[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfire-scm
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 251556c9bea35c137bdbe5d93b1ed095
From: Arne Fitzenreiter <git () ipfire ! org>
Date: 2020-08-05 19:02:15
Message-ID: 4BMLbD0DXxz2y13 () people01 ! haj ! ipfire ! org
[Download RAW message or body]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 251556c9bea35c137bdbe5d93b1ed0959d639955 (commit)
via 8531a9503c2328f88deb83820364ce21bc8a357d (commit)
via 138c94a96dd9bdceda01fcb2078bf00aa287f8dc (commit)
via 7c24a0d973f56eb912eb6375b6577bb40e81093f (commit)
from 4576ca4cc798d664a2d551762058c98d311ac0bc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 251556c9bea35c137bdbe5d93b1ed0959d639955
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Wed Aug 5 19:01:38 2020 +0000
start core149 and add oci changes.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 8531a9503c2328f88deb83820364ce21bc8a357d
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Jul 21 10:36:41 2020 +0000
smt: Do not disable SMT in virtual machines
Processors in virtual machines are *virtual*. Therefore this
only degrades the performance of the guest, but does not increase
it's security.
This patch always leaves SMT enabled in all virtual environments.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 138c94a96dd9bdceda01fcb2078bf00aa287f8dc
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Jul 21 10:36:40 2020 +0000
oci: Add automatic configuration script
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 7c24a0d973f56eb912eb6375b6577bb40e81093f
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Jul 21 10:36:39 2020 +0000
oci: Add detection for Oracle Cloud
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/aarch64/initscripts | 1 +
config/rootfiles/common/armv5tel/initscripts | 1 +
config/rootfiles/common/i586/initscripts | 1 +
config/rootfiles/common/x86_64/initscripts | 1 +
config/rootfiles/core/{148 => 149}/exclude | 0
config/rootfiles/core/149/filelists/files | 8 +++
.../rootfiles/{oldcore/147 => core/149}/update.sh | 20 +++---
config/rootfiles/{core => oldcore}/148/exclude | 0
.../{core => oldcore}/148/filelists/Locale-Country | 0
.../{core => oldcore}/148/filelists/files | 0
.../{core => oldcore}/148/filelists/libloc | 0
.../{core => oldcore}/148/filelists/xtables-addons | 0
config/rootfiles/{core => oldcore}/148/update.sh | 0
make.sh | 2 +-
src/initscripts/helper/{gcp-setup => oci-setup} | 80 +++++++++++++---------
src/initscripts/system/cloud-init | 2 +
src/initscripts/system/functions | 11 +++
src/initscripts/system/smt | 5 ++
18 files changed, 89 insertions(+), 43 deletions(-)
copy config/rootfiles/core/{148 => 149}/exclude (100%)
create mode 100644 config/rootfiles/core/149/filelists/files
copy config/rootfiles/{oldcore/147 => core/149}/update.sh (91%)
rename config/rootfiles/{core => oldcore}/148/exclude (100%)
rename config/rootfiles/{core => oldcore}/148/filelists/Locale-Country (100%)
rename config/rootfiles/{core => oldcore}/148/filelists/files (100%)
rename config/rootfiles/{core => oldcore}/148/filelists/libloc (100%)
rename config/rootfiles/{core => oldcore}/148/filelists/xtables-addons (100%)
rename config/rootfiles/{core => oldcore}/148/update.sh (100%)
copy src/initscripts/helper/{gcp-setup => oci-setup} (77%)
