Turris OS packages issueshttps://gitlab.nic.cz/turris/os/packages/-/issues2019-05-06T17:21:54+02:00https://gitlab.nic.cz/turris/os/packages/-/issues/259tvheadend: trouble with logging in2019-05-06T17:21:54+02:00Josef Schlehofertvheadend: trouble with logging inForum thread: https://forum.turris.cz/t/problem-s-tvheadend/5393/18?u=pepe
We have a version of tvheadend: 4.2.6.20180913-2, but I was able to reproduce it, what Slash wrote to us on the forum.Forum thread: https://forum.turris.cz/t/problem-s-tvheadend/5393/18?u=pepe
We have a version of tvheadend: 4.2.6.20180913-2, but I was able to reproduce it, what Slash wrote to us on the forum.Turris OS 3.11.1Michal HruseckyMichal Hruseckyhttps://gitlab.nic.cz/turris/os/packages/-/issues/254[Github Issue] Nextcloud: Missing cronjob2018-11-19T21:10:35+01:00Jan Pavlinec[Github Issue] Nextcloud: Missing cronjob`/usr/bin/php-cli -f /srv/www/nextcloud/cron.php` has to be run every 15 minutes with the same user like the web-server.
Add the following in crontab:
```
# Nextcloud every 15 minutes
*/15 * * * * /usr/bin/su --shell /bin/ash --co...`/usr/bin/php-cli -f /srv/www/nextcloud/cron.php` has to be run every 15 minutes with the same user like the web-server.
Add the following in crontab:
```
# Nextcloud every 15 minutes
*/15 * * * * /usr/bin/su --shell /bin/ash --command '/usr/bin/php-cli -f /srv/www/nextcloud/cron.php' nobody
```Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/253[Github Issue] Package Request: Node-Red2023-08-16T14:57:55+02:00Jan Pavlinec[Github Issue] Package Request: Node-Red[Node-Red](https://nodered.org/) is a powerful [node.js](https://nodejs.org/en/about/) graphical flow-based programming and run-time environment for IOT applications [originally devloped by IBM and later released under Apache license](ht...[Node-Red](https://nodered.org/) is a powerful [node.js](https://nodejs.org/en/about/) graphical flow-based programming and run-time environment for IOT applications [originally devloped by IBM and later released under Apache license](https://en.wikipedia.org/wiki/Node-RED). Without programming skills you can click together e.g. the complete control flows for all IOT devices in your home. Currently it provides over 2,400 nodes to build flow diagrams (I/O-, database-, services-nodes like MQTT, Alexa, Google-IoT, IBM-Watson, ...). It also provides a function node for custom Javascript code.
[Introduction video](https://www.youtube.com/watch?time_continue=1&v=vYreeoCoQPI)
[Example Makefile](https://github.com/nxhack/openwrt-node-packages/tree/master/node-node-red)Turris OS 5.0https://gitlab.nic.cz/turris/os/packages/-/issues/250Add server support for DNS-over-TLS2023-08-16T14:57:57+02:00Jan PavlinecAdd server support for DNS-over-TLSBy default, Android Pie devices automatically upgrade to DNS over TLS if a network's DNS server supports it.
We could support this feature in routers. The only issues is, that user should securte valid certificate, so Android device will...By default, Android Pie devices automatically upgrade to DNS over TLS if a network's DNS server supports it.
We could support this feature in routers. The only issues is, that user should securte valid certificate, so Android device will accept it.
