Open
Conversation
troglobit
force-pushed
the
mdns-fixes
branch
4 times, most recently
from
56bfd97 to
2313e60
Compare
This was
linked to
issues
Mar 4, 2026
troglobit
force-pushed
the
mdns-fixes
branch
2 times, most recently
from
175424a to
0688176
Compare
Fixes #1387 Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Replaces gunicorn+flask app with Go program, same function otherwise. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Introduce libfleet.sh and a new 'fleet' subcommand to ixll for managing and operating enrolled Infix devices via RESTCONF. Device configuration is stored in ~/.config/infix/config.json (chmod 600): and organised by profile, allowing bulk operations across groups of devices (e.g. all aarch64 targets). New commands: ixll fleet enroll [-d] [-p profile] [-u user] [-w password] <name> <address> ixll fleet list ixll fleet upgrade <name|profile> <url> ixll fleet backup [-o dir] <name|profile> ixll fleet reboot <name|profile> Upgrade runs in parallel across a fleet and shows a live per-device progress bar by polling the infix-system:install-bundle RPC and the installer state from the YANG operational data store. The global -A flag (admin/admin) is honoured as a credential fallback for devices enrolled without an explicit password. Also fix a pre-existing typo: ">2" → ">&2" in the error path. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Instead of publishing A/AAAA records for $(hostname).loocal with a CNAME infix.local, we flip it around to take advantage of the mDNS conflict resolution rules. This gives us infix.local for one device ont the LAN and infix-2.local for the next. Update all service records to *not* advertise hostname, but instead to let Avahi imply that from the advertised A/AAAA and CNAME records. Fixes #1387 Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Simplify and consolidate generation of mdns service records from an external script to C. This reduces fork + exec and saves two seconds of boot time on single core Cortex-A7 systems. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Use avahi's %h wildcard in service names so each device's hostname is included, avoiding collision suffixes (#2, #3) when multiple Infix devices are on the same network. Skip TXT records whose JSON value is null rather than emitting empty key= fields. Add _workstation._tcp (with chassis MAC) and _device-info._tcp (with model= from product-name) as always-on records tied to mDNS being active. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Add a `hostname` leaf to the `mdns` YANG container with default `"%h"`, allowing operators to override the avahi host-name used for mDNS A/AAAA records without reflashing. The default expands to DEFAULT_HOSTNAME from os-release, preserving existing behaviour for unconfigured deployments. Format specifiers %h/%i/%m are supported via the existing hostnamefmt() infrastructure, which is also fixed to copy the const fmt argument to a local buffer before modification (UB when called with a libyang-owned string). Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
avahi's parseable output uses \DDD decimal escape sequences, not octal. The previous decoder treated them as octal, causing digits 8 and 9 to fall through undecoded (e.g. \058 → ':' and \091 → '[' were shown literally). Also handle \X non-digit escapes (e.g. \. → '.') used for dots in service instance names. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Apple devices (e.g. Apple TV) publish vv=1 in their AirPlay/RAOP TXT records, causing a false positive with our Infix platform marker. Tighten the filter to require vv=1 together with at least one management service type (ssh, https, http, netconf, restconf), which Apple devices never advertise. Keep on=Infix as a fallback for older firmware that predates vv=1. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Replace the Go template + table layout with a fetch-based design: serve browse.html as static HTML, add /data JSON endpoint. New UI features: - Card-per-device grid with color-coded service badges - Dark/light/system theme toggle (persisted to localStorage) - Live search (press / to focus) - Auto-refresh toggle with 30 s countdown, off by default - Empty/error states and device count in footer - IBM Plex Mono throughout Download the latin-subset woff2 files (weights 400/500/600) from fonts.gstatic.com (IBM Plex Mono v20) and serve them locally via the existing //go:embed static mechanism, eliminating the Google Fonts dependency for air-gapped and offline deployments. Source: https://github.com/IBM/plex Files: fonts.gstatic.com/s/ibmplexmono/v20/ License: SIL Open Font License 1.1 (static/fonts/LICENSE.txt) Copyright © 2017 IBM Corp. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
