Turris OS packages issueshttps://gitlab.nic.cz/turris/os/packages/-/issues2023-03-22T12:44:10+01:00https://gitlab.nic.cz/turris/os/packages/-/issues/916broadband provider defaults database2023-03-22T12:44:10+01:00Filip Hronbroadband provider defaults databaseIt is possible to read `MCC` and `MNC` from SIM card. We can automate some queries to make it easier (not to say flawless) to help user to set up his LTE broadband connection.
# Problems
- the source database is in `XML`, we'd rather us...It is possible to read `MCC` and `MNC` from SIM card. We can automate some queries to make it easier (not to say flawless) to help user to set up his LTE broadband connection.
# Problems
- the source database is in `XML`, we'd rather use `JSON` as **turris** devices have the library out of the box (python target)
- we need to do this in build process, we don't want to query some API in case the device is intended to use connection from `LTE` modem
# Solution steps
## Prepare
- narrow down properties to only what is required (filter the source)
- convert to `JSON` file
## Ship
- ship it to all routers
## GUI requirements
- make sure the license is visible on `LTE` **GUI** page
# Extras/question
- validate source `XML` before building against schema provided by source?
# Usage
- `foris-controller`
backref: https://gitlab.nic.cz/turris/project/-/issues/108
### resources:
https://wiki.gnome.org/Projects/NetworkManager/MobileBroadband/ServiceProviders
https://gitlab.gnome.org/GNOME/mobile-broadband-provider-info/-/blob/main/serviceproviders.xmlFilip HronFilip Hronhttps://gitlab.nic.cz/turris/os/packages/-/issues/819Kresd does not resolve DHCPv6 leases2022-01-18T10:18:01+01:00Jan BetikKresd does not resolve DHCPv6 leasesKresd does not resolve DHCPv6 leases, works for IPv4 only.
Workaround found on https://doc.turris.cz/doc/en/public/dns_knot_misc#local_resolution_of_a_fully_qualified_domain_name cannot be used with `/tmp/hosts/odhcpd` as this file is ...Kresd does not resolve DHCPv6 leases, works for IPv4 only.
Workaround found on https://doc.turris.cz/doc/en/public/dns_knot_misc#local_resolution_of_a_fully_qualified_domain_name cannot be used with `/tmp/hosts/odhcpd` as this file is dynamically generated and can get changed over the time, but kresd loads that file only during startup and is not able to detect the changes.https://gitlab.nic.cz/turris/os/packages/-/issues/759knot-resolver: add option to enable http module2023-01-11T14:18:00+01:00Jan Pavlinecknot-resolver: add option to enable http moduleDocumentation https://knot-resolver.readthedocs.io/en/latest/modules-http.html
CZ.NIC blogpost https://en.blog.nic.cz/2016/08/12/knot-dns-1-1-0/
Note:
Maybe we can then use /trace in resolver-debug etcDocumentation https://knot-resolver.readthedocs.io/en/latest/modules-http.html
CZ.NIC blogpost https://en.blog.nic.cz/2016/08/12/knot-dns-1-1-0/
Note:
Maybe we can then use /trace in resolver-debug etchttps://gitlab.nic.cz/turris/os/packages/-/issues/742sentinel-certgen: Release with option to force regenerate mailpass2023-03-03T01:54:47+01:00Martin Prudeksentinel-certgen: Release with option to force regenerate mailpassBlocked by turris/sentinel/certgen#14Blocked by turris/sentinel/certgen#14https://gitlab.nic.cz/turris/os/packages/-/issues/733sentinel-proxy: data sending indication (v1.5)2023-05-30T14:38:01+02:00Karel Kocisentinel-proxy: data sending indication (v1.5)The feature release that includes indication of connected collectors as well as connection to the Sentinel server.
- [ ] turris/sentinel/sentinel#26The feature release that includes indication of connected collectors as well as connection to the Sentinel server.
- [ ] turris/sentinel/sentinel#26Turris OS 6.2.0https://gitlab.nic.cz/turris/os/packages/-/issues/698resolvers: add option for canary domain2021-07-09T16:51:16+02:00Jan Pavlinecresolvers: add option for canary domainIn case browser detects canary domain it should send DNS to router instead of DOH channel defined in browser.
https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnetIn case browser detects canary domain it should send DNS to router instead of DOH channel defined in browser.
https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnethttps://gitlab.nic.cz/turris/os/packages/-/issues/689initial-config: Allow hashed passwords to be specified in config2020-10-31T02:57:21+01:00Karel Kociinitial-config: Allow hashed passwords to be specified in configInitial version of initial-config addressed only unsecure but simple configuration. It would be better to allows users to use hashed password even when generating of it is more complicated. It would be an option for advanced users having...Initial version of initial-config addressed only unsecure but simple configuration. It would be better to allows users to use hashed password even when generating of it is more complicated. It would be an option for advanced users having to do configuration without ethernet as well.
