diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2021-03-18 23:54:14 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2021-03-19 08:59:51 +0100 |
| commit | da4119a5e08aaa161e577324030abde7a21a2b81 (patch) | |
| tree | 9028fe8c2b687c14bba95261a8cc6d3582a79ec7 /source/n/network-scripts | |
| parent | 1b9db3bbdd03829675039f602457316463410699 (diff) | |
| download | current-da4119a5e08aaa161e577324030abde7a21a2b81.tar.gz current-da4119a5e08aaa161e577324030abde7a21a2b81.tar.xz | |
Thu Mar 18 23:54:14 UTC 202120210318235414
ap/slackpkg-15.0.1-noarch-1.txz: Upgraded.
Tweak default blacklist file's help text (thanks, dive).
Fix display of blacklisted packages.
Tweaks to slack-desc.
Note that kernel-headers should not be blacklisted.
Added Lithuania mirrors (Totoro-kun on LQ).
Fix exit code for pending updates (dive).
Avoid matching txz/tgz etc extension when blacklisting (dive).
Use https for all slackpkg homepage links.
Update mirror files (14.2 -> 15.0).
Add blacklist to search option.
Move applyblacklist to end of makelist().
Clarify how to blacklist duplicate packages.
Fix new-config dialog.
Reduce false positives in DOUBLEFILES detection.
Remove spaces in awk..
More blacklisting fixups (see full commit msg).
Escape plus signs in blacklist regex.
Convert ${ROOT}/${WORKDIR} > ${WORKDIR} (dive).
Convert ${ROOT}/${CONF} -> ${CONF} and tweak blacklists (dive).
Further fixup/enhancement to blacklisting issues.
Fix "slackpkg blacklist" so that it shows blacklist again.
Fixup internal blacklist handling.
Use ERE for sanity_check() function (David Woodfall).
Remove "slackpkg blacklist" from manual pages.
Fix aaa_elflibs --> aaa_libraries in sample blacklist file (mozes).
Split aarch64 and arm mirrors into separate files (mozes).
Allow new-config after slackpkg upgrade itself (PiterPUNK).
Modify blacklist regex line ending.
Thanks to Robby Workman.
ap/sqlite-3.35.2-x86_64-1.txz: Upgraded.
kde/kid3-3.8.6-x86_64-1.txz: Upgraded.
l/glib2-2.66.8-x86_64-1.txz: Upgraded.
l/pango-1.48.3-x86_64-2.txz: Rebuilt.
Eliminate dangling symlink. Thanks to upnort.
n/bind-9.16.13-x86_64-1.txz: Upgraded.
n/links-2.22-x86_64-1.txz: Upgraded.
n/network-scripts-15.0-noarch-14.txz: Rebuilt.
Fix discrepancies between rc.inet1.conf versions.
Move configuration of SLACC before DHCP.
Don't bring up a bridge interface if it will be brought up later by IP config.
Fix a typo in br_open when configuring IFOPTS: i->1.
Add SLAAC security and privacy options.
Fix typo of 'default'.
Added debugging output around new SLAAC enhancements.
Move enabling RA before SLAAC security section. Thanks to davjohn on LQ.
Fix domain name validation checks. Thanks to xbeastx74 on LQ for the report.
Thanks to Darren "Tadgy" Austin and Robby Workman.
n/wireless_tools-30.pre9-x86_64-5.txz: Rebuilt.
rc.wireless: don't leave interfaces in up state as it prevents SLAAC.
