T6527: add legacy Vyatta interpreter files still in use

Makefile

@@ -55,12 +55,6 @@ op_mode_definitions: $(op_xml_obj)
 
 	find $(BUILD_DIR)/op-mode-definitions/ -type f -name "*.xml" | xargs -I {} $(CURDIR)/scripts/build-command-op-templates {} $(CURDIR)/schema/op-mode-definition.rng $(OP_TMPL_DIR) || exit 1
 
-	# XXX: delete top level op mode node.def's that now live in other packages
-	rm -f $(OP_TMPL_DIR)/add/node.def
-	rm -f $(OP_TMPL_DIR)/clear/interfaces/node.def
-	rm -f $(OP_TMPL_DIR)/clear/node.def
-	rm -f $(OP_TMPL_DIR)/delete/node.def
-
 	# XXX: tcpdump, ping, traceroute and mtr must be able to recursivly call themselves as the
 	# options are provided from the scripts themselves
 	ln -s ../node.tag $(OP_TMPL_DIR)/ping/node.tag/node.tag/

debian/control

@@ -10,7 +10,6 @@ Build-Depends:
   iproute2,
   libvyosconfig0 (>= 0.0.7),
   libzmq3-dev,
-  procps,
   python3 (>= 3.10),
 # For QA
   pylint,
@@ -38,14 +37,24 @@ Standards-Version: 3.9.6
 Package: vyos-1x
 Architecture: amd64 arm64
 Pre-Depends:
+  libpam-runtime [amd64],
   libnss-tacplus [amd64],
   libpam-tacplus [amd64],
   libpam-radius-auth [amd64]
 Depends:
 ## Fundamentals
   ${python3:Depends} (>= 3.10),
+  dialog,
   libvyosconfig0,
+  libpam-cap,
+  bash-completion,
+  ipvsadm,
+  udev,
+  less,
+  at,
+  rsync,
   vyatta-bash,
+  vyatta-biosdevname,
   vyatta-cfg,
   vyos-http-api-tools,
   vyos-utils,
@@ -72,6 +81,7 @@ Depends:
   python3-zmq,
 ## End of Python libraries
 ## Basic System services and utilities
+  coreutils,
   sudo,
   systemd,
   bsdmainutils,
@@ -84,7 +94,6 @@ Depends:
 # ipaddrcheck is widely used in IP value validators
   ipaddrcheck,
   ethtool,
-  fdisk,
   lm-sensors,
   procps,
   netplug,
@@ -97,6 +106,14 @@ Depends:
   grc,
 ## End of System services and utilities
 ## For the installer
+  fdisk,
+  gdisk,
+  mdadm,
+  efibootmgr,
+  libefivar1,
+  dosfstools,
+  grub-efi-amd64-bin [amd64],
+  grub-efi-arm64-bin [arm64],
 # Image signature verification tool
   minisign,
 # Live filesystem tools
@@ -105,6 +122,7 @@ Depends:
 ## End installer
   auditd,
   iputils-arping,
+  iputils-ping,
   isc-dhcp-client,
 # For "vpn pptp", "vpn l2tp", "vpn sstp", "service ipoe-server"
   accel-ppp,
@@ -143,7 +161,7 @@ Depends:
   sstp-client,
 # End "interfaces sstpc"
 # For "protocols *"
-  frr (>= 7.5),
+  frr (>= 9.1),
   frr-pythontools,
   frr-rpki-rtrlib,
   frr-snmp,
@@ -179,9 +197,12 @@ Depends:
 # For "service router-advert"
   radvd,
 # End "service route-advert"
-# For "high-availability reverse-proxy"
+# For "load-balancing reverse-proxy"
   haproxy,
-# End "high-availability reverse-proxy"
+# End "load-balancing reverse-proxy"
+# For "load-balancing wan"
+  vyatta-wanloadbalance,
+# End "load-balancing wan"
 # For "service dhcp-relay"
   isc-dhcp-relay,
 # For "service dhcp-server"
@@ -235,6 +256,9 @@ Depends:
 # For "high-availability vrrp"
   keepalived (>=2.0.5),
 # End "high-availability-vrrp"
+# For "system console"
+  util-linux,
+# End "system console"
 # For "system task-scheduler"
   cron,
 # End "system task-scheduler"
@@ -267,7 +291,7 @@ Depends:
 # For "system conntrack modules rtsp"
   nat-rtsp,
 # End "system conntrack modules rtsp"
-# For "system ntp"
+# For "service ntp"
   chrony,
 # End "system ntp"
 # For "vpn openconnect"
@@ -276,7 +300,13 @@ Depends:
 # For "system flow-accounting"
   pmacct (>= 1.6.0),
 # End "system flow-accounting"
-# For container
+# For "system syslog"
+  rsyslog,
+# End "system syslog"
+# For "system option keyboard-layout"
+  kbd,
+# End "system option keyboard-layout"
+# For "container"
   podman,
   netavark,
   aardvark-dns,
@@ -314,6 +344,8 @@ Depends:
   ndisc6,
 # For "run monitor bandwidth"
   bmon,
+# For "run format disk"
+  parted,
 # End Operational mode
 ## TPM tools
   cryptsetup,

