Turris OS packages issueshttps://gitlab.nic.cz/turris/os/packages/-/issues2020-08-21T12:48:08+02:00https://gitlab.nic.cz/turris/os/packages/-/issues/654Transmission - collisions of MbedTLS and OpenSSL2020-08-21T12:48:08+02:00Ghost UserTransmission - collisions of MbedTLS and OpenSSLI'm using turris os 5.1.0 from the HBK branch.
Now the netmetr issue was fixed.
Getting the next issue with transmission.
Manual and automatic updates are not possible for now.
Updater failed:
[string "transaction"]:333: [string "trans...I'm using turris os 5.1.0 from the HBK branch.
Now the netmetr issue was fixed.
Getting the next issue with transmission.
Manual and automatic updates are not possible for now.
Updater failed:
[string "transaction"]:333: [string "transaction"]:153: Collisions:
• /usr/bin/transmission-daemon: transmission-daemon-openssl (new-file), transmission-daemon-mbedtls (existing-file)
• /etc/sysctl.d/20-transmission.conf: transmission-daemon-openssl (new-file), transmission-daemon-mbedtls (existing-file)
• /etc/config/transmission: transmission-daemon-openssl (new-file), transmission-daemon-mbedtls (existing-file)
• /etc/init.d/transmission: transmission-daemon-openssl (new-file), transmission-daemon-mbedtls (existing-file)https://gitlab.nic.cz/turris/os/packages/-/issues/660No auth required for Foris and reForis2022-08-18T18:40:43+02:00kovariktomasNo auth required for Foris and reForis
After last update from 7. 9. 2020, I can access Foris/reForis without password. Logout button do not working. I tried to set a new password in the administration, but authentication is not required. Rebooting will not solve the problem....
After last update from 7. 9. 2020, I can access Foris/reForis without password. Logout button do not working. I tried to set a new password in the administration, but authentication is not required. Rebooting will not solve the problem.
Update from 2020/09/07 20:42:35
• Installed version 1-1 of package fix-config-foris-restore
| Turris OS version | 5.1.0 |
|-------------------|----------|
| Turris OS branch | hbk |
| Kernel version | 4.14.195 |
```
############## 08_os-release
== Current ==
~~ File: /etc/os-release ~~
NAME="TurrisOS"
VERSION="5.1.0"
ID="turrisos"
ID_LIKE="lede openwrt"
PRETTY_NAME="TurrisOS 5.1.0"
VERSION_ID="5.1.0"
HOME_URL="https://www.turris.cz/"
BUG_URL="https://gitlab.labs.nic.cz/groups/turris/-/issues/"
SUPPORT_URL="https://www.turris.cz/support/"
BUILD_ID="29b4104"
OPENWRT_BOARD="mvebu/cortexa9"
OPENWRT_ARCH="arm_cortex-a9_vfpv3-d16"
OPENWRT_TAINTS="busybox"
OPENWRT_DEVICE_MANUFACTURER="CZ.NIC"
OPENWRT_DEVICE_MANUFACTURER_URL="https://www.turris.cz/"
OPENWRT_DEVICE_PRODUCT="Turris Omnia"
OPENWRT_DEVICE_REVISION="v0"
OPENWRT_RELEASE="TurrisOS 5.1.0 29b4104d69bf91db17764dd885e9e111a373f08c"
== Factory ==
~~ File: /tmp/tmp.llkpdf/etc/turris-version ~~
4.0
~~ File: /tmp/tmp.llkpdf/etc/os-release ~~
NAME="TurrisOS"
VERSION="4.0-beta5"
ID="turrisos"
ID_LIKE="lede openwrt"
PRETTY_NAME="TurrisOS 4.0-beta5"
VERSION_ID="4.0-beta5"
HOME_URL="https://www.turris.cz/"
BUG_URL="https://gitlab.labs.nic.cz/groups/turris/-/issues"
SUPPORT_URL="https://www.turris.cz/support/"
BUILD_ID="65f9f42"
LEDE_BOARD="mvebu/cortexa9"
LEDE_ARCH="arm_cortex-a9_vfpv3"
LEDE_TAINTS="busybox"
LEDE_DEVICE_MANUFACTURER="CZ.NIC"
LEDE_DEVICE_MANUFACTURER_URL="https://www.turris.cz"
LEDE_DEVICE_PRODUCT="Turris Omnia"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="TurrisOS 4.0-beta5 65f9f42"
************** 08_os-release
```https://gitlab.nic.cz/turris/os/packages/-/issues/664ip_autoselector does not work as expected2020-09-15T14:59:01+02:00Karel Kociip_autoselector does not work as expectedIt was reported that when router was connected behind 192.168.1.0/24 DHCP that it fails to assign addresses (probably because of some problem with ip_autoselector).
To reproduce probably:
* Connect router WAN to 192.168.1.0/24 managed n...It was reported that when router was connected behind 192.168.1.0/24 DHCP that it fails to assign addresses (probably because of some problem with ip_autoselector).
To reproduce probably:
* Connect router WAN to 192.168.1.0/24 managed network
* Power router
* It should not assign any addressTurris OS 5.1.1https://gitlab.nic.cz/turris/os/packages/-/issues/602[U-Boot 2019.07 | rescue-image] 5-LED & 7-LED rescues fail2020-10-12T09:42:01+02:00Ghost User[U-Boot 2019.07 | rescue-image] 5-LED & 7-LED rescues fail> Package: rescue-image
> Version: 3.2-1.**1**
____
The rescue mode fails reproducible, boot just stalls and after some timeout reboots into normal boot.
Perhaps a hint from the [console.log](/uploads/822a23b5a0ad703079753e4484a1cf3...> Package: rescue-image
> Version: 3.2-1.**1**
____
The rescue mode fails reproducible, boot just stalls and after some timeout reboots into normal boot.
Perhaps a hint from the [console.log](/uploads/822a23b5a0ad703079753e4484a1cf3c/console.log)
>ip: OVERRUN: Bad addressTurris OS 5.1.2Michal HruseckyMichal Hruseckyhttps://gitlab.nic.cz/turris/os/packages/-/issues/642Generalize nor-update2021-04-19T10:35:07+02:00Michal HruseckyGeneralize nor-updateProvide single package with generic `nor-update` and provide various packages containing various versions of binaries. Little cleanup before letting people try new U-Boot and rescue on Omnia.Provide single package with generic `nor-update` and provide various packages containing various versions of binaries. Little cleanup before letting people try new U-Boot and rescue on Omnia.Turris OS 5.2.0Michal HruseckyMichal Hruseckyhttps://gitlab.nic.cz/turris/os/packages/-/issues/588Omnia: update u-boot to latest version2021-03-31T14:40:49+02:00Karel KociOmnia: update u-boot to latest versionWe have new U-boot for Omnias 2019+ but olds are still on older release. We should create even newer version build and push it to all Omnias.
In pre-2019 Omnias this should fix:
* Detection of SFP on Turris OS 4.0+
* Boot from USB deviceWe have new U-boot for Omnias 2019+ but olds are still on older release. We should create even newer version build and push it to all Omnias.
In pre-2019 Omnias this should fix:
* Detection of SFP on Turris OS 4.0+
* Boot from USB deviceTurris OS 5.2.0Michal HruseckyMichal Hruseckyhttps://gitlab.nic.cz/turris/os/packages/-/issues/672foris & foris-controller nextcloud split2020-10-02T23:39:54+02:00Martin Matějekforis & foris-controller nextcloud splitUpdate packages after nextcloud split from storage. These packages have to be released all at once.
- [x] foris-storage-plugin !528
- [x] foris-controller-storage-module !530
- [x] foris-controller-nextcloud-module !529
Compile and r...Update packages after nextcloud split from storage. These packages have to be released all at once.
- [x] foris-storage-plugin !528
- [x] foris-controller-storage-module !530
- [x] foris-controller-nextcloud-module !529
Compile and run tested on HBL on mox, but it wouldn't hurt to try it on another turris router, just to be sure.Turris OS 5.2.0https://gitlab.nic.cz/turris/os/packages/-/issues/700Unbound CVE-2020-289352023-08-16T14:40:58+02:00Josef SchlehoferUnbound CVE-2020-28935More details here: https://bugzilla.redhat.com/show_bug.cgi?id=1878761 and here https://github.com/NLnetLabs/unbound/issues/303
Fixed by these commits: https://github.com/NLnetLabs/unbound/commit/ad387832979b6ce4c93f64fe706301cd7d034e8...More details here: https://bugzilla.redhat.com/show_bug.cgi?id=1878761 and here https://github.com/NLnetLabs/unbound/issues/303
Fixed by these commits: https://github.com/NLnetLabs/unbound/commit/ad387832979b6ce4c93f64fe706301cd7d034e87 and https://github.com/NLnetLabs/unbound/commit/19f8f4d9f99a44906ab9dcc46d44da299fde3506
Should be fixed in 1.13.0 (not yet released)Turris OS 5.1.5Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/673Syslog-ng prints warning when log rotates2020-10-02T11:33:44+02:00Tony QuanSyslog-ng prints warning when log rotateseach time syslog rotates, /var/log/messages contains a message like:
```
Sep 23 01:30:41 turris syslog-ng[4740]: WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the sysl...each time syslog rotates, /var/log/messages contains a message like:
```
Sep 23 01:30:41 turris syslog-ng[4740]: WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.29 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file; config-version='3.26'
```
looks like syslog-ng was upgraded to 3.29 but the config files
/etc/syslog-ng.conf
/etc/logrotate.d/syslog-ng.conf
were not updated to reflect that.Turris OS 5.1.2https://gitlab.nic.cz/turris/os/packages/-/issues/675Send knot-resolver to upstream2023-08-16T14:41:01+02:00Karel KociSend knot-resolver to upstreamThere is no reason why upstream should not provide knot-resolver as well when it provides unbound. Let's send it there.There is no reason why upstream should not provide knot-resolver as well when it provides unbound. Let's send it there.Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/676Remove dhparam package2023-08-16T14:36:42+02:00Karel KociRemove dhparam packagehttps://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/merge_requests/4 removes dependency of foris-controller on dhparam package.
To be done:
* [x] fix package that updates configuration and generates dhparam i...https://gitlab.nic.cz/turris/foris-controller/foris-controller-openvpn-module/-/merge_requests/4 removes dependency of foris-controller on dhparam package.
To be done:
* [x] fix package that updates configuration and generates dhparam if it is missing
* [x] removal of dependency with foris-controller update
* [x] removal of dhparam package
Continuation of https://gitlab.nic.cz/turris/turris-os-packages/-/issues/505#note_170860.Turris OS 5.2.0https://gitlab.nic.cz/turris/os/packages/-/issues/677Install fixups on Shield2023-08-16T14:36:40+02:00Michal HruseckyInstall fixups on ShieldWe need to properly install following two fixups on Shield:
- [x] all-lan-ports-in-lan (!534)
- [x] contracts-handling-in-rescue (!540)We need to properly install following two fixups on Shield:
- [x] all-lan-ports-in-lan (!534)
- [x] contracts-handling-in-rescue (!540)Turris OS 5.1.2https://gitlab.nic.cz/turris/os/packages/-/issues/678Migration from 3.x: postupdate hooks are for some reason skipped when migrating2020-12-08T22:39:17+01:00Karel KociMigration from 3.x: postupdate hooks are for some reason skipped when migratingFor some reason postupdate hooks in updater are probably skipped. There are already two reported instances when this happened.
One report is that kernel version wasn't updated on Turris 1.x.
Second report is that alternatives were not ...For some reason postupdate hooks in updater are probably skipped. There are already two reported instances when this happened.
One report is that kernel version wasn't updated on Turris 1.x.
Second report is that alternatives were not updated.
Both issues can be solved by running appropriate postupdate hook.Turris OS 5.2.0https://gitlab.nic.cz/turris/os/packages/-/issues/682OpenVPN server does not work as it can not find /etc/dhparam/dh-default.pem2021-03-23T22:54:39+01:00Stepan RechnerOpenVPN server does not work as it can not find /etc/dhparam/dh-default.pemTested at Turris Shield:
```
Oct 21 14:45:27 turris openvpn(server_turris)[6136]: OpenVPN 2.4.7 aarch64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Oct 21 14:45:27 turris openvpn(server_turris)[6136]: libra...Tested at Turris Shield:
```
Oct 21 14:45:27 turris openvpn(server_turris)[6136]: OpenVPN 2.4.7 aarch64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Oct 21 14:45:27 turris openvpn(server_turris)[6136]: library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Oct 21 14:45:27 turris openvpn(server_turris)[6136]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 21 14:45:27 turris openvpn(server_turris)[6136]: OpenSSL: error:02001002:system library:fopen:No such file or directory
Oct 21 14:45:27 turris openvpn(server_turris)[6136]: OpenSSL: error:2006D080:BIO routines:BIO_new_file:no such file
Oct 21 14:45:27 turris openvpn(server_turris)[6136]: Cannot open /etc/dhparam/dh-default.pem for DH parameters
Oct 21 14:45:27 turris openvpn(server_turris)[6136]: Exiting due to fatal error
```Turris OS 5.1.3https://gitlab.nic.cz/turris/os/packages/-/issues/471syslog-ng time is in UTC, not localtime2023-08-16T14:55:20+02:00Rosen Penevsyslog-ng time is in UTC, not localtimeI get entries like:
Aug 28 23:00:01 turris /usr/sbin/cron[11765]: (root) CMD (/usr/bin/notifier)
when the time is actually 16:00:01.