The following discussion from !560 should be addressed:
- [ ] @vmyslivec started a [discussion](https://gitlab.nic.cz/turris/turris-os-packages/-/merge_requests/560#note_178336): (+5 comments)
> follow-up from https://gitlab.nic.cz/turris/turris-os-packages/-/merge_requests/560#note_177635
>
> Is it intended to let users generate a config that would be left on some USB flash drive with cleartext (non-hashed) passwords?
>
> I know we can't get rid of Wi-Fi password in clear text but foris and system password can be prepared in their hashed form.
>
> This README can include steps to generate desired hash.https://gitlab.nic.cz/turris/os/packages/-/issues/670Minipot: allow separate redirect for input and forward2020-09-21T12:09:51+02:00Karel KociMinipot: allow separate redirect for input and forwardIn general deployment it is different if you are redirecting to minipot input or/and forward. We should not automatically redirect both as we do now. We should somehow let users to choose. Right now user has only option and that is to di...In general deployment it is different if you are redirecting to minipot input or/and forward. We should not automatically redirect both as we do now. We should somehow let users to choose. Right now user has only option and that is to disable minipot or to have both input and forward redirected to router itself.https://gitlab.nic.cz/turris/os/packages/-/issues/650omnia ssd/usb boot - request for new package2021-06-24T13:48:24+02:00Jan Pavlinecomnia ssd/usb boot - request for new packageOmnia SSD/USB boot is a killer feature that significantly extends the service life of the device.
There should be a package that could make whole process much easier with fw_setenv etc.
https://wiki.turris.cz/doc/en/howto/omnia_booting...Omnia SSD/USB boot is a killer feature that significantly extends the service life of the device.
There should be a package that could make whole process much easier with fw_setenv etc.
https://wiki.turris.cz/doc/en/howto/omnia_booting_from_external_storage
related to https://gitlab.nic.cz/turris/user-docs/-/issues/66https://gitlab.nic.cz/turris/os/packages/-/issues/621[meta] DNS testing in reforis2021-07-15T14:10:13+02:00Jan Pavlinec[meta] DNS testing in reforisThis issue is related to our meeting about better DNS diagnostic
[check_connection](https://gitlab.labs.nic.cz/turris/turris-os-packages/-/blob/master/utils/turris-utils/files/check_connection) script should be replaced with python vers...This issue is related to our meeting about better DNS diagnostic
[check_connection](https://gitlab.labs.nic.cz/turris/turris-os-packages/-/blob/master/utils/turris-utils/files/check_connection) script should be replaced with python version which could test other DNS settings (forwarding not working, DNS hijack etc.)
This script can use some functionality from [resolver_rpcd](https://gitlab.labs.nic.cz/turris/turris-os-packages/-/blob/master/net/resolver-conf/files/resolver_rpcd.py) (see https://pypi.org/project/ubus/ and [README.md](https://gitlab.labs.nic.cz/turris/turris-os-packages/-/blob/master/net/resolver-conf/README.md)) and read setting from uci https://gitlab.labs.nic.cz/turris/pyuci [resolver configuration](https://gitlab.labs.nic.cz/turris/turris-os-packages/-/blob/master/net/resolver-conf/files/resolver-omnia-config)
Related issues/MR:
* [x] pytest-xdist MR https://gitlab.nic.cz/turris/turris-os-packages/-/issues/317 / https://github.com/openwrt/packages/pull/13010
* [ ] https://gitlab.nic.cz/turris/turris-os-packages/-/issues/620
* [ ] augeas MR https://github.com/openwrt/packages/pull/12913
* [ ] Deckard MR https://gitlab.nic.cz/turris/turris-os-packages/-/merge_requests/460
