Turris OS packages issueshttps://gitlab.nic.cz/turris/os/packages/-/issues2020-02-24T15:42:45+01:00https://gitlab.nic.cz/turris/os/packages/-/issues/544Migrate settings of samba 3 to samba 4 (at least some minimal subset)2020-02-24T15:42:45+01:00Karel KociMigrate settings of samba 3 to samba 4 (at least some minimal subset)With Turris OS 5.0 there is switch from Samba version 3 to version 4. Those have incompatible configuration.
We should migrate configuration somehow because we are initializing switch.With Turris OS 5.0 there is switch from Samba version 3 to version 4. Those have incompatible configuration.
We should migrate configuration somehow because we are initializing switch.Turris OS 5.0https://gitlab.nic.cz/turris/os/packages/-/issues/521pyzmq is not being compiled (unrecognized -R)2020-02-20T16:40:04+01:00Josef Schlehoferpyzmq is not being compiled (unrecognized -R)pyzmq fails in HBD branch (Turris OS 5.x - OpenWrt 19.07) and it is required by package `sentinel-dynfw-client`.
Faillog:
```
aarch64-openwrt-linux-musl-gcc: error: unrecognized command line option '-R'
error: command 'ccache_cc' failed...pyzmq fails in HBD branch (Turris OS 5.x - OpenWrt 19.07) and it is required by package `sentinel-dynfw-client`.
Faillog:
```
aarch64-openwrt-linux-musl-gcc: error: unrecognized command line option '-R'
error: command 'ccache_cc' failed with exit status 1
```
My findings:
- https://github.com/rbgirshick/py-faster-rcnn/issues/706
- https://stackoverflow.com/a/56605633
When I followed from the first link the instructions to replace 'R' to '-Wl,-rpath=' in these four files:
```
build_dir/hostpkg/Python-3.7.5/Lib/distutils/unixccompiler.py
staging_dir/hostpkg/lib/python3.7/distutils/unixccompiler.py
staging_dir/target-aarch64_cortex-a53_musl/usr/lib/python3.7/distutils/unixccompiler.py
staging_dir/target-aarch64_cortex-a53_musl/root-mvebu/usr/lib/python3.7/distutils/unixccompiler.py
```
and then run `make package/pyzmq/{clean,compile} -j4 V=s`, I was able to successfully compile pyzmq for Turris MOX.
I'm looking into it more.Turris OS 5.0https://gitlab.nic.cz/turris/os/packages/-/issues/546Fix haas-proxy config file option2020-02-19T14:44:52+01:00Martin PrudekFix haas-proxy config file optionHaas proxy config file option should be `--log-file` instead of `--log`.Haas proxy config file option should be `--log-file` instead of `--log`.https://gitlab.nic.cz/turris/os/packages/-/issues/549Collision between busybox and binutils2020-02-17T13:06:59+01:00Jaap VersteeghCollision between busybox and binutils```
Error from 2020/02/16 01:52:05
Updater failed:
[string "transaction"]:328: [string "transaction"]:153: Collisions:
• /bin/strings: busybox (new-file), binutils (existing-file)
```
I don't want to uninstall binutils (I need it for...```
Error from 2020/02/16 01:52:05
Updater failed:
[string "transaction"]:328: [string "transaction"]:153: Collisions:
• /bin/strings: busybox (new-file), binutils (existing-file)
```
I don't want to uninstall binutils (I need it for something, tho I now forget what) and I can't uninstall busybox, because of dependencies I guess. Provide something like /etc/alternatives to fix this?https://gitlab.nic.cz/turris/os/packages/-/issues/547Drop sshpass and use upstream version2020-02-17T12:26:58+01:00Karel KociDrop sshpass and use upstream versionThis is clearly backport from upstream so we should use upstream version and just drop this package here.This is clearly backport from upstream so we should use upstream version and just drop this package here.Turris OS 5.0https://gitlab.nic.cz/turris/os/packages/-/issues/548hd-idle does work after reboot2020-02-17T11:27:19+01:00Craig Buchananhd-idle does work after rebootI've noticed after restarting the router that `hd-idle` doesn't seem to take effect.