The correct timezone is set in LuCI. The date command returns the correct value.
hwclock does as wel...I get entries like:
Aug 28 23:00:01 turris /usr/sbin/cron[11765]: (root) CMD (/usr/bin/notifier)
when the time is actually 16:00:01.
The correct timezone is set in LuCI. The date command returns the correct value.
hwclock does as well. It seems syslog-ng does not use those sources for the time.
edit: Found the fix. hwclock --systzTurris OS 6.0Rosen PenevRosen Penevhttps://gitlab.nic.cz/turris/os/packages/-/issues/683Fix path to ubus.sock in our packages2021-04-16T11:49:20+02:00Jan PavlinecFix path to ubus.sock in our packagesubus.sock was moved from **/var/run/ubus.sock** to **/var/run/ubus/ubus.sock**
Upstream commit https://github.com/openwrt/openwrt/commit/2dffadece9a7243a236ce7d91719787a671e23d4
Affected packages found by grepping:
* reforis - https://...ubus.sock was moved from **/var/run/ubus.sock** to **/var/run/ubus/ubus.sock**
Upstream commit https://github.com/openwrt/openwrt/commit/2dffadece9a7243a236ce7d91719787a671e23d4
Affected packages found by grepping:
* reforis - https://gitlab.nic.cz/turris/turris-os-packages/-/commit/c93dab9eae42dd25bf0d82c35eb2d96c27489cbd#d192f1219a00025b967a29d2606c1bbecc63fa5e_0_29
* turris-maintain - https://gitlab.nic.cz/turris/turris-os-packages/-/commit/8f523e85210963ce540fff2aca237031fda7be74#b7b1cfa167257e6acea1cc121b402c9a8d34d106_0_26
https://gitlab.nic.cz/turris/turris-os-packages/-/commit/df8d0ecf753d397377a7e3d92afeb55bef819630#0cdb3707e46d92d40b881876a56cecca7082b59e_0_28Turris OS 6.0https://gitlab.nic.cz/turris/os/packages/-/issues/704/etc/dhparam/dh-default.pem symlink doesn't exist in medkit for shield2021-03-23T22:52:23+01:00Martin Matějek/etc/dhparam/dh-default.pem symlink doesn't exist in medkit for shieldThere is no symlink to default dh params in medkit for turris shield (HBS, 5.1.4).
`/etc/dhparam/dh-default.pem -> /etc/dhparam/dh2048.pem`
Therefore you can't start openvpn server without manual intervention on device.
My guess is th...There is no symlink to default dh params in medkit for turris shield (HBS, 5.1.4).
`/etc/dhparam/dh-default.pem -> /etc/dhparam/dh2048.pem`
Therefore you can't start openvpn server without manual intervention on device.
My guess is that symlink is only created during install of package.
Not sure if we will hotfix it or just wait for release of 5.2.0.Turris OS 5.2.0Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/684Include adguardhome package in Turris opkg lists2022-04-26T19:52:54+02:00Scott AnecitoInclude adguardhome package in Turris opkg listsCurrently the adguardhome package for OpenWrt which was added to their list ~20 days ago does not show up under the list of installable packages for Turris; please add the package to the list of available packages to install for Turris
...Currently the adguardhome package for OpenWrt which was added to their list ~20 days ago does not show up under the list of installable packages for Turris; please add the package to the list of available packages to install for Turris
Package location:
https://github.com/openwrt/packages/tree/master/net/adguardhomehttps://gitlab.nic.cz/turris/os/packages/-/issues/685Add fail2ban package2021-10-09T22:27:12+02:00Jan PavlinecAdd fail2ban packageThis should also provide some integration for foris, luci and ssh.
Example https://github.com/peci1/fail2ban_openwrt
This should help meet the following mandatory requirements for Tier 1 defined by CSA Singapore's Cybersecurity Label...This should also provide some integration for foris, luci and ssh.
Example https://github.com/peci1/fail2ban_openwrt
This should help meet the following mandatory requirements for Tier 1 defined by CSA Singapore's Cybersecurity Labeling Scheme
* 5.1-5:When the device is not a constrained device, it shall have a mechanism available which makes bruteforce attacks on authentication mechanisms via network interfaces impracticable.
Related to https://gitlab.nic.cz/turris/biz/singapore-certification/-/issues/1Turris OS 6.0GANDALFGANDALFhttps://gitlab.nic.cz/turris/os/packages/-/issues/687turris-maintain: maintain-reboot fails because of unexpected UCI2023-08-16T14:36:36+02:00Karel Kociturris-maintain: maintain-reboot fails because of unexpected UCIThe solution is most likely to use EUCI instead of plain UCI to handle correctly lists.
In general all scripts in turris-maintain should be refactored as I looked at them.
At the moment this issue makes it so reboot from Foris does not...The solution is most likely to use EUCI instead of plain UCI to handle correctly lists.
In general all scripts in turris-maintain should be refactored as I looked at them.
At the moment this issue makes it so reboot from Foris does not work when IP address on wan is saved as `list` and not as `option`.
```
Oct 20 12:45:14 turris foris-controller[7712]: Traceback (most recent call
last):
Oct 20 12:45:14 turris foris-controller[7712]: File
"/usr/bin/maintain-reboot", line 58, in <module>
Oct 20 12:45:14 turris foris-controller[7712]: ips += [e for e in
uci_get("network", "wan", "ip6addr", "").split(" ") if e]
Oct 20 12:45:14 turris foris-controller[7712]: AttributeError: 'tuple'
object has no attribute 'split'
```Turris OS 5.1.4https://gitlab.nic.cz/turris/os/packages/-/issues/690Convert EXTRA_COMMANDS to extra_command in init scripts2023-08-16T14:36:35+02:00Jan PavlinecConvert EXTRA_COMMANDS to extra_command in init scripts
This is related to changes in upstream see https://github.com/openwrt/packages/pull/13798
Affected packages:
* knot-resolver
* suricata-pakon
* atlas-sw-probe
This is related to changes in upstream see https://github.com/openwrt/packages/pull/13798
Affected packages:
* knot-resolver
* suricata-pakon
* atlas-sw-probeTurris OS 6.0https://gitlab.nic.cz/turris/os/packages/-/issues/691Netmetr unrecognized parametr --rwait2023-08-16T14:56:54+02:00Josef SchlehoferNetmetr unrecognized parametr --rwaitI noticed that with version netmetr 2.0.0, there is invalid parametr in cron (https://gitlab.nic.cz/turris/turris-os-packages/-/blob/1b99d527bcfadf17c4ab2603a39cec6bda97f45b/net/netmetr/files/netmetr.cron#L2).
```
root@turris:~# netmetr...I noticed that with version netmetr 2.0.0, there is invalid parametr in cron (https://gitlab.nic.cz/turris/turris-os-packages/-/blob/1b99d527bcfadf17c4ab2603a39cec6bda97f45b/net/netmetr/files/netmetr.cron#L2).
```
root@turris:~# netmetr --rwait 1800
usage: netmetr [-h] [-v] [--autostart] [--dwlhist] [--debug] [--no-color]
[--no-run] [--control-server CONTROL_SERVER] [--uuid UUID]
[--unsecure-connection] [--only-config] [--syslog] [-4] [-6]
[-q] [-b BIND_ADDRESS]
netmetr: error: unrecognized arguments: --rwait 1800
```https://gitlab.nic.cz/turris/os/packages/-/issues/696wireguard: DEVICE_CLAIM_FAILED after TOS 3->5 upgrade2021-01-10T13:21:40+01:00David Hopfmuellerwireguard: DEVICE_CLAIM_FAILED after TOS 3->5 upgradeAfter upgrading from TOS 3.11.19.1 to 5.1.3 wireguard fails to load and LuCI displays an `Unknown error (DEVICE_CLAIM_FAILED)`. This seems to be caused by an `option ifname 'something'` entry in wireguard's `config interface` section. Re...After upgrading from TOS 3.11.19.1 to 5.1.3 wireguard fails to load and LuCI displays an `Unknown error (DEVICE_CLAIM_FAILED)`. This seems to be caused by an `option ifname 'something'` entry in wireguard's `config interface` section. Removing the offending option solves the issue.Turris OS 5.1.5https://gitlab.nic.cz/turris/os/packages/-/issues/697tos3to4: migration of network adds interfaces to invalid networks2023-08-16T14:36:31+02:00Karel Kocitos3to4: migration of network adds interfaces to invalid networksScript `switch_and_vlans` migrates switch and it seems to add interfaces to any interface but that includes VPNs.. that is wrong.
(Originally reported in turris/turris-os-packages#696).Script `switch_and_vlans` migrates switch and it seems to add interfaces to any interface but that includes VPNs.. that is wrong.
(Originally reported in turris/turris-os-packages#696).Turris OS 5.1.5https://gitlab.nic.cz/turris/os/packages/-/issues/699resolver-debug: alternative for reForis2023-08-16T14:56:51+02:00Jan Pavlinecresolver-debug: alternative for reForisBecause of Turris shield, our approach to DNS debugging with resolver-debug package is not very useful because it has to be run from luci interfaceBecause of Turris shield, our approach to DNS debugging with resolver-debug package is not very useful because it has to be run from luci interfaceTurris OS 5.3.0https://gitlab.nic.cz/turris/os/packages/-/issues/701knot-resolver: DNS server failure for hosted.fireside.fm CNAME2020-11-27T22:33:42+01:00LinAGKarknot-resolver: DNS server failure for hosted.fireside.fm CNAMELately, knot has been giving me servfail for certain domain names. It responds with the correct response, but with the server failure flag set. The domains I've seen this on is linuxactionnews.com, sudo.show, chooselinux.show, hardwaread...Lately, knot has been giving me servfail for certain domain names. It responds with the correct response, but with the server failure flag set. The domains I've seen this on is linuxactionnews.com, sudo.show, chooselinux.show, hardwareaddicts.org, techtalk.today and coder.show, though it doesn't happen to all of them all the time. Something in common between all of these is that they all have a CNAME record pointing to hosted.fireside.fm. It seems to stop happening if I disable DNSSEC. My first though was that there is something weird with My ISPs DNS, but I switched to Google DNS and still gets the same problem.
| Device | Turris Omnia |
|--------------------|--------------------------------------------|
| Turris OS version | 3.11.21 |
| Kernel version | 4.4.199-a890a5a94ebb621f8f1720c24d12fef1-1 |https://gitlab.nic.cz/turris/os/packages/-/issues/702Kernel is reinstalled almost each time2021-02-08T15:33:24+01:00Josef SchlehoferKernel is reinstalled almost each timeWhile doing new update on router, it seems that there is repeated installation of the same kernel packages, which are already installed.
Reported on our forum: https://forum.turris.cz/t/repeated-install-of-packages/14170While doing new update on router, it seems that there is repeated installation of the same kernel packages, which are already installed.
Reported on our forum: https://forum.turris.cz/t/repeated-install-of-packages/14170https://gitlab.nic.cz/turris/os/packages/-/issues/705lighttpd: reduce memory usage of foris and reforis2021-10-07T08:59:56+02:00Glenn Strausslighttpd: reduce memory usage of foris and reforislighttpd: reduce memory usage of foris and reforis
[I do not have permission to create a fork of turris-os-packages to be able to submit a merge request, so I am creating an issue here.]
On my 512 MB Mox, over 160 MB resident memory is...lighttpd: reduce memory usage of foris and reforis
[I do not have permission to create a fork of turris-os-packages to be able to submit a merge request, so I am creating an issue here.]
On my 512 MB Mox, over 160 MB resident memory is being used by foris, reforis, foris-ws, and foris-controller. That is a significant amount of memory, especially given the occasional Turris OS upgrade issues sometimes due to running out of memory. (These processes also use a significant amount of CPU time, but that is another issue for another day)
foris and reforis both can be configured to use CGI rather than staying resident as FastCGI backends to lighttpd. However, that is not the default configuration.
I would like to propose a small change to foris and reforis configurations which employ lighttpd `min-procs => 0` and start up FastCGI backends upon demand, then kill them after an idle period. The default idle period is 60 seconds, but in the below patch I configure 180 seconds (3 minutes), so that if you access foris or reforis web pages, the FastCGI backend will stick around or a few minutes as you navigate pages, but will be killed after you are done. The initial page load takes a few seconds, but after logging in, navigation is quick since the backend processes are still running until idle for 3 minutes.
Quick win:
This small change immediately saves over 50 MB of resident memory.
