean_routing_process(void)
15 |      flush_all_routes();
16 |      babel_interface_close_all();
17 |  
18 | +    /* Clean babel config */
19 | +    diversity_kind = DIVERSITY_NONE;
20 | +    diversity_factor = BABEL_DEFAULT_DIVERSITY_FACTOR;
21 | +    resend_delay = BABEL_DEFAULT_RESEND_DELAY;
22 | +    smoothing_half_life = BABEL_DEFAULT_SMOOTHING_HALF_LIFE;
23 | +
24 |      /* cancel events */
25 |      event_cancel(&babel_routing_process->t_read);
26 |      event_cancel(&babel_routing_process->t_update);
27 | -- 
28 | 2.43.0
29 | 
30 | 


--------------------------------------------------------------------------------
/scripts/package-build/frr_exporter/.gitignore:
--------------------------------------------------------------------------------
1 | /frr_exporter/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/frr_exporter/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/frr_exporter/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "frr_exporter"
 3 | commit_id = "v1.5.0"
 4 | scm_url = "https://github.com/tynany/frr_exporter"
 5 | 
 6 | build_cmd = """
 7 | 
 8 | # Create the install directory
 9 | mkdir -p debian/usr/sbin
10 | make setup_promu
11 | go build
12 | 
13 | # Move the frr_exporter binary to the install directory
14 | mv frr_exporter debian/usr/sbin
15 | 
16 | # Build the Debian package
17 | fpm --input-type dir --output-type deb --name frr-exporter \
18 |     --version $(git describe --tags --always | cut -c2-) --deb-compression gz \
19 |     --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
20 |     --description "Prometheus exporter for FRR" \
21 |     --license Apache-2.0 -C debian --package ..
22 | """
23 | 


--------------------------------------------------------------------------------
/scripts/package-build/hostap/.gitignore:
--------------------------------------------------------------------------------
1 | /hostap/
2 | /wpa/
3 | 


--------------------------------------------------------------------------------
/scripts/package-build/hostap/README.md:
--------------------------------------------------------------------------------
1 | # build
2 | ```
3 | python3 build.py
4 | ```
5 | 


--------------------------------------------------------------------------------
/scripts/package-build/hostap/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/hostap/build.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | CWD=$(pwd)
 3 | set -e
 4 | 
 5 | SRC=hostap
 6 | SRC_DEB=wpa
 7 | 
 8 | if [ ! -d ${SRC} ]; then
 9 |     echo "${SRC} directory does not exists, please 'git clone'"
10 |     exit 1
11 | fi
12 | if [ ! -d ${SRC_DEB} ]; then
13 |     echo "${SRC_DEB} directory does not exists, please 'git clone'"
14 |     exit 1
15 | fi
16 | 
17 | echo "I: Copy Debian build instructions"
18 | cp -a ${SRC_DEB}/debian ${SRC}
19 | # Preserve Debian's default of allowing TLSv1.0 and legacy renegotiation for
20 | # compatibility with networks that use legacy crypto
21 | cat > ${SRC}/debian/patches/series << EOF
22 | allow-tlsv1.patch
23 | allow-legacy-renegotiation.patch
24 | EOF
25 | 
26 | # Build Debian package
27 | cd ${SRC}
28 | 
29 | echo "I: Ensure Debian build dependencies are met"
30 | sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends" -Ppkg.wpa.nogui,noudeb
31 | 
32 | echo "I: Create new Debian Package version"
33 | version="$(git describe --tags | tr _ .)"
34 | dch -v ${version:7} "New version to support AES-GCM-256 for MACsec" -b
35 | 
36 | echo "I: Build Debian hostap Package"
37 | DEB_CPPFLAGS_SET="-Wno-use-after-free -Wno-deprecated-declarations" \
38 |     dpkg-buildpackage -us -uc -tc -b -Ppkg.wpa.nogui,noudeb
39 | 


--------------------------------------------------------------------------------
/scripts/package-build/hostap/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "wpa"
 3 | commit_id = "debian/2%2.10-12"
 4 | scm_url = "https://salsa.debian.org/debian/wpa"
 5 | build_cmd = "/bin/true"
 6 | 
 7 | [[packages]]
 8 | name = "hostap"
 9 | commit_id = "e7172e26d"
10 | scm_url = "git://w1.fi/srv/git/hostap.git"
11 | build_cmd = "cd ..; y | ./build.sh"
12 | 
13 | 


--------------------------------------------------------------------------------
/scripts/package-build/hsflowd/.gitignore:
--------------------------------------------------------------------------------
1 | /host-sflow/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/hsflowd/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/hsflowd/package.toml:
--------------------------------------------------------------------------------
1 | [[packages]]
2 | name = "host-sflow"
3 | commit_id = "v2.1.11-5"
4 | scm_url = "https://github.com/sflow/host-sflow.git"
5 | build_cmd = "make deb FEATURES='PCAP DROPMON DBUS PSAMPLE VPP'"
6 | 
7 | [dependencies]
8 | packages = ["libpcap0.8-dev"]
9 | 


--------------------------------------------------------------------------------
/scripts/package-build/isc-dhcp/.gitignore:
--------------------------------------------------------------------------------
1 | /isc-dhcp/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/isc-dhcp/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/isc-dhcp/package.toml:
--------------------------------------------------------------------------------
1 | [[packages]]
2 | name = "isc-dhcp"
3 | commit_id = "debian/4.4.3-P1-4"
4 | scm_url = "https://salsa.debian.org/debian/isc-dhcp"
5 | 
6 | [dependencies]
7 | packages = ["libpam0g-dev"]
8 | 


--------------------------------------------------------------------------------
/scripts/package-build/isc-dhcp/patches/isc-dhcp/0003-fix-compilation-errors.patch:
--------------------------------------------------------------------------------
 1 | From 58e0d3317795987b2f1ca788645196d0e3543f88 Mon Sep 17 00:00:00 2001
 2 | From: Adam Smith <zero1three@gmail.com>
 3 | Date: Tue, 23 Jan 2024 21:47:00 -0500
 4 | Subject: [PATCH 3/4] fix compilation errors
 5 | 
 6 | ---
 7 |  common/lpf.c | 5 +++--
 8 |  1 file changed, 3 insertions(+), 2 deletions(-)
 9 | 
10 | diff --git a/common/lpf.c b/common/lpf.c
11 | index 75609f5..1561d71 100644
12 | --- a/common/lpf.c
13 | +++ b/common/lpf.c
14 | @@ -195,6 +195,7 @@ static void lpf_tr_filter_setup (struct interface_info *);
15 |  #endif
16 |  
17 |  static void lpf_gen_filter_setup (struct interface_info *);
18 | +static void lpf_pureip_gen_filter_setup (struct interface_info *);
19 |  
20 |  void if_register_receive (info)
21 |  	struct interface_info *info;
22 | @@ -215,14 +216,13 @@ void if_register_receive (info)
23 |  	}
24 |  #endif
25 |  
26 | -
27 |  #if defined (HAVE_TR_SUPPORT)
28 |  	if (info -> hw_address.hbuf [0] == HTYPE_IEEE802)
29 |  		lpf_tr_filter_setup (info);
30 |  	else
31 |  #endif
32 |  	if (info -> hw_address.hbuf [0] == HTYPE_PUREIP)
33 | -		lpf_pureip_filter_setup (info);
34 | +		lpf_pureip_gen_filter_setup (info);
35 |  	else
36 |  		lpf_gen_filter_setup (info);
37 |  
38 | @@ -349,6 +349,7 @@ static void lpf_pureip_gen_filter_setup (info)
39 |  	}
40 |  }
41 |  
42 | +
43 |  #if defined (HAVE_TR_SUPPORT)
44 |  static void lpf_tr_filter_setup (info)
45 |  	struct interface_info *info;
46 | -- 
47 | 2.39.2
48 | 
49 | 


--------------------------------------------------------------------------------
/scripts/package-build/isc-dhcp/patches/isc-dhcp/0004-add-support-for-ARPHRD_NONE-interface-type.patch:
--------------------------------------------------------------------------------
 1 | From fd96a11b31cd05aae450ec65fde0b5c6e0b718c2 Mon Sep 17 00:00:00 2001
 2 | From: Adam Smith <zero1three@gmail.com>
 3 | Date: Tue, 23 Jan 2024 22:35:54 -0500
 4 | Subject: [PATCH 4/4] add support for ARPHRD_NONE interface type
 5 | 
 6 | ---
 7 |  common/lpf.c | 6 ++++++
 8 |  1 file changed, 6 insertions(+)
 9 | 
10 | diff --git a/common/lpf.c b/common/lpf.c
11 | index 1561d71..f7e84b1 100644
12 | --- a/common/lpf.c
13 | +++ b/common/lpf.c
14 | @@ -643,6 +643,12 @@ get_hw_addr(const char *name, struct hardware *hw) {
15 |  			hw->hlen = 1;
16 |  			hw->hbuf[0] = HTYPE_PUREIP;
17 |  			break;
18 | +#endif
19 | +#ifdef ARPHRD_NONE
20 | +		case ARPHRD_NONE:
21 | +			hw->hlen = 1;
22 | +			hw->hbuf[0] = HTYPE_PUREIP;
23 | +			break;
24 |  #endif
25 |  		default:
26 |  			log_fatal("Unsupported device type %ld for \"%s\"",
27 | -- 
28 | 2.39.2
29 | 
30 | 


--------------------------------------------------------------------------------
/scripts/package-build/kea/.gitignore:
--------------------------------------------------------------------------------
1 | /isc-kea/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/kea/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/kea/package.toml:
--------------------------------------------------------------------------------
1 | [[packages]]
2 | name = "isc-kea"
3 | commit_id = "debian/2.6.1-2"
4 | scm_url = "https://salsa.debian.org/debian/isc-kea"
5 | 


--------------------------------------------------------------------------------
/scripts/package-build/keepalived/.gitignore:
--------------------------------------------------------------------------------
1 | /keepalived/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/keepalived/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/keepalived/package.toml:
--------------------------------------------------------------------------------
1 | [[packages]]
2 | name = "keepalived"
3 | commit_id = "debian/1%2.3.2-1"
4 | scm_url = "https://salsa.debian.org/debian/pkg-keepalived.git"
5 | 


--------------------------------------------------------------------------------
/scripts/package-build/libnss-mapuser/.gitignore:
--------------------------------------------------------------------------------
1 | /libnss-mapuser/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/libnss-mapuser/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/libnss-mapuser/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "libnss-mapuser"
 3 | commit_id = "current"
 4 | scm_url = "https://github.com/vyos/libnss-mapuser.git"
 5 | 
 6 | [dependencies]
 7 | packages = [
 8 |     "libaudit-dev"
 9 | ]
10 | 