https://dnsprivacy.org/wiki/display/DP/Using+Unbound+as+a+DNS+Privacy+server
and
https://dnsprivacy.org/wiki/display/DP/Using+Knot-resolver+as+a+DNS+Privacy+serverJan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/249dhcp_host_domain_ng.py erases user-made hints configuration2019-01-19T19:19:41+01:00Luca Beltramedhcp_host_domain_ng.py erases user-made hints configuration`_clean_hints` is called during the resolver startup, but after the custom configuration is loaded. This has the (unfortunate) side effect of erasing any static hints configured in the custom configuration.`_clean_hints` is called during the resolver startup, but after the custom configuration is loaded. This has the (unfortunate) side effect of erasing any static hints configured in the custom configuration.Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/248libatsha204: separate python3 package2020-03-11T23:02:03+01:00Štěpán Heneklibatsha204: separate python3 packagesplit libastha204 into two Makefilessplit libastha204 into two MakefilesTurris OS 5.0https://gitlab.nic.cz/turris/os/packages/-/issues/247nikola package cleanup2020-02-04T09:43:35+01:00Štěpán Heneknikola package cleanup* move scripts from nikola repo to turris-os-package repo
* use a regular python3 package creation approach* move scripts from nikola repo to turris-os-package repo
* use a regular python3 package creation approachŠtěpán HenekŠtěpán Henekhttps://gitlab.nic.cz/turris/os/packages/-/issues/245Consider other resolvers to the list we forward to2019-05-06T13:32:04+02:00Michal HruseckyConsider other resolvers to the list we forward to```
forward-addr: 89.233.43.71@853#unicast.censurfridns.dk # UncensoredDNS unicast
forward-addr: 146.185.167.43@443#dot.securedns.eu # SecureDNS
forward-addr: 145.100.185.16@443#dnsovertls1.sinodun.com # ...```
forward-addr: 89.233.43.71@853#unicast.censurfridns.dk # UncensoredDNS unicast
forward-addr: 146.185.167.43@443#dot.securedns.eu # SecureDNS
forward-addr: 145.100.185.16@443#dnsovertls1.sinodun.com # Surfnet secondary
forward-addr: 149.112.112.112@853#dns.quad9.net # quad9.net secondary
forward-addr: 91.239.100.100@853#anycast.censurfridns.dk # UncensoredDNS anycast
forward-addr: 145.100.185.15@443#dnsovertls.sinodun.com # Surfnet primary
forward-addr: 9.9.9.9@853#dns.quad9.net # quad9.net primary
forward-addr: 185.49.141.37@853#getdnsapi.net # getdnsapi.net
```Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/241switch-branch and opkg: opkg postinst script fails to verify/fix branch setti...2019-05-06T17:21:56+02:00Karel Kociswitch-branch and opkg: opkg postinst script fails to verify/fix branch setting because of locked opkgWhen opkg is updated it overrides `/etc/opkg/distfeeds.conf`. `postinst` script contains for that reason call to `switch-branch --verify`. Problem is that this call fails when called as part of updater process because opkg is unable to l...When opkg is updated it overrides `/etc/opkg/distfeeds.conf`. `postinst` script contains for that reason call to `switch-branch --verify`. Problem is that this call fails when called as part of updater process because opkg is unable to lock its lock.
We should drop all usage of opkg in `switch-branch` with exception of installations because of that.Turris OS 3.11https://gitlab.nic.cz/turris/os/packages/-/issues/240luci-app-openvpn: update to upstream version2019-05-06T17:21:56+02:00Jan Pavlinecluci-app-openvpn: update to upstream versionNew version should support import of ovpn files see https://github.com/openwrt/luci/pull/2235New version should support import of ovpn files see https://github.com/openwrt/luci/pull/2235Turris OS 3.11https://gitlab.nic.cz/turris/os/packages/-/issues/238libarchive: update 3.3.32019-02-11T16:38:54+01:00Jan Pavlineclibarchive: update 3.3.3libarchive update to new stable release 3.3.3 https://www.libarchive.org/libarchive update to new stable release 3.3.3 https://www.libarchive.org/https://gitlab.nic.cz/turris/os/packages/-/issues/233unbound: pidfile path from /etc/config/resolver2019-05-06T17:21:55+02:00Jan Pavlinecunbound: pidfile path from /etc/config/resolverTake unbound pidfile path from /etc/config/resolver
Related forum thread https://forum.turris.cz/t/postrehy-ohledne-unbound-a-skripu-resolver/8456/2Take unbound pidfile path from /etc/config/resolver
Related forum thread https://forum.turris.cz/t/postrehy-ohledne-unbound-a-skripu-resolver/8456/2https://gitlab.nic.cz/turris/os/packages/-/issues/232resolver-conf: postinst fails with unknown group for chown2019-06-10T11:37:05+02:00Karel Kociresolver-conf: postinst fails with unknown group for chownThis seems like something is not configured properly. Happened on all of my routers during update. Missing group might be somewhat dangerous. I wasn't investigating what it really means, just reporting it immediately.