Take interface down at exit from rc.wireless. Thanks to davjohn.
x/libgee-0.20.4-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/n/network-scripts')
| -rw-r--r-- | source/n/network-scripts/modprobe.d/modprobe.d/bonding.conf | 9 | ||||
| -rw-r--r-- | source/n/network-scripts/modprobe.d/modprobe.d/ipv6.conf | 8 | ||||
| -rwxr-xr-x | source/n/network-scripts/network-scripts.SlackBuild | 2 | ||||
| -rw-r--r-- | source/n/network-scripts/scripts/netconfig | 18 | ||||
| -rw-r--r-- | source/n/network-scripts/scripts/rc.inet1 | 91 | ||||
| -rw-r--r-- | source/n/network-scripts/scripts/rc.inet1.conf | 18 |
6 files changed, 87 insertions, 59 deletions
diff --git a/source/n/network-scripts/modprobe.d/modprobe.d/bonding.conf b/source/n/network-scripts/modprobe.d/modprobe.d/bonding.conf deleted file mode 100644 index c33faf65b..000000000 --- a/source/n/network-scripts/modprobe.d/modprobe.d/bonding.conf +++ /dev/null @@ -1,9 +0,0 @@ -############################################################################## -# Do not edit this file; instead, copy it to /etc/modprobe.d/ and edit that -############################################################################## -# -# Disable the automatic creation of a bond0 interface when module is loaded -# Otherwise, /etc/rc.d/rc.inet1 will not be able to configure it -# -options bonding max_bonds=0 -options rtnl-link-bond max_bonds=0 diff --git a/source/n/network-scripts/modprobe.d/modprobe.d/ipv6.conf b/source/n/network-scripts/modprobe.d/modprobe.d/ipv6.conf deleted file mode 100644 index a0395a5ad..000000000 --- a/source/n/network-scripts/modprobe.d/modprobe.d/ipv6.conf +++ /dev/null @@ -1,8 +0,0 @@ -############################################################################## -# Do not edit this file; instead, copy it to /etc/modprobe.d/ and edit that -############################################################################## -# -# Disable IPv6 auto configuration (SLAAC) by default -# -options ipv6 autoconf=0 -options net-pf-10 autoconf=0 diff --git a/source/n/network-scripts/network-scripts.SlackBuild b/source/n/network-scripts/network-scripts.SlackBuild index 4832d4db2..0093d246a 100755 --- a/source/n/network-scripts/network-scripts.SlackBuild +++ b/source/n/network-scripts/network-scripts.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=network-scripts VERSION=${VERSION:-15.0} ARCH=noarch -BUILD=${BUILD:-13} +BUILD=${BUILD:-14} # If the variable PRINT_PACKAGE_NAME is set, then this script will report what # the name of the created package would be, and then exit. This information diff --git a/source/n/network-scripts/scripts/netconfig b/source/n/network-scripts/scripts/netconfig index 69c6d6edf..bb5a5acc2 100644 --- a/source/n/network-scripts/scripts/netconfig +++ b/source/n/network-scripts/scripts/netconfig @@ -185,6 +185,7 @@ GATEWAY6="$GATEWAY6" # these for your wireless network. #IFNAME[4]="wlan0" #IPADDRS[4]="" +#USE_DHCP[4]="yes" #DHCP_HOSTNAME[4]="icculus-wireless" #DHCP_KEEPRESOLV[4]="yes" #DHCP_KEEPNTP[4]="yes" @@ -231,6 +232,16 @@ GATEWAY6="$GATEWAY6" #SLAAC_TIMEOUT[4]="15" # The default timeout for auto configuration to # wait for the interface to come up is 15 sec. # Increase the timeout if required. +#SLAAC_PRIVIPGEN[4]="yes" # When assigning addresses