Nightly builds update?

Thisistheoldplan · August 11, 2023, 4:47pm

current nightly is at aug 06, is this the build referenced in aug 2023 update blog post?

Apachez · August 11, 2023, 5:15pm

Good question, hopefully some maintainer can enlighten us why there are no nightly builds since 6th aug and today is the 11th aug?

https://vyos.net/get/nightly-builds/

JoeN · August 11, 2023, 7:44pm

Hi, @Thisistheoldplan @Apachez

It appears there might be some misunderstanding regarding the nightly build and the details mentioned in the update blog post. The blog post is referring is referencing the August 6 release. As of today, no additional nightly build has been released.

The term ‘rolling release’ mentioned in the blog post could indicate ongoing updates rather than strictly nightly builds. It’s important to note that there might be instances where new builds are not produced due to ongoing development, testing processes, and other considerations.

Best,
Joe

Apachez · August 12, 2023, 6:47am

But there are plenty of commits since 6th august (including several critical Intel and AMD CPU vulnerabilities addressed by new kernels and microcode updates) and now its 12th august and still no new nightly build.

Either something have failed terribly at smoketests or similar and is creating a huge blocked queue (if so then remove that commit from the queue so the others can finish so a new nightly can be released) or something else is going on (could be several valid reasons for why new nightlies have been disabled).

And if its the later (a manual block) then perhaps a note about it should be put up on the nightly page over at VyOS Community ?

Like “Update 2023-08-11: New nightly builds have been paused until xx august due to yyy” or “New nightly builds have been paused until Txxxx have been resolved” or such.