```
Output from res...This seems like something is not configured properly. Happened on all of my routers during update. Missing group might be somewhat dangerous. I wasn't investigating what it really means, just reporting it immediately.
```
Output from resolver-conf.postinst:
chown: unknown group
```Turris OS 3.11.1Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/231ddns-script: reboot bug2023-08-16T14:57:58+02:00Jan Pavlinecddns-script: reboot bugddns-script is causing rebootddns-script is causing reboothttps://gitlab.nic.cz/turris/os/packages/-/issues/230resolver-conf: check python3 compatibility2018-11-06T11:07:33+01:00Jan Pavlinecresolver-conf: check python3 compatibilitypython3 compatibility https://gitlab.labs.nic.cz/turris/turris-os-packages/blob/test/net/resolver-conf/files/dhcp_host_domain_ng.pypython3 compatibility https://gitlab.labs.nic.cz/turris/turris-os-packages/blob/test/net/resolver-conf/files/dhcp_host_domain_ng.pyJan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/229Add kmod-usb2 to netutils package list2019-05-06T13:44:16+02:00David HopfmuellerAdd kmod-usb2 to netutils package listIf the `nas` package list is unselected it also removes `kmod-usb2`. Unfortunately, this breaks the LTE modem. Adding `kmod-usb2` to the `netutils` package list should solve this.If the `nas` package list is unselected it also removes `kmod-usb2`. Unfortunately, this breaks the LTE modem. Adding `kmod-usb2` to the `netutils` package list should solve this.https://gitlab.nic.cz/turris/os/packages/-/issues/228Enable SSL support in zabbix packages2023-08-16T14:58:00+02:00Petr GregorEnable SSL support in zabbix packagesHi,
since turris is a security conscious OS I would like to request SSL support in zabbix packages. Currently SSL support is not compiled in so it cannot be enabled. It seems openwrt package got the support recently: https://github.com/o...Hi,
since turris is a security conscious OS I would like to request SSL support in zabbix packages. Currently SSL support is not compiled in so it cannot be enabled. It seems openwrt package got the support recently: https://github.com/openwrt/packages/commit/dda7a55418acf14d0c3d5fd82ab1b0cc2946c05a
Thank youJan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/227[feature suggestion] integrate OCSP responder2019-01-09T19:26:09+01:00Ghost User[feature suggestion] integrate OCSP responderenables clients to automatically and efficiently query the local CA for the status of X.509 certificates issued by the local CA (self-signed)
https://www.openca.org/projects/ocspd
> The OpenCA OCSPD project is aimed to develop a robus...enables clients to automatically and efficiently query the local CA for the status of X.509 certificates issued by the local CA (self-signed)
https://www.openca.org/projects/ocspd
> The OpenCA OCSPD project is aimed to develop a robust and easy-to-install OCSP daemon. The server is developed as a stand-alone application and can be integrated into many different PKI solutions as it does not depend on specific database scheme. Furthermore it can be used as a responder for multiple CAs.
>
> The OCSP Responder is an rfc2560 compliant OCSPD responder. The purpose of such a server is to provide an on-line tool to verify the status of a certificate
dependency on https://www.openca.org/projects/libpki/
---
https://www.openca.org/projects/ocspd/downloads.shtml
https://www.openca.org/projects/libpki/downloads.shtmlhttps://gitlab.nic.cz/turris/os/packages/-/issues/226wireguard version bump 0.0.201810062021-01-10T13:22:01+01:00Ghost Userwireguard version bump 0.0.20181006> A new snapshot, `0.0.20181006`, has been tagged in the git repository.
>
> Please note that this snapshot is, like the rest of the project at this point
> in time, experimental, and does not consitute a real release that would be
> co...> A new snapshot, `0.0.20181006`, has been tagged in the git repository.
>
> Please note that this snapshot is, like the rest of the project at this point
> in time, experimental, and does not consitute a real release that would be
> considered secure and bug-free. WireGuard is generally thought to be fairly
> stable, and most likely will not crash your computer (though it may).
