Merge branch 'testing-buster'
Use Debian buster as base image for the testing environment.
This commit is contained in:
commit
565f022b5a
|
@ -598,6 +598,12 @@ INSERT INTO products ( /* 100 */
|
|||
'Debian 9.7 x86_64'
|
||||
);
|
||||
|
||||
INSERT INTO products ( /* 101 */
|
||||
name
|
||||
) VALUES (
|
||||
'Debian 10.5 x86_64'
|
||||
);
|
||||
|
||||
/* Directories */
|
||||
|
||||
INSERT INTO directories ( /* 1 */
|
||||
|
@ -1312,6 +1318,12 @@ INSERT INTO groups_product_defaults (
|
|||
5, 100
|
||||
);
|
||||
|
||||
INSERT INTO groups_product_defaults (
|
||||
group_id, product_id
|
||||
) VALUES (
|
||||
5, 101
|
||||
);
|
||||
|
||||
INSERT INTO groups_product_defaults (
|
||||
group_id, product_id
|
||||
) VALUES (
|
||||
|
|
|
@ -595,6 +595,8 @@ static char *whitelist[] = {
|
|||
"RAND_DRBG_get0_master",
|
||||
"RAND_DRBG_get0_private",
|
||||
"RAND_DRBG_get0_public",
|
||||
/* We get this via libcurl and OpenSSL 1.1.1 */
|
||||
"CRYPTO_get_ex_new_index",
|
||||
/* OpenSSL libssl */
|
||||
"SSL_COMP_get_compression_methods",
|
||||
/* NSPR */
|
||||
|
@ -622,6 +624,7 @@ static char *whitelist[] = {
|
|||
"system__tasking__initialize",
|
||||
"system__tasking__initialization__abort_defer",
|
||||
"system__tasking__stages__create_task",
|
||||
"system__task_primitives__operations__register_foreign_thread__2",
|
||||
/* in case external threads call into our code */
|
||||
"thread_current_id",
|
||||
/* FHH IMCs and IMVs */
|
||||
|
|
|
@ -1660,7 +1660,12 @@ CONFIG_DEVKMEM=y
|
|||
CONFIG_HVC_DRIVER=y
|
||||
CONFIG_VIRTIO_CONSOLE=y
|
||||
# CONFIG_IPMI_HANDLER is not set
|
||||
# CONFIG_HW_RANDOM is not set
|
||||
CONFIG_HW_RANDOM=y
|
||||
# CONFIG_HW_RANDOM_TIMERIOMEM is not set
|
||||
CONFIG_HW_RANDOM_INTEL=y
|
||||
CONFIG_HW_RANDOM_AMD=y
|
||||
# CONFIG_HW_RANDOM_VIA is not set
|
||||
CONFIG_HW_RANDOM_VIRTIO=y
|
||||
# CONFIG_NVRAM is not set
|
||||
# CONFIG_APPLICOM is not set
|
||||
# CONFIG_MWAVE is not set
|
||||
|
|
|
@ -1627,7 +1627,12 @@ CONFIG_DEVKMEM=y
|
|||
CONFIG_HVC_DRIVER=y
|
||||
CONFIG_VIRTIO_CONSOLE=y
|
||||
# CONFIG_IPMI_HANDLER is not set
|
||||
# CONFIG_HW_RANDOM is not set
|
||||
CONFIG_HW_RANDOM=y
|
||||
# CONFIG_HW_RANDOM_TIMERIOMEM is not set
|
||||
CONFIG_HW_RANDOM_INTEL=y
|
||||
CONFIG_HW_RANDOM_AMD=y
|
||||
# CONFIG_HW_RANDOM_VIA is not set
|
||||
CONFIG_HW_RANDOM_VIRTIO=y
|
||||
# CONFIG_NVRAM is not set
|
||||
# CONFIG_APPLICOM is not set
|
||||
# CONFIG_MWAVE is not set
|
||||
|
|
|
@ -1641,7 +1641,12 @@ CONFIG_HVC_DRIVER=y
|
|||
# CONFIG_SERIAL_DEV_BUS is not set
|
||||
CONFIG_VIRTIO_CONSOLE=y
|
||||
# CONFIG_IPMI_HANDLER is not set
|
||||
# CONFIG_HW_RANDOM is not set
|
||||
CONFIG_HW_RANDOM=y
|
||||
# CONFIG_HW_RANDOM_TIMERIOMEM is not set
|
||||
CONFIG_HW_RANDOM_INTEL=y
|
||||
CONFIG_HW_RANDOM_AMD=y
|
||||
# CONFIG_HW_RANDOM_VIA is not set
|