cc @pspacek @kkocihttps://gitlab.nic.cz/turris/os/packages/-/issues/587Turris 1.x: Update U-boot2022-06-22T16:46:34+02:00Karel KociTurris 1.x: Update U-bootUpdate uboot to new version on Turris 1.x. Doing so should enable for example boot from USB.Update uboot to new version on Turris 1.x. Doing so should enable for example boot from USB.Turris OS 6.1.0https://gitlab.nic.cz/turris/os/packages/-/issues/539Rust and Cargo support (upstream and TOS)2021-06-24T15:41:52+02:00Jan PavlinecRust and Cargo support (upstream and TOS)Mainly because of Suricata dependency on rust it is necessary to add support for rust lang. Inspiration could be ruby or golang packaging in OpenWrt.Mainly because of Suricata dependency on rust it is necessary to add support for rust lang. Inspiration could be ruby or golang packaging in OpenWrt.https://gitlab.nic.cz/turris/os/packages/-/issues/415fosquitto: investigate whether mosquitto is able to run using ECC2022-09-08T21:48:39+02:00Štěpán Henekfosquitto: investigate whether mosquitto is able to run using ECCŠtěpán HenekŠtěpán Henekhttps://gitlab.nic.cz/turris/os/packages/-/issues/397HaaS-proxy IPv6 support2020-03-10T09:17:42+01:00Karel KociHaaS-proxy IPv6 supportHaaS proxy currently does not support IPv6. There are two blockers for it:
* [ ] ipv6 nat support in fw3 (OpenWRT firewall)
* [ ] haas-proxy listening on ipv6 socket
Support in fw3 can be overcome witch nasty code that was already impl...HaaS proxy currently does not support IPv6. There are two blockers for it:
* [ ] ipv6 nat support in fw3 (OpenWRT firewall)
* [ ] haas-proxy listening on ipv6 socket
Support in fw3 can be overcome witch nasty code that was already implemented in https://gitlab.labs.nic.cz/turris/turris-os-packages/tree/haas-ipv6 but having direct support in fw3 would be much nicer.https://gitlab.nic.cz/turris/os/packages/-/issues/311add support for odhcpd & ipv6 in dhcp_host_domain_ng.py2022-09-03T15:38:50+02:00Ghost Useradd support for odhcpd & ipv6 in dhcp_host_domain_ng.pyas apparent from the current code `ipv6` is not supported and `odhcpd` settings are neglected, such as
```
option leasefile
option/list domain
```
This may cause some grievance for users making the transition to ipv6.as apparent from the current code `ipv6` is not supported and `odhcpd` settings are neglected, such as
```
option leasefile
option/list domain
```
This may cause some grievance for users making the transition to ipv6.https://gitlab.nic.cz/turris/os/packages/-/issues/42Add support for Luci configured remote log setting to syslog-ng2023-03-03T02:04:54+01:00Jan PavlinecAdd support for Luci configured remote log setting to syslog-ngMore info at
https://forum.turris.cz/t/remote-log-how-to-configure/992/6
https://github.com/CZ-NIC/turris-os/issues/32More info at
https://forum.turris.cz/t/remote-log-how-to-configure/992/6
https://github.com/CZ-NIC/turris-os/issues/32Turris OS 6.1.0https://gitlab.nic.cz/turris/os/packages/-/issues/27resolver: add support for ipv6 static leases2021-07-29T09:57:19+02:00Jan Pavlinecresolver: add support for ipv6 static leaseshttps://forum.turris.cz/t/kresd-ipv6-hints/3680https://forum.turris.cz/t/kresd-ipv6-hints/3680https://gitlab.nic.cz/turris/os/packages/-/issues/225Test wildcard records in the DNSSEC test2019-07-02T16:52:49+02:00Ghost UserTest wildcard records in the DNSSEC testWhen doing the connectivity test, perform some tests DNSSEC tests against wildcards or similar cornercases that are known to break from time to time.When doing the connectivity test, perform some tests DNSSEC tests against wildcards or similar cornercases that are known to break from time to time.https://gitlab.nic.cz/turris/os/packages/-/issues/20resolver-conf: Please disable open resolver in the config2021-09-08T16:18:48+02:00Ondřej Caletkaresolver-conf: Please disable open resolver in the configIn current setup, the only thing that stops TurrisOS from being an open resolver is the default firewall config. Lot of inexperienced users unintentionally enable incoming udp/53 traffic, making the router act like an open resolver.
The...In current setup, the only thing that stops TurrisOS from being an open resolver is the default firewall config. Lot of inexperienced users unintentionally enable incoming udp/53 traffic, making the router act like an open resolver.
There should be safer default in the config of DNS recursors, that would allow recursive queries only from internal network, regardless of the state of the firewall.