> However, as this is a pre-release snapshot, it comes with no guarantees, and
> its security is not yet to be depended on; it is not applicable for CVEs.
>
> With all that said, if you'd like to test this snapshot out, there are a
> few relevant changes.
>
> == Changes ==
>
> * Account for big-endian 2^26 conversion in Poly1305.
> * Account for big-endian NEON in Curve25519.
> * Fix macros in big-endian AArch64 code so that this will actually run there
> at all.
> * Prefer if (IS_ENABLED(...)) over ifdef mazes when possible.
> * Call simd_relax() within any preempt-disabling glue code every once in a
> while so as not to increase latency if folks pass in super long buffers.
> * Prefer compiler-defined architecture macros in assembly code, which puts us
> in closer alignment with upstream CRYPTOGAMS code, and is cleaner.
> * Non-static symbols are prefixed with wg_ to avoid polluting the global
> namespace.
> * Return a bool from simd_relax() indicating whether or not we were
> rescheduled.
> * Reflect the proper simd conditions on arm.
> * Do not reorder lines in Kbuild files for the simd asm-generic addition,
> since we don't want to cause merge conflicts.
> * WARN() if the selftests fail in Zinc, since if this is an initcall, it won't
> block module loading, so we want to be loud.
> * Document some interdependencies beside include statements.
> * Add missing static statement to fpu init functions.
> * Use union in chacha to access state words as a flat matrix, instead of
> casting a struct to a u8 and hoping all goes well. Then, by passing around
> that array as a struct for as long as possible, we can update counter[0]
> instead of state[12] in the generic blocks, which makes it clearer what's
> happening.
> * Remove __aligned(32) for chacha20_ctx since we no longer use vmovdqa on x86,
> and the other implementations do not require that kind of alignment either.
> * Submit patch to ARM tree for adjusting RiscPC's cflags to be -march=armv3 so
> that we can build code that uses umull.
> * Allow CONFIG_ARM[64] to imply [!]CONFIG_64BIT, and use zinc arch config
> variables consistently throughout.
> * Document rationale for the 2^26->2^64/32 conversion in code comments.
> * Convert all of remaining BUG_ON to WARN_ON.
> * Replace `bxeq lr` with `reteq lr` in ARM assembler to be compatible with old
> ISAs via the macro in <asm/assembler.h>.
> * Do not allow WireGuard to be a built-in if IPv6 is a module.
> * Writeback the base register and reorder multiplications in the NEON x25519
> implementation.
> * Try all combinations of different implementations in selftests, so that
> potential bugs are more immediately unearthed.
> * Self tests and SIMD glue code work with #include, which lets the compiler
> optimize these. Previously these files were .h, because they were included,
> but a simple grep of the kernel tree shows 259 other files that carry out
> this same pattern. Only they prefer to instead name the files with a .c
> instead of a .h, so we now follow the convention.
> * Support many more platforms in QEMU, especially big endian ones.
> * Kernels < 3.17 don't have read_cpuid_part, so fix building there.
>
> This snapshot contains commits from: Jason A. Donenfeld and Nathan Chancellor.
>
> As always, the source is available at https://git.zx2c4.com/WireGuard/ and
> information about the project is available at https://www.wireguard.com/ .
>
> This snapshot is available in compressed tarball form here:
> https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20181006.tar.xz
> SHA2-256: 9fe7cd5767eda65647463ec29ed707f917f4a77babaaf247adc4be7acaab4665
> BLAKE2b-256: 36bf22455e948a436820fe3701d6c932eb3df9a39df88a8983f1b05b2a281f69
>
> A PGP signature of that file decompressed is available here:
> https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20181006.tar.asc
> Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE
>
> If you're a snapshot package maintainer, please bump your package version. If
> you're a user, the WireGuard team welcomes any and all feedback on this latest
> snapshot.https://gitlab.nic.cz/turris/os/packages/-/issues/224Request for update of sqm-scripts and kmd-sched-cake2020-01-06T12:47:47+01:00moeller0Request for update of sqm-scripts and kmd-sched-cake