Difference in files:
diff --git a/config/rootfiles/common/aarch64/initscripts \
b/config/rootfiles/common/aarch64/initscripts index 69fef394b..bbf57af37 100644
--- a/config/rootfiles/common/aarch64/initscripts
+++ b/config/rootfiles/common/aarch64/initscripts
@@ -5,6 +5,7 @@ etc/rc.d/helper/aws-setup
etc/rc.d/helper/azure-setup
etc/rc.d/helper/gcp-setup
etc/rc.d/helper/getdnsfromdhcpc.pl
+etc/rc.d/helper/oci-setup
#etc/rc.d/init.d
etc/rc.d/init.d/acpid
etc/rc.d/init.d/apache
diff --git a/config/rootfiles/common/armv5tel/initscripts \
b/config/rootfiles/common/armv5tel/initscripts index 69fef394b..bbf57af37 100644
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -5,6 +5,7 @@ etc/rc.d/helper/aws-setup
etc/rc.d/helper/azure-setup
etc/rc.d/helper/gcp-setup
etc/rc.d/helper/getdnsfromdhcpc.pl
+etc/rc.d/helper/oci-setup
#etc/rc.d/init.d
etc/rc.d/init.d/acpid
etc/rc.d/init.d/apache
diff --git a/config/rootfiles/common/i586/initscripts \
b/config/rootfiles/common/i586/initscripts index b4e944342..e0c8495c8 100644
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -5,6 +5,7 @@ etc/rc.d/helper/aws-setup
etc/rc.d/helper/azure-setup
etc/rc.d/helper/gcp-setup
etc/rc.d/helper/getdnsfromdhcpc.pl
+etc/rc.d/helper/oci-setup
#etc/rc.d/init.d
etc/rc.d/init.d/acpid
etc/rc.d/init.d/apache
diff --git a/config/rootfiles/common/x86_64/initscripts \
b/config/rootfiles/common/x86_64/initscripts index b4e944342..e0c8495c8 100644
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -5,6 +5,7 @@ etc/rc.d/helper/aws-setup
etc/rc.d/helper/azure-setup
etc/rc.d/helper/gcp-setup
etc/rc.d/helper/getdnsfromdhcpc.pl
+etc/rc.d/helper/oci-setup
#etc/rc.d/init.d
etc/rc.d/init.d/acpid
etc/rc.d/init.d/apache
diff --git a/config/rootfiles/core/148/exclude b/config/rootfiles/core/149/exclude
similarity index 100%
rename from config/rootfiles/core/148/exclude
rename to config/rootfiles/core/149/exclude
diff --git a/config/rootfiles/core/149/filelists/files \
b/config/rootfiles/core/149/filelists/files new file mode 100644
index 000000000..95a56178b
--- /dev/null
+++ b/config/rootfiles/core/149/filelists/files
@@ -0,0 +1,8 @@
+etc/system-release
+etc/issue
+srv/web/ipfire/cgi-bin/credits.cgi
+var/ipfire/langs
+etc/rc.d/helper/oci-setup
+etc/rc.d/init.d/cloud-init
+etc/rc.d/init.d/functions
+etc/rc.d/init.d/smt
diff --git a/config/rootfiles/core/149/update.sh \
b/config/rootfiles/core/149/update.sh new file mode 100644
index 000000000..b1dfa97c9
--- /dev/null
+++ b/config/rootfiles/core/149/update.sh
@@ -0,0 +1,75 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2020 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+core=149
+
+# Remove old core updates from pakfire cache to save space...
+for (( i=1; i<=$core; i++ )); do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+# Remove files
+#rm -vf \
+
+# Stop services
+
+# Extract files
+extract_files
+
+# update linker config
+ldconfig
+
+# Update Language cache
+/usr/local/bin/update-lang-cache
+
+# Filesytem cleanup
+/usr/local/bin/filesystem-cleanup
+
+# Start services
+
+# Update crontab
+sed -i /var/spool/cron/root.orig \
+ -e "s/xt_geoip_update/update-location-database/" \
+ -e "/location/s/monthly/hourly/" \
+ -e "s/GeoIP/location/"
+fcrontab -z
+
+# This update needs a reboot...
