The big advantages are:
- everyone can download the build logs and the ipks
- we use our own docker image
- people with commit access can ssh into the build env
The disadvantages:
- need to push new commits to restart the build
I haven't reimplemented the commit message checks as this should be replaced
with a separate script doing only that so we can require it
(https://help.github.com/articles/enabling-required-status-checks/)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
If we set the option "local_source" in the globals mwan3 section to "none",
traffic generated by the router it self will always use the default route from
the wan interface with the lowest metric. If this interface is down
the router traffic still uses the connection with the lowest metric but
this is disconnected. Load balancing and failover from the lan site is
still possible. Only router generated traffic is not load balanced and
could not use failover.
To solve this issue with router initiated traffic add the additional
option "online_metric" to the mwan3 interface section.
If the interface is connected then this lower "online metric" is set in the
default routing table.
With this change we have at least a failover with router initiated
traffic.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
During runntime of mwan3 we could add dynamicly networks to this ipset
which would then treated as connected networks by mwan3.
This is also usefull for ipsec.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
With the list param "rt_table_lookup" in the mwan3 section globals,
it is now possible to add a additional routing table numbers which would get
also parsed and will be added to the connected network.
So mwan3 will treat them as they are directly connected to this device.
This could be usefull if we use ipsec.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The generation for reporting the policies uses the same code add a
common function to reduce duplication.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Fix only release, including:
* CVE-2018-16396: Tainted flags are not propagated in Array#pack
and String#unpack with some directives
* CVE-2018-16395: OpenSSL::X509::Name equality check does not work
correctly
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Switched to codeload for simplicity and easier package bumping.
Added PKG_BUILD_PARALLEL for faster compilation.
Reordanized Makefile for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This avoids the possibility of the service getting reloaded and
a previously running instance trying to re-dynamically link to
more modern plugins.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This adds a couple of patches when setting some openssl options:
* ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be
be guarded by OPENSSL_HAS_ECC; otherwise, it will not build with
openssl compiled without ECC support.
* Fix openssl version number in openbsd-compat/openssl-compat.c which
failed to compile --with-ssl-engine; this option is used when
CONFIG_OPENSSL_ENGINE_CRYPTO=y
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Switched to HTTP as FTP can be problematic. uscan for example has issues
figuring out the latest version.
Added PKG_CPE_ID for proper CVE tracking.
Reorganized Makefile for consistency with other projects.
Add PKG_FIXUP:=autoreconf, needed to avoid host lib leakage on hosts
with unixodbc installed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[add PKG_FIXUP:=autoreconf - thanks jow]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Etienne Champetier
Florian Eckert
Daniel Engberg
Dirk Brenken
Rosen Penev
Hannu Nyman
Luiz Angelo Daros de Luca
Daniel Golle
Peter Wagner
Philip Prindeville