via SLAAC, use the + # 'private' (RFC7217) address generation method. + # It is advisable to also set SLAAC_SECRET[x]. +#SLAAC_SECRET[4]="xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx" + # When SLAAC_PRIVIPGEN[x]="yes" is set, this is + # the secret to be used. This must be in the + # form of an IPv6 address. When left unset, a + # random secret is used (this is the default). +#SLAAC_TEMPADDR[4]="yes" # Use a temporary address with SLAAC to enhance + # security. #USE_RA[4]="yes" # Accept router advertisements even when SLAAC # is disabled on the interface. #WLAN_ESSID[4]="DARKSTAR" # An example of how you can override _any_ @@ -481,8 +492,11 @@ EOF DOMAIN="`cat $TMP/SeTdom`" rm -f $TMP/SeTdom $TMP/tempmsg # These regexes doon't catch everything, just basic syntax mistakes. - if [ "$DOMAIN" = "" ] || [[ ! "$DOMAIN" =~ ^([[:alnum:]]+[-.]*[[:alnum:]]+)+$ ]] || \ - [[ "${DOMAIN:0:1}" =~ ^[.-]$ ]] || [[ "${DOMAIN: -1:1}" == ^[.-]$ ]]; then + DN="${DOMAIN%.*}" + TLD="${DOMAIN##*.}" + if [ -z "$DOMAIN" ] || [ -z "$TLD" ] || [ -z "$DN" ] || [[ ! "$DOMAIN" =~ ^[^.-][[:alnum:].-]+[^.-]$ ]] || \ + [[ ! "$DN" =~ ^[^.-][[:alnum:].-]+[^.-]$ ]] || [[ "$DN" =~ \.\. ]] || [[ "$DN" =~ -- ]] || \ + [[ ! "$TLD" =~ ^[^-][[:alnum:]-]+[^-]$ ]]; then dialog --title "DOMAINNAME" --ok-button "Back" --msgbox \ "That doesn't appear to be a valid domain name.\n Domain names can only contain letters and numbers, hyphens diff --git a/source/n/network-scripts/scripts/rc.inet1 b/source/n/network-scripts/scripts/rc.inet1 index 755e7efec..d33ab7747 100644 --- a/source/n/network-scripts/scripts/rc.inet1 +++ b/source/n/network-scripts/scripts/rc.inet1 @@ -159,9 +159,13 @@ br_open() { debug_log "/sbin/ip link set dev ${IFNAME[$1]} type bridge $IFOPT" /sbin/ip link set dev ${IFNAME[$1]} type bridge $IFOPT fi - done <<<"${IFOPTS[$i]/%|*([[:blank:]])}|" # The | on the end is required. - debug_log "/sbin/ip link set dev ${IFNAME[$1]} up" - /sbin/ip link set dev ${IFNAME[$1]} up + done <<<"${IFOPTS[$1]/%|*([[:blank:]])}|" # The | on the end is required. + # Don't bring up the interface if it will be brought up later during IP configuration. + # This prevents a situation where SLAAC takes a while to apply if the interface is already up. + if [ -z "${IPADDRS[$1]}" ] && [ -z "${IP6ADDRS[$1]}" ] && [ -z "${IPADDR[$1]}" ] && [ "${USE_DHCP[$1]}" != "yes" ] && [ "${USE_DHCP6[$1]}" != "yes" ] && [ "${USE_SLAAC[$1]}" != "yes" ]; then + debug_log "/sbin/ip link set dev ${IFNAME[$1]} up" + /sbin/ip link set dev ${IFNAME[$1]} up + fi } # Function to disassemble a bridge interface. @@ -323,6 +327,51 @@ if_up() { debug_log "/sbin/ip address flush dev ${1}" /sbin/ip address flush dev ${1} IF_UP=0 + if [ -e /proc/sys/net/ipv6 ] && [ "${USE_DHCP6[$i]}" != "yes" ] && [ "${USE_SLAAC[$i]}" = "yes" ]; then # configure via SLAAC + info_log "${1}: enabling SLAAC" + # Enable accepting of RA packets, unless explicitly configured not to: + if [ "${USE_RA[$i]}" = "no" ]; then + debug_log "${1}: ignoring IPv6 RA" + echo "0" >/proc/sys/net/ipv6/conf/${1}/accept_ra + else + debug_log "${1}: accepting IPv6 RA" + echo "1" >/proc/sys/net/ipv6/conf/${1}/accept_ra + fi + # Set up SLAAC privacy enhancements if configured. + if [ "${SLAAC_PRIVIPGEN[$i]}" = "yes" ]; then + if [ -n "${SLAAC_SECRET[$i]}" ]; then + debug_log "${1}: seeding secret and enabling private IPv6 generation" + echo "${SLAAC_SECRET[$i]}" >/proc/sys/net/ipv6/conf/${1}/stable_secret + echo "2" >/proc/sys/net/ipv6/conf/${1}/addr_gen_mode + else + debug_log "${1}: using random secret and enabling private IPv6 generation" + echo -n >/proc/sys/net/ipv6/conf/${1}/stable_secret + echo "3" >/proc/sys/net/ipv6/conf/${1}/addr_gen_mode + fi + fi + if [ "${SLAAC_TEMPADDR[$i]}" = "yes" ]; then + debug_log "${1}: enabling SLAAC tempaddr" + echo "2" >/proc/sys/net/ipv6/conf/${1}/use_tempaddr + fi + # Enable auto configuration of interfaces: + echo "1" >/proc/sys/net/ipv6/conf/${1}/autoconf + # Bring the interface up: + debug_log "/sbin/ip link set dev ${1} up" + /sbin/ip link set dev ${1} up + echo "${1}: waiting for router announcement" + for ((j = ${SLAAC_TIMEOUT[$i]:=15} * 2; j--;)); do # by default, wait a max of 15 seconds for the interface to configure + /sbin/ip -6 address show dynamic dev ${1} 2>/dev/null | grep -Ewq 'inet6' && { IF_UP=1; break; } + sleep 0.5 + done + if ((IF_UP != 1)); then + echo "${1}: timed out" + info_log "${1}: failed to auto configure after ${SLAAC_TIMEOUT[$i]} seconds" + debug_log "/sbin/ip address flush dev ${1}" + /sbin/ip address flush dev ${1} + debug_log "/sbin/ip link set dev ${1} down" + /sbin/ip link set dev ${1} down + fi + fi # Slackware historically favours dynamic configuration over fixed IP to configure interfaces, so keep that tradition: if [ "${USE_DHCP[$i]}" = "yes" ] || { [ -e /proc/sys/net/ipv6 ] && [ "${USE_DHCP6[$i]}" = "yes" ]; }; then # use dhcpcd info_log "${1}: starting dhcpcd" @@ -368,35 +417,6 @@ if_up() { /sbin/ip link set dev ${1} down fi fi - if [ -e /proc/sys/net/ipv6 ] && [ "${USE_DHCP6[$i]}" != "yes" ] && [ "${USE_SLAAC[$i]}" = "yes" ]; then # configure via SLAAC - info_log "${1}: enabling SLAAC" - # Enable accepting of RA packets, unless explicitly configured not to: - if [ "${USE_RA[$i]}" = "no" ]; then - debug_log "${1}: ignoring IPv6 RA" - echo "0" >/proc/sys/net/ipv6/conf/${1}/accept_ra - else - debug_log "${1}: accepting IPv6 RA" - echo "1" >/proc/sys/net/ipv6/conf/${1}/accept_ra - fi - # Enable auto configuration of interfaces: - echo "1" >/proc/sys/net/ipv6/conf/${1}/autoconf - # Bring the interface up: - debug_log "/sbin/ip link set dev ${1} up" - /sbin/ip link set dev ${1} up - echo "${1}: waiting for router announcement" - for ((j = ${SLAAC_TIMEOUT[$i]:=15} * 2; j--;)); do # by default, wait a max of 15 seconds for the interface to configure - /sbin/ip -6 address show dynamic dev ${1} 2>/dev/null | grep -Ewq 'inet6' && { IF_UP=1; break; } - sleep 0.5 - done - if ((IF_UP != 1)); then - echo "${1}: timed out" - info_log "${1}: failed to auto configure after ${SLAAC_TIMEOUT[$i]} seconds" - debug_log "/sbin/ip address flush dev ${1}" - /sbin/ip address flush dev ${1} - debug_log "/sbin/ip link set dev ${1} down" - /sbin/ip link set dev ${1} down - fi - fi if [ -e /proc/sys/net/ipv6 ] && [ -n "${IP6ADDRS[$i]}" ]; then # add v6 IPs info_log "${1}: setting IPv6 addresses" # IPv6's Duplicate Address Detection (DAD) causes a race condition when bringing up interfaces, as @@ -545,11 +565,14 @@ if_down() { # Bring the interface down: debug_log "/sbin/ip link set dev ${1} down" /sbin/ip link set dev ${1} down - # Reset autoconf and accept_ra back to defaults: + # Reset everything back to defaults: if [ -e /proc/sys/net/ipv6 ]; then - debug_log "${1}: resetting IPv6 autoconf and RA to defaults" + debug_log "${1}: resetting IPv6 configuration to defaults" cat /proc/sys/net/ipv6/conf/default/autoconf >/proc/sys/net/ipv6/conf/${1}/autoconf cat /proc/sys/net/ipv6/conf/default/accept_ra >/proc/sys/net/ipv6/conf/${1}/accept_ra + cat /proc/sys/net/ipv6/conf/default/use_tempaddr >/proc/sys/net/ipv6/conf/${1}/use_tempaddr + cat /proc/sys/net/ipv6/conf/default/addr_gen_mode >/proc/sys/net/ipv6/conf/${1}/addr_gen_mode + echo -n >/proc/sys/net/ipv6/conf/${1}/stable_secret fi # If the interface is a bridge, then destroy it now: [ -n "${BRNICS[$i]}" ] && br_close $i diff --git a/source/n/network-scripts/scripts/rc.inet1.conf b/source/n/network-scripts/scripts/rc.inet1.conf index 0daee7017..e952498e9 100644 --- a/source/n/network-scripts/scripts/rc.inet1.conf +++ b/source/n/network-scripts/scripts/rc.inet1.conf @@ -69,7 +69,7 @@ GATEWAY6="" # BONDNICS is a space delimited list of interfaces to add to this bond. The # BONDNICS interfaces will be brought up and configured while bringing up the # bond interface, so do not need to be previously defined in rc.inet1.conf. -# BONDMODE sets the bonding mode for this interface. If not specified when +# BONDMODE sets the bonding mode for this interface. If not specified when # BONDNICS has been used, the default is 'balance-rr'. # IFOPTS is a pipe (|) delimited list of bonding module specific settings to be # applied to the interface, and should always include the 'miimon' option when @@ -83,9 +83,7 @@ GATEWAY6="" #BONDNICS[0]="eth0 eth1" #BONDMODE[0]="balance-rr" #IFOPTS[0]="xmit_hash_policy layer2+3 | miimon 100" -#IPADDR[0]="192.168.0.1" -#NETMASK[0]="24" -#IPALIASES[0]="" +#IPADDRS[0]="192.168.0.1/24" #USE_DHCP[0]="" #DHCP_HOSTNAME[0]="" #IP6ADDRS[0]="" @@ -174,7 +172,7 @@ GATEWAY6="" # Some examples of additional network parameters that you can use. #IFNAME[4]="wlan0" # Use a different interface name instead of # the default 'eth4' -#IFOPTS[4]="" # A pipe (|) delimited list of interface type +#IFOPTS[4]="" # A pipe (|) delimited list of interface type # specific options to apply. These options # can be found in the ip-link(8) man page in # the approprite section for the interface @@ -200,6 +198,16 @@ GATEWAY6="" #SLAAC_TIMEOUT[4]="15" # The default timeout for auto configuration to # wait for the interface to come up is 15 sec. # Increase the timeout if required. +#SLAAC_PRIVIPGEN[4]="yes" # When assigning addresses via SLAAC, use the + # 'private' (RFC7217) address generation method. + # It is advisable to also set SLAAC_SECRET[x]. +#SLAAC_SECRET[4]="xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx" + # When SLAAC_PRIVIPGEN[x]="yes" is set, this is + # the secret to be used. This must be in the + # form of an IPv6 address. When left unset, a + # random secret is used (this is the default). +#SLAAC_TEMPADDR[4]="yes" # Use a temporary address with SLAAC to enhance + # security. #USE_RA[4]="yes" # Accept router advertisements even when SLAAC # is disabled on the interface. #WLAN_ESSID[4]="DARKSTAR" # An example of how you can override _any_ |