+#touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Update grub config to display new core version
+if [ -e /boot/grub/grub.cfg ]; then
+ grub-mkconfig -o /boot/grub/grub.cfg
+fi
+
+sync
+
+# Don't report the exitcode last command
+exit 0
diff --git a/config/rootfiles/oldcore/148/exclude \
b/config/rootfiles/oldcore/148/exclude new file mode 100644
index 000000000..b22159878
--- /dev/null
+++ b/config/rootfiles/oldcore/148/exclude
@@ -0,0 +1,28 @@
+boot/config.txt
+boot/grub/grub.cfg
+boot/grub/grubenv
+etc/alternatives
+etc/collectd.custom
+etc/default/grub
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/snort/snort.conf
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/dma
+var/ipfire/time
+var/ipfire/ovpn
+var/lib/alternatives
+var/log/cache
+var/log/dhcpcd.log
+var/log/messages
+var/state/dhcp/dhcpd.leases
+var/updatecache
diff --git a/config/rootfiles/core/148/filelists/Locale-Country \
b/config/rootfiles/oldcore/148/filelists/Locale-Country similarity index 100%
rename from config/rootfiles/core/148/filelists/Locale-Country
rename to config/rootfiles/oldcore/148/filelists/Locale-Country
diff --git a/config/rootfiles/core/148/filelists/files \
b/config/rootfiles/oldcore/148/filelists/files similarity index 100%
rename from config/rootfiles/core/148/filelists/files
rename to config/rootfiles/oldcore/148/filelists/files
diff --git a/config/rootfiles/core/148/filelists/libloc \
b/config/rootfiles/oldcore/148/filelists/libloc similarity index 100%
rename from config/rootfiles/core/148/filelists/libloc
rename to config/rootfiles/oldcore/148/filelists/libloc
diff --git a/config/rootfiles/core/148/filelists/xtables-addons \
b/config/rootfiles/oldcore/148/filelists/xtables-addons similarity index 100%
rename from config/rootfiles/core/148/filelists/xtables-addons
rename to config/rootfiles/oldcore/148/filelists/xtables-addons
diff --git a/config/rootfiles/core/148/update.sh \
b/config/rootfiles/oldcore/148/update.sh similarity index 100%
rename from config/rootfiles/core/148/update.sh
rename to config/rootfiles/oldcore/148/update.sh
diff --git a/make.sh b/make.sh
index 544320f09..799aeee66 100755
--- a/make.sh
+++ b/make.sh
@@ -26,7 +26,7 @@ NAME="IPFire" # Software name
SNAME="ipfire" # Short name
# If you update the version don't forget to update backupiso and add it to core \
update VERSION="2.25" # Version number
-CORE="148" # Core Level (Filename)
+CORE="149" # Core Level (Filename)
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
NICE=10 # Nice level
diff --git a/src/initscripts/helper/oci-setup b/src/initscripts/helper/oci-setup
new file mode 100644
index 000000000..aca09e673
--- /dev/null
+++ b/src/initscripts/helper/oci-setup
@@ -0,0 +1,308 @@
+#!/bin/bash
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+# Set PATH to find our own executables
+export PATH=/usr/local/sbin:/usr/local/bin:${PATH}
+
+# GCP only supports an MTU of 1460
+DEFAULT_MTU=1460
+
+get() {
+ local file="${1}"
+
+ wget -qO - "http://169.254.169.254/opc/v1/${file}"
+}
+
+to_address() {
+ local n="${1}"
+
+ local o1=$(( (n & 0xff000000) >> 24 ))
+ local o2=$(( (n & 0xff0000) >> 16 ))
+ local o3=$(( (n & 0xff00) >> 8 ))