--------------------------------------------------------------------------------
/scripts/package-build/libpam-radius-auth/.gitignore:
--------------------------------------------------------------------------------
1 | /libpam-radius-auth/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/libpam-radius-auth/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/libpam-radius-auth/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "libpam-radius-auth"
 3 | commit_id = "current"
 4 | scm_url = "https://github.com/vyos/libpam-radius-auth.git"
 5 | 
 6 | [dependencies]
 7 | packages = [
 8 |     "libpam-dev",
 9 |     "libaudit-dev"
10 | ]
11 | 


--------------------------------------------------------------------------------
/scripts/package-build/linux-kernel/.gitignore:
--------------------------------------------------------------------------------
 1 | /linux*
 2 | /wireguard
 3 | /wireguard-linux-compat
 4 | /accel-ppp
 5 | /intel-qat
 6 | /linux-firmware
 7 | /vyos-drivers-intel*
 8 | /vyos-drivers-realtek*
 9 | /ovpn-dco
10 | /nat-rtsp*
11 | /jool*
12 | /ipt-netflow*
13 | /qat*
14 | /QAT*
15 | *.tar.gz
16 | *.tar.xz
17 | /*.postinst
18 | 
19 | # Intel Driver source
20 | i40e-*/
21 | igb-*/
22 | ethernet-linux-*/
23 | vyos-intel-*/
24 | vyos-linux-firmware*/
25 | kernel-vars
26 | r8152-*.tar.bz2
27 | ephemeral.*
28 | *.buildinfo
29 | *.build
30 | *.changes
31 | *.deb
32 | *.dsc
33 | 


--------------------------------------------------------------------------------
/scripts/package-build/linux-kernel/README.md:
--------------------------------------------------------------------------------
 1 | # Build
 2 | ```
 3 | ./build.py --config package.toml --packages linux-kernel accel-ppp xxx
 4 | ```
 5 | 
 6 | # About
 7 | 
 8 | VyOS runs on a custom Linux Kernel (which is 6.6) at the time of this writing.
 9 | This repository holds build scripts that are used to build the Custom Kernel
10 | (x86_64/amd64 at the moment) and all required out-of tree modules.
11 | 
12 | VyOS does not utilize the build in Intel Kernel drivers for its NICs as those
13 | Kernels sometimes lack features e.g. configurable receive-side-scaling queues.
14 | On the other hand we ship additional not mainlined features as WireGuard VPN.
15 | 
16 | ## Kernel
17 | 
18 | The Kernel is build from the vanilla repositories hosted at https://git.kernel.org.
19 | VyOS requires two additional patches to work which are stored in the patches/kernel
20 | folder.
21 | 
22 | ### Config
23 | 
24 | The Kernel configuration used is [x86_64_vyos_defconfig](x86_64_vyos_defconfig)
25 | which will be copied on demand during the Pipeline run into the `arch/x86/configs`i
26 | direcotry of the Kernel source tree.
27 | 
28 | Other configurations can be added in the future easily.
29 | 
30 | ### Modules
31 | 
32 | VyOS utilizes several Out-of-Tree modules (e.g. WireGuard, Accel-PPP and Intel
33 | network interface card drivers). Module source code is retrieved from the
34 | upstream repository and - when needed - patched so it can be build using this
35 | pipeline.
36 | 


--------------------------------------------------------------------------------
/scripts/package-build/linux-kernel/build-accel-ppp.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | CWD=$(pwd)
 3 | KERNEL_VAR_FILE=${CWD}/kernel-vars
 4 | 
 5 | ACCEL_SRC=${CWD}/accel-ppp
 6 | if [ ! -d ${ACCEL_SRC} ]; then
 7 |     echo "Accel-PPP source not found"
 8 |     exit 1
 9 | fi
10 | 
11 | if [ ! -f ${KERNEL_VAR_FILE} ]; then
12 |     echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
13 |     exit 1
14 | fi
15 | 
16 | cd ${ACCEL_SRC}
17 | git reset --hard HEAD
18 | git clean --force -d -x
19 | 
20 | PATCH_DIR=${CWD}/patches/accel-ppp
21 | if [ -d $PATCH_DIR ]; then
22 |     cd ${ACCEL_SRC}
23 |     for patch in $(ls ${PATCH_DIR})
24 |     do
25 |         echo "I: Apply patch: ${PATCH_DIR}/${patch}"
26 |         patch -p1 < ${PATCH_DIR}/${patch}
27 |     done
28 | fi
29 | 
30 | . ${KERNEL_VAR_FILE}
31 | mkdir -p ${ACCEL_SRC}/build
32 | cd ${ACCEL_SRC}/build
33 | 
34 | echo "I: Build Accel-PPP Debian package"
35 | cmake -DBUILD_IPOE_DRIVER=TRUE \
36 |     -DBUILD_VLAN_MON_DRIVER=TRUE \
37 |     -DCMAKE_INSTALL_PREFIX=/usr \
38 |     -DKDIR=${KERNEL_DIR} \
39 |     -DLUA=5.3 \
40 |     -DMODULES_KDIR=${KERNEL_VERSION}${KERNEL_SUFFIX} \
41 |     -DCPACK_TYPE=Debian12 ..
42 | make
43 | 
44 | # Sign generated Kernel modules
45 | ${CWD}/sign-modules.sh .
46 | 
47 | cpack -G DEB
48 | 
49 | # rename resulting Debian package according git description
50 | mv accel-ppp*.deb ${CWD}/accel-ppp_$(git describe --always --tags)_$(dpkg --print-architecture).deb
51 | 


--------------------------------------------------------------------------------
/scripts/package-build/linux-kernel/build-intel-nic.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | CWD=$(pwd)
 3 | KERNEL_VAR_FILE=${CWD}/kernel-vars
 4 | 
 5 | if ! dpkg-architecture -iamd64; then
 6 |     echo "Intel drivers only buildable on amd64 platforms"
 7 |     exit 0
 8 | fi
 9 | 
10 | if [ ! -f ${KERNEL_VAR_FILE} ]; then
11 |     echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
12 |     exit 1
13 | fi
14 | 
15 | . ${KERNEL_VAR_FILE}
16 | 
17 | if [ -z $KERNEL_DIR ]; then
18 |     echo "KERNEL_DIR not defined"
19 |     exit 1
20 | fi
21 | 
22 | DRIVER_NAME=$1
23 | cd ${CWD}/ethernet-linux-${DRIVER_NAME}
24 | if [ -d .git ]; then
25 |     git clean --force -d -x
26 |     git reset --hard origin/main
27 | fi
28 | 
29 | DRIVER_VERSION=$(git describe | sed s/^v//)
30 | 
31 | # Build up Debian related variables required for packaging
32 | DEBIAN_ARCH=$(dpkg --print-architecture)
33 | DEBIAN_DIR="${CWD}/vyos-intel-${DRIVER_NAME}_${DRIVER_VERSION}_${DEBIAN_ARCH}"
34 | DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control"
35 | DEBIAN_POSTINST="${CWD}/vyos-intel-${DRIVER_NAME}.postinst"
36 | 
37 | # See https://vyos.dev/T6155
38 | # See https://vyos.dev/T6162
39 | PATCH_DIR=${CWD}/patches/${DRIVER_NAME}
40 | if [ -d $PATCH_DIR ]; then
41 |     for patch in $(ls ${PATCH_DIR})
42 |     do
43 |         echo "I: Apply patch: ${PATCH_DIR}/${patch}"
44 |         patch -p1 < ${PATCH_DIR}/${patch}
45 |     done
46 | fi
47 | 
48 | echo "I: Compile Kernel module for Intel ${DRIVER_NAME} driver"
49 | make KSRC=${KERNEL_DIR} INSTALL_MOD_PATH=${DEBIAN_DIR} INSTALL_FW_PATH=${DEBIAN_DIR} -j $(getconf _NPROCESSORS_ONLN) -C src install
50 | 
51 | if [ "x$?" != "x0" ]; then
52 |     exit 1
53 | fi
54 | 
55 | if [ -f ${DEBIAN_DIR}.deb ]; then
56 |     rm ${DEBIAN_DIR}.deb
57 | fi
58 | 
59 | # build Debian package
60 | echo "I: Building Debian package vyos-intel-${DRIVER_NAME}"
61 | cd ${CWD}
62 | 
63 | # Sign generated Kernel modules
64 | ${CWD}/sign-modules.sh ${DEBIAN_DIR}
65 | 
66 | # delete non required files which are also present in the kernel package
67 | # und thus lead to duplicated files
68 | find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f
69 | 
70 | echo "#!/bin/sh" > ${DEBIAN_POSTINST}
71 | echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST}
72 | 
73 | fpm --input-type dir --output-type deb --name vyos-intel-${DRIVER_NAME} \
74 |     --version ${DRIVER_VERSION} --deb-compression gz \
75 |     --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
76 |     --description "Vendor based driver for Intel ${DRIVER_NAME}" \
77 |     --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \
78 |     --license "GPL2" -C ${DEBIAN_DIR} --after-install ${DEBIAN_POSTINST}
79 | 


--------------------------------------------------------------------------------
/scripts/package-build/linux-kernel/build-ipt-netflow.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | CWD=$(pwd)
 3 | KERNEL_VAR_FILE=${CWD}/kernel-vars
 4 | 
 5 | IPT_NETFLOW_SRC=${CWD}/ipt-netflow
 6 | if [ ! -d ${IPT_NETFLOW_SRC} ]; then
 7 |     echo "ipt_NETFLOW  source not found"
 8 |     exit 1
 9 | fi
10 | 
11 | if [ ! -f ${KERNEL_VAR_FILE} ]; then
12 |     echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
13 |     exit 1
14 | fi
15 | 
16 | cd ${IPT_NETFLOW_SRC}
17 | if [ -d .git ]; then
18 |     git reset --hard HEAD
19 |     git clean --force -d -x
20 | fi
21 | 
22 | . ${KERNEL_VAR_FILE}
23 | 
24 | DRIVER_VERSION=$(git describe | sed s/^v//)
25 | 
26 | # Build up Debian related variables required for packaging
27 | DEBIAN_ARCH=$(dpkg --print-architecture)
28 | DEBIAN_DIR="tmp/"
29 | DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control"
30 | DEBIAN_POSTINST="${CWD}/vyos-ipt-netflow.postinst"
31 | 
32 | ./configure --enable-aggregation --kdir=${KERNEL_DIR}
33 | make all
34 | 
35 | if [ "x$?" != "x0" ]; then
36 |     exit 1
37 | fi
38 | 
39 | if [ -f ${DEBIAN_DIR}.deb ]; then
40 |     rm ${DEBIAN_DIR}.deb
41 | fi
42 | 
43 | if [ ! -d ${DEBIAN_DIR} ]; then
44 |     mkdir -p ${DEBIAN_DIR}
45 | fi
46 | 
47 | # build Debian package
48 | echo "I: Building Debian package vyos-ipt-netflow"
49 | cp ipt_NETFLOW.ko ${DEBIAN_DIR}
50 | cp libipt_NETFLOW.so ${DEBIAN_DIR}
51 | cp libip6t_NETFLOW.so ${DEBIAN_DIR}
52 | 
53 | # Sign generated Kernel modules
54 | ${CWD}/sign-modules.sh ${DEBIAN_DIR}
55 | 
56 | echo "#!/bin/sh" > ${DEBIAN_POSTINST}
57 | echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST}
58 | 
59 | cd ${CWD}
60 | 
61 | fpm --input-type dir --output-type deb --name vyos-ipt-netflow \
62 |     --version ${DRIVER_VERSION} --deb-compression gz \
63 |     --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
64 |     --description "ipt_NETFLOW module" \
65 |     --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \
66 |     --license "GPL2" -C ${IPT_NETFLOW_SRC}/tmp --after-install ${DEBIAN_POSTINST} \
67 |     ipt_NETFLOW.ko=/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra/ipt_NETFLOW.ko \
68 |     libipt_NETFLOW.so=/lib/$(uname -m)-linux-gnu/xtables/libipt_NETFLOW.so \
69 |     libip6t_NETFLOW.so=/lib/$(uname -m)-linux-gnu/xtables/libip6t_NETFLOW.so
70 | 