```
diff --git a/web/foris/foris/files/lighttpd-dynamic-conf b/web/foris/foris/files/lighttpd-dynamic-conf
index 3a27bc422..a5f2dcfac 100644
--- a/web/foris/foris/files/lighttpd-dynamic-conf
+++ b/web/foris/foris/files/lighttpd-dynamic-conf
@@ -75,6 +75,8 @@ case $SERVER in
echo " \"socket\" => \"/tmp/fastcgi.foris-$APP.socket\","
echo " \"bin-path\" => var.foris-$APP.bin + var.foris-$APP.flags,"
echo ' "check-local" => "disable",'
+ echo ' "idle-timeout" => 180,'
+ echo ' "min-procs" => 0,'
echo ' "max-procs" => 1,'
if [ -n "$SENTRY_DSN" ]; then
echo ' "bin-environment" => ('
diff --git a/web/reforis/reforis/files/reforis-lighttpd-dynamic.sh b/web/reforis/reforis/files/reforis-lighttpd-dynamic.sh
index 9064148af..032077108 100644
--- a/web/reforis/reforis/files/reforis-lighttpd-dynamic.sh
+++ b/web/reforis/reforis/files/reforis-lighttpd-dynamic.sh
@@ -45,6 +45,8 @@ case $SERVER in
echo " \"socket\" => \"/tmp/fastcgi.reforis.socket\","
echo " \"bin-path\" => var.reforis.bin,"
echo ' "check-local" => "disable",'
+ echo ' "idle-timeout" => 180,'
+ echo ' "min-procs" => 0,'
echo ' "max-procs" => 1,'
echo ' "bin-environment" => ('
if [ -n "$SENTRY_DSN" ]; then
```
On my Turris Mox (Turris OS 5.1.4) (hbt) which was last rebooted 18 days ago, please note the memory use and CPU usage of foris, reforis, et al. The resident memory used by these programs is ~ 115x that used by lighttpd. (Yes, that's not 10x, that is OVER 100x) kresd is the top memory user on my system as expected, but foris processes are the next 7 largest.
```
2757 root 20 0 124.7m 34.8m 0.0 7.2 2:44.96 S /usr/bin/kresd --noninteractive -c /tmp/kresd.config /tmp/kresd -a 0.0.0.0#53 -a ::#53
3898 root 20 0 42.3m 32.2m 0.0 6.6 1908:39 S /usr/bin/python3 /usr/bin/foris-controller -b openwrt -C /var/run/foris-controller-client.sock mqtt --host localhost --port 11883 --passwd-file /etc/fosquitto/credentials.plain --controller-id 0000000D30007440
4476 root 20 0 41.4m 31.2m 0.0 6.4 137:20.58 S /usr/bin/python3 /usr/bin/foris-controller -b openwrt -C /var/run/foris-controller-client.sock mqtt --host localhost --port 11883 --passwd-file /etc/fosquitto/credentials.plain --controller-id 0000000D30007440
4356 root 20 0 37.1m 28.2m 0.0 5.8 120:59.20 S /usr/bin/python3 /usr/bin/reforis
4355 root 20 0 33.8m 24.6m 0.0 5.1 122:22.64 S /usr/bin/python3 /usr/bin/foris -s flup -a config -b mqtt --mqtt-host localhost --mqtt-port 11883 --mqtt-passwd-file /etc/fosquitto/credentials.plain --mqtt-controller-id 0000000D30007440
3218 root 20 0 26.3m 17.0m 0.0 3.5 76:45.56 S /usr/bin/python3 /usr/bin/foris-ws -a ubus filesystem --host 127.0.0.1 --port 9080 mqtt --mqtt-host localhost --mqtt-port 11883 --mqtt-passwd-file /etc/fosquitto/credentials.plain
4178 root 20 0 30.6m 15.3m 0.0 3.2 19:12.81 S /usr/bin/python3 /usr/bin/foris-controller -b openwrt -C /var/run/foris-controller-client.sock mqtt --host localhost --port 11883 --passwd-file /etc/fosquitto/credentials.plain --controller-id 0000000D30007440
4151 root 20 0 29.4m 12.1m 0.0 2.5 19:12.66 S /usr/bin/python3 /usr/bin/foris-controller -b openwrt -C /var/run/foris-controller-client.sock mqtt --host localhost --port 11883 --passwd-file /etc/fosquitto/credentials.plain --controller-id 0000000D30007440
[...]
3916 root 20 0 5.7m 1.4m 0.0 0.3 4:45.91 S /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
```Turris OS 5.3.0https://gitlab.nic.cz/turris/os/packages/-/issues/721sentinel-minipot: release with new message types (v2.2.0)2021-10-06T14:28:53+02:00Karel Kocisentinel-minipot: release with new message types (v2.2.0)Part of turris/sentinel/sentinel#24
Minipots are going to provide new message types to server and fix a lot of problems on server that way.
related:
- [x] turris/sentinel/minipot!9
- [x] turris/sentinel/minipot!10
- [x] turris/sentinel...Part of turris/sentinel/sentinel#24
Minipots are going to provide new message types to server and fix a lot of problems on server that way.
related:
- [x] turris/sentinel/minipot!9
- [x] turris/sentinel/minipot!10
- [x] turris/sentinel/minipot!11
- [x] turris/sentinel/minipot!13
- [x] turris/sentinel/minipot#56
related to server components:
- turris/ansible!357Turris OS 5.3.0https://gitlab.nic.cz/turris/os/packages/-/issues/665lighttpd exhaust RAM while downloading big file2021-10-13T09:35:31+02:00Vojtech Mysliveclighttpd exhaust RAM while downloading big fileIt seems lighttpd consumes memory without a limit while downloading a big file. It leads to OOM killer and broken router, obviously, until restart.
This is critical in combination with Next Cloud which is then *unusable* for files large...It seems lighttpd consumes memory without a limit while downloading a big file. It leads to OOM killer and broken router, obviously, until restart.
This is critical in combination with Next Cloud which is then *unusable* for files larger than e.g. tens or small hundreds of Megabytes.
cc @mhruseckyTurris OS 5.3.0Michal HruseckyMichal Hruseckyhttps://gitlab.nic.cz/turris/os/packages/-/issues/559TLS 1.2 + TLS 1.3 for (re)Foris/lighttpd2021-05-05T11:58:30+02:00Vojtech MyslivecTLS 1.2 + TLS 1.3 for (re)Foris/lighttpdAs Turris OS 5.0 should has OpenSSL 1.1 already, we should tune TLS configuration for lighttpd, (re)Foris respectively.As Turris OS 5.0 should has OpenSSL 1.1 already, we should tune TLS configuration for lighttpd, (re)Foris respectively.Turris OS 5.2.0https://gitlab.nic.cz/turris/os/packages/-/issues/706Restrict lighttpd to strong TLS cipher suites2021-08-24T12:15:40+02:00Vojtech MyslivecRestrict lighttpd to strong TLS cipher suitesFollow-up from #559, [github PR #59](https://github.com/CZ-NIC/turris-os-packages/pull/59) and [github PR #63](https://github.com/CZ-NIC/turris-os-packages/pull/63).
Since lighttpd version 1.4.56, the reasonable default TLS configuratio...Follow-up from #559, [github PR #59](https://github.com/CZ-NIC/turris-os-packages/pull/59) and [github PR #63](https://github.com/CZ-NIC/turris-os-packages/pull/63).
Since lighttpd version 1.4.56, the reasonable default TLS configuration is:
```
"MinProtocol" => "TLSv1.2"
"CipherString" => "HIGH"
```
We can consider to restrict list of cipher suites to only strong ciphers, as OpenSSL `HIGH` consist of *not-so-high* cipher suites as well...
List of cipher suites could be something like:
```
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-CCM8
ECDHE-ECDSA-AES256-CCM8
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES128-CCM8
DHE-RSA-AES256-CCM8
DHE-RSA-CHACHA20-POLY1305
```
together with strong DH parameters (> 1024 bit).Turris OS 5.3.0https://gitlab.nic.cz/turris/os/packages/-/issues/707Wireguard broken in latest 5.1.4?2020-12-08T15:48:20+01:00Marius DurbacaWireguard broken in latest 5.1.4?configured wireguard as https://doc.turris.cz/doc/en/public/wireguard
Omnia rebooted - still…
```
root@turris:~# ifconfig wg0
ifconfig: wg0: error fetching interface information: Device not found
```
some debug:
```
root@turris:~# lsmod ...configured wireguard as https://doc.turris.cz/doc/en/public/wireguard
Omnia rebooted - still…
```
root@turris:~# ifconfig wg0
ifconfig: wg0: error fetching interface information: Device not found
```
some debug:
```
root@turris:~# lsmod | grep wireg
ip6_udp_tunnel 16384 1 wireguard
udp_tunnel 16384 1 wireguard
wireguard 126976 0
root@turris:~# cat /etc/config/network
...
config interface 'wg0'
option proto 'wireguard'
option private_key '###--priv.key.here---###'
option listen_port '1234'
list addresses '10.0.10.1/24'
option ifname 'wg0'
config wireguard_wg0
option public_key '###--pub.key.here---###'
option preshared_key '###--pshrd.key.here---###'
option route_allowed_ips '1'
list allowed_ips '0.0.0.0/0'
option persistent_keepalive '25'
option description 'client1'
....
root@turris:~# cat /etc/config/firewall
...
config rule
option target 'ACCEPT'
option proto 'udp'
option dest_port '1234'
option name 'Allow-Wireguard-Inbound'
option src 'wan'
config zone
option name 'wg'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option masq '1'
option network 'wg0'
config forwarding
option src 'wg'
option dest 'wan'
config forwarding
option src 'wg'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'wg'
config forwarding
option src 'wan'
option dest 'wg'
...
root@turris:~# cat /etc/turris-version
5.1.4
```
anything missing ?https://gitlab.nic.cz/turris/os/packages/-/issues/710Suricata fails to compile2021-06-25T11:56:08+02:00Josef SchlehoferSuricata fails to compileDuring tinkering with CI, I can not compile suricata-bin:
```
2020-12-15T08:59:08.6914729Z make[5]: Entering directory '/home/build/openwrt/build_dir/target-powerpc_8540_musl/suricata-4.0.7/scripts'
2020-12-15T08:59:08.6979887Z Making al...During tinkering with CI, I can not compile suricata-bin:
```
2020-12-15T08:59:08.6914729Z make[5]: Entering directory '/home/build/openwrt/build_dir/target-powerpc_8540_musl/suricata-4.0.7/scripts'
2020-12-15T08:59:08.6979887Z Making all in suricatasc
2020-12-15T08:59:08.7004136Z make[6]: Entering directory '/home/build/openwrt/build_dir/target-powerpc_8540_musl/suricata-4.0.7/scripts/suricatasc'
2020-12-15T08:59:08.7005287Z mkdir -p ../../scripts/suricatasc/src
2020-12-15T08:59:08.7027308Z /home/build/openwrt/staging_dir/host/bin/python ./setup.py build;
2020-12-15T08:59:08.7168669Z Traceback (most recent call last):
2020-12-15T08:59:08.7170127Z File "./setup.py", line 2, in <module>
2020-12-15T08:59:08.7170751Z from distutils.core import setup
2020-12-15T08:59:08.7172132Z ModuleNotFoundError: No module named 'distutils.core'
2020-12-15T08:59:08.7188245Z make[6]: *** [Makefile:526: all-local] Error 1
2020-12-15T08:59:08.7189514Z make[6]: Leaving directory '/home/build/openwrt/build_dir/target-powerpc_8540_musl/suricata-4.0.7/scripts/suricatasc'
2020-12-15T08:59:08.7201276Z make[5]: *** [Makefile:431: all-recursive] Error 1
2020-12-15T08:59:08.7202491Z make[5]: Leaving directory '/home/build/openwrt/build_dir/target-powerpc_8540_musl/suricata-4.0.7/scripts'
2020-12-15T08:59:08.7214463Z make[4]: *** [Makefile:492: all-recursive] Error 1
2020-12-15T08:59:08.7220955Z make[4]: Leaving directory '/home/build/openwrt/build_dir/target-powerpc_8540_musl/suricata-4.0.7'
2020-12-15T08:59:08.7222304Z make[3]: *** [Makefile:420: all] Error 2
2020-12-15T08:59:08.7226983Z make[2]: *** [Makefile:98: /home/build/openwrt/build_dir/target-powerpc_8540_musl/suricata-4.0.7/.built] Error 2
2020-12-15T08:59:08.7228384Z make[3]: Leaving directory '/home/build/openwrt/build_dir/target-powerpc_8540_musl/suricata-4.0.7'
2020-12-15T08:59:08.7229859Z make[2]: Leaving directory '/home/runner/work/turris-os-packages/turris-os-packages/net/suricata-bin'
```Turris OS 6.0Michal HruseckyMichal Hruseckyhttps://gitlab.nic.cz/turris/os/packages/-/issues/711Fosquitto does not start as options port, bind_address are deprecated2023-08-16T14:54:45+02:00Josef SchlehoferFosquitto does not start as options port, bind_address are deprecatedVersion of Turris OS:
```
root@omnia:~# cat /etc/openwrt_release
DISTRIB_ID='TurrisOS'
DISTRIB_RELEASE='6.0-future'
DISTRIB_REVISION='19d7e73'
DISTRIB_TARGET='mvebu/cortexa9'
DISTRIB_ARCH='arm_cortex-a9_vfpv3-d16'
DISTRIB_DESCRIPTION='Tu...Version of Turris OS:
```
root@omnia:~# cat /etc/openwrt_release
DISTRIB_ID='TurrisOS'
DISTRIB_RELEASE='6.0-future'
DISTRIB_REVISION='19d7e73'
DISTRIB_TARGET='mvebu/cortexa9'
DISTRIB_ARCH='arm_cortex-a9_vfpv3-d16'
DISTRIB_DESCRIPTION='TurrisOS 6.0-future 19d7e73ecc28945581fb91cea20e1f3399f72268'
DISTRIB_TAINTS='busybox'
```
Version of mosquitto:
```
root@omnia:~# opkg list-installed | grep mosquitto
libmosquitto-ssl - 2.0.2-1
mosquitto-client-ssl - 2.0.2-1
mosquitto-ssl - 2.0.2-1
```
Output from mosquitto:
```
root@omnia:~# mosquitto -c /var/etc/fosquitto.generated.conf
1609080334: The 'port' option is now deprecated and will be removed in a future version. Please use 'listener' instead.
1609080334: The 'bind_address' option is now deprecated and will be removed in a future version. The behaviour will default to true.
1609080334: Error: Unable to open pwfile "/etc/fosquitto/credentials.hashed".
1609080334: Error opening password file "/etc/fosquitto/credentials.hashed".
```Turris OS 6.0https://gitlab.nic.cz/turris/os/packages/-/issues/713kresd linking issue2021-08-03T09:08:16+02:00Rosen Penevkresd linking issue```
Error relocating /usr/lib/kres_modules/hints.so: kr_zonecut_deinit: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: kr_inaddr_len: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: trie_it_val: symbo...```
Error relocating /usr/lib/kres_modules/hints.so: kr_zonecut_deinit: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: kr_inaddr_len: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: trie_it_val: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: json_mkobject: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: knot_dname_copy: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: knot_pkt_put_question: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: kr_inaddr_family: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: knot_pkt_put_rotate: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: json_delete: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: knot_dname_to_lower: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: mp_alloc: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: engine_hint_root_file: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: kr_log_q: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: knot_rrset_clear: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: luaL_error: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: knot_rrset_add_rdata: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: kr_pkt_recycle: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: kr_zonecut_init: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: kr_family_len: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: mp_delete: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: mp_new: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: kr_zonecut_add: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: json_mkarray: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: json_decode: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: trie_it_key: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: json_append_element: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: kr_inaddr: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: knot_dname_is_equal: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: kr_zonecut_del_all: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: knot_dname_to_str: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: json_append_member: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: trie_it_next: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: kr_zonecut_set: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: json_encode: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: json_first_child: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: kr_zonecut_find: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: trie_it_finished: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: knot_dname_from_str: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: kr_zonecut_del: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: trie_it_free: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: json_mkstring: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: knot_dname_in_bailiwick: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: trie_it_begin: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: knot_dname_size: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: mp_alloc: symbol not found
Error relocating /usr/lib/kres_modules/hints.so: kr_verbose_status: symbol not found
Error relocating /usr/lib/kres_modules/nsid.so: knot_rrset_clear: symbol not found
Error relocating /usr/lib/kres_modules/nsid.so: luaL_error: symbol not found
Error relocating /usr/lib/kres_modules/nsid.so: knot_edns_add_option: symbol not found
Error relocating /usr/lib/kres_modules/nsid.so: json_encode_string: symbol not found
Error relocating /usr/lib/kres_modules/nsid.so: knot_edns_get_option: symbol not found
Error relocating /usr/lib/kres_modules/nsid.so: kr_verbose_status: symbol not found
Error relocating /usr/lib/kres_modules/edns_keepalive.so: knot_edns_keepalive_size: symbol not found
Error relocating /usr/lib/kres_modules/edns_keepalive.so: knot_edns_add_option: symbol not found
Error relocating /usr/lib/kres_modules/edns_keepalive.so: knot_edns_get_option: symbol not found
Error relocating /usr/lib/kres_modules/edns_keepalive.so: knot_edns_keepalive_write: symbol not found
Error relocating /usr/lib/kres_modules/edns_keepalive.so: the_worker: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: lru_create_impl: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: json_mkobject: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: kr_rnd_buffered: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: json_mknumber: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: map_set: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: json_delete: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: kr_rplan_last: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: knot_rrtype_to_string: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: map_contains: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: map_walk_prefixed: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: json_find_member: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: kr_now: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: json_mkarray: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: knot_dname_to_wire: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: json_append_element: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: lru_apply_impl: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: kr_inaddr: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: knot_dname_to_str: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: map_clear: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: lru_free_items_impl: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: json_append_member: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: json_encode: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: lru_get_impl: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: json_mkstring: symbol not found
Error relocating /usr/lib/kres_modules/stats.so: map_get: symbol not found
Error relocating /usr/lib/kres_modules/bogus_log.so: lru_create_impl: symbol not found
Error relocating /usr/lib/kres_modules/bogus_log.so: json_mkobject: symbol not found
Error relocating /usr/lib/kres_modules/bogus_log.so: json_mknumber: symbol not found
Error relocating /usr/lib/kres_modules/bogus_log.so: json_delete: symbol not found
Error relocating /usr/lib/kres_modules/bogus_log.so: knot_rrtype_to_string: symbol not found
Error relocating /usr/lib/kres_modules/bogus_log.so: json_mkarray: symbol not found
Error relocating /usr/lib/kres_modules/bogus_log.so: knot_dname_to_wire: symbol not found
Error relocating /usr/lib/kres_modules/bogus_log.so: json_append_element: symbol not found
Error relocating /usr/lib/kres_modules/bogus_log.so: lru_apply_impl: symbol not found
Error relocating /usr/lib/kres_modules/bogus_log.so: knot_dname_to_str: symbol not found
Error relocating /usr/lib/kres_modules/bogus_log.so: lru_free_items_impl: symbol not found
Error relocating /usr/lib/kres_modules/bogus_log.so: json_append_member: symbol not found
Error relocating /usr/lib/kres_modules/bogus_log.so: json_encode: symbol not found
Error relocating /usr/lib/kres_modules/bogus_log.so: lru_get_impl: symbol not found
Error relocating /usr/lib/kres_modules/bogus_log.so: json_mkstring: symbol not found
```
command ran was
```
find /usr/lib -name "*.so*" -exec ldd '{}' \; | grep Error
```
It doesn't look like it causes any issues, probably because those libraries are already present but it's a good idea to add linking anyway.https://gitlab.nic.cz/turris/os/packages/-/issues/714rescue-image: SATA not working2021-01-26T20:34:34+01:00Michel Krausrescue-image: SATA not workingThe first patch enables the SATA modules on newer Omnia. This should fix
#709
The second patch updates the root device for schnapps if a new
$TARGET_PART was selected by override_root. This allows to use schnapps
with SATA and USB based...The first patch enables the SATA modules on newer Omnia. This should fix
#709
The second patch updates the root device for schnapps if a new
$TARGET_PART was selected by override_root. This allows to use schnapps
with SATA and USB based root filesystems as long as root_uuid is correctly
set.
[0001-rescue-image-enable-SATA-on-omnia.patch](/uploads/b473179c4391757d3b2bd51c0062ba0b/0001-rescue-image-enable-SATA-on-omnia.patch)
[0002-rescue-image-update-schnapps-config-if-root-changed.patch](/uploads/1b4c1631e4442e58b953c6ca973d5579/0002-rescue-image-update-schnapps-config-if-root-changed.patch)Turris OS 5.2.0Michal HruseckyMichal Hruseckyhttps://gitlab.nic.cz/turris/os/packages/-/issues/715lighttpd: log failed logging attemps2021-10-15T12:07:50+02:00Jan Pavlineclighttpd: log failed logging attempsRelated to https://forum.turris.cz/t/enable-lighttpd-reforis-luci-logging/14687Related to https://forum.turris.cz/t/enable-lighttpd-reforis-luci-logging/14687https://gitlab.nic.cz/turris/os/packages/-/issues/463Resolver-conf doesn't check if there is disabled IPv6 for WAN2023-08-16T14:37:37+02:00Josef SchlehoferResolver-conf doesn't check if there is disabled IPv6 for WANIn Foris's WAN tab, I have disabled IPv6 and when I want to use forwarding to one of suggested DNS forwarder, it tries to reach those DNS servers via IPv6 and it floods syslog with messages like:
```
2019-08-18 18:50:21 err unbound[]: [...In Foris's WAN tab, I have disabled IPv6 and when I want to use forwarding to one of suggested DNS forwarder, it tries to reach those DNS servers via IPv6 and it floods syslog with messages like:
```
2019-08-18 18:50:21 err unbound[]: [17527:0] error: outgoing tcp: connect: Permission denied for 2606:4700:4700::1111 port 853
2019-08-18 18:50:21 err unbound[]: [17527:0] error: outgoing tcp: connect: Permission denied for 2606:4700:4700::1001 port 853
2019-08-18 18:50:21 err unbound[20689]: Last message '[17527:0] error: out' repeated 1 times, suppressed by syslog-ng on turris
```Turris OS 5.2.1Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/762nextcloud: cronjob breaks nextcloud configuration2023-08-16T14:35:49+02:00Martin Matějeknextcloud: cronjob breaks nextcloud configuration## Description
`cron.php` included with nextcloud gets executed periodically. If there is no configuration (e.g. after instalation) it somehow fails with following output and creates empty `config.php`.
HBS (5.1.10)
```
May 5 20:40:01...## Description
`cron.php` included with nextcloud gets executed periodically. If there is no configuration (e.g. after instalation) it somehow fails with following output and creates empty `config.php`.
HBS (5.1.10)
```
May 5 20:40:01 turris crond[24321]: (nobody) CMD (/usr/bin/php-cli -f /srv/www/nextcloud/cron.php)
May 5 20:40:01 turris crond[24319]: (nobody) CMDOUT (PHP Warning: fileperms(): stat failed for /srv/www/nextcloud/data/nextcloud.log in /srv/www/nextcloud/lib/private/Log/File.php on line 83)
May 5 20:40:01 turris crond[24319]: (nobody) CMDOUT ({"reqId":"2LX5Nd3mNTNs08DNy0G1","level":3,"time":"2021-05-05T20:40:01+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fileperms(): stat failed for /srv/www/nextcloud/data/nextcloud.log at /srv/www/nextcloud/lib/private/Log/File.php#83","userAgent":"--","version":""})
May 5 20:40:01 turris crond[24319]: (nobody) CMDOUT ({"reqId":"2LX5Nd3mNTNs08DNy0G1","level":3,"time":"2021-05-05T20:40:01+00:00","remoteAddr":"","user":"--","app":"cron","method":"","url":"--","message":{"Exception":"Exception","Message":"Not installed","Code":0,"Trace":[{"file":"/srv/www/nextcloud/lib/base.php","line":651,"function":"checkInstalled","class":"OC","type":"::","args":[]},{"file":"/srv/www/nextcloud/lib/base.php","line":1089,"function":"init","class":"OC","type":"::","args":[]},{"file":"/srv/www/nextcloud/cron.php","line":42,"args":["/srv/www/nextcloud/lib/base.php"],"function":"require_once"}],"File":"/srv/www/nextcloud/lib/base.php","Line":282,"CustomMessage":"--"},"userAgent":"--","version":""})
May 5 20:40:01 turris crond[24319]: (nobody) CMDOUT (PHP Warning: fileperms(): stat failed for /srv/www/nextcloud/data/nextcloud.log in /srv/www/nextcloud/lib/private/Log/File.php on line 83)
May 5 20:40:01 turris crond[24319]: (nobody) CMDOUT ({"reqId":"2LX5Nd3mNTNs08DNy0G1","level":3,"time":"2021-05-05T20:40:01+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fileperms(): stat failed for /srv/www/nextcloud/data/nextcloud.log at /srv/www/nextcloud/lib/private/Log/File.php#83","userAgent":"--","version":""})
May 5 20:40:01 turris crond[24319]: (nobody) CMDOUT ({"reqId":"2LX5Nd3mNTNs08DNy0G1","level":3,"time":"2021-05-05T20:40:01+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"chmod(): No such file or directory at /srv/www/nextcloud/lib/private/Log/File.php#84","userAgent":"--","version":""})
```
HBT (5.2.0)
```
May 5 21:15:01 turris crond[25474]: (nobody) CMD (/usr/bin/php-cli -f /srv/www/nextcloud/cron.php)
May 5 21:15:02 turris crond[25472]: (nobody) CMDOUT ({"reqId":"W0nzxPKvqhxjJgLWjROt","level":3,"time":"2021-05-05T21:15:02+00:00","remoteAddr":"","user":"--","app":"cron","method":"","url":"--","message":{"Exception":"Exception","Message":"Not installed","Code":0,"Trace":[{"file":"/srv/www/nextcloud/lib/base.php","line":654,"function":"checkInstalled","class":"OC","type":"::","args":[]},{"file":"/srv/www/nextcloud/lib/base.php","line":1095,"function":"init","class":"OC","type":"::","args":[]},{"file":"/srv/www/nextcloud/cron.php","line":42,"args":["/srv/www/nextcloud/lib/base.php"],"function":"require_once"}],"File":"/srv/www/nextcloud/lib/base.php","Line":282,"CustomMessage":"--"},"userAgent":"--","version":""})
```
## Expected behaviour
No `config.php` should exist and user should be able to configure nextcloud from Foris.
## Actual behaviour
Empty `config.php` is created as side effect, thus from foris point of view it looks like nextcloud is already configured.
In order to be able to configure nextcloud from Foris, it is necessary to remove `/srv/www/nextcloud/config/config.php`.Turris OS 5.2.0Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/719Update common passwords2023-08-16T14:54:43+02:00Josef SchlehoferUpdate common passwordsCurrent version is from 2018, can we update it to the latest version and have some statistics to see what has changed and if there are bigger numbers of common passwords or not?Current version is from 2018, can we update it to the latest version and have some statistics to see what has changed and if there are bigger numbers of common passwords or not?Turris OS 6.0.4Filip HronFilip Hronhttps://gitlab.nic.cz/turris/os/packages/-/issues/720sentinel-proxy: release fixes (v1.3.1)2021-05-27T14:54:17+02:00Karel Kocisentinel-proxy: release fixes (v1.3.1)We should release new version of proxy to include latest fixes merged to master of that project.
related:
- [x] turris/sentinel/proxy!8We should release new version of proxy to include latest fixes merged to master of that project.
related:
- [x] turris/sentinel/proxy!8Turris OS 5.2.1https://gitlab.nic.cz/turris/os/packages/-/issues/722turris-survey: release v0.42023-08-16T14:36:28+02:00Vojtech Myslivecturris-survey: release v0.4Release initial version of Turris-Survey
related:
- [x] turris/sentinel/turris-survey#4 (turris/sentinel/turris-survey!6)Release initial version of Turris-Survey
related:
- [x] turris/sentinel/turris-survey#4 (turris/sentinel/turris-survey!6)Turris OS 5.3.4https://gitlab.nic.cz/turris/os/packages/-/issues/723foris-controller: fixup release2023-08-16T14:54:38+02:00Karel Kociforis-controller: fixup release* [ ] IPv6 with PPPoE (turris/foris-controller/foris-controller#162)* [ ] IPv6 with PPPoE (turris/foris-controller/foris-controller#162)https://gitlab.nic.cz/turris/os/packages/-/issues/724foris-controller: release v2.0.12021-09-21T12:25:16+02:00Martin Matějekforis-controller: release v2.0.1Issues for new release foris-controller, most likely 1.3.0
* [x] [Milestone Foris-controller 2.0.1](https://gitlab.nic.cz/groups/turris/foris-controller/-/milestones/6)
* [x] [Milestone Foris-controller 2.0.0](https://gitlab.nic.cz/grou...Issues for new release foris-controller, most likely 1.3.0
* [x] [Milestone Foris-controller 2.0.1](https://gitlab.nic.cz/groups/turris/foris-controller/-/milestones/6)
* [x] [Milestone Foris-controller 2.0.0](https://gitlab.nic.cz/groups/turris/foris-controller/-/milestones/2)
Some features depends on
* [x] turris/turrishw#4Turris OS 5.3.0https://gitlab.nic.cz/turris/os/packages/-/issues/725Atsha entropy feed fails because of missing i2c device early during the boot2021-02-09T19:56:26+01:00Karel KociAtsha entropy feed fails because of missing i2c device early during the boot```
Log: api: open_ni2c_dev: Couldn't open native I2C device.
Device couldn't be opened.
```
The appropriate module is just loaded later on so this simply can't work. We should move atsha entropy feed to init and do it as the same time ...```
Log: api: open_ni2c_dev: Couldn't open native I2C device.
Device couldn't be opened.
```
The appropriate module is just loaded later on so this simply can't work. We should move atsha entropy feed to init and do it as the same time as for example haveged.Turris OS 5.2.0https://gitlab.nic.cz/turris/os/packages/-/issues/718reForis does not work with ubus2021-05-31T15:47:02+02:00Karel KocireForis does not work with ubusreForis reports missing foris-controller in case foris-controller runs with ubus as bus. For some reason in reForis is mqtt hardcoded instead of read from configuration.
Primary problem is when users change it on their own (unlikely) or...reForis reports missing foris-controller in case foris-controller runs with ubus as bus. For some reason in reForis is mqtt hardcoded instead of read from configuration.
Primary problem is when users change it on their own (unlikely) or are update from Turris OS 3.x.Turris OS 5.3.0https://gitlab.nic.cz/turris/os/packages/-/issues/726turrishw: Support for Turris 1.x2023-08-16T14:36:26+02:00Martin Matějekturrishw: Support for Turris 1.x- [x] turris/turrishw%"TurrisHW - Turris 1.x support"- [x] turris/turrishw%"TurrisHW - Turris 1.x support"Turris OS 5.2.2https://gitlab.nic.cz/turris/os/packages/-/issues/892GPG key expired2023-01-10T14:33:22+01:00Giuseppe PiscitelliGPG key expiredThe GPG Turris Deploy public key (Turris OS root key) <deploy@turris.cz> has expired. The key is A0C156FF9832E8B4A7F10DEC8D813712279A3E2F.The GPG Turris Deploy public key (Turris OS root key) <deploy@turris.cz> has expired. The key is A0C156FF9832E8B4A7F10DEC8D813712279A3E2F.Lukas JelinekLukas Jelinekhttps://gitlab.nic.cz/turris/os/packages/-/issues/727turrishw: VLAN support2023-01-09T10:52:04+01:00Martin Matějekturrishw: VLAN support- [x] turris/turrishw#5
Blocked by: #726- [x] turris/turrishw#5
Blocked by: #726Turris OS 6.1.0https://gitlab.nic.cz/turris/os/packages/-/issues/728foris-controller-netmetr-module: update to netmetr v2.x2023-08-16T14:54:37+02:00Martin Matějekforis-controller-netmetr-module: update to netmetr v2.x- [ ] turris/foris-controller/foris-controller-netmetr-module%"foris-controller-netmetr-module: netmetr 2.x"- [ ] turris/foris-controller/foris-controller-netmetr-module%"foris-controller-netmetr-module: netmetr 2.x"Turris OS 6.0https://gitlab.nic.cz/turris/os/packages/-/issues/730Cannot fork the project into my namespace2021-02-16T19:25:58+01:00Amit ShahCannot fork the project into my namespaceI would like to contribute. On trying to fork the Turris OS Packages repo, I get the message "You have reached your project limit" tooltip on the 'Select' button for my namespace. It also shows I'm not part of any groups.
I found this p...I would like to contribute. On trying to fork the Turris OS Packages repo, I get the message "You have reached your project limit" tooltip on the 'Select' button for my namespace. It also shows I'm not part of any groups.
I found this page https://stackoverflow.com/questions/28709411/add-users-to-group-in-gitlab#28709577 where it seems to suggest that Gitlab defaults to the value of 0 for the limit of projects that can be forked by default. Can you please update this?https://gitlab.nic.cz/turris/os/packages/-/issues/734Sentinel state query script2021-09-21T12:22:21+02:00Karel KociSentinel state query scriptWe need some query script that checks the state of Sentinel components. This is suppose to check:
- if services are running
- if collectors are connected to proxy (note: they might be running but might not be connected for what ever rea...We need some query script that checks the state of Sentinel components. This is suppose to check:
- if services are running
- if collectors are connected to proxy (note: they might be running but might not be connected for what ever reason)
- if collectors are sending any data (note: they can be connected but firewall might not be correctly configured or there might be just no attacks)
- if proxy is connected to the Sentinel serversTurris OS 5.3.0https://gitlab.nic.cz/turris/os/packages/-/issues/735localrepo is broken2023-08-16T14:36:24+02:00Josef Schlehoferlocalrepo is brokenI tried to install package which was locally compiled in Turris OS 6.0, and I can not do it:
```
root@turris:~# opkg install knot-resolver_5.3.0-1_aarch64_cortex-a53.ipk
Package knot-resolver (5.2.1-2) installed in root is up to date.
/...I tried to install package which was locally compiled in Turris OS 6.0, and I can not do it:
```
root@turris:~# opkg install knot-resolver_5.3.0-1_aarch64_cortex-a53.ipk
Package knot-resolver (5.2.1-2) installed in root is up to date.
/usr/bin/opkg-pkgupdate-wrapper.sh: line 130: localrepo: not found
```
Localrepo is not found. See:
```
root@turris:~# opkg list-installed | grep localrepo
localrepo - 0.2.1-2
root@turris:~# opkg files localrepo
Package localrepo (0.2.1-2) is installed on root and has the following files:
/usr/bin/localrepo
/etc/updater/conf.d/localrepo.lua
root@turris:~# /usr/bin/localrepo
-ash: /usr/bin/localrepo: not found
```Turris OS 6.0https://gitlab.nic.cz/turris/os/packages/-/issues/736turris-survey: release 0.2.02021-09-02T15:14:56+02:00Miroslav Hanakturris-survey: release 0.2.0part of turris/sentinel/sentinel#22
related:
- turris/sentinel/turris-survey!2
- turris/sentinel/turris-survey!3
Server components should be also prepared, such as
- turris/ansible#84
- turris/ansible!354
- Storage & analysespart of turris/sentinel/sentinel#22
related:
- turris/sentinel/turris-survey!2
- turris/sentinel/turris-survey!3
Server components should be also prepared, such as
- turris/ansible#84
- turris/ansible!354
- Storage & analysesTurris OS 5.3.0https://gitlab.nic.cz/turris/os/packages/-/issues/737foris-schema: new version 0.8.02021-04-29T17:39:49+02:00Martin Matějekforis-schema: new version 0.8.0Better json schema loading error message
- [x] https://gitlab.nic.cz/turris/foris-controller/foris-schema/-/merge_requests/3Better json schema loading error message
- [x] https://gitlab.nic.cz/turris/foris-controller/foris-schema/-/merge_requests/3Turris OS 5.3.0https://gitlab.nic.cz/turris/os/packages/-/issues/738pam_unix(http:account): unrecognized ENCRYPT_METHOD value [BCRYPT]2024-02-08T09:33:39+01:00Josef Schlehoferpam_unix(http:account): unrecognized ENCRYPT_METHOD value [BCRYPT]I installed Netdata and Netdata WebApps once I'm logged at http://ipaddress/netdata in system logs, there is spam of these messages:
```
Mar 7 12:34:38 turris : pam_unix(http:auth): unrecognized ENCRYPT_METHOD value [BCRYPT]
Mar 7 12:...I installed Netdata and Netdata WebApps once I'm logged at http://ipaddress/netdata in system logs, there is spam of these messages:
```
Mar 7 12:34:38 turris : pam_unix(http:auth): unrecognized ENCRYPT_METHOD value [BCRYPT]
Mar 7 12:34:38 turris : pam_unix(http:account): unrecognized ENCRYPT_METHOD value [BCRYPT]
```https://gitlab.nic.cz/turris/os/packages/-/issues/739Redirecting system logs to /srv does not work2021-03-19T19:37:29+01:00Josef SchlehoferRedirecting system logs to /srv does not workI tried to configure in reForis moving logs to /srv, but it does not do anything.
I got some WIP progress here https://gitlab.nic.cz/turris/turris-os-packages/-/commit/09ce97eac48091e7c8d2a601555b0e8ea8871e84I tried to configure in reForis moving logs to /srv, but it does not do anything.
