Also packages isaset and isadump for x86 target only:
isadump:
Is a small helper program to examine registers visible through the ISA bus.
isaset:
Is a small helper program to set registers visible through the ISA bus.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
GNUnet 0.25 dropped the autotools based build system and now requires
being built with Meson. As expected there are some cross-compiling
related issues which have been fixed using downstream patches by now.
v0.25.1:
- transport: hotfix incorrect communicator key derivations
- tests: make failing tests work again
- util: Change to assigned HPKE codepoint for DHKEM+Elligator. See https://www.iana.org/assignments/hpke/
- fs: service failed to start because of PILS addition
v0.25.0:
- util: Removed authkem from HPKE implementation as it is going to be removed from the RFC9180bis spec and is unused in GNUnet anyway.
- core: New AKE implementation.
- pils: New service.
- gns: Various improvements to performance and DNS migration tooling.
- build: Retired autotools.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The gperftools and vectorscan packages have been simplified by removing
their -runtime and -headers splits. Update snort3 to use the new package
names.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
The vectorscan-headers package installed headers to the target device,
but headers are only needed during the build process (via Build/InstallDev).
- Rename vectorscan-runtime to vectorscan to simplify things
- Add ABI_VERSION:=5 to track library soname versioning
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
The gperftools-headers package installed headers to the target device,
but headers are only needed during the build process (via Build/InstallDev).
- Remove gperftools-headers package
- Rename gperftools-runtime to gperftools
- Add ABI_VERSION for tracking ABI changes
While looking for e.g. on repology, there is only gperftools package [1]
and not gperftools-runtime and gperftools-headers.
[1] https://repology.org/project/gperftools/versions
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* bugfix: remove IPKG_INSTROOT check
* bugfix: do not attempt to download config update if package is disabled
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Makefile:
* stop shipping/dealing with the firewall hotplug (obsolete)
* install a third user-script (dnsprefetch) by @betonmischer
Config:
* remove obsolete options
* include the new user script
Init-script:
* start much earlier so that on boot, the procd_add_raw_trigger works on all systems
* create a ubus() helper function so that service delete does not produce "Command not found"
* rename options to better reflect their function:
* procd_lan_device to lan_device
* procd_wan_interface to uplink_interface
* procd_wan6_interface to uplink_interface6
* procd_wan6_metric to uplink_interface6_metric
* wan_ip_rules_priority to uplink_ip_rules_priority
* wan_mark to uplink_mark
* visually separate run-time variables from variables loaded from config options
* use ${IPKG_INSTROOT} when sourcing files
* fix typo in str_to_dnsmasq_nftset()
* use pidof to kill dnsmasq in dnsmasq_kill()
* add helper function uci_add_list_if_new()
* add helper function uci_changes()
* add helper function ubus() so that service delete does not produce "Command not found"
* implement the dnsmasq features check similar to dnsmasq init script
* add get_url() function similar to luci package
* add/modify error and warning messages
* change how mktemp is used for more reliable file creation
* unset non-true boolean package config options on load for easier checks later
* improve handling of nft/nft set options
* fewer calls to resolver() and resolver() optimization to speed up the service
* use softlinks instead of duplicating dnsmasq nftset files into each instance
* prevent duplication of dnsmasq nftset elements
* option to target a specific dest dns port in DNS policies
* bugfix: more reliable interface reloads
* display README links to errors/warnings sections if any errors/warnings discovered
Uci-defaults:
* transition from old options to new ones
Signed-off-by: Stan Grishin <stangri@melmac.ca>
This fixes version detection issues when other packages (like snort3)
try to find the tcmalloc library using CMake's find_package(). Without
the headers in the staging directory, CMake cannot read the version
information from tcmalloc.h, resulting in empty version strings.
Fixes:
Found TCMalloc: /builder/staging_dir/target-x86_64_musl/usr/lib/libtcmalloc.so (found version "")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This simplifies checks enabling/disabling features, if packages are present
instead of having checks for specific architectures.