--------------------------------------------------------------------------------
/scripts/package-build/linux-kernel/build-jool.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | 
 3 | from tomllib import loads as toml_loads
 4 | from requests import get
 5 | from pathlib import Path
 6 | from subprocess import run
 7 | 
 8 | def find_arch() -> str:
 9 |     tmp=run(['dpkg-architecture', '-q', 'DEB_HOST_ARCH'], capture_output=True)
10 |     return tmp.stdout.decode().strip()
11 | 
12 | # dependency modifier
13 | def add_depends(package_dir: str, package_name: str,
14 |                 depends: list[str]) -> None:
15 |     """Add dependencies to a package
16 | 
17 |     Args:
18 |         package_dir (str): a directory where package sources are located
19 |         package_name (str): a name of package
20 |         depends (list[str]): a list of dependencies to add
21 |     """
22 |     depends_list: str = ', '.join(depends)
23 |     depends_line: str = f'misc:Depends={depends_list}\n'
24 | 
25 |     substvars_file = Path(f'{package_dir}/debian/{package_name}.substvars')
26 |     substvars_file.write_text(depends_line)
27 | 
28 | 
29 | # find kernel version and source path
30 | arch: str = find_arch()
31 | defaults_file: str = Path('../../../data/defaults.toml').read_text()
32 | KERNEL_VER: str = toml_loads(defaults_file).get('kernel_version')
33 | KERNEL_FLAVOR: str = toml_loads(defaults_file).get('kernel_flavor')
34 | KERNEL_SRC: str = Path.cwd().as_posix() + '/linux'
35 | 
36 | # define variables
37 | PACKAGE_NAME: str = 'jool'
38 | PACKAGE_VERSION: str = '4.1.9+bf4c7e3669'
39 | PACKAGE_DIR: str = f'{PACKAGE_NAME}-{PACKAGE_VERSION}'
40 | SOURCES_ARCHIVE: str = 'jool-4.1.9+bf4c7e3669.tar.gz'
41 | SOURCES_URL: str = f'https://github.com/NICMx/Jool/archive/7f08c42c615ed63cf0fdc1522d91aa0809f6d990.tar.gz'
42 | 
43 | # download sources
44 | sources_archive = Path(SOURCES_ARCHIVE)
45 | sources_archive.write_bytes(get(SOURCES_URL).content)
46 | 
47 | # prepare sources
48 | debmake_cmd: list[str] = [
49 |     'debmake', '-e', 'support@vyos.io', '-f', 'VyOS Support', '-p',
50 |     PACKAGE_NAME, '-u', PACKAGE_VERSION, '-a', SOURCES_ARCHIVE
51 | ]
52 | run(debmake_cmd)
53 | 
54 | # add kernel to dependencies
55 | add_depends(PACKAGE_DIR, PACKAGE_NAME,
56 |             [f'linux-image-{KERNEL_VER}-{KERNEL_FLAVOR}'])
57 | 
58 | # configure build rules
59 | build_rules_text: str = f'''#!/usr/bin/make -f
60 | # config
61 | export KERNEL_DIR := {KERNEL_SRC}
62 | PACKAGE_BUILD_DIR := debian/{PACKAGE_NAME}
63 | KVER := {KERNEL_VER}-{KERNEL_FLAVOR}
64 | MODULES_DIR := extra
65 | 
66 | # main packaging script based on dh7 syntax
67 | %:
68 | 	dh $@
69 | 
70 | override_dh_clean:
71 | 	dh_clean --exclude=debian/{PACKAGE_NAME}.substvars
72 | 
73 | override_dh_prep:
74 | 	dh_prep --exclude=debian/{PACKAGE_NAME}.substvars
75 | 
76 | # override_dh_auto_clean:
77 | # 	make -C src/mod clean
78 | 
79 | override_dh_auto_build:
80 | 	dh_auto_build $@
81 | 	make -C ${{KERNEL_DIR}} M=$$PWD/src/mod/common modules
82 | 	make -C ${{KERNEL_DIR}} M=$$PWD/src/mod/nat64 modules
83 | 	make -C ${{KERNEL_DIR}} M=$$PWD/src/mod/siit modules
84 | 
85 | override_dh_auto_install:
86 | 	dh_auto_install $@
87 | 	install -D -m 644 src/mod/common/jool_common.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool_common.ko
88 | 	install -D -m 644 src/mod/nat64/jool.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool.ko
89 | 	install -D -m 644 src/mod/siit/jool_siit.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool_siit.ko
90 | 	${{KERNEL_DIR}}/../sign-modules.sh ${{PACKAGE_BUILD_DIR}}/lib
91 | '''
92 | bild_rules = Path(f'{PACKAGE_DIR}/debian/rules')
93 | bild_rules.write_text(build_rules_text)
94 | 
95 | # build a package
96 | debuild_cmd: list[str] = ['debuild']
97 | run(debuild_cmd, cwd=PACKAGE_DIR)
98 | 


--------------------------------------------------------------------------------
/scripts/package-build/linux-kernel/build-kernel.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | CWD=$(pwd)
 3 | KERNEL_SRC=linux
 4 | 
 5 | set -e
 6 | 
 7 | if [ ! -d ${KERNEL_SRC} ]; then
 8 |     echo "Linux Kernel source directory does not exists, please 'git clone'"
 9 |     exit 1
10 | fi
11 | 
12 | cd ${KERNEL_SRC}
13 | 
14 | if [ -d .git ]; then
15 |     echo "I: Clean modified files - reset Git repo"
16 |     git reset --hard HEAD
17 |     git clean --force -d -x
18 | fi
19 | 
20 | echo "I: Copy Kernel config (x86_64_vyos_defconfig) to Kernel Source"
21 | cp -rv ${CWD}/arch/ .
22 | 
23 | KERNEL_VERSION=$(make kernelversion)
24 | KERNEL_SUFFIX=-$(awk -F "= " '/kernel_flavor/ {print $2}' ../../../../data/defaults.toml | tr -d \")
25 | KERNEL_CONFIG=arch/x86/configs/vyos_defconfig
26 | 
27 | # VyOS requires some small Kernel Patches - apply them here
28 | # It's easier to habe them here and make use of the upstream
29 | # repository instead of maintaining a full Kernel Fork.
30 | # Saving time/resources is essential :-)
31 | PATCH_DIR=${CWD}/patches/kernel
32 | for patch in $(ls ${PATCH_DIR})
33 | do
34 |     echo "I: Apply Kernel patch: ${PATCH_DIR}/${patch}"
35 |     patch -p1 < ${PATCH_DIR}/${patch}
36 | done
37 | 
38 | # Change name of Signing Cert
39 | sed -i -e "s/CN =.*/CN=VyOS Networks build time autogenerated Kernel key/" certs/default_x509.genkey
40 | 
41 | TRUSTED_KEYS_FILE=trusted_keys.pem
42 | # start with empty key file
43 | echo -n "" > $TRUSTED_KEYS_FILE
44 | GIT_ROOT=$(git rev-parse --show-toplevel)
45 | CERTS=$(find ${GIT_ROOT}/data/certificates -name "*.pem" -type f || true)
46 | if [ ! -z "${CERTS}" ]; then
47 |   # add known public keys to Kernel certificate chain
48 |   for file in $CERTS; do
49 |     cat $file >> $TRUSTED_KEYS_FILE
50 |   done
51 |   # Force Kernel module signing and embed public keys
52 |   echo "CONFIG_SYSTEM_TRUSTED_KEYRING" >> $KERNEL_CONFIG
53 |   echo "CONFIG_SYSTEM_TRUSTED_KEYS=\"$TRUSTED_KEYS_FILE\"" >> $KERNEL_CONFIG
54 | fi
55 | 
56 | echo "I: make vyos_defconfig"
57 | # Select Kernel configuration - currently there is only one
58 | make vyos_defconfig
59 | 
60 | echo "I: Generate environment file containing Kernel variable"
61 | EPHEMERAL_KEY="/tmp/ephemeral.key"
62 | EPHEMERAL_PEM="/tmp/ephemeral.pem"
63 | cat << EOF >${CWD}/kernel-vars
64 | #!/bin/sh
65 | export KERNEL_VERSION=${KERNEL_VERSION}
66 | export KERNEL_SUFFIX=${KERNEL_SUFFIX}
67 | export KERNEL_DIR=${CWD}/${KERNEL_SRC}
68 | export EPHEMERAL_KEY=${EPHEMERAL_KEY}
69 | export EPHEMERAL_CERT=${EPHEMERAL_PEM}
70 | EOF
71 | 
72 | echo "I: Build Debian Kernel package"
73 | touch .scmversion
74 | make bindeb-pkg BUILD_TOOLS=1 LOCALVERSION=${KERNEL_SUFFIX} KDEB_PKGVERSION=${KERNEL_VERSION}-1 -j $(getconf _NPROCESSORS_ONLN)
75 | 
76 | # Back to the old Kernel build-scripts directory
77 | cd $CWD
78 | EPHEMERAL_KERNEL_KEY=$(grep -E "^CONFIG_MODULE_SIG_KEY=" ${KERNEL_SRC}/$KERNEL_CONFIG | awk -F= '{print $2}' | tr -d \")
79 | if test -f "${EPHEMERAL_KEY}"; then
80 |     rm -f ${EPHEMERAL_KEY}
81 | fi
82 | if test -f "${EPHEMERAL_PEM}"; then
83 |     rm -f ${EPHEMERAL_PEM}
84 | fi
85 | if test -f "${KERNEL_SRC}/${EPHEMERAL_KERNEL_KEY}"; then
86 |     openssl rsa -in ${KERNEL_SRC}/${EPHEMERAL_KERNEL_KEY} -out ${EPHEMERAL_KEY}
87 |     openssl x509 -in ${KERNEL_SRC}/${EPHEMERAL_KERNEL_KEY} -out ${EPHEMERAL_PEM}
88 | fi
89 | 


