Turris Build issueshttps://gitlab.nic.cz/turris/os/build/-/issues2024-03-01T14:34:28+01:00https://gitlab.nic.cz/turris/os/build/-/issues/178Enable GCC_DEFAULT_SSP2024-03-01T14:34:28+01:00Jan PavlinecEnable GCC_DEFAULT_SSPWe should enabled GCC_DEFAULT_SSP by default on HBL
https://gitlab.nic.cz/turris/turris-build/-/commit/25d12eb1a8ceb5e1fcbfcc1473b9610f7e9d5314
This issue is a sort of reminder.We should enabled GCC_DEFAULT_SSP by default on HBL
https://gitlab.nic.cz/turris/turris-build/-/commit/25d12eb1a8ceb5e1fcbfcc1473b9610f7e9d5314
This issue is a sort of reminder.Turris OS 7.1.0https://gitlab.nic.cz/turris/os/build/-/issues/161[meta] Better IPv6 detection2024-03-11T09:33:49+01:00Jan Pavlinec[meta] Better IPv6 detectionThis issue should be used for brainstorming ideas about IPv6 detection.
The main idea is, that there should be one mechanism that can tell if the user has IPv6 and this information should be shared with init scripts (via uci for example...This issue should be used for brainstorming ideas about IPv6 detection.
The main idea is, that there should be one mechanism that can tell if the user has IPv6 and this information should be shared with init scripts (via uci for example) instead of doing separate detection for every service.
Examples of with detection:
* knot-resolver ping test for disabling IPv6: [turris-os-packages:net/knot-resolver/files/kresd.init#L270](https://gitlab.nic.cz/turris/turris-os-packages/-/blob/v5.1.0/net/knot-resolver/files/kresd.init#L270)
* hotplug - https://gitlab.nic.cz/turris/turris-os-packages/-/merge_requests/381/diffs#diff-content-160a8a7b73e11a0e3502870d06ac486732a69d98
cc @jschlehofer @kkoci @mhruseckyTurris OS 7.1.0https://gitlab.nic.cz/turris/os/build/-/issues/420Add macOS support in compile_pkgs script2023-11-09T19:30:16+01:00Aleksandr GumroianAdd macOS support in compile_pkgs scriptI've received this as feedback. There are two issues that prevent people on Macs build packages:
- shebang, most probably we should use `#!/usr/bin/env bash`
- https://stackoverflow.com/questions/4247068/sed-command-with-i-option-failin...I've received this as feedback. There are two issues that prevent people on Macs build packages:
- shebang, most probably we should use `#!/usr/bin/env bash`
- https://stackoverflow.com/questions/4247068/sed-command-with-i-option-failing-on-mac-but-works-on-linux
It would be nice to fix it. :slight_smile:https://gitlab.nic.cz/turris/os/build/-/issues/409Provide SDK2024-03-12T13:56:35+01:00Patrick GrimmProvide SDKWhy don't provide the SDK? It is easier to develop and distribute third party opkg feeds.
```
diff --git a/configs/common/basic_settings b/configs/common/basic_settings
index 08c99f23..3be3d260 100644
--- a/configs/common/basic_settings...Why don't provide the SDK? It is easier to develop and distribute third party opkg feeds.
```
diff --git a/configs/common/basic_settings b/configs/common/basic_settings
index 08c99f23..3be3d260 100644
--- a/configs/common/basic_settings
+++ b/configs/common/basic_settings
@@ -7,6 +7,9 @@ CONFIG_BUILD_NLS=y
CONFIG_ALL_KMODS=y
CONFIG_ALL=y
+# Build openwrt SDK pre-compiled toolchain designed to cross compile packages
+CONFIG_SDK=y
+
# Package output options
CONFIG_SIGNED_PACKAGES=y
CONFIG_IPK_FILES_CHECKSUMS=y
```https://gitlab.nic.cz/turris/os/build/-/issues/312PRPL Mesh packages feed2021-12-14T12:19:29+01:00Karel KociPRPL Mesh packages feedThink about inclusion of prplMesh packages (https://gitlab.com/prpl-foundation/prplos/feed-prpl).
* [ ] add feed
* [ ] test itThink about inclusion of prplMesh packages (https://gitlab.com/prpl-foundation/prplos/feed-prpl).
* [ ] add feed
* [ ] test ithttps://gitlab.nic.cz/turris/os/build/-/issues/249Consider switching default WAN policy from REJECT to DROP2021-03-01T19:14:45+01:00Karel KociConsider switching default WAN policy from REJECT to DROPIt might be better to drop all connections on WAN side rather then rejecting them.
The default is right now set unconditionally from OpenWrt. This needs either dirty patch or some upstream effort to export this settings to KConfig.It might be better to drop all connections on WAN side rather then rejecting them.
