commit a59dc4394043aa5fce060426f13d965ab3c6679f
Author: Ad Schellevis <ad@opnsense.org>
Date: Mon Nov 18 21:16:13 2024 +0100
Services: Kea DHCP [new]: Leases DHCPv4 - minor cleanups for https://github.com/opnsense/core/pull/8053
commit 9986eca14c4ee72675bedc31953cefe60a6659cd
Merge: d23170c05 8d0ab40c5
Author: cpalv <13182421+cpalv@users.noreply.github.com>
Date: Mon Nov 11 23:46:43 2024 -0600
Merge branch 'opnsense:master' into mac-db
commit d23170c05f3d511000d8302dd2403c0761d757ac
Author: eddie <13182421+cpalv@users.noreply.github.com>
Date: Mon Nov 11 23:45:16 2024 -0600
Add MAC formatter, removed unclosed table row tag
macformatter will include the hardware manufacturer info (if it exists) in the same table cell as MAC address
removed unclosed 'tr' tag. linked 'hwaddr' column to macformatter. adjusted spacing
commit 04e7cf40ee809b3afdcc203d27cd3ed9cd9ff128
Author: eddie <13182421+cpalv@users.noreply.github.com>
Date: Mon Nov 11 23:39:30 2024 -0600
add MAC manufacturer info to dhcp lease record
Be done with the retry and use the launcher.sh -r argument for
the cron-based execution. Leave the backend commands where they
are.
Since the file had no copyright header looking at the old code
it looks like Bill and Scott worked on the file first in 2005.
Not really concerned with consecutive history here for lack of
creating a copyright header for so long.
This also moves the initial output to the start of the script
again which clears and seeds the output file so the GUI picks
up the right operation immediately. This was a problem during
CRL setup which may delay the execution too much.
Make the output_done() and output_reboot() both never return
which simplifies the code a bit.
There is more potential for improved output handling but for
the time being this should suffice to fix the current glitches.
This reverts commit 1ff4c95f115028cd3786f249ef77500767c904bf.
Intended side effect so that the launcher will have access to the vars
published by config.sh -- when the launcher starts the actual script
the script itself will source the config.sh again causing the env_init()
to be called for all participating COMMANDS. This ensures the env_init()
call is locked by default.
Running the grep below lights up a few spots still:
# git grep 'pkg[^/\[\.a-z'"'"',()_+"]'
Make a few decisions for the future:
* Use "pkg-static" outside the firmware code consistently
with a full path
* Modify ambiguous code or comments to not be found by the
grep above
* Firmware uses PKG now if we ever have to pivot to pkg-static
or when we need to overwise modify the call.
The goal of this excerise was to find all stray package manager
spots that may run their own embedded pkg-update without the
proper environment which should be gone for now.
While debugging some missing TLS parameters, I noticed the ciphers where different than expected. Digging a bit deeper seemed to indicate env_init() wasn't called on my end.
If SELF should be the command, the intention was likely to pass the parameter instead of the script name (which is always launcher)
cc @fichtner
Neither OpenSSL base (/etc/ssl) nor ports (/usr/local/openssl) need
the bundle file now that we use the directory trust store. The downside
is that as soon as the bundle exists OpenSSL library will read both the
directory and the bundle by default defeating the purpose of a single
location and the directory being faster.
Keep the fringe ca_root_nss location /usr/local/etc/ssl since that is
still seeded by the package but controlled and topped up by the user
configured authorities.
If we convert groups to a model, we will switch the nested <member> tags into comma separated fields, e.g.
<member>1</member>
<member>12</member>
will convert to:
<member>1,12</member>
using this commit we support both for areas where these are being read.
It's rebatable how careful we should be reading files from /etc/ssl/certs
but in practice garbage-in-garbage-out is the best approach and just match
a wider variety of files included in the directory.
We do not currently use /usr/local/share/certs/untrusted either,
but keep it for future use. The other directories are not used
by FreeBSD 14 or newer so just remove their use.