If I force it (`hd-idle -i 300`), then the settings seem to apply.
There are no log entries (`dmesg | grep hd-idle`).
It is listed in the processes (...I've noticed after restarting the router that `hd-idle` doesn't seem to take effect.
If I force it (`hd-idle -i 300`), then the settings seem to apply.
There are no log entries (`dmesg | grep hd-idle`).
It is listed in the processes (after I forced it):
```
# ps ax | grep hd-idle
3862 ? S 0:04 /usr/bin/hd-idle -d -i 0 -a -i 300
10529 ? S 0:01 hd-idle
10543 ? S 0:02 hd-idle -i 300
21897 pts/0 R+ 0:00 grep hd-idle
```
I'd like to enable logging, but `hd-idle -i 300 -l /var/log/hd-idle` doesn't seem to work.
If it makes a difference, I have a two-disk, RAID.https://gitlab.nic.cz/turris/os/packages/-/issues/498reforis language packages2020-02-04T10:34:53+01:00Štěpán Henekreforis language packagesMake sure that when a language `XX` is checked all `reforis-l10n-XX` and `reforis-*-plugin-l10n-XX` are installed.
(The same for current foris packages)Make sure that when a language `XX` is checked all `reforis-l10n-XX` and `reforis-*-plugin-l10n-XX` are installed.
(The same for current foris packages)https://gitlab.nic.cz/turris/os/packages/-/issues/247nikola package cleanup2020-02-04T09:43:35+01:00Štěpán Heneknikola package cleanup* move scripts from nikola repo to turris-os-package repo
* use a regular python3 package creation approach* move scripts from nikola repo to turris-os-package repo
* use a regular python3 package creation approachŠtěpán HenekŠtěpán Henekhttps://gitlab.nic.cz/turris/os/packages/-/issues/515foris-controller-openvpn-module: Cleanup firewall rules and interface configu...2020-01-28T14:02:15+01:00Martin Matějekforis-controller-openvpn-module: Cleanup firewall rules and interface configuration after uninstallNetwork interface and firewall zones & rules configuration stay as-is after package removal.
It shouldn't break anything, however it clutters various config files with unused configuration, which could interfere with something else.
re...Network interface and firewall zones & rules configuration stay as-is after package removal.
It shouldn't break anything, however it clutters various config files with unused configuration, which could interfere with something else.
related issue turris/bughunt#40Turris OS 5.1https://gitlab.nic.cz/turris/os/packages/-/issues/535cert-backup-btrfs: package is empty2020-01-27T15:03:58+01:00Karel Kocicert-backup-btrfs: package is empty`cert-backup-btrfs` is empty even when correctly build.`cert-backup-btrfs` is empty even when correctly build.Turris OS 5.0https://gitlab.nic.cz/turris/os/packages/-/issues/540[unbound] drop support for depreciated cryptographic algorithms leveraged in ...2020-01-27T14:06:05+01:00Ghost User[unbound] drop support for depreciated cryptographic algorithms leveraged in DNSSEC
> Version 1.9.6
>
> Configure line: --target=arm-openwrt-linux --host=arm-openwrt-linux --build=x86_64-pc-linux-gnu --program-prefix= --program-suffix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir...