I got some WIP progress here https://gitlab.nic.cz/turris/turris-os-packages/-/commit/09ce97eac48091e7c8d2a601555b0e8ea8871e84Turris OS 5.2.0Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/740reforis: release v1.0.52021-03-20T16:13:38+01:00Aleksandr Gumroianreforis: release v1.0.5Issues for a new release of reForis 1.0.5
* [x] [Milestone reForis 1.0.5](https://gitlab.nic.cz/groups/turris/reforis/-/milestones/1)Issues for a new release of reForis 1.0.5
* [x] [Milestone reForis 1.0.5](https://gitlab.nic.cz/groups/turris/reforis/-/milestones/1)Turris OS 5.2.0Aleksandr GumroianAleksandr Gumroianhttps://gitlab.nic.cz/turris/os/packages/-/issues/743Wrong expire time in reforis for static DHCP leases.2021-03-31T11:12:24+02:00Orest WorhaczWrong expire time in reforis for static DHCP leases.Hi, I have set static IPs in luci for some of my devices and I also set the lease time to infinite the result in reforis page (https://omnia.lan/reforis/network-settings/lan) is that this leases have expire time set to 1970-01-01 01:00. ...Hi, I have set static IPs in luci for some of my devices and I also set the lease time to infinite the result in reforis page (https://omnia.lan/reforis/network-settings/lan) is that this leases have expire time set to 1970-01-01 01:00. I think its 0 in unix time. Small cosmetic bug but still a bug.https://gitlab.nic.cz/turris/os/packages/-/issues/744Turris Omnia: upstream uboot version2022-02-11T15:34:01+01:00Karel KociTurris Omnia: upstream uboot versionThis is follow up from turris/turris-os-packages#588
We should be able to get Turris Omnia U-boot without any patches. Thus there is going to be new version that is clean upstream one.This is follow up from turris/turris-os-packages#588
We should be able to get Turris Omnia U-boot without any patches. Thus there is going to be new version that is clean upstream one.https://gitlab.nic.cz/turris/os/packages/-/issues/747foris-controller-sentinel-module: sentinel-state-indication2023-08-16T14:36:22+02:00Martin Matějekforis-controller-sentinel-module: sentinel-state-indication* [x] [foris-controller-sentinel-module: sentinel state indication](https://gitlab.nic.cz/groups/turris/foris-controller/-/milestones/5)* [x] [foris-controller-sentinel-module: sentinel state indication](https://gitlab.nic.cz/groups/turris/foris-controller/-/milestones/5)Turris OS 5.3.0https://gitlab.nic.cz/turris/os/packages/-/issues/748Set unbound cache-max-negative-ttl to lower value2021-05-05T17:40:34+02:00Ghost UserSet unbound cache-max-negative-ttl to lower valueDocumentation for cache-max-negative-ttl:
> Time to live maximum for negative responses, these have a SOA in the authority section that is limited in time. Default is 3600. This applies to nxdomain and nodata answers.
When internet co...Documentation for cache-max-negative-ttl:
> Time to live maximum for negative responses, these have a SOA in the authority section that is limited in time. Default is 3600. This applies to nxdomain and nodata answers.
When internet connection does not work, unbound may receive nodata for dns queries and cache them for 1 hour. Which means that after internet connection is refreshed again, some domain names are not available for about one hour.
Therefore I would propose following change to not cache these negative responses for a long time.
```
server:
cache-max-negative-ttl: 15
```Turris OS 5.2.1Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/749Shield support package prints error about nor-update2021-04-18T00:29:32+02:00Josef SchlehoferShield support package prints error about nor-update```
//usr/lib/opkg/info/shield-support.postinst: /usr/lib/opkg/info/shield-support.postinst-pkg: line 3: /sbin/nor-update: not found
//usr/lib/opkg/info/shield-support.postinst: exec: line 2: /sbin/nor-update: not found
Collected errors:...```
//usr/lib/opkg/info/shield-support.postinst: /usr/lib/opkg/info/shield-support.postinst-pkg: line 3: /sbin/nor-update: not found
//usr/lib/opkg/info/shield-support.postinst: exec: line 2: /sbin/nor-update: not found
Collected errors:
* pkg_run_script: package "shield-support" postinst script returned status 127.
* opkg_configure: shield-support.postinst returned 127.
```Turris OS 5.2.0Michal HruseckyMichal Hruseckyhttps://gitlab.nic.cz/turris/os/packages/-/issues/750Some services are not enabled by default2023-08-16T14:54:35+02:00Josef SchlehoferSome services are not enabled by defaultTurris Omnia, HBD:
- It affects services like `syslog-ng`, `kresd`, `wpad`, `cron` and so on.
I was switching from HBLTurris Omnia, HBD:
- It affects services like `syslog-ng`, `kresd`, `wpad`, `cron` and so on.
I was switching from HBLTurris OS 6.0Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/751fosquitto: fails to start in HBD2023-08-16T14:40:56+02:00Jan Pavlinecfosquitto: fails to start in HBDSyslog from Omnia HBD
```
Apr 20 14:59:58 turris mosquitto[8448]: 1618930798: The 'port' option is now deprecated and will be removed in a future version. Please use 'listener' instead.
Apr 20 14:59:58 turris mosquitto[8448]: 1618930798:...Syslog from Omnia HBD
```
Apr 20 14:59:58 turris mosquitto[8448]: 1618930798: The 'port' option is now deprecated and will be removed in a future version. Please use 'listener' instead.
Apr 20 14:59:58 turris mosquitto[8448]: 1618930798: The 'bind_address' option is now deprecated and will be removed in a future version. The behaviour will default to true.
Apr 20 14:59:58 turris mosquitto[8448]: 1618930798: Error: Unable to open pwfile "/etc/fosquitto/credentials.hashed".
Apr 20 14:59:58 turris mosquitto[8448]: 1618930798: Error opening password file "/etc/fosquitto/credentials.hashed".
Apr 20 14:59:58 turris procd: Instance fosquitto::instance1 s in a crash loop 27 crashes, 0 seconds since last crash
```
Changing owner to `mosquitto` user for the following files fixed the issue.
```
/etc/fosquitto/credentials.hashed
/etc/fosquitto/credentials.plain
```Turris OS 6.0Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/752prerm : sentinel i agree with eula: syntax error - unexpected EoF2023-08-16T14:35:54+02:00Josef Schlehoferprerm : sentinel i agree with eula: syntax error - unexpected EoFMOX HBK:
```
ERROR:Failed operations:
sentinel-i_agree_with_eula/prerm: /usr/lib/opkg/info//sentinel-i_agree_with_eula.prerm: /usr/lib/opkg/info/sentinel-i_agree_with_eula.prerm-pkg: line 10: syntax error: unexpected end of file (expect...MOX HBK:
```
ERROR:Failed operations:
sentinel-i_agree_with_eula/prerm: /usr/lib/opkg/info//sentinel-i_agree_with_eula.prerm: /usr/lib/opkg/info/sentinel-i_agree_with_eula.prerm-pkg: line 10: syntax error: unexpected end of file (expecting "fi")
```Turris OS 5.2.0https://gitlab.nic.cz/turris/os/packages/-/issues/753foris-controller-storage-module: release 0.8.12023-08-16T14:35:52+02:00Martin Matějekforis-controller-storage-module: release 0.8.1* [x] [Milestone foris-controller-storage-module: RAID improvements](https://gitlab.nic.cz/turris/foris-controller/foris-controller-storage-module/-/milestones/1)* [x] [Milestone foris-controller-storage-module: RAID improvements](https://gitlab.nic.cz/turris/foris-controller/foris-controller-storage-module/-/milestones/1)Turris OS 5.2.0https://gitlab.nic.cz/turris/os/packages/-/issues/754foris-controller fails on Turris OS 7.02023-05-11T14:42:08+02:00Jan Pavlinecforis-controller fails on Turris OS 7.0 Turris OS 7.0 = Crashlab (should be soon HBD)
```
Apr 21 13:44:43 turris foris-controller[16154]: File "/usr/bin/foris-controller", line 33, in <module>
Apr 21 13:44:43 turris foris-controller[16154]: sys.exit(load_entry_point('... Turris OS 7.0 = Crashlab (should be soon HBD)
```
Apr 21 13:44:43 turris foris-controller[16154]: File "/usr/bin/foris-controller", line 33, in <module>
Apr 21 13:44:43 turris foris-controller[16154]: sys.exit(load_entry_point('foris-controller==1.2', 'console_scripts', 'foris-controller')())
Apr 21 13:44:43 turris foris-controller[16154]: File "/usr/lib/python3.9/site-packages/foris_controller/controller/__main__.py", line 220, in main
Apr 21 13:44:43 turris foris-controller[16154]: File "/usr/lib/python3.9/site-packages/foris_controller/buses/mqtt.py", line 413, in __init__
Apr 21 13:44:43 turris foris-controller[16154]: File "/usr/lib/python3.9/site-packages/paho/mqtt/client.py", line 941, in connect
Apr 21 13:44:43 turris foris-controller[16154]: File "/usr/lib/python3.9/site-packages/paho/mqtt/client.py", line 1075, in reconnect
Apr 21 13:44:43 turris foris-controller[16154]: File "/usr/lib/python3.9/site-packages/paho/mqtt/client.py", line 3546, in _create_socket_connection
Apr 21 13:44:43 turris foris-controller[16154]: File "/usr/lib/python3.9/socket.py", line 843, in create_connection
Apr 21 13:44:43 turris foris-controller[16154]: File "/usr/lib/python3.9/socket.py", line 831, in create_connection
Apr 21 13:44:43 turris foris-controller[16154]: ConnectionRefusedError: [Errno 111] Connection refused
```https://gitlab.nic.cz/turris/os/packages/-/issues/755Foris does not start because of no plugins2023-08-16T14:54:33+02:00Josef SchlehoferForis does not start because of no pluginsRouter in HBD, installed Foris manually (only Foris) and while starting up it ends up with following error:
```
root@omnia:~# foris
Error processing line 1 of /usr/lib/python3.9/site-packages/Foris-101.1.2-py3.9-nspkg.pth:
Traceback ...Router in HBD, installed Foris manually (only Foris) and while starting up it ends up with following error:
```
root@omnia:~# foris
Error processing line 1 of /usr/lib/python3.9/site-packages/Foris-101.1.2-py3.9-nspkg.pth:
Traceback (most recent call last):
File "/usr/lib/python3.9/site.py", line 169, in addpackage
File "<string>", line 1, in <module>
File "<frozen importlib._bootstrap>", line 562, in module_from_spec
AttributeError: 'NoneType' object has no attribute 'loader'
Remainder of file ignored
Traceback (most recent call last):
File "/usr/bin/foris", line 33, in <module>
sys.exit(load_entry_point('Foris==101.1.2', 'console_scripts', 'foris')())
File "/usr/lib/python3.9/site-packages/foris/__main__.py", line 148, in main
File "/usr/lib/python3.9/site-packages/foris/config_app.py", line 41, in prepare_config_app
File "/usr/lib/python3.9/site-packages/foris/common_app.py", line 92, in prepare_common_app
File "/usr/lib/python3.9/site-packages/foris/plugins/__init__.py", line 68, in autoload_plugins
File "/usr/lib/python3.9/importlib/__init__.py", line 127, in import_module
File "<frozen importlib._bootstrap>", line 1030, in _gcd_import
File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
File "<frozen importlib._bootstrap>", line 984, in _find_and_load_unlocked
ModuleNotFoundError: No module named 'foris_plugins'
```
So, I picked up random package like foris-netmetr-plugin and that it started.Turris OS 6.0https://gitlab.nic.cz/turris/os/packages/-/issues/757Mox-support provides the same file as mwifiex-sdio-fw2023-08-16T14:54:15+02:00Josef SchlehoferMox-support provides the same file as mwifiex-sdio-fw```
Error notifications
===================
Updater failed:
[string "transaction"]:327: [string "transaction"]:151: Collisions:
• /lib/firmware/mrvl/sdsd8997_combo_v4.bin: mox-support (existing-file), mwifiex-sdio-firmware (new-file)
...```
Error notifications
===================
Updater failed:
[string "transaction"]:327: [string "transaction"]:151: Collisions:
• /lib/firmware/mrvl/sdsd8997_combo_v4.bin: mox-support (existing-file), mwifiex-sdio-firmware (new-file)
• /lib/firmware/mrvl/sd8997_uapsta.bin: mox-support (existing-file), mwifiex-sdio-firmware (new-file)
```Turris OS 6.0https://gitlab.nic.cz/turris/os/packages/-/issues/758lighttpd-https-cert: certificate is reported as unsecure because of DES ciphe...2021-05-05T12:00:45+02:00Karel Kocilighttpd-https-cert: certificate is reported as unsecure because of DES cipher on FirefoxTurris OS 5.2.0https://gitlab.nic.cz/turris/os/packages/-/issues/760luajit: not found2023-08-16T14:54:14+02:00Jan Pavlinecluajit: not foundAffected branch HBD
Symlink for luajit is pointing to /usr/bin/moonjit instead of /usr/bin/moonjit-2.2.0Affected branch HBD
Symlink for luajit is pointing to /usr/bin/moonjit instead of /usr/bin/moonjit-2.2.0Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/763Add atlas-probe to upstream packages2021-05-20T12:43:01+02:00Paul SpoorenAdd atlas-probe to upstream packagesI'd like to see many more atlas probes and therefore this package shouldn't be hidden for turris only. Anything stopping you from adding the package to upstream?I'd like to see many more atlas probes and therefore this package shouldn't be hidden for turris only. Anything stopping you from adding the package to upstream?https://gitlab.nic.cz/turris/os/packages/-/issues/764Support for USB serial ch3412021-05-27T12:27:13+02:00Damien MerenneSupport for USB serial ch341Could you add support for the USB serial ch341 chipset in the `kmod-usb-serial` package ? I'm using a USB to serial converter to drive my domotic system from home-assistant on the Omnia. KCONFIG symbol is CONFIG_USB_SERIAL_CH341=m.
Tha...Could you add support for the USB serial ch341 chipset in the `kmod-usb-serial` package ? I'm using a USB to serial converter to drive my domotic system from home-assistant on the Omnia. KCONFIG symbol is CONFIG_USB_SERIAL_CH341=m.