||||
CONFIG_HW_RANDOM_VIRTIO=y
|
||||
# CONFIG_APPLICOM is not set
|
||||
# CONFIG_MWAVE is not set
|
||||
CONFIG_DEVMEM=y
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -68,5 +68,8 @@
|
|||
<memballoon model='virtio'>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
|
||||
</memballoon>
|
||||
<rng model='virtio'>
|
||||
<backend model='random'>/dev/urandom</backend>
|
||||
</rng>
|
||||
</devices>
|
||||
</domain>
|
||||
|
|
|
@ -61,5 +61,8 @@
|
|||
<memballoon model='virtio'>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
|
||||
</memballoon>
|
||||
<rng model='virtio'>
|
||||
<backend model='random'>/dev/urandom</backend>
|
||||
</rng>
|
||||
</devices>
|
||||
</domain>
|
||||
|
|
|
@ -61,5 +61,8 @@
|
|||
<memballoon model='virtio'>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
|
||||
</memballoon>
|
||||
<rng model='virtio'>
|
||||
<backend model='random'>/dev/urandom</backend>
|
||||
</rng>
|
||||
</devices>
|
||||
</domain>
|
||||
|
|
|
@ -61,5 +61,8 @@
|
|||
<memballoon model='virtio'>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
|
||||
</memballoon>
|
||||
<rng model='virtio'>
|
||||
<backend model='random'>/dev/urandom</backend>
|
||||
</rng>
|
||||
</devices>
|
||||
</domain>
|
||||
|
|
|
@ -73,5 +73,8 @@
|
|||
<memballoon model='virtio'>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
|
||||
</memballoon>
|
||||
<rng model='virtio'>
|
||||
<backend model='random'>/dev/urandom</backend>
|
||||
</rng>
|
||||
</devices>
|
||||
</domain>
|
||||
|
|
|
@ -73,5 +73,8 @@
|
|||
<memballoon model='virtio'>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
|
||||
</memballoon>
|
||||
<rng model='virtio'>
|
||||
<backend model='random'>/dev/urandom</backend>
|
||||
</rng>
|
||||
</devices>
|
||||
</domain>
|
||||
|
|
|
@ -66,5 +66,8 @@
|
|||
<memballoon model='virtio'>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
|
||||
</memballoon>
|
||||
<rng model='virtio'>
|
||||
<backend model='random'>/dev/urandom</backend>
|
||||
</rng>
|
||||
</devices>
|
||||
</domain>
|
||||
|
|
|
@ -3,7 +3,6 @@ Protocol 2
|
|||
Ciphers aes128-gcm@openssh.com
|
||||
HostKey /etc/ssh/ssh_host_rsa_key
|
||||
HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||
UsePrivilegeSeparation no
|
||||
PermitRootLogin yes
|
||||
StrictModes no
|
||||
PubkeyAuthentication no
|
||||
|
|
|
@ -15,8 +15,8 @@ check_commands debootstrap mkfs.ext3 partprobe qemu-img qemu-nbd sfdisk
|
|||
INC=automake,autoconf,libtool,bison,flex,gperf,pkg-config,gettext,less,locales
|
||||
INC=$INC,build-essential,libgmp-dev,libldap2-dev,libcurl4-openssl-dev,ethtool
|
||||
INC=$INC,libxml2-dev,libtspi-dev,libsqlite3-dev,openssh-server,tcpdump,psmisc
|
||||
INC=$INC,openssl,vim,sqlite3,conntrack,gdb,cmake,libltdl-dev,liblog4cxx10-dev
|
||||
INC=$INC,libboost-thread-dev,libboost-system-dev,git-core,iperf,htop
|
||||
INC=$INC,openssl,vim,sqlite3,conntrack,gdb,cmake,libltdl-dev,wget,gnupg,man-db
|
||||
INC=$INC,libboost-thread-dev,libboost-system-dev,git,iperf,htop,valgrind,strace
|
||||
INC=$INC,gnat,gprbuild,acpid,acpi-support-base,libldns-dev,libunbound-dev
|
||||
INC=$INC,dnsutils,libsoup2.4-dev,ca-certificates,unzip,libsystemd-dev
|
||||
INC=$INC,python,python-setuptools,python-dev,python-pip,apt-transport-https
|
||||
|
@ -31,8 +31,13 @@ stretch)
|
|||
INC=$INC,libahven5-dev,libxmlada-schema6-dev,libgmpada6-dev
|
||||
INC=$INC,libalog2-dev
|
||||
;;
|
||||
buster)
|
||||
INC=$INC,libahven7-dev,libxmlada-schema8-dev,libgmpada8-dev
|
||||
INC=$INC,libalog4-dev,dbus-user-session
|
||||
;;
|
||||
*)
|
||||
echo_warn "Package list for '$BASEIMGSUITE' might has to be updated"
|
||||
;;
|
||||
esac
|
||||
SERVICES="apache2 dbus isc-dhcp-server slapd bind9 freeradius"
|
||||
INC=$INC,${SERVICES// /,}
|
||||
|
@ -130,5 +135,14 @@ do
|
|||
execute_chroot "systemctl disable $service"
|
||||
done
|
||||
|
||||
case "$BASEIMGSUITE" in
|
||||
buster)
|
||||
log_action "Switching from iptables-nft to iptables-legacy"
|
||||
execute_chroot "update-alternatives --set iptables /usr/sbin/iptables-legacy" 0
|
||||
execute_chroot "update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy" 0
|
||||
log_status 0
|
||||
;;
|
||||
esac
|
||||
|
||||
log_action "Disabling root password"
|
||||
execute_chroot "passwd -d root"
|
||||
|
|
|
@ -154,7 +154,7 @@ for host in $IPSECHOSTS
|
|||
do
|
||||
eval HOSTLOGIN=root@\$ipv4_${host}
|
||||
ssh $SSHCONF $HOSTLOGIN 'rm -f /var/log/auth.log /var/log/daemon.log; \
|
||||
kill -SIGHUP `cat /var/run/rsyslogd.pid`' > /dev/null 2>&1
|
||||
pkill -SIGHUP rsyslogd' > /dev/null 2>&1
|
||||
done
|
||||
|
||||
|
||||
|
@ -166,5 +166,5 @@ for host in $RADIUSHOSTS
|
|||
do
|
||||
eval HOSTLOGIN=root@\$ipv4_${host}
|
||||
ssh $SSHCONF $HOSTLOGIN 'rm -f /var/log/daemon.log /var/log/freeradius/radius.log; \
|
||||
kill -SIGHUP `cat /var/run/rsyslogd.pid`' > /dev/null 2>&1
|
||||
pkill -SIGHUP rsyslogd' > /dev/null 2>&1
|
||||
done
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
PKG = x509-ada
|
||||
SRC = http://git.codelabs.ch/git/$(PKG).git
|
||||
REV = caeea59c945945afd7dc092b37c85a9fef73a395
|
||||
REV = v0.1.2
|
||||
|
||||
PREFIX = /usr/local/ada
|
||||
|
||||
|
|
|
@ -106,7 +106,7 @@ CONFIG_OPTS = \
|
|||
--enable-systemd \
|
||||
--enable-counters \
|
||||
--enable-save-keys \
|
||||
--enable-python-eggs-install
|
||||
--enable-python-eggs
|
||||
|
||||
export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat
|
||||
|
||||
|
@ -126,6 +126,7 @@ build: configure
|
|||
cd $(BUILDDIR) && make -j $(NUM_CPUS)
|
||||
|
||||
install: build
|
||||
cd $(BUILDDIR) && make -j install
|
||||
cd $(BUILDDIR) && make -j install && \
|
||||
cd $(DIR)/src/libcharon/plugins/vici/python && python setup.py install
|
||||
# for Python-based updown scripts
|
||||
pip install python-daemon
|
||||
|
|
|
@ -15,7 +15,7 @@ $(PKG)-master: $(ZIP)
|
|||
|
||||
$(DEPS): $(PKG)-master
|
||||
mkdir -p $(DEPS)
|
||||
pip install --download $(DEPS) -r $(PKG)-master/requirements.txt
|
||||
pip download -d $(DEPS) -r $(PKG)-master/requirements.txt
|
||||
|
||||
install: $(DEPS)
|
||||
pip install --no-index --find-links=file://`pwd`/$(DEPS) -r $(PKG)-master/requirements.txt
|
||||
|
|
|
@ -48,8 +48,8 @@ fi
|
|||
|
||||
# Base image settings
|
||||
# The base image is a pristine OS installation created using debootstrap.
|
||||
: ${BASEIMGSIZE=1800}
|
||||
: ${BASEIMGSUITE=stretch}
|
||||
: ${BASEIMGSIZE=2500}
|
||||
: ${BASEIMGSUITE=buster}
|
||||
: ${BASEIMGARCH=amd64}
|
||||
: ${BASEIMG=$IMGDIR/debian-$BASEIMGSUITE-$BASEIMGARCH.$IMGEXT}
|
||||
: ${BASEIMGMIRROR=http://http.debian.net/debian}
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
sun::cat /var/log/daemon.log::charon-updown.*connected to charon-systemd::YES
|
||||
moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::gw.*version=2 state=ESTABLISHED local-host=PH_IP_MOON local-port=4500 local-id=moon.strongswan.org remote-host=PH_IP_SUN remote-port=4500 remote-id=sun.strongswan.org.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*local-ts=\[10.1.0.10/32] remote-ts=\[10.2.0.0/16].*local-ts=\[10.1.0.20/32] remote-ts=\[10.2.0.0/16]::YES
|
||||
sun::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::gw.*version=2 state=ESTABLISHED local-host=PH_IP_SUN local-port=4500 local-id=sun.strongswan.org remote-host=PH_IP_MOON remote-port=4500 remote-id=moon.strongswan.org.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.10/32].*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.20/32]::YES
|
||||
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
|
||||
|
|
|
@ -6,6 +6,7 @@ import daemon
|
|||
import logging
|
||||
from logging.handlers import SysLogHandler
|
||||
import subprocess
|
||||
import resource
|
||||
|
||||
|
||||
logger = logging.getLogger('updownLogger')
|
||||
|
@ -54,6 +55,13 @@ def install_routes(ike_sa):
|
|||
subprocess.call(["ip", "route", "add", ts, "dev", ifname_out])
|
||||
|
||||
|
||||
# the hard limit (second number) is the value used by python-daemon when closing
|
||||
# potentially open file descriptors while daemonizing. since the default is
|
||||
# 524288 on newer systems, this can take quite a while, and due to how this
|
||||
# range of FDs is handled internally (as set) it can even trigger the OOM killer
|
||||
resource.setrlimit(resource.RLIMIT_NOFILE, (256, 256))
|
||||
|
||||
|
||||
# daemonize and run parallel to the IKE daemon
|
||||
with daemon.DaemonContext():
|
||||
logger.debug("starting Python updown listener")
|
||||
|
|
Loading…
Reference in New Issue