Adds a bit of code on the initialization but allows to trace the
information without magic globals.
Has been on the wishlist forever, but nowadays it's simple enough
to replace the few instances using it.
opnsense-update -K will handle subscription key return if found.
Fetch the license metadata if it exists, move it to core version
meta file and handle the contents dymanically if it exists.
The only issue for later is that changing the mirror away from
business we have a lingering license file until the next check
for updates is done.
Extends check.sh to fetch license json file when a uuid is found and flush this to /usr/local/opnsense/license.json.
The firmware page adds a license validity row, which is hidden by default and only shown when product.php returns 'product_license_valid_to'.
For the dashboard widget we'll add the "licensed until" string to the core product string when available.
o bulk insert <tr/> objects to prevent overhead finding the top item in the list
o fetch with a minimum of 1000 records, so the browser has something to apply filtering too, this also prevents the issue of not being able to find results when > 25 records per second arrive. Processing 1000 visible records is a lot more effort for the browser than handling 1000 invisible ones.
o simplify table cleanup, as records over "max_rows" would be dropped anyway.
```
$fw = filter_core_get_initialized_plugin_system();
filter_core_bootstrap($fw);
plugins_firewall($fw);
filter_core_rules_user($fw);
```
Above block should offer a complete view on the firewall rules now, which we may use in the gui as well. There's still an idea to offer a full view on all firewall rules that apply to an interface (including floating and groups), a bit inspired by this request https://github.com/opnsense/core/issues/6024. In order to do this, we should likely be able to offer a single rule provider first so we can just query the object.
Since filter_rules_sort() is only called via front end pages, it should be safe to check if rules already have a uuid assigned and assign them if they don't. This prevents a migration and increases the change of fast adoption of the rule uuid's.
This commit adds generate_uuid() to config.inc and mimics the same behaviour as mvc models will do, if at a later point in time we would like to hook uuid's to xml attributes in other areas as well, we can simply reuse this.
It is likely a good idea to start using the uuid's in filter_core_rules_user() as labels too as this would prevent the use of the rule hash calculation (saves time and is a more stable id in most cases).
Impact of this change should be rather low as nothing depends on the uuids yet.
According to the notes in https://phpseclib.com/docs/x509 the signCRL() method previously set the signatureAlgorithm by default (sha1WithRSAEncryption), without specific request we now seem to be using SIGNATURE_PSS by default.
```
Note that whereas in the 1.0 and 2.0 branches, the signature algorithm was set by using an additional parameter in the sign method (or signCSR, signCRL, etc) in this case it's set based on the key. So if you want to create an rsaEncryption X509 cert you'd need to do $publicKey = $publicKey->withHashing(RSA::SIGNATURE_PKCS1) since, by default, RSA keys use RSA::SIGNATURE_PSS.
```
This commit implements the suggested approach to revert the default hashing back to what it was, which at least generates CRL's and is properly handled in validateSignature().
Most likely this fixes https://forum.opnsense.org/index.php?topic=30164.msg145633#msg145633
cc @swhite2
Our current default of 9999 days will calculate to a date in 2050, we could either choose to cap on 20491231 here or set to lifetime, the latter seems to be more logical when the number of days is higher than a couple of years.
fix a small php 8 notice as well in the same scope.
noted here https://forum.opnsense.org/index.php?topic=30164.msg145665#msg145665
Currently this doesn't work (yet), likely needs https://reviews.freebsd.org/D35848 so vlanproto can be set after the interface creation phase (now it's only possible to set proto there).
If `ifconfig XXXX vlanproto 802.1ad` sets the property, we do need this code to make sure we set these on QinQ parent vlan tags. As a workaround we could pass proto in legacy_interface_create() as well to make this (only) work on boot, but looking at the upstream fix, this might be something easy to pull in the near future.
for https://github.com/opnsense/core/issues/5893