Thisistheoldplan · August 12, 2023, 3:16pm

github.com/vyos/vyos-1x

T5160: Firewall refactor

vyos:current ← nicolas-fort:T5160

opened 11:59PM - 23 May 23 UTC

nicolas-fort

+2781 -1394

## Change Summary Firewall refactor ## Types of changes  - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Code style update (formatting, renaming) - [x] Refactoring (no functional changes) - [ ] Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component - [ ] Other (please describe): ## Related Task(s) * https://vyos.dev/T5160 * https://vyos.dev/T5096 * https://vyos.dev/T5250 ## Component(s) name firewall ## Proposed changes ## How to test  Some config migration were done. Example on how new cli looks: ``` vyos@zone-mig:~$ conf [edit] vyos@zone-mig# set firewall Possible completions: > global-options Global Options > group Firewall group > ipv4 IPv4 firewall > ipv6 IPv6 firewall [edit] vyos@zone-mig# set firewall ipv4 Possible completions: > forward IPv4 forward firewall > input IPv4 input firewall +> name IPv4 custom firewall > output IPv4 output firewall [edit] vyos@zone-mig# set firewall ipv4 input Possible completions: > filter IPv4 firewall input filter [edit] vyos@zone-mig# set firewall ipv4 input filter rule 10 Possible completions: action Rule action + connection-mark Connection mark > connection-status Connection status description Description ``` Some config example: ``` vyos@zone-mig:~$ show config comm | grep input set firewall ipv4 input filter default-action 'accept' set firewall ipv4 input filter rule 1 action 'accept' set firewall ipv4 input filter rule 1 state established 'enable' set firewall ipv4 input filter rule 2 action 'drop' set firewall ipv4 input filter rule 2 state invalid 'enable' set firewall ipv4 input filter rule 3 action 'accept' set firewall ipv4 input filter rule 3 state related 'enable' set firewall ipv4 input filter rule 101 action 'jump' set firewall ipv4 input filter rule 101 inbound-interface interface-group 'IG_LAN' set firewall ipv4 input filter rule 101 jump-target 'LAN-LOCAL' set firewall ipv4 input filter rule 106 action 'jump' set firewall ipv4 input filter rule 106 inbound-interface interface-group 'IG_OPENVPN' set firewall ipv4 input filter rule 106 jump-target 'LOCAL-OPENVPN' set firewall ipv4 input filter rule 111 action 'jump' set firewall ipv4 input filter rule 111 inbound-interface interface-group 'IG_RRI' set firewall ipv4 input filter rule 111 jump-target 'RRI-LOCAL' set firewall ipv4 input filter rule 116 action 'jump' set firewall ipv4 input filter rule 116 inbound-interface interface-group 'IG_WAN' set firewall ipv4 input filter rule 116 jump-target 'WAN-LOCAL' set firewall ipv4 input filter rule 121 action 'jump' set firewall ipv4 input filter rule 121 inbound-interface interface-group 'IG_WG' set firewall ipv4 input filter rule 121 jump-target 'LOCAL-WG' set firewall ipv4 input filter rule 126 action 'reject' ## And nft ruleset for such config vyos@zone-mig:~$ sudo nft list chain ip vyos_filter VYOS_INPUT_filter table ip vyos_filter { chain VYOS_INPUT_filter { type filter hook input priority filter; policy accept; ct state established counter packets 0 bytes 0 accept comment "INP-filter-1" ct state invalid counter packets 0 bytes 0 drop comment "INP-filter-2" ct state related counter packets 30 bytes 2640 accept comment "INP-filter-3" iifname @I_IG_LAN counter packets 12632 bytes 2505599 jump NAME_LAN-LOCAL comment "INP-filter-101" iifname @I_IG_OPENVPN counter packets 0 bytes 0 jump NAME_LOCAL-OPENVPN comment "INP-filter-106" iifname @I_IG_RRI counter packets 0 bytes 0 jump NAME_RRI-LOCAL comment "INP-filter-111" iifname @I_IG_WAN counter packets 0 bytes 0 jump NAME_WAN-LOCAL comment "INP-filter-116" iifname @I_IG_WG counter packets 0 bytes 0 jump NAME_LOCAL-WG comment "INP-filter-121" counter packets 0 bytes 0 reject comment "INP-filter-126" } } ``` Smoketest ``` root@zone-mig:/usr/libexec/vyos/tests/smoke/cli# ./test_firewall.py test_geoip (__main__.TestFirewall.test_geoip) ... Updating GeoIP. Please wait... ok test_groups (__main__.TestFirewall.test_groups) ... ok test_ipv4_advanced (__main__.TestFirewall.test_ipv4_advanced) ... ok test_ipv4_basic_rules (__main__.TestFirewall.test_ipv4_basic_rules) ... ok test_ipv4_mask (__main__.TestFirewall.test_ipv4_mask) ... ok test_ipv4_state_and_status_rules (__main__.TestFirewall.test_ipv4_state_and_status_rules) ... ok test_ipv6_advanced (__main__.TestFirewall.test_ipv6_advanced) ... ok test_ipv6_basic_rules (__main__.TestFirewall.test_ipv6_basic_rules) ... ok test_ipv6_mask (__main__.TestFirewall.test_ipv6_mask) ... ok test_nested_groups (__main__.TestFirewall.test_nested_groups) ... ok test_sysfs (__main__.TestFirewall.test_sysfs) ... ok ---------------------------------------------------------------------- Ran 11 tests in 29.837s OK root@zone-mig:/usr/libexec/vyos/tests/smoke/cli# ``` Also smoketest for other features, such as policy_route and nat and were tested ## Checklist: - [x] I have read the [**CONTRIBUTING**](https://github.com/vyos/vyos-1x/blob/current/CONTRIBUTING.md) document - [x] I have linked this PR to one or more Phabricator Task(s) - [x] I have run the components [**SMOKETESTS**](https://github.com/vyos/vyos-1x/tree/current/smoketest/scripts/cli) if applicable - [x] My commit headlines contain a valid Task id - [x] My change requires a change to the documentation - [ ] I have updated the documentation accordingly I will start working on docs soon

i’m assuming its due to this

Apachez · August 12, 2023, 4:41pm

That was commited on friday evening (aka yesterday) - there have been no new nightly builds since monday (aka 6 days and counting)…

Netboy3 · August 13, 2023, 6:29pm

In 99% of the cases where nightlies do not post, it’s because of failed smoketests that started failing as new commits are introduced. Currently, the Zabbix agent smoketest fails. I’m sure the dev team is working on fixing this issue.

system · August 15, 2023, 6:30pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.