+ local o4=$(( (n & 0xff) ))
+
+ printf "%d.%d.%d.%d\n" "${o1}" "${o2}" "${o3}" "${o4}"
+}
+
+to_integer() {
+ local address="${1}"
+
+ local integer=0
+
+ local i
+ for i in ${address//\./ }; do
+ integer=$(( (integer << 8) + i ))
+ done
+
+ printf "%d\n" "${integer}"
+}
+
+prefix2netmask() {
+ local prefix=${1}
+
+ local zeros=$(( 32 - prefix ))
+ local netmask=0
+
+ local i
+ for (( i=0; i<${zeros}; i++ )); do
+ netmask=$(( (netmask << 1) ^ 1 ))
+ done
+
+ to_address "$(( netmask ^ 0xffffffff ))"
+}
+
+oci_list_interfaces() {
+ get "vnics/" | python3 -c "import json, sys; print(\"\n\".join([vnic[\"vnicId\"] \
for vnic in json.load(sys.stdin)]))" +}
+
+oci_get_interface_param() {
+ local id="${1}"
+ local param="${2}"
+
+ get "vnics/" | python3 -c "import json, sys; \
print(\"\n\".join(vnic.get(\"${param}\", \"\") for vnic in json.load(sys.stdin) if \
vnic[\"vnicId\"] == \"${id}\"))" +}
+
+import_oci_configuration() {
+ local instance_id="$(get instance/id)"
+
+ boot_mesg "Importing Oracle Cloud Infrastructure configuration for instance \
${instance_id}..." +
+ # Store instance ID
+ echo "${instance_id}" > /var/run/oci-instance-id
+
+ # Initialise system settings
+ local hostname=$(get instance/hostname)
+
+ # Set hostname
+ if ! grep -q "^HOSTNAME=" /var/ipfire/main/settings; then
+ echo "HOSTNAME=${hostname%%.*}" >> /var/ipfire/main/settings
+ fi
+
+ # Set domainname
+ if ! grep -q "^DOMAINNAME=" /var/ipfire/main/settings; then
+ echo "DOMAINNAME=${hostname#*.}" >> /var/ipfire/main/settings
+ fi
+
+ # Create setup user
+ if ! getent passwd setup &>/dev/null; then
+ useradd setup -s /usr/bin/run-setup -g nobody -m
+
+ # Unlock the account
+ usermod -p "x" setup
+ fi
+
+ # Import SSH keys for setup user
+ local line
+ while read -r line; do
+ # Strip the username part from the key
+ local key="${line#*:}"
+
+ if [ -n "${key}" ] && ! grep -q "^${key}$" "/home/setup/.ssh/authorized_keys" \
2>/dev/null; then + mkdir -p "/home/setup/.ssh"
+ chmod 700 "/home/setup/.ssh"
+ chown setup.nobody "/home/setup/.ssh"
+
+ echo "${key}" >> "/home/setup/.ssh/authorized_keys"
+ chmod 600 "/home/setup/.ssh/authorized_keys"
+ chown setup.nobody "/home/setup/.ssh/authorized_keys"
+ fi
+ done <<<"$(get instance/metadata/ssh_authorized_keys)"
+
+ # Download the user-data script only on the first boot
+ if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then
+ # Download a startup script
+ local script="$(get instance/metadata/user_data)"
+
+ # Execute the script
+ if [ "${script:0:2}" = "#!" ]; then
+ echo "${script}" > /tmp/user-data.script
+ chmod 700 /tmp/user-data.script
+
+ # Run the script
+ local now="$(date -u +"%s")"
+ /tmp/user-data.script &>/var/log/user-data.log.${now}
+
+ # Delete the script right away
+ rm /tmp/user-data.script
+ fi
+ fi
+
+ # Import network configuration
+ # After this, no network connectivity will be available from this script due to the
+ # renaming of the network interfaces for which they have to be shut down
+ local config_type=1
+ : > /var/ipfire/ethernet/settings
+
+ local id
+ for id in $(oci_list_interfaces); do
+ local mac="$(oci_get_interface_param "${id}" "macAddr")"
+
+ # First IPv4 address
+ local ipv4_address="$(oci_get_interface_param "${id}" "privateIp")"
+ local ipv4_address_num="$(to_integer "${ipv4_address}")"
+
+ local subnet="$(oci_get_interface_param "${id}" "subnetCidrBlock")"
+ local prefix="${subnet#*/}"
+
+ local netmask="$(prefix2netmask "${prefix}")"
+ local netmask_num="$(to_integer "${netmask}")"
+
+ # Calculate the network and broadcast addresses
+ local netaddress="${subnet%/*}"
+ local broadcast="$(to_address $(( ipv4_address_num | (0xffffffff ^ netmask_num) \
)))" +
+ local index="$(oci_get_interface_param "${id}" "nicIndex")"
+
+ # Set index to zero if it was empty
+ if [ -z "${index}" ]; then
+ index=0
+ fi
+
+ case "${index}" in
+ # RED
+ 0)
+ local interface_name="red0"
+ local gateway="$(oci_get_interface_param "${id}" "virtualRouterIp")"
+
+ (
+ echo "RED_TYPE=STATIC"
+ echo "RED_DEV=${interface_name}"
+ echo "RED_MACADDR=${mac}"
+ echo "RED_DESCRIPTION='${id}'"
+ echo "RED_ADDRESS=${ipv4_address}"
+ echo "RED_NETMASK=${netmask}"
+ echo "RED_NETADDRESS=${netaddress}"
+ echo "RED_BROADCAST=${broadcast}"
+ echo "RED_MTU=1500"
+ echo "DEFAULT_GATEWAY=${gateway}"
+ ) >> /var/ipfire/ethernet/settings
+
+ # Import aliases for RED
+ #for alias in $(get "instance/network-interfaces/${device_number}/ip-aliases"); \
do + # echo "${alias},on,"
+ #done > /var/ipfire/ethernet/aliases
+ ;;
+
+ # GREEN
+ 1)
+ local interface_name="green0"
+
+ (
+ echo "GREEN_DEV=${interface_name}"
+ echo "GREEN_MACADDR=${mac}"
+ echo "GREEN_DESCRIPTION='${id}'"
+ echo "GREEN_ADDRESS=${ipv4_address}"
+ echo "GREEN_NETMASK=${netmask}"
+ echo "GREEN_NETADDRESS=${netaddress}"
+ echo "GREEN_BROADCAST=${broadcast}"
+ echo "GREEN_MTU=${DEFAULT_MTU}"
+ ) >> /var/ipfire/ethernet/settings
+ ;;
+
+ # ORANGE
+ 2)
+ local interface_name="orange0"
+ config_type=2
+
+ (
+ echo "ORANGE_DEV=${interface_name}"
+ echo "ORANGE_MACADDR=${mac}"
+ echo "ORANGE_DESCRIPTION='${id}'"
+ echo "ORANGE_ADDRESS=${ipv4_address}"
+ echo "ORANGE_NETMASK=${netmask}"
+ echo "ORANGE_NETADDRESS=${netaddress}"
+ echo "ORANGE_BROADCAST=${broadcast}"
+ echo "ORANGE_MTU=${DEFAULT_MTU}"
+ ) >> /var/ipfire/ethernet/settings
+ ;;
+ esac
+ done
+
+ # Save CONFIG_TYPE
+ echo "CONFIG_TYPE=${config_type}" >> /var/ipfire/ethernet/settings
+
+ # Actions performed only on the very first start
+ if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then
+ # Disable using ISP nameservers
+ sed -e "s/^USE_ISP_NAMESERVERS=.*/USE_ISP_NAMESERVERS=off/" -i \
/var/ipfire/dns/settings +
+ # Enable SSH
+ sed -e "s/ENABLE_SSH=.*/ENABLE_SSH=on/g" -i /var/ipfire/remote/settings
+
+ # Disable SSH password authentication
+ sed -e "s/^ENABLE_SSH_PASSWORDS=.*/ENABLE_SSH_PASSWORDS=off/" -i \
/var/ipfire/remote/settings +
+ # Enable SSH key authentication
+ sed -e "s/^ENABLE_SSH_KEYS=.*/ENABLE_SSH_KEYS=on/" -i /var/ipfire/remote/settings
+
+ # Apply SSH settings
+ /usr/local/bin/sshctrl
+
+ # Mark SSH to start immediately (but not right now)
+ touch /var/ipfire/remote/enablessh
+ chown nobody:nobody /var/ipfire/remote/enablessh
+
+ # Firewall rules for SSH and WEBIF
+ (
+ echo "1,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,cust_srv,SSH,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"
+ echo "2,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,TGT_PORT,444,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"
+ ) >> /var/ipfire/firewall/input
+
+ # This script has now completed the first steps of setup
+ touch /var/ipfire/main/firstsetup_ok
+ fi
+
+ # All done
+ echo_ok
+}
+
+case "${reason}" in
+ PREINIT)
+ # Bring up the interface
+ ip link set "${interface}" up
+ ;;
+
+ BOUND|RENEW|REBIND|REBOOT)
+ # Remove any previous IP addresses
+ ip addr flush dev "${interface}"
+
+ # Add (or re-add) the new IP address
+ ip addr add "${new_ip_address}/${new_subnet_mask}" dev "${interface}"
+
+ # Add the default route
+ ip route add "${new_routers}" dev "${interface}"
+ ip route add default via "${new_routers}"
+
+ # Setup DNS
+ for domain_name_server in ${new_domain_name_servers}; do
+ echo "nameserver ${domain_name_server}"
+ done > /etc/resolv.conf
+
+ # The system is online now
+ touch /var/ipfire/red/active
+
+ # Import OCI configuration
+ import_oci_configuration
+ ;;
+
+ EXPIRE|FAIL|RELEASE|STOP)
+ # The system is no longer online
+ rm -f /var/ipfire/red/active
+
+ # Remove all IP addresses
+ ip addr flush dev "${interface}"
+
+ # Shut down the interface
+ ip link set "${interface}" down
+ ;;
+
+ *)
+ echo "Unhandled reason: ${reason}" >&2
+ exit 2
+ ;;
+esac
+
+# Terminate
+exit 0
diff --git a/src/initscripts/system/cloud-init b/src/initscripts/system/cloud-init
index 284e24d7b..d39552b01 100644
--- a/src/initscripts/system/cloud-init
+++ b/src/initscripts/system/cloud-init
@@ -15,6 +15,8 @@ case "${1}" in
scriptname="/etc/rc.d/helper/azure-setup"
elif running_on_gcp; then
scriptname="/etc/rc.d/helper/gcp-setup"
+ elif running_on_oci; then
+ scriptname="/etc/rc.d/helper/oci-setup"
else
# This system is not running in the cloud
exit 0
diff --git a/src/initscripts/system/functions b/src/initscripts/system/functions
index b6e6507d6..30119918c 100644
--- a/src/initscripts/system/functions
+++ b/src/initscripts/system/functions
@@ -834,4 +834,15 @@ running_on_gcp() {
return 1
}
+running_on_oci() {
+ if [ -r "/sys/devices/virtual/dmi/id/chassis_asset_tag" ]; then
+ local asset_tag="$(</sys/devices/virtual/dmi/id/chassis_asset_tag)"
+
+ [ "${asset_tag}" = "OracleCloud.com" ] && return 0
+ fi
+
+ # We are not running on OCI
+ return 1
+}
+
# End $rc_base/init.d/functions
diff --git a/src/initscripts/system/smt b/src/initscripts/system/smt
index cc4128b2d..bfa7d57b3 100644
--- a/src/initscripts/system/smt
+++ b/src/initscripts/system/smt
@@ -20,6 +20,11 @@ case "${1}" in
exit 0
fi 2>/dev/null
+ # Do not disable SMT inside virtual machines
+ if [ -d "/sys/hypervisor" ]; then
+ exit 0
+ fi
+
# Disable SMT when the processor is vulnerable to Foreshadow or \
Fallout/ZombieLoad/RIDL for vuln in l1tf mds; do
if [ -r "/sys/devices/system/cpu/vulnerabilities/${vuln}" ] && \
hooks/post-receive
--
IPFire 2.x development tree
_______________________________________________
IPFire-SCM mailing list
IPFire-SCM@lists.ipfire.org
https://lists.ipfire.org/mailman/listinfo/ipfire-scm
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic