Extend configuration of NTP sources in UCI:
- Add nts option to enable NTS
- Add disabled option to allow inactive sources
Add nts section to UCI with:
- rtccheck option to disable certificate time checks on systems that
don't have an RTC to avoid the chicken-and-egg problem (it is less
secure, but still should be better than no NTS at all)
- systemcerts option to disable system certificates
- trustedcerts option to specify path to trusted certificates
Save NTS keys and cookies by default to avoid unnecessary NTS-KE
sessions when restarted or switching back to an already used NTS source.
Also, save the drift to stabilize the clock after chronyd restart.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
- Use the chronyc onoffline command to update state of all sources
per current routing configuration
- Don't ignore the "ifupdate" action
- Add NTP servers from DHCP for the interface that went up instead of
the wan4+wan6 interfaces
- Save the servers to files loaded by the sourcedir directive to not
lose them when chronyd is restarted, and remove them when the
interface goes down
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
Instead of loading /etc/chrony/chrony.conf from the file generated from
the chrony UCI configuration, use the confdir directive in the main
config to load the generated file. This should make it obvious that
chrony is configured in UCI and it can also be easily disabled.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
If relay/bridge support isn't required, this variant is about 300 kiB smaller
than the full tor daemon.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Extracted from:
http://deb.debian.org/debian/pool/main/i/ifstat/ifstat_1.1-8.1.diff.gz
Note that I also created a new git repository with these fixes:
https://github.com/matttbe/ifstat/
The original author of these modification is:
Goswin von Brederlow <goswin-v-b@web.de>
ChangeLog:
* snmp.c: fix 2 pointer targets differ in signedness warnings
* Adding upport for 64bit /proc/net/dev counters.
* Clean up compiler warnings.
More modifications are available in the patch from the Debian project
but mostly related to the "debian" dir, man page and debug mode. Here I
only took the modifications related to the .c and .h files.
The most important fix is related to the support for 64bit counters in
/proc/net/dev instead of displaying 0 after a while.
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
- support trailing route space from iproute2
- add routes even when iface is down
- fix source_routing argument check
- add quotes in logging to better detect issues with trailing spaces
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
Allows the Makefile to be cleaned up and to have fewer dependencies.
There's no need for multiple TLS libraries to be installed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
openconnect v8.10 supports 4 VPN protocols
--protocol=anyconnect Compatible with Cisco AnyConnect SSL VPN, as well as ocserv (default)
--protocol=nc Compatible with Juniper Network Connect
--protocol=gp Compatible with Palo Alto Networks (PAN) GlobalProtect SSL VPN
--protocol=pulse Compatible with Pulse Connect Secure SSL VPN
This patch allows user to specify protocol use the new "vpn_protocol"
option and deprecate the old option "juniper" which seems to be missing in
the current openconnect client.
Signed-off-by: Mengyang Li <mayli.he@gmail.com>
version 8.2.6 (October 19, 2020):
- try and address license concerns with LICENSE.md
- replace usleep with nanosleep (Rosen Penev <rosenp@gmail.com>)
- console: Add 'k' option to exit on console-down (Mylène Josserand <mylene.josserand@collabora.com>)
- Fix#48 - apply ipv4 CIDR access list when compiled with ipv6 support
Signed-off-by: Bjørn Mork <bjorn@mork.no>
The additional directory is created and can be used e.g. for configurations
which are created e.g. dynamically from an uci config.
Signed-off-by: Helge Mader <ma@dev.tdt.de>
For applications writing their own xinetd configuration to the /etc/xinetd.d
directory it would be necessary to save them (e.g. a user edits them manually)
Signed-off-by: Helge Mader <ma@dev.tdt.de>
When the interface section was changed, the changed configuration
options were not applied.
This commit adds the service reload handling again.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* switch all safesearch providers to dynamic ips (derived from cname)
* made the new safesearch approach compatible with bind-nslookup
* removed 3.x config compatibility code
Signed-off-by: Dirk Brenken <dev@brenken.org>
Django 3.1 supports relative paths for static_url.
Use it to make it more flexible.
Minor fixes for upgrade:
* ignore-fail-on-non-empty for rmdir /usr/share/etesync-server/etesync_server
* do not stop service (it is stopped already and init file is removed)
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
The underlying `acme.sh` allows custom ACME server URLs (using `--server`). Adding the necessary field to specify a custom ACME server URL from UCI.
Signed-off-by: Jannis Pinter <jannis+openwrt@pinterjann.is>
