* Wed Apr 17 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-9.sme

- fix self-signed cert renewd when not necessary [SME: 12606]
* Tue Apr 16 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme
2024-04-17 16:42:12 -04:00 · 2024-04-16 15:50:13 -04:00
7 changed files with 56 additions and 10 deletions
--- a/1
+++ b/1
@@ -64,6 +64,7 @@ foreach (qw(
    /etc/resolv.conf
    /etc/sysctl.conf
    /var/service/wan/dhclient.config
+    /lib/modprobe.d/systemd.conf
    ))
 {
    templates2events($_, qw(console-save bootstrap-console-save smeserver-base-update));
--- a/root/etc/e-smith/templates/home/e-smith/ssl.crt
+++ b/root/etc/e-smith/templates/home/e-smith/ssl.crt
@@ -4,6 +4,8 @@
    use Date::Parse;
    use Cwd;
    use Net::IP qw(ip_is_ipv4 ip_is_ipv6);
+    use esmith::Logger;
+    tie *FH, 'esmith::Logger';
    my $here = getcwd;

    my $Country = $modSSL{Country} || "--";
@@ -52,16 +54,16 @@
 	my $key_md5 = `openssl rsa -noout -modulus -in $key | openssl md5`;

        if ( ($ttl_days > 2) && ( "$crt_md5" eq "$key_md5" ) ) {
-            my $expected_issuer = '/C='.$Country .
-                              '/ST='.$State;
-            $expected_issuer .= '/L=' . ($defaultCity ? $defaultCity : 'Default City');
-            $expected_issuer .= '/O=' . ($defaultCompany ? $defaultCompany : 'Default Company Ltd');
-            $expected_issuer .= "/OU=$defaultDepartment" if $defaultDepartment;
-            $expected_issuer .= "/CN=$commonName" .
-                                  "/emailAddress=$email";
+            my $expected_issuer = 'C = '.$Country .
+                              ', ST = '.$State;
+            $expected_issuer .= ', L = ' . ($defaultCity ? $defaultCity : 'Default City');
+            $expected_issuer .= ', O = ' . ($defaultCompany ? $defaultCompany : 'Default Company Ltd');
+            $expected_issuer .= ", OU = $defaultDepartment" if $defaultDepartment;
+            $expected_issuer .= ", CN = $commonName" .
+                                  ", emailAddress = $email";
            my $issuer = `openssl x509 -issuer -noout -in $crt`;
            chomp $issuer;
-            $issuer =~ s/^issuer= //;
+            $issuer =~ s/^issuer=//;
            my $signatureAlg = `openssl x509 -text -noout -in $crt | grep "Signature Algorithm" | head -1`;
            chomp $signatureAlg;
            $signatureAlg =~ s/^ *Signature Algorithm: //;
@@ -70,6 +72,9 @@
            # openssl x509 -text -noout -in /etc/dehydrated/certs/domain/cert.pem | sed -ne '/X509v3 Subject Alternative Name/{ N;s/^.*\n//;:a;s/^\( *\)\(.*\), /\2,\1/;ta;p;q; }'
 	    $expected_subjectAltName = `openssl x509 -text -noout -in $crt | sed -ne '/X509v3 Subject Alternative Name/{ N;s/^.*\\n//;:a;s/^\\( *\\)\\(.*\\), /\\2,\\1/;ta;p;q; }'`;
 	    chomp $expected_subjectAltName;
+            print FH "Self-Signed Cert: $issuer\n expected $expected_issuer" unless ($issuer eq $expected_issuer);
+            print FH "Self-Signed Cert: $signatureAlg "unless ($signatureAlg ne "sha1WithRSAEncryption");
+            print FH "Self-Signed Cert: $subjectAltName\n expected: $expected_subjectAltName" unless ($subjectAltName eq $expected_subjectAltName);
            if (
 	                 ($issuer eq $expected_issuer)
 	              && ($signatureAlg ne "sha1WithRSAEncryption")
@@ -117,4 +122,5 @@
    }
    close(SSL) or die "Closing openssl pipe reported: $!";
    chdir $here;
+    close FH;
 }
--- a/root/etc/e-smith/templates/lib/modprobe.d/systemd.conf/10bond
+++ b/root/etc/e-smith/templates/lib/modprobe.d/systemd.conf/10bond
@@ -0,0 +1,18 @@
+#  SPDX-License-Identifier: LGPL-2.1+
+#
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+# When bonding module is loaded, it creates bond0 by default due to max_bonds
+# option default value 1. This interferes with the network configuration
+# management / networkd, as it is not possible to detect whether this bond0 was
+# intentionally configured by the user, or should be managed by
+# networkd/NM/etc. Therefore disable bond0 creation.
+# KOOZALI SME Server we do use it, and do not use NM, so enabling
+options bonding max_bonds=1
+
+
--- a/root/etc/e-smith/templates/lib/modprobe.d/systemd.conf/10dummy
+++ b/root/etc/e-smith/templates/lib/modprobe.d/systemd.conf/10dummy
@@ -0,0 +1,5 @@
+# Do the same for dummy0.
+# KOOZALI SME Server,we do use it too, so enabling
+
+options dummy numdummies=1
+
--- a/root/sbin/e-smith/systemd/network-pre
+++ b/root/sbin/e-smith/systemd/network-pre
@@ -0,0 +1,4 @@
+#!/bin/bash
+# make sure that dummy driver is enabled
+/usr/sbin/lsmod |/usr/bin/grep -q dummy || /usr/sbin/modprobe dummy numdummies=1
+
--- a/root/usr/lib/systemd/system/networking.service
+++ b/root/usr/lib/systemd/system/networking.service
@@ -7,6 +7,7 @@ Conflicts=NetworkManager.service

 [Service]
 Type=oneshot
+ExecStartPre=/sbin/e-smith/systemd/network-pre
 ExecStart=/etc/rc.d/init.d/network start
 ExecStop=/etc/rc.d/init.d/network stop
 ExecReload=/etc/rc.d/init.d/network restart
--- a/smeserver-base.spec
+++ b/smeserver-base.spec
@@ -4,7 +4,7 @@ Summary: smeserver server and gateway - base module
 %define name smeserver-base
 Name: %{name}
 %define version 11.0.0
-%define release 7
+%define release 9
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
@@ -39,6 +39,7 @@ Requires: smeserver-bootloader
 Requires: mdadm
 Requires: pv
 Requires: dhcp-server
+Requires: dhcp-client
 Requires: diald
 Requires: /usr/bin/passwd
 Requires: nss-pam-ldapd
@@ -63,7 +64,8 @@ BuildRequires: perl, perl(Test::Inline) >= 0.12
 BuildRequires: smeserver-devtools >= 1.13.1-03
 BuildRequires: gettext
 Requires: gdisk
-
+Requires: ppp
+Requires: rp-pppoe 
 %define dbfiles accounts configuration domains hosts networks
 AutoReqProv: no

@@ -101,6 +103,7 @@ rm -rf $RPM_BUILD_ROOT
 mkdir -p $RPM_BUILD_ROOT/etc/selinux
 (cd root   ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
 /sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
+    --file /sbin/e-smith/systemd/network-pre 'attr(0554,root,root)' \
    --file /sbin/e-smith/systemd/mdmonitor-pre 'attr(0554,root,root)' \
    --file /sbin/e-smith/systemd/rsyslog-pre 'attr(0554,root,root)' \
    --file /etc/cron.daily/conf-mod_ssl 'attr(0544,root,root)' \
@@ -181,6 +184,14 @@ fi


 %changelog
+* Wed Apr 17 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-9.sme
+- fix self-signed cert renewd when not necessary [SME: 12606]
+
+* Tue Apr 16 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme
+- add requirement for ppp [SME: 12622]
+- add requirement for rp-pppoe [SME: 12628]
+- enable modprobe dummy and bond [SME: 12627] 
+
 * Sat Apr 13 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-7.sme
 - fix init-accounts [SME: 12546]
Author	SHA1	Message	Date
Jean-Philippe Pialasse	2a87d8e1ba	* Wed Apr 17 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-9.sme - fix self-signed cert renewd when not necessary [SME: 12606]	2024-04-17 16:42:12 -04:00
Jean-Philippe Pialasse	dbc88b9a2c	* Tue Apr 16 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme - add requirement for ppp [SME: 12622] - add requirement for rp-pppoe [SME: 12628] - enable modprobe dummy and bond [SME: 12627]	2024-04-16 15:50:13 -04:00