--------------------------------------------------------------------------------
/scripts/package-build/linux-kernel/build-nat-rtsp.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | CWD=$(pwd)
 3 | KERNEL_VAR_FILE=${CWD}/kernel-vars
 4 | 
 5 | SRC=${CWD}/nat-rtsp
 6 | if [ ! -d ${SRC} ]; then
 7 |     echo "nat-rtsp source not found"
 8 |     exit 1
 9 | fi
10 | 
11 | if [ ! -f ${KERNEL_VAR_FILE} ]; then
12 |     echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
13 |     exit 1
14 | fi
15 | 
16 | . ${KERNEL_VAR_FILE}
17 | 
18 | cd ${SRC}
19 | git reset --hard HEAD
20 | git clean --force -d -x
21 | make KERNELDIR=$KERNEL_DIR
22 | 
23 | # Copy binary to package directory
24 | DEBIAN_DIR=tmp/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra
25 | mkdir -p ${DEBIAN_DIR}
26 | cp nf_conntrack_rtsp.ko nf_nat_rtsp.ko ${DEBIAN_DIR}
27 | 
28 | DEBIAN_POSTINST="${CWD}/vyos-nat-rtsp.postinst"
29 | echo "#!/bin/sh" > ${DEBIAN_POSTINST}
30 | echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST}
31 | 
32 | # Sign generated Kernel modules
33 | ${CWD}/sign-modules.sh ${DEBIAN_DIR}
34 | 
35 | # Build Debian Package
36 | fpm --input-type dir --output-type deb --name nat-rtsp \
37 |     --version $(git describe --tags --always) --deb-compression gz \
38 |     --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
39 |     --description "Connection tracking and NAT support for RTSP" \
40 |     --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \
41 |     --after-install ${DEBIAN_POSTINST} \
42 |     --license "GPL2" --chdir tmp
43 | 
44 | mv *.deb ..
45 | 
46 | if [ -f ${DEBIAN_POSTINST} ]; then
47 |     rm -f ${DEBIAN_POSTINST}
48 | fi
49 | 


--------------------------------------------------------------------------------
/scripts/package-build/linux-kernel/build-openvpn-dco.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | CWD=$(pwd)
 3 | KERNEL_VAR_FILE=${CWD}/kernel-vars
 4 | 
 5 | SRC=${CWD}/ovpn-dco
 6 | if [ ! -d ${SRC} ]; then
 7 |     echo "OpenVPN DCO source not found"
 8 |     exit 1
 9 | fi
10 | 
11 | if [ ! -f ${KERNEL_VAR_FILE} ]; then
12 |     echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
13 |     exit 1
14 | fi
15 | 
16 | . ${KERNEL_VAR_FILE}
17 | 
18 | cd ${SRC}
19 | git reset --hard HEAD
20 | git clean --force -d -x
21 | make KERNEL_SRC=$KERNEL_DIR
22 | 
23 | # Copy binary to package directory
24 | DEBIAN_DIR=tmp/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra
25 | mkdir -p ${DEBIAN_DIR}
26 | cp drivers/net/ovpn-dco/ovpn-dco-v2.ko ${DEBIAN_DIR}
27 | 
28 | # Sign generated Kernel modules
29 | ${CWD}/sign-modules.sh ${DEBIAN_DIR}
30 | 
31 | # Build Debian Package
32 | fpm --input-type dir --output-type deb --name openvpn-dco \
33 |     --version $(git describe | sed s/^v//) --deb-compression gz \
34 |     --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
35 |     --description "OpenVPN Data Channel Offload" \
36 |     --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \
37 |     --license "GPL2" --chdir tmp
38 | 
39 | mv *.deb ..
40 | 


--------------------------------------------------------------------------------
/scripts/package-build/linux-kernel/build-realtek-r8152.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | 
 3 | import os
 4 | from tomllib import loads as toml_loads
 5 | from requests import get
 6 | from pathlib import Path
 7 | from subprocess import run
 8 | 
 9 | CWD = os.getcwd()
10 | 
11 | # dependency modifier
12 | def add_depends(package_dir: str, package_name: str,
13 |                 depends: list[str]) -> None:
14 |     """Add dependencies to a package
15 |     Args:
16 |         package_dir (str): a directory where package sources are located
17 |         package_name (str): a name of package
18 |         depends (list[str]): a list of dependencies to add
19 |     """
20 |     depends_list: str = ', '.join(depends)
21 |     depends_line: str = f'misc:Depends={depends_list}\n'
22 | 
23 |     substvars_file = Path(f'{package_dir}/debian/{package_name}.substvars')
24 |     substvars_file.write_text(depends_line)
25 | 
26 | 
27 | # find kernel version and source path
28 | defaults_file: str = Path('../../../data/defaults.toml').read_text()
29 | architecture_file: str = Path('../../../data/architectures/amd64.toml').read_text()
30 | KERNEL_VER: str = toml_loads(defaults_file).get('kernel_version')
31 | KERNEL_FLAVOR: str = toml_loads(defaults_file).get('kernel_flavor')
32 | KERNEL_SRC: str = Path.cwd().as_posix() + '/linux'
33 | # define variables
34 | PACKAGE_NAME: str = 'vyos-drivers-realtek-r8152'
35 | PACKAGE_VERSION: str = '2.18.1'
36 | PACKAGE_DIR: str = f'{PACKAGE_NAME}-{PACKAGE_VERSION}'
37 | SOURCES_ARCHIVE: str = 'r8152-2.18.1.tar.bz2'
38 | SOURCES_URL: str = f'https://packages.vyos.net/source-mirror/r8152-2.18.1.tar.bz2'
39 | 
40 | # download sources
41 | sources_archive = Path(SOURCES_ARCHIVE)
42 | sources_archive.write_bytes(get(SOURCES_URL).content)
43 | 
44 | # prepare sources
45 | debmake_cmd: list[str] = [
46 |     'debmake', '-e', 'support@vyos.io', '-f', 'VyOS Support', '-p',
47 |     PACKAGE_NAME, '-u', PACKAGE_VERSION, '-a', SOURCES_ARCHIVE
48 | ]
49 | run(debmake_cmd)
50 | 
51 | # add kernel to dependencies
52 | add_depends(PACKAGE_DIR, PACKAGE_NAME,
53 |             [f'linux-image-{KERNEL_VER}-{KERNEL_FLAVOR}'])
54 | 
55 | # configure build rules
56 | build_rules_text: str = '''#!/usr/bin/make -f
57 | # config
58 | export KERNELDIR := {KERNEL_SRC}
59 | PACKAGE_BUILD_DIR := debian/{PACKAGE_NAME}
60 | KVER := {KERNEL_VER}-{KERNEL_FLAVOR}
61 | MODULES_DIR := updates/drivers/net/usb
62 | # main packaging script based on dh7 syntax
63 | %:
64 | \tdh $@
65 | 
66 | override_dh_clean:
67 | \tdh_clean --exclude=debian/{PACKAGE_NAME}.substvars
68 | 
69 | override_dh_prep:
70 | \tdh_prep --exclude=debian/{PACKAGE_NAME}.substvars
71 | 
72 | override_dh_auto_clean:
73 | \tmake clean
74 | 
75 | override_dh_auto_build:
76 | \techo "KERNELDIR=${{KERNELDIR}}"
77 | \techo "CURDIR=${{CURDIR}}"
78 | \tmake -C ${{KERNELDIR}} M=${{CURDIR}} modules
79 | 
80 | override_dh_auto_install:
81 | \tinstall -D -m 644 r8152.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/r8152.ko
82 | \t${{KERNELDIR}}/../sign-modules.sh ${{PACKAGE_BUILD_DIR}}/lib
83 | \tinstall -D -m 644 50-usb-realtek-net.rules ${{PACKAGE_BUILD_DIR}}/etc/udev/rules.d/50-usb-realtek-net.rules
84 | '''.format(KERNEL_SRC=KERNEL_SRC, PACKAGE_NAME=PACKAGE_NAME, KERNEL_VER=KERNEL_VER, KERNEL_FLAVOR=KERNEL_FLAVOR)
85 | 
86 | build_rules_path = Path(f'{PACKAGE_DIR}/debian/rules')
87 | build_rules_path.write_text(build_rules_text, encoding='utf-8')
88 | 
89 | # build a package
90 | debuild_cmd: list[str] = ['debuild']
91 | run(debuild_cmd, cwd=PACKAGE_DIR, check=True)
92 | 
93 | # Sign generated Kernel modules
94 | clean_cmd: list[str] = ['rm', '-rf', PACKAGE_DIR]
95 | run(clean_cmd, cwd=CWD, check=True)
96 | 