Thank you!https://gitlab.nic.cz/turris/os/packages/-/issues/620resolver-debug: add to base list and extend functions2023-08-16T14:55:13+02:00Jan Pavlinecresolver-debug: add to base list and extend functionsChanges:
- add resolver-debug to base list.
- add a variant with an argument to test custom domain
cc @pspacek @kkociChanges:
- add resolver-debug to base list.
- add a variant with an argument to test custom domain
cc @pspacek @kkociTurris OS 5.3.0Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/767sentinel-proxy: sent heartbeats and drop compression (v1.4)2021-09-21T12:24:50+02:00Martin Prudeksentinel-proxy: sent heartbeats and drop compression (v1.4)Part of turris/sentinel/sentinel#9
Few issues were implemented in turris/sentinel/proxy> and released as **v1.4**:
- send periodic heartbeats to server (turris/sentinel/proxy#17) so that we are able to get the list of connected CTI rou...Part of turris/sentinel/sentinel#9
Few issues were implemented in turris/sentinel/proxy> and released as **v1.4**:
- send periodic heartbeats to server (turris/sentinel/proxy#17) so that we are able to get the list of connected CTI routers (turris/sentinel/sentinel#9)
- drop compression (also in turris/sentinel/proxy!11)Turris OS 5.3.0https://gitlab.nic.cz/turris/os/packages/-/issues/768Minor bug in logging of /etc/resolver/dhcp_host_domain_ng.py2023-08-24T13:57:40+02:00ktetzlaffMinor bug in logging of /etc/resolver/dhcp_host_domain_ng.pyThe `filename. line` arguments in last line of:
```python
def _remove_hints_hosts(self, filename):
with open(filename, "r") as handle:
for line in handle:
line = line.strip()
if no...The `filename. line` arguments in last line of:
```python
def _remove_hints_hosts(self, filename):
with open(filename, "r") as handle:
for line in handle:
line = line.strip()
if not line or line.startswith("#"):
continue
try:
host = line.strip().split()[1]
self._call_kresd("hints.del('%s')" % host)
except:
log("Wrong host format '%s' in host file %s " %
(filename, line), LOG_ERR)
```
need to be switched to `line, filename`:
```python
log("Wrong host format '%s' in host file %s " %
(line, filename), LOG_ERR)
```https://gitlab.nic.cz/turris/os/packages/-/issues/770foris-storage-plugin: fix version 3.0.12023-08-16T14:35:47+02:00Martin Matějekforis-storage-plugin: fix version 3.0.1Fix setup of nextcloud accountFix setup of nextcloud accountTurris OS 5.2.3https://gitlab.nic.cz/turris/os/packages/-/issues/741switch-branch: warn that downgrades are not supported2022-08-11T21:38:40+02:00Karel Kociswitch-branch: warn that downgrades are not supportedWe can't support downgrades and the only way to perform downgrade is by using switch-branch and switching to more stable branch. We don't have to essentially deny it but we should add big warning that user can experience unexpected issues.We can't support downgrades and the only way to perform downgrade is by using switch-branch and switching to more stable branch. We don't have to essentially deny it but we should add big warning that user can experience unexpected issues.Turris OS 5.3.11Karel KociKarel Kocihttps://gitlab.nic.cz/turris/os/packages/-/issues/771updater-ng: version 69.1.32023-08-16T14:35:46+02:00Karel Kociupdater-ng: version 69.1.3With improved error message.
* turris/updater/updater!289With improved error message.
* turris/updater/updater!289Turris OS 5.2.3https://gitlab.nic.cz/turris/os/packages/-/issues/772Run resolver with higher priority2021-07-13T13:29:16+02:00Karel KociRun resolver with higher priorityDNS is a sensitive service and it should take priority over most other services running on the router as it is one of the primary services it provides. The solution is to run it the same way as for example ntpd with lower niceness. I wou...DNS is a sensitive service and it should take priority over most other services running on the router as it is one of the primary services it provides. The solution is to run it the same way as for example ntpd with lower niceness. I would suggest `-5`.
From my tests, this solves issues when an update fails because of failed resolving (turris/os/updater-lists#1).
It should be enough to add `procd_set_param nice '-5'` to the init script in an appropriate location.Turris OS 5.2.3Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/774Nextcloud: fails to build in HBL2021-09-21T12:26:31+02:00Karel KociNextcloud: fails to build in HBL```
Applying ./patches/0001-Replace-gzip-by-identity.patch using plaintext:
patching file lib/private/App/AppStore/Fetcher/Fetcher.php
Hunk #1 FAILED at 98.
1 out of 1 hunk FAILED -- saving rejects to file lib/private/App/AppStore/Fetch...```
Applying ./patches/0001-Replace-gzip-by-identity.patch using plaintext:
patching file lib/private/App/AppStore/Fetcher/Fetcher.php
Hunk #1 FAILED at 98.
1 out of 1 hunk FAILED -- saving rejects to file lib/private/App/AppStore/Fetcher/Fetcher.php.rej
Patch failed! Please fix ./patches/0001-Replace-gzip-by-identity.patch!
make[2]: *** [Makefile:100: /home/beast/beast/workspace/turris-os-packages-lions-turris1x/build/build_dir/target-powerpc_8540_musl/nextcloud/.prepared_8a9b8cce925916fa45a368c2535da49d_6664517399ebbbc92a37c5bb081b5c53] Error 1
time: package/feeds/turrispackages/nextcloud/compile#31.85#3.71#46.14
```Turris OS 5.3.0https://gitlab.nic.cz/turris/os/packages/-/issues/775Mariadb memory tuning should respect device total RAM2023-08-16T14:54:12+02:00Vojtech MyslivecMariadb memory tuning should respect device total RAMCurrently, we provide one static `my.cnf` mariadb config for the `mysqld` server.
There are some hardcoded values that should be tuned according to a device total available RAM. i.e. on a 512 MB MOX, there should be lesser limits than ...Currently, we provide one static `my.cnf` mariadb config for the `mysqld` server.
There are some hardcoded values that should be tuned according to a device total available RAM. i.e. on a 512 MB MOX, there should be lesser limits than on a 2 GB Omnia.
Also, `mysqld` parameters should be tunable by a user, preferably through uci config.Turris OS 6.0https://gitlab.nic.cz/turris/os/packages/-/issues/776Package python3-flask requires package python3-click that is not available2021-06-28T14:24:01+02:00Lukas JelinekPackage python3-flask requires package python3-click that is not availableAfter updating Turris Omnia to TOS 5.2.3 (in HBK), it displayed this error message twice:
```
Updater failed:
inconsistent: Package python3-flask requires package python3-click that is not available.
```After updating Turris Omnia to TOS 5.2.3 (in HBK), it displayed this error message twice:
```
Updater failed:
inconsistent: Package python3-flask requires package python3-click that is not available.
```https://gitlab.nic.cz/turris/os/packages/-/issues/777Occasionally unable to log in to LuCI with correct username and password (sav...2021-07-24T11:35:40+02:00Jakub KákonaOccasionally unable to log in to LuCI with correct username and password (saved in browser)Hello, I have encountered a bug that prohibits a log-in to the LuCI web interface with a browser-saved login name and password.
The browser window is simply reloaded to the login page again:
![image](/uploads/fe8710aaab7704571b71ed77d...Hello, I have encountered a bug that prohibits a log-in to the LuCI web interface with a browser-saved login name and password.
The browser window is simply reloaded to the login page again:
![image](/uploads/fe8710aaab7704571b71ed77dc0c944f/image.png)
LuCI branch (git-21.160.68865-15ca915)
ssh works normally at the same time. Therefore I found this message:
root@omnia:~# cat /var/log/lighttpd/error.log
2021-07-06 19:42:13: ../src/server.c.1513) server started (lighttpd/1.4.59)
2021-07-06 19:56:39: ../src/mod_fastcgi.c.487) FastCGI-stderr:[2021-07-06 19:56:39,507] WARNING in flask_seasurf: Forbidden (CSRF token missing or incorrect.): /login
root@omnia:~#
After that, I found that a "private browsing window" of Firefox browser allows me to login in situation where the bug is active.https://gitlab.nic.cz/turris/os/packages/-/issues/779Freshly flashed system is sometimes corrupted2022-07-29T13:34:20+02:00Lukas JelinekFreshly flashed system is sometimes corruptedI've encountered some cases in which a freshly flashed Turris OS 5.2.x was corrupted. These cases occured with both flash ways (from USB drives and from the repository server) and on Omnias, MOXes and Shields. The corrupted systems had m...I've encountered some cases in which a freshly flashed Turris OS 5.2.x was corrupted. These cases occured with both flash ways (from USB drives and from the repository server) and on Omnias, MOXes and Shields. The corrupted systems had malformed initial setup guides (didn't started correctly and/or couldn't proceed) or even didn't start at all.
May be related to #778 and https://gitlab.nic.cz/turris/reforis/reforis/-/issues/340.
![mox-tos-5-2-3](/uploads/aa1558c7219cf984047c344b907c8fa9/mox-tos-5-2-3.mp4)Turris OS 6.0https://gitlab.nic.cz/turris/os/packages/-/issues/780Restarting kresd or resolver leads to no such file or directory for resolv.co...2022-07-02T08:55:14+02:00Josef SchlehoferRestarting kresd or resolver leads to no such file or directory for resolv.conf.vpnThis is happening on Turris OS 6.0.
```
root@omnia:~# /etc/init.d/kresd stop
root@omnia:~# /etc/init.d/kresd start
ls: /etc/resolv.conf.vpn.*: No such file or directory
job 4 at Sun Jul 18 09:12:00 2021
root@omnia:~# /etc/init.d/kresd s...This is happening on Turris OS 6.0.
```
root@omnia:~# /etc/init.d/kresd stop
root@omnia:~# /etc/init.d/kresd start
ls: /etc/resolv.conf.vpn.*: No such file or directory
job 4 at Sun Jul 18 09:12:00 2021
root@omnia:~# /etc/init.d/kresd stop
root@omnia:~# /etc/init.d/kresd start
ls: /etc/resolv.conf.vpn.*: No such file or directory
job 5 at Sun Jul 18 09:12:00 2021
root@omnia:~# /etc/init.d/kresd stop
root@omnia:~# /etc/init.d/kresd start
ls: /etc/resolv.conf.vpn.*: No such file or directory
job 6 at Sun Jul 18 09:12:00 2021
```Turris OS 5.3.11https://gitlab.nic.cz/turris/os/packages/-/issues/781SyntaxWarning in dhcp_host_domain while booting HBD2021-09-27T13:58:19+02:00Josef SchlehoferSyntaxWarning in dhcp_host_domain while booting HBDI plugged UART cable to the Turris Omnia router which has HBD branch and I noticed this warning while it was booting:
```
[ 9.785704] device lan4 entered promiscuous mode
[ 9.826746] mv88e6085 f1072004.mdio-mii:10: p5: already a me...I plugged UART cable to the Turris Omnia router which has HBD branch and I noticed this warning while it was booting:
```
[ 9.785704] device lan4 entered promiscuous mode
[ 9.826746] mv88e6085 f1072004.mdio-mii:10: p5: already a member of VLAN 1
[ 9.854006] mvneta f1034000.ethernet eth2: PHY [f1072004.mdio-mii:01] driver [Marvell 88E1510] (irq=POLL)
[ 9.863860] mvneta f1034000.ethernet eth2: configuring for phy/sgmii link mode
[ 9.930339] mv88e6085 f1072004.mdio-mii:10 lan3: Link is Up - 1Gbps/Full - flow control rx/tx
[ 9.940642] br-lan: port 4(lan3) entered blocking state
[ 9.945917] br-lan: port 4(lan3) entered forwarding state
[ 9.967543] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
[ 15.042215] mvneta f1034000.ethernet eth2: Link is Up - 1Gbps/Full - flow control rx/tx
[ 15.050261] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready
/etc/resolver/dhcp_host_domain_ng.py:50: SyntaxWarning: "is" with a literal. Did you mean "=="?
if output is "syslog":
```Turris OS 6.0https://gitlab.nic.cz/turris/os/packages/-/issues/782Could not upgrade from TOS 5.0.42021-08-03T09:13:05+02:00Lukas JelinekCould not upgrade from TOS 5.0.4MOX with TOS 5.0.4 could not upgrade itself to newer versions of Turris OS. It displayed in Foris:
```
Updater failed: Called uri_path on URI of scheme: https
```
The next attempt succeeded and the MOX has been upgraded to TOS 5.2.3.MOX with TOS 5.0.4 could not upgrade itself to newer versions of Turris OS. It displayed in Foris:
```
Updater failed: Called uri_path on URI of scheme: https
```
The next attempt succeeded and the MOX has been upgraded to TOS 5.2.3.https://gitlab.nic.cz/turris/os/packages/-/issues/783turris-maintain: fix reading of IP addresses2021-08-12T22:36:19+02:00Martin Matějekturris-maintain: fix reading of IP addressesIssue turris/foris-controller/foris-controller#146 introduced new way of storing IP address and
netmask for lan, to be more aligned with the way LuCI stores it.
However it breaks maintain-network-restart script, which in turn won't
sen...Issue turris/foris-controller/foris-controller#146 introduced new way of storing IP address and
netmask for lan, to be more aligned with the way LuCI stores it.
However it breaks maintain-network-restart script, which in turn won't
send notification to re/foris to show the "reloading network..."
spinner.https://gitlab.nic.cz/turris/os/packages/-/issues/784turris-maintain: remove option to set message bus2021-08-12T22:35:50+02:00Martin Matějekturris-maintain: remove option to set message busFollowup of commit c5428642
Set mqtt as the only message bus, because we no longer use another message
buses on regular router setup.Followup of commit c5428642
Set mqtt as the only message bus, because we no longer use another message
buses on regular router setup.https://gitlab.nic.cz/turris/os/packages/-/issues/785[MOVED] Wireless not automatically re-connecting when connection was lost (up...2021-08-06T01:59:27+02:00Marek Ľach[MOVED] Wireless not automatically re-connecting when connection was lost (update watchcat, mwan3) config by default in reForisThe WiFi sometimes disconnects in mid-day, and TurrisOS does not seem to be able to reboot/restart such a once lost connection immediately on its own, without the need for a lenghty manual intervention.
The `OpenWRT` packages `mwan3` an...The WiFi sometimes disconnects in mid-day, and TurrisOS does not seem to be able to reboot/restart such a once lost connection immediately on its own, without the need for a lenghty manual intervention.
The `OpenWRT` packages `mwan3` and also `watchcat` seem to be helpful in these situations, so **TurrisOS** could have them included, and active by default in its own _reForis_ interface, to make it even more convenient, useful and user-friendly.
~~Also, `ppp` should be set to `keepalive` out-of-the gate.~~
It’d be worth it implementing these plugins into the latest iteration of TurrisOS directly... for laymen like myself :-)Marek ĽachMarek Ľachhttps://gitlab.nic.cz/turris/os/packages/-/issues/786Update Knot Resolver to version 5.4.02023-08-16T14:54:11+02:00Josef SchlehoferUpdate Knot Resolver to version 5.4.0Recently, there was released a new version 5.4.0 of Knot Resolver.
Changelog: https://www.knot-resolver.cz/2021-07-29-knot-resolver-5.4.0.html
Would it be possible to take a look? This should be send to `develop` branch of this reposito...Recently, there was released a new version 5.4.0 of Knot Resolver.
Changelog: https://www.knot-resolver.cz/2021-07-29-knot-resolver-5.4.0.html
Would it be possible to take a look? This should be send to `develop` branch of this repository, so we can include it in minor release.
**Knot Resolver** runs on `Turris Omnia` and `Turris MOX` (Shield). Once you do run time testing, then it needs to be send to the upstream repository. In this case, I'm talking about `packages` feed.Turris OS 5.3.0https://gitlab.nic.cz/turris/os/packages/-/issues/787tos3to4 : migration don't finish (omnia)2023-08-16T14:35:44+02:00Ghost Usertos3to4 : migration don't finish (omnia)turris_version : 3.11.23
[updater-log.tar.xz](/uploads/a136c5c9326e2c11b4839a30d3ac40cd/updater-log.tar.xz)
I tried to do the migration, but here the output of notifications:
```
Error from 2021/08/04 12:59:40
Updater approvals were dea...turris_version : 3.11.23
[updater-log.tar.xz](/uploads/a136c5c9326e2c11b4839a30d3ac40cd/updater-log.tar.xz)
I tried to do the migration, but here the output of notifications:
```
Error from 2021/08/04 12:59:40
Updater approvals were deactivated to prevent problems during migration to the latest major release of Turris OS!
×
Update from 2021/08/04 12:59:58
• Installed version 1.0.3-1 of package tos3to4
×
Error from 2021/08/04 13:02:06
Updater selhal:
[string "transaction"]:327: [string "transaction"]:151: Collisions:
• /etc/crontabs/.keep: cronie (new-file), vixie-cron (existing-file)
• /usr/bin/crontab: cronie (new-file), vixie-cron (existing-file)
• /usr/bin/updater-supervisor: updater-supervisor (new-file), updater-ng-supervisor (existing-file)
• /etc/updater/hook_postupdate/99_approvals_cleanup: updater-supervisor (new-file), updater-ng-supervisor (existing-file)
• /etc/cron.d/.keep: cronie (new-file), vixie-cron (existing-file)
• /etc/cron.d/updater: updater-supervisor (new-file), updater-ng-supervisor (existing-file)
• /usr/share/updater/l10n_supported: l10n_supported (existing-file), l10n-supported (new-file)
• /etc/init.d/cron: cronie (new-file), vixie-cron (existing-file)
×
Update from 2021/08/04 13:02:06
• Installed version 7.5.0-2 of package libgcc
• Installed version 1.1.24-2 of package libc
• Installed version 0.12.1-3.1 of package libjson-c
• Installed version 2020-05-25-66195aee-1 of package libubox
• Installed version 2018-02-04-c7e938d6-1 of package jsonfilter
• Installed version 1.30.1-8 of package busybox
• Installed version 20200601-1 of package ca-certificates
• Installed version 1.1.1k-1 of package libopenssl
• Installed version 2.2.9-1 of package libexpat
• Installed version 1.0.8-1 of package libbz2
• Installed version 1.1.24-2 of package libpthread
• Installed version 5.2.5-1 of package liblzma
• Installed version 1.2.11-3 of package zlib
• Installed version 3.4.2-1 of package libarchive
• Installed version 0.9.4-2 of package liburiparser
[updater-log.txt](/uploads/2fd885d07a31a6034c05bd83e1791c1f/updater-log.txt)• Installed version 20200601-1 of package ca-bundle
• Installed version 7.66.0-3 of package libcurl
• Installed version 2.1.11-1 of package libevent2
• Installed version 5.1.5-3 of package liblua
• Installed version 2019-09-01-415f9e48-4 of package libuci
• Installed version 2019-09-01-415f9e48-4 of package libuci-lua
• Installed version 69.1.3-1 of package updater-ng
• Installed version 5.1.5-3 of package lua
• Installed version 3.0-rc1-20130909-5 of package luasocket
• Installed version 0.9.54-1 of package json4lua
• Installed version 1.6.3-1 of package pkglists
• Installed version 7.66.0-3 of package curl
• Installed version 2020-06-17-51e16ebf-1 of package libuclient
• Installed version 2020-06-17-51e16ebf-1 of package uclient-fetch
• Installed version 2021-01-31-c5dccea9-1 of package opkg
• Installed version 8.30-2 of package coreutils
• Installed version 8.30-2 of package coreutils-sort
• Installed version 2019-09-01-415f9e48-4 of package uci
• Installed version 2.6.0-3 of package switch-branch
• Installed version 2.2.1-3 of package tos3to4-early
• Installed version 1-1 of package fix-pkglists-options
• Installed version 1-1 of package fix-pkglists-hardening-options
×
Error from 2021/08/04 13:52:59
Updater selhal:
[string "transaction"]:327: [string "transaction"]:151: Collisions:
• /etc/crontabs/.keep: cronie (new-file), vixie-cron (existing-file)
• /usr/bin/crontab: cronie (new-file), vixie-cron (existing-file)
• /usr/bin/updater-supervisor: updater-supervisor (new-file), updater-ng-supervisor (existing-file)
• /etc/updater/hook_postupdate/99_approvals_cleanup: updater-supervisor (new-file), updater-ng-supervisor (existing-file)
• /etc/cron.d/.keep: cronie (new-file), vixie-cron (existing-file)
• /etc/cron.d/updater: updater-supervisor (new-file), updater-ng-supervisor (existing-file)
• /usr/share/updater/l10n_supported: l10n_supported (existing-file), l10n-supported (new-file)
• /etc/init.d/cron: cronie (new-file), vixie-cron (existing-file)
```
Since, I can't acces to the router with ssh.
Seems that I'm now in the middle of the migration, but it don't finish.Turris OS 5.2.5 (formal release)https://gitlab.nic.cz/turris/os/packages/-/issues/788turris.local/netdata (without trailing slash) doesn't load JS and CSS from th...2023-08-16T14:56:50+02:00Michal Vasilekturris.local/netdata (without trailing slash) doesn't load JS and CSS from the proper locationsGoing to turris.local/netdata (without the trailing slash) tries to load resources from the root - /style.css, instead of /netdata/style.css. This is not a big problem, because all links use /netdata/ (with the trailing slash).
The bug ...Going to turris.local/netdata (without the trailing slash) tries to load resources from the root - /style.css, instead of /netdata/style.css. This is not a big problem, because all links use /netdata/ (with the trailing slash).
The bug was reported in netdata - https://github.com/netdata/netdata/issues/11415, but we could fix it in the lighttpd config in the meantime.https://gitlab.nic.cz/turris/os/packages/-/issues/789add turris-timezone as foris-controller dependency2023-08-16T14:54:09+02:00Štěpán Henekadd turris-timezone as foris-controller dependencyOtherwise this breaks the builds once newer version of foris controller is issued > "2.1.0"Otherwise this breaks the builds once newer version of foris controller is issued > "2.1.0"Štěpán HenekŠtěpán Henekhttps://gitlab.nic.cz/turris/os/packages/-/issues/790resolver-conf problem with both hotplug scripts and the wan6 interface2023-07-18T12:54:28+02:00Christoph Metzresolver-conf problem with both hotplug scripts and the wan6 interfaceI have two issues with the hotplug scripts restarting the resolver on every interface update. Currently there seems to be a bug / issue in OpenWrt in resulting in frequent interface updates on my wan6 interface, also there seems to be no...I have two issues with the hotplug scripts restarting the resolver on every interface update. Currently there seems to be a bug / issue in OpenWrt in resulting in frequent interface updates on my wan6 interface, also there seems to be no change in the ip addresses at all, even the temporary addresses are still the same, but i did not investigate this any further. I just added a simple nested if to it. Some similar issues where also mentioned in the forum https://forum.turris.cz/t/every-3-secs-in-log-kresd-hard-limit-for-number-of-file-descriptors-any-help:
**/etc/hotplug.d/iface/40-ip-resolver-reload**
```
if [ "$ACTION" = "ifupdate" -o "$ACTION" = "ifup" ]; then
if [ "$IFUPDATE_ADDRESSES" = "1" -o "$IFUPDATE_PREFIXES" = "1" ]; then
if [ "$INTERFACE" != "wan6" ]; then <------- added line
logger -t hotplug "Reload resolver because of interface address update"
/etc/init.d/resolver reload
fi
fi
fi
```
I also recognized that the second script /etc/hotplug.d/iface/40-resolver-reload is also triggerd, there is some matching against an previous md5, but which never got set on my box. So i added storing the md5 in the script as well, i'm not sure if some other script should set this:
**/etc/hotplug.d/iface/40-resolver-reload**
```
if /etc/init.d/resolver enabled && \
[ "$MD5" != "$PREVIOUS" ] && \
[ "$DO_FORWARD" = "1" ] ; then
/etc/init.d/resolver reload
echo "$MD5" > /tmp/resolv.conf.auto.last.md5 <-------- added line
fi
```
maybe this whole stuff could be refactored in a single script, i have no clue why there is a need for two different hotplug scripts at all.
**Update**:
i did some further investigations and it seems the "netifd" is doing a prefix update event also when only the preferred_until / valid_until values are modified.
**https://git.openwrt.org/?p=project/netifd.git;a=blob;f=interface-ip.c**
```
if (node_old && node_new) {
/* Move assignments and refresh addresses to update valid times */
list_splice(&prefix_old->assignments, &prefix_new->assignments);
list_for_each_entry(c, &prefix_new->assignments, head)
if ((iface = vlist_find(&interfaces, c->name, iface, node)))
interface_set_prefix_address(c, prefix_new, iface, true);
if (prefix_new->preferred_until != prefix_old->preferred_until ||
prefix_new->valid_until != prefix_old->valid_until)
ip->iface->updated |= IUF_PREFIX; <--- ALSO RESULTING IN AN PREFIX_UPDATE EVENT
```Turris OS 5.3.0https://gitlab.nic.cz/turris/os/packages/-/issues/792Only one LAN port works in TOS 6.0 on Shield2022-01-03T17:14:07+01:00Lukas JelinekOnly one LAN port works in TOS 6.0 on ShieldAfter booting Turris OS 6.0 (HBD) on Shield, only one LAN port (`lan4`) has working connection. The other three ports are dead.After booting Turris OS 6.0 (HBD) on Shield, only one LAN port (`lan4`) has working connection. The other three ports are dead.Turris OS 5.3.3https://gitlab.nic.cz/turris/os/packages/-/issues/793Only two LAN ports work in TOS 6.0 on Omnia2021-09-07T17:30:25+02:00Lukas JelinekOnly two LAN ports work in TOS 6.0 on OmniaAfter booting Turris OS 6.0 (HBD) on Omnia, only two LAN ports (LAN0 and LAN4) have working connection. The other three ports are dead.After booting Turris OS 6.0 (HBD) on Omnia, only two LAN ports (LAN0 and LAN4) have working connection. The other three ports are dead.