debian/rules

@@ -103,6 +103,10 @@ override_dh_auto_install:
 	mkdir -p $(DIR)/etc
 	cp -r src/etc/* $(DIR)/etc
 
+	# Install legacy Vyatta files
+	mkdir -p $(DIR)/opt
+	cp -r src/opt/* $(DIR)/opt
+
 	# Install PAM configuration snippets
 	mkdir -p $(DIR)/usr/share/pam-configs
 	cp -r src/pam-configs/* $(DIR)/usr/share/pam-configs

debian/vyos-1x.install

@@ -1,4 +1,6 @@
+etc/bash_completion.d
 etc/commit
+etc/default
 etc/dhcp
 etc/ipsec.d
 etc/logrotate.d

debian/vyos-1x.postinst

@@ -120,6 +120,61 @@ fi
 # ensure the proxy user has a proper shell
 chsh -s /bin/sh proxy
 
+# Set file capabilities
+setcap cap_net_admin=pe /sbin/ethtool
+setcap cap_net_admin=pe /sbin/tc
+setcap cap_net_admin=pe /bin/ip
+setcap cap_net_admin=pe /sbin/xtables-legacy-multi
+setcap cap_net_admin=pe /sbin/xtables-nft-multi
+setcap cap_net_admin=pe /usr/sbin/conntrack
+setcap cap_net_admin=pe /usr/sbin/arp
+setcap cap_net_raw=pe /usr/bin/tcpdump
+setcap cap_net_admin,cap_sys_admin=pe /sbin/sysctl
+setcap cap_sys_module=pe /bin/kmod
+setcap cap_sys_time=pe /bin/date
+
+# create needed directories
+mkdir -p /var/log/user
+mkdir -p /var/core
+mkdir -p /opt/vyatta/etc/config/auth
+mkdir -p /opt/vyatta/etc/config/scripts
+mkdir -p /opt/vyatta/etc/config/user-data
+mkdir -p /opt/vyatta/etc/config/support
+chown -R root:vyattacfg /opt/vyatta/etc/config
+chmod -R 775 /opt/vyatta/etc/config
+mkdir -p /opt/vyatta/etc/logrotate
+mkdir -p /opt/vyatta/etc/netdevice.d
+
+touch /etc/environment
+
+if [ ! -f /etc/bash_completion ]; then
+  echo "source /etc/bash_completion.d/10vyatta-op" > /etc/bash_completion
+  echo "source /etc/bash_completion.d/20vyatta-cfg" >> /etc/bash_completion
+fi
+
+sed -i 's/^set /builtin set /' /etc/bash_completion
+
+# Fix up PAM configuration for login so that invalid users are prompted
+# for password
+sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login
+
+# Change default shell for new accounts
+sed -i -e ':^DSHELL:s:/bin/bash:/bin/vbash:' /etc/adduser.conf
+
+# Do not allow users to change full name field (controlled by vyos-1x)
+sed -i -e 's/^CHFN_RESTRICT/#&/' /etc/login.defs
+
+# Only allow root to use passwd command
+if ! grep -q 'pam_succeed_if.so' /etc/pam.d/passwd ; then
+    sed -i -e '/^@include/i \
+password    requisite pam_succeed_if.so user = root
+' /etc/pam.d/passwd
+fi
+
+# remove unnecessary ddclient script in /etc/ppp/ip-up.d/
+# this logs unnecessary messages trying to start ddclient
+rm -f /etc/ppp/ip-up.d/ddclient
+
 # create /opt/vyatta/etc/config/scripts/vyos-preconfig-bootup.script
 PRECONFIG_SCRIPT=/opt/vyatta/etc/config/scripts/vyos-preconfig-bootup.script
 if [ ! -x $PRECONFIG_SCRIPT ]; then