> Version 1.9.6
>
> Configure line: --target=arm-openwrt-linux --host=arm-openwrt-linux --build=x86_64-pc-linux-gnu --program-prefix= --program-suffix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib --sysconfdir=/etc --datadir=/usr/share --localstatedir=/var --mandir=/usr/man --infodir=/usr/info --disable-gost --enable-allsymbols --enable-subnet --with-ldns=/home/beast/beast/workspace/turris-os-packages-master-omnia/build/staging_dir/target-arm_cortex-a9+vfpv3_musl_eabi/usr --with-libexpat=/home/beast/beast/workspace/turris-os-packages-master-omnia/build/staging_dir/target-arm_cortex-a9+vfpv3_musl_eabi/usr --with-ssl=/home/beast/beast/workspace/turris-os-packages-master-omnia/build/staging_dir/target-arm_cortex-a9+vfpv3_musl_eabi/usr --without-pthreads --enable-tfo-server --enable-tfo-client
> Linked libs: pluggable-event internal (it uses select), OpenSSL 1.1.1d 10 Sep 2019
> Linked modules: dns64 subnetcache respip validator iterator
> TCP Fastopen feature available
***
1) DSA is since long depreciated, *kresd* already dropped support for it and upstream package too stipulates compilation arg/flag `--disable-dsa`<sup>**[1]**</sup>
2) SHA1 probably debatable since statistics imply still being leveraged in DNSSEC by a large number of Delegation Signer and/or domain admin. However, as outlined by <sup>**[2]**</sup> SHA1 is in shambles.
> On the 7th January, a new more flexible and efficient collision attack against SHA-1 was announced: SHA-1 is a shambles. SHA-1 is deprecated but still used in DNSSEC, and this collision attack means that some attacks against DNSSEC are now merely logistically challenging rather than being cryptographically infeasible.
>
> As a consequence, anyone who is using a SHA-1 DNSKEY algorithm (algorithm numbers 7 or less) should upgrade. The recommended algorithms are 13 (ECDSAP256SHA256) or 8 (RSASHA256, with 2048 bit keys).
Subsequent, SHA1 in DNSSEC should be treated as insecure. Suppose the governing compilation arg/flag is `--disable-sha1`
***
<sup>**[1]**</sup> https://github.com/openwrt/packages/blob/master/net/unbound/Makefile#L149
<sup>**[2]**</sup> https://www.dns.cam.ac.uk/news/2020-01-09-sha-mbles.htmlJan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/538dev-detect repeatadly reports about same device2020-01-20T13:36:53+01:00Vojtech Myslivecdev-detect repeatadly reports about same deviceDevice detection repeatadly reports my laptop as a "new device appeared in the network".
It happened several times during last reboots.Device detection repeatadly reports my laptop as a "new device appeared in the network".
It happened several times during last reboots.Turris OS 3.11.14https://gitlab.nic.cz/turris/os/packages/-/issues/537Add atlas package to 4.0.52020-01-16T09:25:24+01:00Jan PavlinecAdd atlas package to 4.0.5Related issue to MR https://gitlab.labs.nic.cz/turris/turris-os-packages/merge_requests/201Related issue to MR https://gitlab.labs.nic.cz/turris/turris-os-packages/merge_requests/201Turris OS 4.0.5Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/496Change repository flow2020-01-13T13:28:32+01:00Karel KociChange repository flowSteps:
* [x] write readme with flow of this repository
* [x] rename `master` to `develop`
* [x] rename `for-v4.0` to `master`
* [x] set protected branches and tags appropriately
-------------
In response to https://gitlab.labs.nic.cz/t...Steps:
* [x] write readme with flow of this repository
* [x] rename `master` to `develop`
* [x] rename `for-v4.0` to `master`
* [x] set protected branches and tags appropriately
-------------
In response to https://gitlab.labs.nic.cz/turris/turris-build/issues/85 we should change flow of this repository as well. At the moment we have master as development branch with `for-v4.0` as stable branch for `hbk`.
There are effectively two questions.
1. What should be name for stable and development branches
2. Should default branch be stable or developmentTurris OS 5.1https://gitlab.nic.cz/turris/os/packages/-/issues/532Update Nextcloud to version 16.0.72020-01-13T10:42:57+01:00Josef SchlehoferUpdate Nextcloud to version 16.0.7Update it to the latest version of 16.xx to ensure smooth migration from 16.xx to 17.xx.Update it to the latest version of 16.xx to ensure smooth migration from 16.xx to 17.xx.Turris OS 4.0.5https://gitlab.nic.cz/turris/os/packages/-/issues/533Update mariadb to version 10.4.112020-01-11T22:34:08+01:00Josef SchlehoferUpdate mariadb to version 10.4.11Turris OS 4.0.5https://gitlab.nic.cz/turris/os/packages/-/issues/115docker: add to omnia2020-01-08T13:12:32+01:00Jan Pavlinecdocker: add to omniaAlpine linux build script: https://git.alpinelinux.org/cgit/aports/tree/community/docker/APKBUILD?h=3.7-stable
Forum: https://forum.turris.cz/t/docker-on-turris-omnia/242/37
Output from https://github.com/moby/moby/blob/master/contrib/...Alpine linux build script: https://git.alpinelinux.org/cgit/aports/tree/community/docker/APKBUILD?h=3.7-stable
Forum: https://forum.turris.cz/t/docker-on-turris-omnia/242/37
Output from https://github.com/moby/moby/blob/master/contrib/check-config.sh
```
root@turris:/# ./check-config.sh
info: reading kernel config from /proc/config.gz ...
Generally Necessary:
- cgroup hierarchy: single mountpoint! [/sys/fs/cgroup]
(see https://github.com/tianon/cgroupfs-mount)
- CONFIG_NAMESPACES: enabled
- CONFIG_NET_NS: enabled
- CONFIG_PID_NS: enabled
- CONFIG_IPC_NS: enabled
- CONFIG_UTS_NS: enabled
- CONFIG_CGROUPS: enabled
- CONFIG_CGROUP_CPUACCT: enabled
- CONFIG_CGROUP_DEVICE: enabled
- CONFIG_CGROUP_FREEZER: enabled
- CONFIG_CGROUP_SCHED: enabled
- CONFIG_CPUSETS: enabled
- CONFIG_MEMCG: enabled
- CONFIG_KEYS: enabled
- CONFIG_VETH: enabled (as module)
- CONFIG_BRIDGE: enabled
- CONFIG_BRIDGE_NETFILTER: enabled
- CONFIG_NF_NAT_IPV4: enabled (as module)
- CONFIG_IP_NF_FILTER: enabled (as module)
- CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_IPVS: missing
- CONFIG_IP_NF_NAT: enabled (as module)
- CONFIG_NF_NAT: enabled (as module)
- CONFIG_NF_NAT_NEEDED: enabled
- CONFIG_POSIX_MQUEUE: enabled
- CONFIG_DEVPTS_MULTIPLE_INSTANCES: enabled
Optional Features:
- CONFIG_USER_NS: enabled
- CONFIG_SECCOMP: missing
- CONFIG_CGROUP_PIDS: missing
- CONFIG_MEMCG_SWAP: enabled
- CONFIG_MEMCG_SWAP_ENABLED: missing
(cgroup swap accounting is currently not enabled, you can enable it by setting boot option "swapaccount=1")
- CONFIG_MEMCG_KMEM: missing
- CONFIG_BLK_CGROUP: enabled
- CONFIG_BLK_DEV_THROTTLING: missing
- CONFIG_IOSCHED_CFQ: missing
- CONFIG_CFQ_GROUP_IOSCHED: missing
- CONFIG_CGROUP_PERF: missing
- CONFIG_CGROUP_HUGETLB: missing
- CONFIG_NET_CLS_CGROUP: enabled
- CONFIG_CGROUP_NET_PRIO: missing
- CONFIG_CFS_BANDWIDTH: missing
- CONFIG_FAIR_GROUP_SCHED: missing
- CONFIG_RT_GROUP_SCHED: missing
- CONFIG_IP_VS: missing
- CONFIG_IP_VS_NFCT: missing
- CONFIG_IP_VS_RR: missing
- CONFIG_EXT3_FS: enabled
- CONFIG_EXT3_FS_XATTR: missing
- CONFIG_EXT3_FS_POSIX_ACL: missing
- CONFIG_EXT3_FS_SECURITY: missing
(enable these ext3 configs if you are using ext3 as backing filesystem)