The default is right now set unconditionally from OpenWrt. This needs either dirty patch or some upstream effort to export this settings to KConfig.https://gitlab.nic.cz/turris/os/build/-/issues/245suggestion: replace dnsmasq with odhcpd2022-03-24T07:53:35+01:00Rosen Penevsuggestion: replace dnsmasq with odhcpdIn TurrisOS, dnsmasq is used as a DHCP server and unbound as a DNS one.
odhcpd is used as a DHCPv6 server. It has the ability to run as a DHCPv4 server as well.
The whole point of using dnsmasq in OpenWrt is that it combines DHCP and D...In TurrisOS, dnsmasq is used as a DHCP server and unbound as a DNS one.
odhcpd is used as a DHCPv6 server. It has the ability to run as a DHCPv4 server as well.
The whole point of using dnsmasq in OpenWrt is that it combines DHCP and DNS. But since this is not the case in TurrisOS, it can be removed.https://gitlab.nic.cz/turris/os/build/-/issues/235Create special TurrisOS medkit for LXC2021-01-19T14:10:27+01:00Jan PavlinecCreate special TurrisOS medkit for LXCRunning TurrisOS in LXC is challenging because some utils try to access low-level function which is not accessible in LXC (cert-backup, atsha)
One possible solution is to create custom medkits for LXCRunning TurrisOS in LXC is challenging because some utils try to access low-level function which is not accessible in LXC (cert-backup, atsha)
One possible solution is to create custom medkits for LXChttps://gitlab.nic.cz/turris/os/build/-/issues/162patch luci (-mod-network) to show a warning about DNS settings2021-11-03T18:36:35+01:00Vladimír Čunátvladimir.cunat@nic.czpatch luci (-mod-network) to show a warning about DNS settingsThis is the short-term plan after discussion with Pepe. Some people can be understandably confused that DNS settings in luci's "DHCP and DNS" don't have any effect, so we could at least show a warning on that page... until some better s...This is the short-term plan after discussion with Pepe. Some people can be understandably confused that DNS settings in luci's "DHCP and DNS" don't have any effect, so we could at least show a warning on that page... until some better solution is available, e.g. https://github.com/openwrt/luci/issues/4125https://gitlab.nic.cz/turris/os/build/-/issues/84sendbeacon and kwboot missing in repo2023-03-03T02:02:20+01:00Jan Pavlinecsendbeacon and kwboot missing in reposendbeacon and kwboot utilities used for loading uboot via serial link are missing in 4x/5x repo. It would be useful to have them.sendbeacon and kwboot utilities used for loading uboot via serial link are missing in 4x/5x repo. It would be useful to have them.https://gitlab.nic.cz/turris/os/build/-/issues/54[feature suggestion] enhance ipv6 privacy2020-02-11T12:20:30+01:00Ghost User[feature suggestion] enhance ipv6 privacysince it came up in the forum https://forum.turris.cz/t/ipv6-best-practice-questions/10423/3
With RFC 4941 for DHCP and RFC 7217 for SLAAC ipv6 privacy can be enhanced, which though currently is not the default (vanilla medkit).
___
RF...since it came up in the forum https://forum.turris.cz/t/ipv6-best-practice-questions/10423/3
With RFC 4941 for DHCP and RFC 7217 for SLAAC ipv6 privacy can be enhanced, which though currently is not the default (vanilla medkit).
___
RFC 7217 for SLAAC - `net.ipv6.conf.default.stable_secret`
recommends that a stable secret is to be generated during device set up, e.g. something like `head -c 16 /dev/urandom | xxd -p | sed "s/..../:&/g; s/://"` (requires package `xxd`) could be utilized.
It would have to be generated and added to sysctl.d (perhaps applied with sysctl -w during setup) prior any iface is setup since 'default' does not apply to any iface already in existence.
`net.ipv6.conf.all.stable_secret` does not work.
___
RFC 4941 for DHCP
> Acceptable values:
> 0 - don’t use privacy extensions.
> 1 - generate privacy addresses
> 2 - prefer privacy addresses and use them over the normal addresses.
Probably should do for existing and added ifaces
```
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.all.use_tempaddr = 2
```https://gitlab.nic.cz/turris/os/build/-/issues/10new-release.sh: Add support for medkit verification2019-06-06T12:12:59+02:00Karel Kocinew-release.sh: Add support for medkit verificationWe are verifying if all parts to be released were build from same sources. We have lists, packages for three routers and medkits for three routers. This is a lot of different jobs. Currently `new-release.sh` checks if lists and packages ...We are verifying if all parts to be released were build from same sources. We have lists, packages for three routers and medkits for three routers. This is a lot of different jobs. Currently `new-release.sh` checks if lists and packages were build with same hash but medkits are ignored. We should check them probably as well but for that we should probably modify medkit generation so that we would have information (hashes) to compare them against.