op-mode-definitions/counters.xml.in → op-mode-definitions/clear-interfaces.xml.in

@@ -1,15 +1,32 @@
 <?xml version="1.0"?>
 <interfaceDefinition>
   <node name="clear">
+    <properties>
+      <help>Clear system information</help>
+    </properties>
     <children>
       <node name="interfaces">
+        <properties>
+          <help>Clear interface information</help>
+        </properties>
         <children>
           <node name="counters">
             <properties>
               <help>Clear interface counters for all interfaces</help>
             </properties>
             <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters</command>
           </node>
+          <tagNode name="connection">
+            <properties>
+              <help>Bring connection-oriented network interface down and up</help>
+              <completionHelp>
+                <path>interfaces pppoe</path>
+                <path>interfaces sstpc</path>
+                <path>interfaces wwan</path>
+              </completionHelp>
+            </properties>
+            <command>sudo ${vyos_op_scripts_dir}/connect_disconnect.py --connect --disconnect --interface "$3"</command>
+          </tagNode>
           <node name="bonding">
             <properties>
               <help>Clear Bonding interface information</help>
@@ -595,4 +612,3 @@
     </children>
   </node>
 </interfaceDefinition>
-

op-mode-definitions/configure.xml.in

@@ -11,11 +11,11 @@
         echo "Please do it as an administrator level VyOS user instead."
     else
         if grep -q -e '^overlay.*/filesystem.squashfs' /proc/mounts; then
-        echo "WARNING: You are currently configuring a live-ISO environment, changes will not persist until installed"
+            echo "WARNING: You are currently configuring a live-ISO environment, changes will not persist until installed"
         else
             if grep -q -s '1' /tmp/vyos-config-status; then
-            echo "WARNING: There was a config error on boot: saving the configuration now could overwrite data."
-            echo "You may want to check and reload the boot config"
+                echo "WARNING: There was a config error on boot: saving the configuration now could overwrite data."
+                echo "You may want to check and reload the boot config"
             fi
         fi
         history -w

op-mode-definitions/connect.xml.in

@@ -24,7 +24,7 @@
             <path>interfaces wwan</path>
           </completionHelp>
         </properties>
-        <command>sudo ${vyos_op_scripts_dir}/connect_disconnect.py --connect "$3"</command>
+        <command>sudo ${vyos_op_scripts_dir}/connect_disconnect.py --connect --interface "$3"</command>
       </tagNode>
     </children>
   </node>

op-mode-definitions/disconnect.xml.in

@@ -14,7 +14,7 @@
             <path>interfaces wwan</path>
           </completionHelp>
         </properties>
-        <command>sudo ${vyos_op_scripts_dir}/connect_disconnect.py --disconnect "$3"</command>
+        <command>sudo ${vyos_op_scripts_dir}/connect_disconnect.py --disconnect --interface "$3"</command>
       </tagNode>
     </children>
   </node>