TCMALLOC_LIBRARIES is removed as it's auto-detected, unlike vectorscan
which requires explicit HS_INCLUDE_DIRS.
Fixes: 126364e105 ("snort3: refactor architecture-specific dependencies and CMake options")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Makefile:
* update to latest upstream: 7b27ecd559
* update version, release
* drop CONFIGURE_ARGS as the build is curl-independent
* update the link to the documentation
README:
* add small README with the link to documentation
Config:
* rename procd_fw_src_interfaces to force_dns_src_interface to better reflect meaning
* add heartbeat_domain, heartbeat_sleep_timeout, heartbeat_wait_timeout options
* add default user, group and listen_addr options to the main config
* drop the user, group and listen_addr options from the instance configs
Init-script:
* start much earlier so that on boot, the procd_add_raw_trigger works on all systems
* create a ubus() helper function so that service delete does not produce "Command not found"
* new options handling where the global config options can be used for instance options
* some renaming of global/instance variables due to abovementioned redesign
* new open port detection, no longer relying on netstat
* new uci_changes() logic where it returns 0 or 1 instead of text
* new append_parm logic for not adding default value options to CLI
* new boolean options handling logic
* move config loading to load_package_config() function
* new logic for calling procd_set_config_changed firewall based solely on "$force_dns"
* source network.sh based on "${IPKG_INSTROOT}" path
* rename procd_fw_src_interfaces to force_dns_src_interface to better reflect meaning
* rename use_http1 to force_http1
* rename use_ipv6_resolvers_only to force_ipv6_resolvers
Uci-defaults:
* migrate to new option names
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Config/uci files were not being included in -full variant.
Config files were also being lost in firmware upgrades for all variants.
Both issues fixed, including correct file permissions for config files.
Signed-off-by: Antonio Pastor <antonio.pastor@gmail.com>
Config file:
* add debug_init_script and debug_performance options
* remove led (default should be empty) option
* remove procd_boot_delay (obsolete) option
Init Script:
* reinstate IPKG_INSTROOT check
* change capitalization in status messages
* unset default value for led option on load_package_config
* bugfix: unset bool options which are later checked for non-empty
* bugfix: create compressed cache only if block-file exists
* adjust errors output/storing errors for later display in multuple cases
* produce information about cache/compressed cache files in service
status output when service is stopped
* attempt to create compressed cache in service_started only if block-
file exists
* bugfix: run service_started from the dl command (to create compressed
cache file)
* rename StripToDomains variables for readability
* improve open port detection
Uci-Defaults:
* improve readability of debug options migration
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* Bump acme-common to 1.5.0
* New `abort` command added and logging behaviour improved
* Bump acme-acmesh to 3.1.1-r4
* Fix logging and support killing from procd (`stop` and `abort`) via SIGTERM
Signed-off-by: Aditya Bhargava <rightaditya@gmail.com>
For runs started interactively, improve messaging and allow a run to be
aborted with `service acme abort`.
Signed-off-by: Aditya Bhargava <rightaditya@gmail.com>
acme.sh error output never made it to the syslog, so:
* Add procd setup to catch stderr
* Make sure a message goes to syslog if acme.sh dies due to SIGINT
Signed-off-by: Aditya Bhargava <rightaditya@gmail.com>
The libtirpc package is only needed when building with musl, as glibc
includes the required RPC functionality. This change makes libtirpc a
conditional dependency and adjusts the build flags accordingly.
Building with x86_64-glibc:
...
Feature options:
DAQ Modules: Dynamic
libatomic: User-specified
Hyperscan: ON
ICONV: ON
Libunwind: OFF
LZMA: ON
RPC DB: Built-in
SafeC: OFF
TCMalloc: ON
JEMalloc: OFF
UUID: ON
NUMA: OFF
LibML: OFF
...
Building with aarch64_cortex-a76_musl:
...
Feature options:
DAQ Modules: Dynamic
libatomic: User-specified
Hyperscan: ON
ICONV: ON
Libunwind: OFF
LZMA: ON
RPC DB: TIRPC
SafeC: OFF
TCMalloc: ON
JEMalloc: OFF
UUID: ON
NUMA: OFF
LibML: OFF
...
Build system: x86/64
Build-tested: x86/64-glibc, bcm27flogic/xiaomi_redmi-router-ax6000-ubootmod (for musl)
Run-tested: x86/64-glibc
Signed-off-by: John Audia <therealgraysky@proton.me>
Patch CMakeLists.txt to fulfill cmake 4.0 requirements
of cmake_minimum_required being at least 3.5 and in future 3.10.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
New cmake versions require at least 3.5 as 'cmake_minimum_required'
in CMakeLists.txt. In future 3.10 will be required.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
OVH changed its API to update DNS records. It now requires HTTP Basic
Authorization header. As such the default ddns-script method to update
the DNS record is failing. The fix is to move DNS record updates into
its own script/package.
Signed-off-by: David Andreoletti <david@andreoletti.net>
- fix building sqlite3-cli with readline and libedit
- add linenoise line editing option. This adds 12k to the size of the
bare sqlite3-cli, but doesn't add any extra dependencies
- make linenoise the default choice as the most space conserving but
still convenient variant
- bump PKG_RELEASE
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
Add the linenoise line editing package.
It's a compact embedded replacement for readline and libedit.
It will be used in sqlite3-cli initially, but other packages
that support it, may follow.
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
adjust comments documenting the already supported API Token auth
adjust comments with URLs that changed in the meantime
adjust comment regarding CF API documentation URL, points to the scripts relevant DNS section
Signed-off-by: Dominic Greenberg <daroel@riseup.net>
e218150979b4 remote: close file on usteer_init_local_id fread fail
1d6524c6e6b5 build: require CMake >= 3.10 due to dropped legacy support
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The major changes are:
- Add max ip connections parameter. (ready for future upstream fix) at the moment is reverted by: 18bdeda011
- unlock follow symlinks parameter to support symlink.
- send bind_interfaces_only parameter to ksmbd.
Signed-off-by: Andrea Pesaresi <andreapesaresi82@gmail.com>
17771dd poemgr: Add support for Plasma Cloud PSX28
530433d poemgr: Add support for RTL8239 PSE solution
8821bad poemgr: Add support for Plasma Cloud PSX8/PSX10
ab466a7 poemgr: Add support for IP8008 PSE chip
7863fa8 poemgr: Add support to display POE output type
d81ac54 poemgr: Add support to export port specific device specific metrics
497a9d9 openwrt: Sync with packages feed Makefile
5033450 pd69104: Avoid resource leaks (memory, fds) on init failure
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Most of the time, when people contribute to the repository for the first time
(or after a longer break), the multi-arch-test-build passes, but the
formality check fails and requires the contributor to make some changes.
This creates unnecessary load on the CI/CD, since the multi-arch-test-build
runs again even though it already passed, while other PRs are waiting for a runner.
Hopefully, this change will help decrease the waiting time.
Proposed changes:
- Run the formality check first, and only trigger the package tests afterwards.
This can be done using needs: https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idneeds
- Merge formal.yml into multi-arch-test-build.yml so that needs can be used.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
1. Enabled hyperscan/vectorscan together with adding dependency only for x86_64 and aarch64.
2. Disabled tmalloc (from gperftools package) for powerpc and mips.
By doing this refactor, snort3 is going to be available for more OpenWrt devices
(as it was in the past) as currently it was compiled only for x86_x64 and aarch64 by mistake.
Fixes: 257e2fc38a ("snort3: fix logic in gpertools-runtime depends")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Gate all parameters behind -n, a not-empty check. Prevents failed starts
where daemons expect a value for a parameter.
Closes#27430
Tested-on: 24.10.3
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
This lets the --peer-fingerprint openvpn option be parsed which requires
a client TLS certificate fingerprint (colon separated SHA256 hash) to
match one specified in the option argument, during authentication.
Signed-off-by: Ben Kibbey <bjk@luxsci.net>