- CONFIG_EXT4_FS: enabled
- CONFIG_EXT4_FS_POSIX_ACL: enabled
- CONFIG_EXT4_FS_SECURITY: enabled
- Network Drivers:
- "overlay":
- CONFIG_VXLAN: enabled (as module)
Optional (for encrypted networks):
- CONFIG_CRYPTO: enabled
- CONFIG_CRYPTO_AEAD: enabled (as module)
- CONFIG_CRYPTO_GCM: enabled (as module)
- CONFIG_CRYPTO_SEQIV: enabled (as module)
- CONFIG_CRYPTO_GHASH: enabled (as module)
- CONFIG_XFRM: enabled
- CONFIG_XFRM_USER: enabled (as module)
- CONFIG_XFRM_ALGO: enabled (as module)
- CONFIG_INET_ESP: enabled (as module)
- CONFIG_INET_XFRM_MODE_TRANSPORT: enabled (as module)
- "ipvlan":
- CONFIG_IPVLAN: missing
- "macvlan":
- CONFIG_MACVLAN: enabled (as module)
- CONFIG_DUMMY: enabled (as module)
- "ftp,tftp client in container":
- CONFIG_NF_NAT_FTP: enabled (as module)
- CONFIG_NF_CONNTRACK_FTP: enabled (as module)
- CONFIG_NF_NAT_TFTP: enabled (as module)
- CONFIG_NF_CONNTRACK_TFTP: enabled (as module)
- Storage Drivers:
- "aufs":
- CONFIG_AUFS_FS: missing
- "btrfs":
- CONFIG_BTRFS_FS: enabled
- CONFIG_BTRFS_FS_POSIX_ACL: enabled
- "devicemapper":
- CONFIG_BLK_DEV_DM: enabled (as module)
- CONFIG_DM_THIN_PROVISIONING: missing
- "overlay":
- CONFIG_OVERLAY_FS: enabled
- "zfs":
- /dev/zfs: missing
- zfs command: missing
- zpool command: missing
Limits:
- /proc/sys/kernel/keys/root_maxkeys: 1000000
```Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/430sentinel-proxy: feature request data sending indication2020-01-06T12:51:21+01:00Jan Pavlinecsentinel-proxy: feature request data sending indicationIt would be nice to have some way how to tell, that sentinel proxy is sending data. Some kind of status file etc. which can be checked from the router. Just to make sure that data leaves router, without confirmation from the server side....It would be nice to have some way how to tell, that sentinel proxy is sending data. Some kind of status file etc. which can be checked from the router. Just to make sure that data leaves router, without confirmation from the server side.
Inspiration for this is a problem with sending data to Ludus. It is really hard to debug without access to the router...https://gitlab.nic.cz/turris/os/packages/-/issues/224Request for update of sqm-scripts and kmd-sched-cake2020-01-06T12:47:47+01:00moeller0Request for update of sqm-scripts and kmd-sched-cakehttps://gitlab.nic.cz/turris/os/packages/-/issues/325lighttpd: update to version 1.4.532020-01-04T23:32:06+01:00Josef Schlehoferlighttpd: update to version 1.4.53Package name: **lighttpd**
Short description of the package: **open-source web server - security, speed, compliance, and flexibility**
OpenWRT repository:
https://github.com/openwrt/packages/tree/master/net/lighttpd
Upstream repo...Package name: **lighttpd**
Short description of the package: **open-source web server - security, speed, compliance, and flexibility**
OpenWRT repository:
https://github.com/openwrt/packages/tree/master/net/lighttpd
Upstream repository:
https://github.com/lighttpd/lighttpd1.4
_Version information_
We have version: 1.4.50
OpenWrt has version: 1.4.49
Upstream has version: 1.4.53
Quite interesting changes between 1.4.50 and 1.4.53 are:
* TLS-ALPN-01
* security fixes
* support for WolfSSLTurris OS 4.0