https://github.com/FRRouting/frr/pull/11465 enabled account verification,
but the pam config declares rootok as sufficient in authentication only
and not in account verification, what causes warning in the log:
vtysh[3747]: pam_warn(frr:account): function=[pam_sm_acct_mgmt]
flags=0 service=[frr] terminal=[<unknown>] user=[root]
ruser=[<unknown>] rhost=[<unknown>]
Signed-off-by: Marius Tomaschewski <mt@suse.com>
It will be easier to maintain a single file instead of two separate.
Also, fixes the issue when the file (/var/log/frr/frr.log) is not created
after logrotate.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
FRR only needs lua library (package libluaX.Y-dev) to be compiled and
linked, but its `configure` script makes use of lua interpreter to
perform its checks. Therefore, `luaX.Y` package is a requisite
build-dependency for debian packaging.
This commit adds the debian package with the lua interpreter to the
build dependencies.
Signed-off-by: Eugene Crosser <crosser@average.org>
When we do "log file /var/log/frr/something", permissions are set to
0640 (frr:frr), but when the logrotate kicks in, we have 0640 (frr:frrvty).
I believe, we should have a consistent permissions.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
At the moment we set /var/log/frr permissions to 0750 (frr:frr), but the log
file is 0640 (root:adm) (unless logrotated) and that doesn't allow adm group
to even open the directory.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
The Debian autopkgtest would fail with new PAM introduced in Debian bullseye.
Add a little loop to wait a little longer for the changes to propagate.
Signed-off-by: Ondřej Surý <ondrej@sury.org>
Compile with v2.0.0 tag of `libyang2` branch of:
https://github.com/CESNET/libyang
staticd init load time of 10k routes now 6s vs ly1 time of 150s
Signed-off-by: Christian Hopps <chopps@labn.net>
Most of these are many, many years out of date. All of them vary
randomly in quality. They show up by default in packages where they
aren't really useful now that we use integrated config. Remove them.
The useful ones have been moved to the docs.
Signed-off-by: Quentin Young <qlyoung@nvidia.com>
Signed-off-by: Brady Johnson <brady@voltanet.io>
Co-authored-by: Javier Garcia <javier.garcia@voltanet.io>
Signed-off-by: Javier Garcia <javier.garcia@voltanet.io>
This adds _clippy.ELFFile, which provides a fast wrapper around libelf.
The API is similar to / a subset of pyelfutils, which unfortunately is
painfully slow (to the tune of minutes instead of seconds.)
The idea is that xrefs can be read out of ELF files by reading out the
"xref_array" section or "FRRouting/XREF" note.
Signed-off-by: David Lamparter <equinox@diac24.net>