--------------------------------------------------------------------------------
/scripts/package-build/linux-kernel/package.toml:
--------------------------------------------------------------------------------
  1 | # [defaults]
  2 | # We get the kernel_version from vyos-build/data/defaults.toml
  3 | # kernel_version = "6.6.47"
  4 | # kernel_flavor = "amd64-vyos"
  5 | 
  6 | 
  7 | [[packages]]
  8 | name = "linux-kernel"
  9 | commit_id = "" # Uses defaults.kernel_version
 10 | scm_url = ""
 11 | build_cmd = "build_kernel"
 12 | 
 13 | [[packages]]
 14 | name = "linux-firmware"
 15 | commit_id = "20240610"
 16 | scm_url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git"
 17 | build_cmd = "build_linux_firmware"
 18 | 
 19 | [[packages]]
 20 | name = "accel-ppp"
 21 | commit_id = "1.13.0"
 22 | scm_url = "https://github.com/accel-ppp/accel-ppp.git"
 23 | build_cmd = "build_accel_ppp"
 24 | 
 25 | [[packages]]
 26 | name = "ovpn-dco"
 27 | commit_id = "v0.2.20231117"
 28 | scm_url = "https://github.com/OpenVPN/ovpn-dco"
 29 | build_cmd = "build_openvpn_dco"
 30 | 
 31 | [[packages]]
 32 | name = "nat-rtsp"
 33 | commit_id = "475af0a"
 34 | scm_url = "https://github.com/maru-sama/rtsp-linux.git"
 35 | build_cmd = "build_nat_rtsp"
 36 | 
 37 | [[packages]]
 38 | name = "qat"
 39 | commit_id = ""
 40 | scm_url = ""
 41 | build_cmd = "build_intel_qat"
 42 | 
 43 | [[packages]]
 44 | name = "igb"
 45 | commit_id = "v5.18.7"
 46 | scm_url = "https://github.com/intel/ethernet-linux-igb"
 47 | build_cmd = "build_intel_igb"
 48 | 
 49 | [[packages]]
 50 | name = "ixgbe"
 51 | commit_id = "v6.0.5"
 52 | scm_url = "https://github.com/intel/ethernet-linux-ixgbe"
 53 | build_cmd = "build_intel_ixgbe"
 54 | 
 55 | [[packages]]
 56 | name = "ixgbevf"
 57 | commit_id = "v5.0.2"
 58 | scm_url = "http://github.com/intel/ethernet-linux-ixgbevf"
 59 | build_cmd = "build_intel_ixgbevf"
 60 | 
 61 | [[packages]]
 62 | name = "jool"
 63 | commit_id = ""
 64 | scm_url = ""
 65 | build_cmd = "build_jool"
 66 | 
 67 | [[packages]]
 68 | name = "mlnx"
 69 | commit_id = ""
 70 | scm_url = ""
 71 | build_cmd = "build_mellanox_ofed"
 72 | 
 73 | [[packages]]
 74 | name = "realtek-r8152"
 75 | commit_id = ""
 76 | scm_url = ""
 77 | build_cmd = "build_realtek_r8152"
 78 | 
 79 | [[packages]]
 80 | name = "ipt-netflow"
 81 | commit_id = "0eb2092e93"
 82 | scm_url = "https://github.com/aabc/ipt-netflow"
 83 | build_cmd = "build_ipt_netflow"
 84 | 
 85 | [dependencies]
 86 | packages = [
 87 |     "cmake",
 88 |     "gnupg2",
 89 |     "rsync",
 90 |     "libelf-dev",
 91 |     "libncurses5-dev",
 92 |     "flex",
 93 |     "bison",
 94 |     "bc",
 95 |     "kmod",
 96 |     "cpio",
 97 |     "dwarves",
 98 |     "nasm",
 99 |     "rdfind",
100 |     "pciutils",
101 |     "yasm",
102 |     "libudev-dev",
103 |     "ruby",
104 |     "ruby-dev",
105 |     "rubygems",
106 |     "build-essential",
107 |     "libdw-dev",
108 |     "libunwind-dev",
109 |     "systemtap-sdt-dev",
110 |     "libslang2-dev",
111 |     "python-dev-is-python3",
112 |     "libzstd-dev",
113 |     "libcap-dev",
114 |     "libnuma-dev",
115 |     "libbabeltrace-ctf-dev",
116 |     "libpfm4-dev",
117 |     "libtraceevent-dev",
118 |     "liblua5.3-dev",
119 |     "libssl3",
120 |     "libssl-dev",
121 |     "libpcre3-dev",
122 |     "libnl-genl-3-dev",
123 |     "libxtables-dev",
124 |     "asciidoc-base"
125 | ]
126 | 


--------------------------------------------------------------------------------
/scripts/package-build/linux-kernel/patches/ixgbe/0001-ixgbe-always-enable-support-for-unsupported-SFP-modu.patch:
--------------------------------------------------------------------------------
 1 | From a3ebb453f4a8c95fe3674d09646edb93946d450a Mon Sep 17 00:00:00 2001
 2 | From: Christian Breunig <christian@breunig.cc>
 3 | Date: Sat, 15 Feb 2025 09:17:10 +0100
 4 | Subject: [PATCH] ixgbe: always enable support for unsupported SFP+ modules
 5 | 
 6 | ---
 7 |  src/ixgbe_param.c | 10 +++++++---
 8 |  1 file changed, 7 insertions(+), 3 deletions(-)
 9 | 
10 | diff --git a/src/ixgbe_param.c b/src/ixgbe_param.c
11 | index bba03ae..3f29492 100644
12 | --- a/src/ixgbe_param.c
13 | +++ b/src/ixgbe_param.c
14 | @@ -307,7 +307,7 @@ IXGBE_PARAM(LRO, "Large Receive Offload (0,1), default 0 = off");
15 |   * Default Value: 0
16 |   */
17 |  IXGBE_PARAM(allow_unsupported_sfp, "Allow unsupported and untested "
18 | -	    "SFP+ modules on 82599 based adapters, default 0 = Disable");
19 | +	    "SFP+ modules on 82599 based adapters, default 1 = Enable");
20 |  
21 |  /* Enable/disable support for DMA coalescing
22 |   *
23 | @@ -1135,8 +1135,8 @@ void ixgbe_check_options(struct ixgbe_adapter *adapter)
24 |  	struct ixgbe_option opt = {
25 |  			.type = enable_option,
26 |  			.name = "allow_unsupported_sfp",
27 | -			.err  = "defaulting to Disabled",
28 | -			.def  = OPTION_DISABLED
29 | +			.err  = "defaulting to Enabled",
30 | +			.def  = OPTION_ENABLED
31 |  		};
32 |  #ifdef module_param_array
33 |  		if (num_allow_unsupported_sfp > bd) {
34 | @@ -1152,7 +1152,11 @@ void ixgbe_check_options(struct ixgbe_adapter *adapter)
35 |  			}
36 |  #ifdef module_param_array
37 |  		} else {
38 | +			if (opt.def == OPTION_ENABLED) {
39 | +				adapter->hw.allow_unsupported_sfp = true;
40 | +			} else {
41 |  				adapter->hw.allow_unsupported_sfp = false;
42 | +			}
43 |  		}
44 |  #endif
45 |  	}
46 | -- 
47 | 2.39.5
48 | 
49 | 


--------------------------------------------------------------------------------
/scripts/package-build/linux-kernel/patches/kernel/build-linux-perf-package.patch:
--------------------------------------------------------------------------------
 1 | diff --git c/scripts/package/builddeb i/scripts/package/builddeb
 2 | index d7dd0d04c70c..6f4a9a7c2c62 100755
 3 | --- c/scripts/package/builddeb
 4 | +++ i/scripts/package/builddeb
 5 | @@ -182,6 +182,16 @@ install_libc_headers () {
 6 |  	mv $pdir/usr/include/asm $pdir/usr/include/$host_arch/
 7 |  }
 8 |  
 9 | +install_perf () {
10 | +	pdir=$1
11 | +
12 | +	rm -rf $pdir
13 | +
14 | +	$MAKE -C tools/ perf_install prefix=$pdir/usr
15 | +	mv tools/perf/$pdir/usr $srctree/$pdir
16 | +
17 | +}
18 | +
19 |  rm -f debian/files
20 |  
21 |  packages_enabled=$(dh_listpackages)
22 | @@ -199,6 +209,8 @@ do
23 |  		install_libc_headers debian/linux-libc-dev;;
24 |  	linux-headers-*)
25 |  		install_kernel_headers debian/linux-headers ${package#linux-headers-};;
26 | +	linux-perf-*)
27 | +		install_perf debian/linux-perf ${package};;
28 |  	esac
29 |  done
30 |  
31 | @@ -213,6 +225,8 @@ do
32 |  		create_package ${package} debian/linux-libc-dev;;
33 |  	linux-headers-*)
34 |  		create_package ${package} debian/linux-headers;;
35 | +	linux-perf-*)
36 | +		create_package ${package} debian/linux-perf;;
37 |  	esac
38 |  done
39 |  
40 | diff --git c/scripts/package/mkdebian i/scripts/package/mkdebian
41 | index 5044224cf671..21f98ae50be0 100755
42 | --- c/scripts/package/mkdebian
43 | +++ i/scripts/package/mkdebian
44 | @@ -238,6 +238,18 @@ Description: Linux support headers for userspace development
45 |  Multi-Arch: same
46 |  EOF
47 |  
48 | +cat <<EOF >> debian/control
49 | +
50 | +Package: linux-perf-$version
51 | +Section: devel
52 | +Architecture: $debarch
53 | +Depends: \${shlibs:Depends}
54 | +Description: Performance analysis tools for Linux $version
55 | + This package contains the 'perf' performance analysis tools for Linux
56 | + kernel version $version .
57 | +Multi-Arch: same
58 | +EOF
59 | +
60 |  if is_enabled CONFIG_MODULES; then
61 |  cat <<EOF >> debian/control
62 |  
63 | 


--------------------------------------------------------------------------------
/scripts/package-build/linux-kernel/sign-modules.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | BASE_DIR=$(dirname $0)
 4 | MODULE_DIR=$1
 5 | . ${BASE_DIR}/kernel-vars
 6 | 
 7 | SIGN_FILE="${KERNEL_DIR}/scripts/sign-file"
 8 | 
 9 | if [ -f ${EPHEMERAL_KEY} ] && [ -f ${EPHEMERAL_CERT} ]; then
10 |     find ${MODULE_DIR} -type f -name \*.ko | while read MODULE; do
11 |       echo "I: Signing ${MODULE} ..."
12 |       ${SIGN_FILE} sha512 ${EPHEMERAL_KEY} ${EPHEMERAL_CERT} ${MODULE}
13 |     done
14 | fi
15 | 
16 | 


--------------------------------------------------------------------------------
/scripts/package-build/ndppd/.gitignore:
--------------------------------------------------------------------------------
1 | /ndppd/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/ndppd/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/ndppd/package.toml:
--------------------------------------------------------------------------------
1 | [[packages]]
2 | name = "ndppd"
3 | commit_id = "debian/0.2.5-6"
4 | scm_url = "https://salsa.debian.org/debian/ndppd"
5 | 


--------------------------------------------------------------------------------
/scripts/package-build/ndppd/patches/ndppd/0001-skip-route-table-if-there-is-no-auto-rule.patch:
--------------------------------------------------------------------------------
 1 | From b148ba055245cec5007ee91dd3ffbfeb58d49c5a Mon Sep 17 00:00:00 2001
 2 | From: Henning Surmeier <me@hensur.de>
 3 | Date: Sun, 9 Jan 2022 20:35:15 +0100
 4 | Subject: [PATCH 1/2] skip route table if there is no auto rule
 5 | 
 6 | ---
 7 |  src/ndppd.cc | 3 ++-
 8 |  src/rule.cc  | 8 ++++++++
 9 |  src/rule.h   | 4 ++++
10 |  3 files changed, 14 insertions(+), 1 deletion(-)
11 | 
12 | diff --git a/src/ndppd.cc b/src/ndppd.cc
13 | index bec9656..b303721 100644
14 | --- a/src/ndppd.cc
15 | +++ b/src/ndppd.cc
16 | @@ -304,7 +304,8 @@ int main(int argc, char* argv[], char* env[])
17 |          t1.tv_sec  = t2.tv_sec;
18 |          t1.tv_usec = t2.tv_usec;
19 |  
20 | -        route::update(elapsed_time);
21 | +        if (rule::any_auto())
22 | +            route::update(elapsed_time);
23 |          session::update_all(elapsed_time);
24 |      }
25 |  
26 | diff --git a/src/rule.cc b/src/rule.cc
27 | index 9e72480..a1e8376 100644
28 | --- a/src/rule.cc
29 | +++ b/src/rule.cc
30 | @@ -24,6 +24,8 @@
31 |  
32 |  NDPPD_NS_BEGIN
33 |  
34 | +bool rule::_any_aut = false;
35 | +
36 |  rule::rule()
37 |  {
38 |  }
39 | @@ -49,6 +51,7 @@ ptr<rule> rule::create(const ptr<proxy>& pr, const address& addr, bool aut)
40 |      ru->_pr    = pr;
41 |      ru->_addr  = addr;
42 |      ru->_aut   = aut;
43 | +    _any_aut = _any_aut || aut;
44 |  
45 |      logger::debug()
46 |          << "rule::create() if=" << pr->ifa()->name().c_str() << ", addr=" << addr
47 | @@ -57,6 +60,11 @@ ptr<rule> rule::create(const ptr<proxy>& pr, const address& addr, bool aut)
48 |      return ru;
49 |  }
50 |  
51 | +bool rule::any_auto()
52 | +{
53 | +    return _any_aut;
54 | +}
55 | +
56 |  const address& rule::addr() const
57 |  {
58 |      return _addr;
59 | diff --git a/src/rule.h b/src/rule.h
60 | index 6663066..ca2aa36 100644
61 | --- a/src/rule.h
62 | +++ b/src/rule.h
63 | @@ -42,6 +42,8 @@ public:
64 |  
65 |      bool check(const address& addr) const;
66 |  
67 | +    static bool any_auto();
68 | +
69 |  private:
70 |      weak_ptr<rule> _ptr;
71 |  
72 | @@ -53,6 +55,8 @@ private:
73 |  
74 |      bool _aut;
75 |  
76 | +    static bool _any_aut;
77 | +
78 |      rule();
79 |  };
80 |  
81 | -- 
82 | 2.34.1
83 | 
84 | 


--------------------------------------------------------------------------------
/scripts/package-build/ndppd/patches/ndppd/0002-set-vyos-version.patch:
--------------------------------------------------------------------------------
 1 | From b0789cf679b0179d37e22f5a936af273d982abeb Mon Sep 17 00:00:00 2001
 2 | From: Henning Surmeier <me@hensur.de>
 3 | Date: Tue, 11 Jan 2022 13:05:47 +0100
 4 | Subject: [PATCH 2/2] set -vyos version
 5 | 
 6 | ---
 7 |  src/ndppd.h | 2 +-
 8 |  1 file changed, 1 insertion(+), 1 deletion(-)
 9 | 
10 | diff --git a/src/ndppd.h b/src/ndppd.h
11 | index 008726c..61ed950 100644
12 | --- a/src/ndppd.h
13 | +++ b/src/ndppd.h
14 | @@ -21,7 +21,7 @@
15 |  #define NDPPD_NS_BEGIN   namespace ndppd {
16 |  #define NDPPD_NS_END     }
17 |  
18 | -#define NDPPD_VERSION   "0.2.4"
19 | +#define NDPPD_VERSION   "0.2.5-vyos"
20 |  
21 |  #include <assert.h>
22 |  
23 | -- 
24 | 2.34.1
25 | 
26 | 


--------------------------------------------------------------------------------
/scripts/package-build/net-snmp/.gitignore:
--------------------------------------------------------------------------------
1 | /net-snmp/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/net-snmp/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/net-snmp/package.toml:
--------------------------------------------------------------------------------
1 | [[packages]]
2 | name = "net-snmp"
3 | commit_id = "debian/5.9.4+dfsg-1"
4 | scm_url = "https://salsa.debian.org/debian/net-snmp"
5 | build_cmd = "dpkg-buildpackage -us -uc -tc -b || true"
6 | 


--------------------------------------------------------------------------------
/scripts/package-build/netfilter/.gitignore:
--------------------------------------------------------------------------------
1 | /pkg-libnftnl/
2 | /pkg-nftables/
3 | 


--------------------------------------------------------------------------------
/scripts/package-build/netfilter/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/netfilter/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "pkg-libnftnl"
 3 | commit_id = "debian/1.2.6-2"
 4 | scm_url = "https://salsa.debian.org/pkg-netfilter-team/pkg-libnftnl.git"
 5 | 
 6 | [[packages]]
 7 | name = "pkg-nftables"
 8 | commit_id = "debian/1.0.9-1"
 9 | scm_url = "https://salsa.debian.org/pkg-netfilter-team/pkg-nftables.git"
10 | 
11 | build_cmd = """
12 | sudo dpkg -i ../libnftnl*.deb
13 | sudo mk-build-deps --install --tool 'apt-get --yes --no-install-recommends'
14 | dpkg-buildpackage -uc -us -tc -b
15 | """
16 | 


--------------------------------------------------------------------------------
/scripts/package-build/node_exporter/.gitignore:
--------------------------------------------------------------------------------
1 | node_exporter/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/node_exporter/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/node_exporter/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "node_exporter"
 3 | commit_id = "v1.9.1"
 4 | scm_url = "https://github.com/prometheus/node_exporter"
 5 | 
 6 | build_cmd = """
 7 | 
 8 | # Create the install directory
 9 | mkdir -p debian/usr/sbin
10 | make build
11 | 
12 | # Move the node_exporter binary to the install directory
13 | mv node_exporter debian/usr/sbin
14 | 
15 | # Build the Debian package
16 | fpm --input-type dir --output-type deb --name node-exporter \
17 |     --version $(git describe --tags --always | cut -c2-) --deb-compression gz \
18 |     --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
19 |     --description "Prometheus exporter for machine metrics" \
20 |     --license Apache-2.0 -C debian --package ..
21 | """
22 | 


--------------------------------------------------------------------------------
/scripts/package-build/openvpn-otp/.gitignore:
--------------------------------------------------------------------------------
1 | /openvpn-otp/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/openvpn-otp/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/openvpn-otp/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "openvpn-otp"
 3 | commit_id = "9781ff1"
 4 | scm_url = "https://github.com/evgeny-gridasov/openvpn-otp"
 5 | 
 6 | # build_cmd = "cd ..; ./build-openvpn-otp.sh"
 7 | build_cmd = """
 8 | ./autogen.sh
 9 | ./configure --prefix=/usr
10 | make
11 | mkdir -p usr/lib/openvpn
12 | cp src/.libs/openvpn-otp.so usr/lib/openvpn
13 | 
14 | fpm --input-type dir --output-type deb --name openvpn-otp \
15 |     --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
16 |     --description "OpenVPN OTP Authentication support." \
17 |     --depends openvpn --architecture $(dpkg --print-architecture) \
18 |     --version $(git describe --tags --always | cut -c2-) --deb-compression gz usr
19 | """
20 | 
21 | 
22 | [dependencies]
23 | packages = [
24 |   "debhelper",
25 |   "libssl-dev",
26 |   "openvpn"
27 | ]
28 | 


--------------------------------------------------------------------------------
/scripts/package-build/owamp/.gitignore:
--------------------------------------------------------------------------------
1 | /owamp/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/owamp/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/owamp/package.toml:
--------------------------------------------------------------------------------
1 | [[packages]]
2 | name = "owamp"
3 | commit_id = "v4.4.6"
4 | scm_url = "https://github.com/perfsonar/owamp"
5 | 


--------------------------------------------------------------------------------
/scripts/package-build/pmacct/.gitignore:
--------------------------------------------------------------------------------
1 | /pmacct/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/pmacct/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/pmacct/package.toml:
--------------------------------------------------------------------------------
1 | [[packages]]
2 | name = "pmacct"
3 | commit_id = "debian/1.7.7-1"
4 | scm_url = "https://salsa.debian.org/debian/pmacct.git"
5 | 


--------------------------------------------------------------------------------
/scripts/package-build/pmacct/patches/pmacct/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch:
--------------------------------------------------------------------------------
 1 | From 58900c9d0f98f224577c28dc2323061d33823f39 Mon Sep 17 00:00:00 2001
 2 | From: Paolo Lucente <pl+github@pmacct.net>
 3 | Date: Fri, 4 Mar 2022 22:07:29 +0000
 4 | Subject: [PATCH] * fix, pmacctd: SEGV when ICMP/ICMPv6 traffic was processed
 5 |  and 'flows' primitive was enabled. To address Issue #586
 6 | 
 7 | ---
 8 |  src/nl.c | 12 +++---------
 9 |  1 file changed, 3 insertions(+), 9 deletions(-)
10 | 
11 | diff --git a/src/nl.c b/src/nl.c
12 | index c42689ed..6a3da94b 100644
13 | --- a/src/nl.c
14 | +++ b/src/nl.c
15 | @@ -1,6 +1,6 @@
16 |  /*
17 |      pmacct (Promiscuous mode IP Accounting package)
18 | -    pmacct is Copyright (C) 2003-2021 by Paolo Lucente
19 | +    pmacct is Copyright (C) 2003-2022 by Paolo Lucente
20 |  */
21 |  
22 |  /*
23 | @@ -293,10 +293,7 @@ int ip_handler(register struct packet_ptrs *pptrs)
24 |        }
25 |      }
26 |      else {
27 | -      if (pptrs->l4_proto != IPPROTO_ICMP) {
28 | -        pptrs->tlh_ptr = dummy_tlhdr;
29 | -      }
30 | -
31 | +      pptrs->tlh_ptr = dummy_tlhdr;
32 |        if (off < caplen) pptrs->payload_ptr = ptr;
33 |      }
34 |  
35 | @@ -479,10 +476,7 @@ int ip6_handler(register struct packet_ptrs *pptrs)
36 |        }
37 |      }
38 |      else {
39 | -      if (pptrs->l4_proto != IPPROTO_ICMPV6) {
40 | -        pptrs->tlh_ptr = dummy_tlhdr;
41 | -      }
42 | -
43 | +      pptrs->tlh_ptr = dummy_tlhdr;
44 |        if (off < caplen) pptrs->payload_ptr = ptr;
45 |      }
46 |  
47 | -- 
48 | 2.34.1
49 | 
50 | 


--------------------------------------------------------------------------------
/scripts/package-build/podman/.gitignore:
--------------------------------------------------------------------------------
1 | /podman/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/podman/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/podman/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "podman"
 3 | commit_id = "v4.9.5"
 4 | scm_url = "https://github.com/containers/podman"
 5 | 
 6 | #build_cmd = "cd ..; ./build.sh"
 7 | build_cmd = """
 8 | make install.tools
 9 | make podman-release
10 | 
11 | tar xf podman-release-$(dpkg --print-architecture).tar.gz
12 | VERSION=$(ls -d podman-v* | cut -c9-)
13 | 
14 | fpm --input-type dir --output-type deb --name podman \
15 |     --version $VERSION --deb-compression gz \
16 |     --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
17 |     --description "Engine to run OCI-based containers in Pods" \
18 |     --depends conmon --depends crun --depends netavark --depends libgpgme11 \
19 |     --depends fuse-overlayfs --depends golang-github-containers-common \
20 |     --license "Apache License 2.0" -C podman-v$VERSION --package ..
21 | """
22 | 
23 | [dependencies]
24 | packages = [
25 |     "libseccomp-dev",
26 |     "libgpgme-dev"
27 | ]
28 | 


--------------------------------------------------------------------------------
/scripts/package-build/pyhumps/.gitignore:
--------------------------------------------------------------------------------
1 | /humps/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/pyhumps/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/pyhumps/package.toml:
--------------------------------------------------------------------------------
1 | [[packages]]
2 | name = "humps"
3 | commit_id = "v3.8.0"
4 | scm_url = "https://github.com/nficano/humps.git"
5 | build_cmd = "python3 setup.py --command-packages=stdeb.command bdist_deb; cp deb_dist/*.deb .."
6 | 


--------------------------------------------------------------------------------
/scripts/package-build/radvd/.gitignore:
--------------------------------------------------------------------------------
1 | /radvd/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/radvd/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/radvd/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "radvd"
 3 | commit_id = "v2.20"
 4 | scm_url = "https://github.com/radvd-project/radvd"
 5 | 
 6 | #build_cmd = "cd ..; ./build.sh"
 7 | build_cmd = """
 8 | ./autogen.sh
 9 | ./configure
10 | make
11 | 
12 | install --directory debian/lib/systemd/system debian/usr/sbin
13 | install --mode 0644 radvd.service debian/lib/systemd/system
14 | install --strip --mode 0755 radvd debian/usr/sbin
15 | 
16 | # Version' field value 'v0.14-20-g613277f': version number does not start with digit
17 | # "cut" first character from version string
18 | fpm --input-type dir --output-type deb --name radvd \
19 |     --version $(git describe --always | cut -c2- | tr _ -) --deb-compression gz \
20 |     --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \
21 |     --description "RADVD router advertisement daemon" \
22 |     --license "RADVD" -C debian --package ..
23 | """
24 | 


--------------------------------------------------------------------------------
/scripts/package-build/strongswan/.gitignore:
--------------------------------------------------------------------------------
1 | /strongswan/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/strongswan/build-vici.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | CWD=$(pwd)
 3 | set -e
 4 | 
 5 | SRC="strongswan/src/libcharon/plugins/vici/python"
 6 | if [ ! -d ${SRC} ]; then
 7 |     echo "Source directory does not exist, please 'git clone'"
 8 |     exit 1
 9 | fi
10 | 
11 | cd ${SRC}
12 | 
13 | mkdir -p debian
14 | 
15 | # Create control file
16 | echo "I: create $SRC/debian/control"
17 | cat <<EOF > debian/control
18 | Source: strongswan
19 | Section: python
20 | Priority: optional
21 | Maintainer: VyOS Package Maintainers <maintainers@vyos.net>
22 | Build-Depends: debhelper (>= 9), python3, python3-setuptools
23 | Standards-Version: 3.9.6
24 | 
25 | Package: python3-vici
26 | Architecture: all
27 | Depends: \${misc:Depends}, \${python3:Depends}
28 | Description: Native Python interface for strongSwan's VICI protocol
29 | EOF
30 | 
31 | # Create rules file
32 | echo "I: create $SRC/debian/rules"
33 | cat <<EOF > debian/rules
34 | #!/usr/bin/make -f
35 | 
36 | %:
37 | 	dh \$@ --with python3
38 | EOF
39 | chmod +x debian/rules
40 | 
41 | echo '10' > debian/compat
42 | 
43 | # Add the 'install' file to copy the vici package to the correct directory
44 | echo "I: create $SRC/debian/install"
45 | cat <<EOF > debian/install
46 | vici /usr/lib/python3/dist-packages/
47 | EOF
48 | 
49 | # Copy changelog
50 | cp ../../../../../debian/changelog debian/
51 | 
52 | # Build the package
53 | echo "I: Build Debian Package"
54 | dpkg-buildpackage -uc -us -tc -b -d
55 | 
56 | # Copy the resulting .deb packages
57 | echo "I: copy packages"
58 | cp ../*.deb ../../../../../../
59 | 


--------------------------------------------------------------------------------
/scripts/package-build/strongswan/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/strongswan/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "strongswan"
 3 | commit_id = "debian/5.9.11-2"
 4 | scm_url = "https://salsa.debian.org/debian/strongswan.git"
 5 | 
 6 | # build_cmd = "cd ..; yes | ./build.sh; ./build-vici.sh"
 7 | build_cmd = """
 8 | export DEBEMAIL="maintainers@vyos.net"
 9 | export DEBFULLNAME="VyOS Package Maintainers"
10 | 
11 | dch -v "5.9.11-2+vyos0" "Patchset for DMVPN support" -b
12 | dpkg-buildpackage -uc -us -tc -b -d
13 | cd ..; ./build-vici.sh
14 | """
15 | 
16 | [dependencies]
17 | packages = [
18 |     "bison",
19 |     "bzip2",
20 |     "debhelper-compat",
21 |     "dh-apparmor",
22 |     "dpkg-dev",
23 |     "flex",
24 |     "gperf",
25 |     "libiptc-dev",
26 |     "libcap-dev",
27 |     "libcurl3-dev",
28 |     "libgcrypt20-dev",
29 |     "libgmp3-dev",
30 |     "libkrb5-dev",
31 |     "libldap2-dev",
32 |     "libnm-dev",
33 |     "libpam0g-dev",
34 |     "libsqlite3-dev",
35 |     "libssl-dev",
36 |     "libsystemd-dev",
37 |     "libtool",
38 |     "libtss2-dev",
39 |     "libxml2-dev",
40 |     "pkg-config",
41 |     "po-debconf",
42 |     "systemd",
43 |     "libsystemd-dev",
44 |     "tzdata"
45 | ]
46 | 


--------------------------------------------------------------------------------
/scripts/package-build/tacacs/.gitignore:
--------------------------------------------------------------------------------
1 | /libnss-tacplus/
2 | /libpam-tacplus/
3 | /libtacplus-map/
4 | 


--------------------------------------------------------------------------------
/scripts/package-build/tacacs/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/tacacs/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "libtacplus-map"
 3 | commit_id = "master"
 4 | scm_url = "https://github.com/vyos/libtacplus-map.git"
 5 | build_cmd = "dpkg-buildpackage -us -uc -tc -b"
 6 | 
 7 | [[packages]]
 8 | name = "libpam-tacplus"
 9 | commit_id = "master"
10 | scm_url = "https://github.com/vyos/libpam-tacplus.git"
11 | build_cmd = "sudo dpkg -i ../libtacplus-map*.deb; dpkg-buildpackage -us -uc -tc -b"
12 | 
13 | [[packages]]
14 | name = "libnss-tacplus"
15 | commit_id = "master"
16 | scm_url = "https://github.com/vyos/libnss-tacplus.git"
17 | build_cmd = "sudo dpkg -i ../libtac*.deb ../libpam-tacplus*.deb; dpkg-buildpackage -us -uc -tc -b"
18 | 
19 | [dependencies]
20 | packages = [
21 |     "libpam-dev",
22 |     "autoconf-archive",
23 |     "libaudit-dev"
24 | ]
25 | 


--------------------------------------------------------------------------------
/scripts/package-build/telegraf/.gitignore:
--------------------------------------------------------------------------------
1 | /telegraf/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/telegraf/README.md:
--------------------------------------------------------------------------------
1 | # build
2 | ```
3 | python3 build.py
4 | ```
5 | 


--------------------------------------------------------------------------------
/scripts/package-build/telegraf/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/telegraf/build.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | CWD=$(pwd)
 3 | set -e
 4 | 
 5 | BUILD_ARCH=$(dpkg-architecture -qDEB_TARGET_ARCH)
 6 | 
 7 | SRC=telegraf
 8 | if [ ! -d ${SRC} ]; then
 9 |     echo "Source directory does not exists, please 'git clone'"
10 |     exit 1
11 | fi
12 | 
13 | PLUGIN_DIR=${CWD}/plugins
14 | 
15 | echo "I: Selecting Input plugins"
16 | cp ${PLUGIN_DIR}/inputs/all/all.go ${SRC}/plugins/inputs/all/all.go
17 | 
18 | echo "I: Selecting Output plugins"
19 | cp ${PLUGIN_DIR}/outputs/all/all.go ${SRC}/plugins/outputs/all/all.go
20 | 
21 | echo "I: Build Debian ${BUILD_ARCH} package"
22 | cd ${SRC}
23 | export PATH=/opt/go/bin:$PATH
24 | 
25 | # Generate default telegraf config
26 | go run ./cmd/telegraf config > etc/telegraf.conf
27 | LDFLAGS=-w make "${BUILD_ARCH}.deb"
28 | 


--------------------------------------------------------------------------------
/scripts/package-build/telegraf/package.toml:
--------------------------------------------------------------------------------
1 | [[packages]]
2 | name = "telegraf"
3 | commit_id = "v1.28.3"
4 | scm_url = "https://github.com/influxdata/telegraf.git"
5 | build_cmd = "cd ..; ./build.sh; cp telegraf/build/dist/*.deb ."
6 | 


--------------------------------------------------------------------------------
/scripts/package-build/telegraf/plugins/outputs/all/all.go:
--------------------------------------------------------------------------------
 1 | package all
 2 | 
 3 | import (
 4 | 	//Blank imports for plugins to register themselves
 5 | 	_ "github.com/influxdata/telegraf/plugins/outputs/azure_data_explorer"
 6 | 	_ "github.com/influxdata/telegraf/plugins/outputs/http"
 7 | 	_ "github.com/influxdata/telegraf/plugins/outputs/influxdb_v2"
 8 | 	_ "github.com/influxdata/telegraf/plugins/outputs/prometheus_client"
 9 | )
10 | 


--------------------------------------------------------------------------------
/scripts/package-build/udp-broadcast-relay/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/udp-broadcast-relay/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "udp-broadcast-relay"
 3 | commit_id = "9a0f13b4b5938bfe0af0d0d4e99dfc127c068e28"
 4 | scm_url = "https://github.com/nomeata/udp-broadcast-relay"
 5 | 
 6 | apply_patches = false
 7 | 
 8 | build_cmd = """
 9 | for patch in ../patches/udp-broadcast-relay/*.patch; do
10 |     echo "I: build_cmd applying patch $patch..."
11 |     git -c user.email=maintainers@vyos.net -c user.name=vyos am "$patch" || { echo "Failed to apply patch $patch"; exit 1; }
12 | done
13 | 
14 | dpkg-buildpackage -uc -us -tc -b -d
15 | """
16 | 
17 | [dependencies]
18 | packages = [
19 |     "debhelper-compat",
20 |     "dpkg-dev",
21 | ]
22 | 


--------------------------------------------------------------------------------
/scripts/package-build/vpp/.gitignore:
--------------------------------------------------------------------------------
1 | /vpp/
2 | /vyos-vpp-patches/
3 | 


--------------------------------------------------------------------------------
/scripts/package-build/vpp/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/vpp/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "vyos-vpp-patches"
 3 | commit_id = "current"
 4 | scm_url = "https://github.com/vyos/vyos-vpp-patches"
 5 | build_cmd = "/bin/true"
 6 | apply_patches = false
 7 | 
 8 | [[packages]]
 9 | name = "vpp"
10 | commit_id = "stable/2410"
11 | scm_url = "https://github.com/FDio/vpp"
12 | # Skip apply patches by build.py as we use them in build_cmd
13 | apply_patches = false
14 | 
15 | pre_build_hook = """
16 | mkdir -p ../patches/vpp/
17 | rsync -av ../vyos-vpp-patches/patches/vpp/ ../patches/vpp/
18 | """
19 | 
20 | build_cmd = """
21 | # Patches for vpp should applied here
22 | for patch in ../patches/vpp/*.patch; do
23 |     echo "I: build_cmd applying patch $patch..."
24 |     git -c user.email=maintainers@vyos.net -c user.name=vyos am "$patch" || { echo "Failed to apply patch $patch"; exit 1; }
25 | done
26 | 
27 | make UNATTENDED=yes install-dep
28 | make pkg-deb
29 | cp build-root/*.deb ../
30 | """
31 | 
32 | [dependencies]
33 | packages = [
34 |     "llvm"
35 | ]
36 | 


--------------------------------------------------------------------------------
/scripts/package-build/vyos-1x/.gitignore:
--------------------------------------------------------------------------------
1 | /vyos-1x/
2 | /vyos-vpp/
3 | 


--------------------------------------------------------------------------------
/scripts/package-build/vyos-1x/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/vyos-1x/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "vyos-vpp"
 3 | commit_id = "current"
 4 | scm_url = "https://github.com/vyos/vyos-vpp.git"
 5 | build_cmd = "/bin/true"
 6 | 
 7 | [[packages]]
 8 | name = "vyos-1x"
 9 | commit_id = "current"
10 | scm_url = "https://github.com/vyos/vyos-1x.git"
11 | build_cmd = "rsync -av --exclude='.git' --exclude='.github' --exclude='README*' --exclude='LICENSE' --exclude='*.md' ../vyos-vpp/ ./; dpkg-buildpackage -us -uc -F"
12 | 


--------------------------------------------------------------------------------
/scripts/package-build/waagent/.gitignore:
--------------------------------------------------------------------------------
1 | /waagent/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/waagent/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/waagent/package.toml:
--------------------------------------------------------------------------------
1 | [[packages]]
2 | name = "waagent"
3 | commit_id = "debian/2.9.1.1-2"
4 | scm_url = "https://salsa.debian.org/cloud-team/waagent.git"
5 | 
6 | [dependencies]
7 | packages = ["dpkg-source-gitarchive"]
8 | 


--------------------------------------------------------------------------------
/scripts/package-build/wide-dhcpv6/.gitignore:
--------------------------------------------------------------------------------
1 | /wide-dhcpv6/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/wide-dhcpv6/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/wide-dhcpv6/package.toml:
--------------------------------------------------------------------------------
1 | [[packages]]
2 | name = "wide-dhcpv6"
3 | commit_id = "debian/20080615-23"
4 | scm_url = "https://salsa.debian.org/debian/wide-dhcpv6"
5 | 


--------------------------------------------------------------------------------
/scripts/package-build/wide-dhcpv6/patches/wide-dhcpv6/0024-bind-to-single-socket.patch:
--------------------------------------------------------------------------------
 1 | diff --git a/dhcp6c.c b/dhcp6c.c
 2 | index 1caaaa5..04ce9c5 100644
 3 | --- a/dhcp6c.c
 4 | +++ b/dhcp6c.c
 5 | @@ -217,6 +217,12 @@ main(argc, argv)
 6 |  			    argv[0]);
 7 |  			exit(1);
 8 |  		}
 9 | +
10 | +        if (setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, argv[0], strlen(argv[0])) != 0) {
11 | +            debug_printf(LOG_ERR, FNAME, "failed to bind %s", argv[0]);
12 | +            exit(1);
13 | +        }
14 | +
15 |  		argv++;
16 |  	}
17 |  
18 | 


--------------------------------------------------------------------------------
/scripts/package-build/xen-guest-agent/.gitignore:
--------------------------------------------------------------------------------
1 | /xen-guest-agent/
2 | 


--------------------------------------------------------------------------------
/scripts/package-build/xen-guest-agent/build.py:
--------------------------------------------------------------------------------
1 | ../build.py


--------------------------------------------------------------------------------
/scripts/package-build/xen-guest-agent/package.toml:
--------------------------------------------------------------------------------
 1 | [[packages]]
 2 | name = "xen-guest-agent"
 3 | commit_id = "0.4.0"
 4 | scm_url = "https://gitlab.com/xen-project/xen-guest-agent"
 5 | 
 6 | 
 7 | build_cmd = """
 8 | # changelog
 9 | cat <<EOF > debian/changelog
10 | xen-guest-agent (0.4.0) UNRELEASED; urgency=medium
11 | 
12 |   * Upstream package
13 | 
14 |  -- VyOS Maintainers <maintainers@vyos.io>  Thu, 26 Sep 2024 12:35:47 +0000
15 | 
16 | EOF
17 | 
18 | # Apply the patch to modify the debian/rules file
19 | sed -i 's|../xen-guest-agent-$(UPSTREAM_VERSION)-linux-$(DEB_TARGET_GNU_CPU)|target/release/xen-guest-agent|' debian/rules
20 | 
21 | sudo apt-get -y install --no-install-recommends libclang-dev libxen-dev
22 | # Install rust
23 | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain stable --profile default --no-modify-path
24 | 
25 | # Set PATH for Cargo
26 | export PATH="$HOME/.cargo/bin:$PATH"
27 | rustup update
28 | cd xen-guest-agent
29 | cargo update
30 | 
31 | # Build deb
32 | cargo build -F static --profile release
33 | dpkg-buildpackage -b -us -uc
34 | """
35 | 


--------------------------------------------------------------------------------
/scripts/utils/merge-flavors:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | #
 3 | # Copyright (C) 2024 VyOS maintainers and contributors
 4 | #
 5 | # This program is free software; you can redistribute it and/or modify
 6 | # it under the terms of the GNU General Public License version 2 or later as
 7 | # published by the Free Software Foundation.
 8 | #
 9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 | # GNU General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program.  If not, see <http://www.gnu.org/licenses/>.
16 | #
17 | # Purpose: merges multiple flavor files into one
18 | 
19 | import sys
20 | 
21 | import tomli
22 | import tomli_w
23 | 
24 | def load_flavor(file_path):
25 |     with open(file_path, 'rb') as f:
26 |         flavor_def = tomli.load(f)
27 | 
28 |     return flavor_def
29 | 
30 | # XXX: at the moment, this script is only used
31 | # to produce a meta-flavor for collecting packages
32 | # used in multiple flavors,
33 | # so it ignores all other flavor fields for now
34 | def merge_flavors(l, r):
35 |     if 'packages' in r:
36 |         l['packages'] += r['packages']
37 | 
38 |     for arch in r.get('architectures', []):
39 |         if arch not in l['architectures']:
40 |             l['architectures'][arch] = {}
41 | 
42 |         if 'packages' not in l['architectures'][arch]:
43 |             l['architectures'][arch]['packages'] = []
44 | 
45 |         if 'packages' in r['architectures'][arch]:
46 |             l['architectures'][arch]['packages'] += \
47 |               r['architectures'][arch]['packages']
48 | 
49 |     return l
50 | 
51 | if __name__ == '__main__':
52 |     if len(sys.argv) < 3:
53 |         print("Please specify a base flavor and a list of flavor files to merge!")
54 |         sys.exit(1)
55 | 
56 |     base_flavor = load_flavor(sys.argv[1])
57 | 
58 |     if 'architectures' not in base_flavor:
59 |         base_flavor['architectures'] = {}
60 | 
61 |     if 'packages' not in base_flavor:
62 |         base_flavor['packages'] = []
63 | 
64 |     flavor_files = sys.argv[2:]
65 |     flavor_defs = map(load_flavor, flavor_files)
66 | 
67 |     for fd in flavor_defs:
68 |         merge_flavors(base_flavor, fd)
69 | 
70 |     base_flavor['packages'] = list(set(base_flavor['packages']))
71 |     for arch in base_flavor.get('architectures'):
72 |         if 'packages' in base_flavor['architectures'][arch]:
73 |             base_flavor['architectures'][arch]['packages'] = \
74 |               list(set(base_flavor['architectures'][arch]['packages']))
75 | 
76 |     print(tomli_w.dumps(base_flavor))
77 | 


--------------------------------------------------------------------------------
/tools/cloud-init/AWS/90_dpkg.cfg:
--------------------------------------------------------------------------------
1 | # to update this file, run dpkg-reconfigure cloud-init
2 | datasource_list: [ Ec2 ]
3 | 


--------------------------------------------------------------------------------
/tools/cloud-init/AWS/cloud-init.list.chroot:
--------------------------------------------------------------------------------
1 | cloud-init
2 | awscli
3 | 


--------------------------------------------------------------------------------
/tools/cloud-init/AWS/config.boot.default:
--------------------------------------------------------------------------------
 1 | system {
 2 |     host-name vyos
 3 |     login {
 4 |         user vyos {
 5 |             authentication {
 6 |                 encrypted-password "*"
 7 |                 plaintext-password ""
 8 |             }
 9 |             level admin
10 |         }
11 |     }
12 |     option {
13 |         reboot-on-upgrade-failure 5
14 |     }
15 |     syslog {
16 |         local {
17 |             facility all {
18 |                 level info
19 |             }
20 |             facility protocols {
21 |                 level debug
22 |             }
23 |         }
24 |     }
25 |     ntp {
26 |         server "time1.vyos.net"
27 |         server "time2.vyos.net"
28 |         server "time3.vyos.net"
29 |     }
30 |     console {
31 |         device ttyS0 {
32 |             speed 115200
33 |         }
34 |     }
35 |     config-management {
36 |         commit-revisions 100
37 |     }
38 | }
39 | 
40 | interfaces {
41 |     loopback lo {
42 |     }
43 | }
44 | 


--------------------------------------------------------------------------------
/tools/container/config.boot.default:
--------------------------------------------------------------------------------
 1 | system {
 2 |     host-name vyos
 3 |     login {
 4 |         user vyos {
 5 |             authentication {
 6 |                 encrypted-password "*"
 7 |                 plaintext-password ""
 8 |             }
 9 |             level admin
10 |         }
11 |     }
12 |     syslog {
13 |         local {
14 |             facility all {
15 |                 level info
16 |             }
17 |             facility protocols {
18 |                 level debug
19 |             }
20 |         }
21 |     }
22 |     ntp {
23 |         server "time1.vyos.net"
24 |         server "time2.vyos.net"
25 |         server "time3.vyos.net"
26 |     }
27 |     console {
28 |         device ttyS0 {
29 |             speed 115200
30 |         }
31 |     }
32 |     config-management {
33 |         commit-revisions 100
34 |     }
35 | }
36 | 
37 | interfaces {
38 |     loopback lo {
39 |     }
40 | }
41 | 


--------------------------------------------------------------------------------