- IP address shown in soft parens on the card header line, e.g. "infix.local (192.168.1.10)"; IPv4 preferred over IPv6, link-local skipped - Product name and OS version (from mDNS TXT records "product=" and "ov=") shown as a secondary line below the header when available - Theme toggle icons changed from ◐/●/○ to ◐/☽/☀ (system/dark/light) - browse.go: introduce Host struct (addr, product, version, other, svcs) replacing the flat []Service map; scan() now returns map[string]Host - Search also matches against IP, product, and version fields Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
avahi-browse returns 127.0.0.1 (or ::1) when resolving services on the same machine netbrowse is running on. These addresses are meaningless for display and misleading as click targets. Skip the entire 127.x/::1 range and link-local (fe80:) when choosing the preferred address for a host card; the card addr field is simply omitted if no routable address is seen. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
network.local is a discovery/browse page, not a management interface. Serving it over HTTP eliminates the self-signed certificate warning browsers show for .local mDNS names without changing the security posture of the actual device management pages (still HTTPS-only). The new port-80 server_name block takes precedence over the catch-all HTTP → HTTPS redirect in default.conf. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Increase Zebra NETLINK buffer to fix reported issues with zebra being out of sync with kernel routes and interface changes. Also, try '-a' option to allow other processes to delete zebra routes. Other changes in this commit: - Minor fixes to Finit service files for consistency - Empty daemon.conf stub files to silence bogus mgmtd errors at startup - Relocate all skeleton files from board/common to separate from files that are actual Infix additions and what's package system integration Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Always emit the "1..N" plan line before exiting with error so test harnesses don't report "test error, no plan" for failed or aborted tests. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Fixes #1416 Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
A legacy name length limit in firewalld triggered problems with longer policy names. This patch to firewalld lifts that limit by checking the backend in use, no limit for nftables. Fixes #1389 Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Add three SSH-related commands to the operational CLI:
ssh [user <name>] [port <num>] <host>
Connect to a remote device over SSH, running as the
CLI user (not root) by dropping privileges before exec.
set ssh known-hosts <host> <keytype> <pubkey>
Pre-enroll a host public key received out-of-band (e.g.
via email after a factory reset) into ~/.ssh/known_hosts,
avoiding a TOFU prompt on first connect.
no ssh known-hosts <host>
Remove a stale host key entry using ssh-keygen -R, e.g.
after a device factory reset causes a key mismatch.
Tab completion is provided for key types (ssh-ed25519,
ecdsa-sha2-nistp256, etc.) and for known host names/IPs.
A new run_as_user() helper is introduced alongside the existing
run(), factoring out the fork+setuid+execvp pattern used by
infix_shell() so it can be shared across the SSH functions.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
The awk insertion path used getline to peek at the line right after the "### Changes", but only printed it when NF == 0 (blank line). If the section already had a non-blank entry (e.g. a Buildroot upgrade line), getline consumed it silently and the kernel line was written in its place. Fix by adding the missing else branch so the consumed line is always re-emitted — blank lines before the new entry, non-blank lines after it. Also demote the missing-UNRELEASED guard from exit 1 to a warning with return 0, so the workflow doesn't abort when a new release cycle hasn't had its ChangeLog section opened yet. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
The MVEBU SafeXcel Crypto Engine firmware (linux-firmware minifw) was originally added in 70c12c3 to the generic aarch64 defconfigs to silence kernel probe failures on Marvell Armada SoCs (37xx, 7k, 8k, CN913x): crypto-safexcel f2800000.crypto: Firmware load failed. crypto-safexcel f2800000.crypto: HW init failed (-2) It was then accidentally dropped in 0e2d12e (kernel upgrade to 6.18), which rebased on a tree that predated the firmware addition. Rather than restoring it to the generic defconfigs, move it to the two Marvell board Config.in files where it actually belongs — consistent with how RTL8169 firmware was handled for the Raspberry Pi CM4 IoT Router Board Mini in 6831377. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Features:
sshfamily of commands to log onto other devices and manage host keysmdns-aliaspackage along with a rewritten netbrowse from Python -> Gohostnamesetting for mdns, default is the distro specificDEFAULT_HOSTNAMEshow mdnssupport to list mDNS neighborsFixes:
daemonsbut not in our/etc/default/zebraChecklist
Tick relevant boxes, this PR is-a or has-a: