mediator

Commit Graph

Author	SHA1	Message	Date
Guillem Jover	9e7fa8d3a4	MT#62899 Update packaging for Debian trixie - Update copyright years. - Update Standards-Version to 4.7.2. - Remove «Rules-Requires-Root: no» field, which is now the default. - Remove «Priority: optional» field, which is now the default. - Remove ancient conffile removal handling. - Wrap and sort fields. - Add spaces around operators in make variables. Change-Id: Ibdcbb41520e5c5fdf4a2f88e5fc062445b90f91a	4 weeks ago
Sipwise Jenkins Builder	b0df2e3ba8	Release new version 14.1.0.0+0~mr14.1.0.0	2 months ago
Sipwise Jenkins Builder	c09c97e222	Release new version 14.0.0.0+0~mr14.0.0.0	4 months ago
Sipwise Jenkins Builder	332fba5cfd	Release new version 13.5.0.0+0~mr13.5.0.0	7 months ago
Sipwise Jenkins Builder	a65481b570	Release new version 13.4.0.0+0~mr13.4.0.0	9 months ago
Sipwise Jenkins Builder	a2b0a3acdc	Release new version 13.3.0.0+0~mr13.3.0.0	12 months ago
Michael Prokop	f54c934bb8	MT#61751 Install systemd service file in /usr Fixes lintian issues reported on Debian/trixie (lintian v2.121.1): \| E: ngcp-mediator: aliased-location [lib/] \| E: ngcp-mediator: aliased-location [lib/systemd/] \| E: ngcp-mediator: aliased-location [lib/systemd/system/] \| E: ngcp-mediator: aliased-location [lib/systemd/system/mediator.service] FYI: \| % lintian-explain-tags aliased-location \| N: \| E: aliased-location \| N: \| N: This package installs files into an aliased location and should not be doing so. \| N: \| N: Since Debian Trixie, the base-files package sets up symbolic links such as /bin pointing to usr/bin. Installing files in /bin directly thus triggers undefined behaviour in dpkg. \| N: \| N: Packages must no longer install files into such locations and must install them to the corresponding location under usr/ instead. \| N: \| N: Please refer to Binaries (Section 10.1) in the Debian Policy Manual and Bug#1074014 for details. \| N: \| N: Visibility: error \| N: Show-Always: no \| N: Check: files/hierarchy/standard \| N: FTR, it's also /usr/lib/systemd/system/ngcp-license-client.service already on our Debian/bookworm based systems: \| root@sp1:~# lsb_release -c -s \| No LSB modules are available. \| bookworm \| \| root@sp1:~# ls -ld /lib /usr \| lrwxrwxrwx 1 root root 7 Dec 12 01:08 /lib -> usr/lib \| drwxr-xr-x 12 root root 4096 Dec 12 01:08 /usr \| \| root@sp1:~# realpath /lib/systemd/system/mediator.service \| /usr/lib/systemd/system/ngcp-mediator.service Change-Id: I7bad86f4b41968c1afe81eb06b62279f606d5976	1 year ago
Sipwise Jenkins Builder	d35a5be89b	Release new version 13.2.0.0+0~mr13.2.0.0	1 year ago
Sipwise Jenkins Builder	21eb714cd7	Release new version 13.1.0.0+0~mr13.1.0.0	1 year ago
Michael Prokop	b7b9b49ef8	MT#60916 lintian: ignore service-file-is-not-a-file for mediator.service We ship /lib/systemd/system/mediator.service as symlink pointing to ngcp-mediator.service, ignore in lintian as reported by lintian v2.118.1 as present in current Debian/testing AKA trixie. Fixes: \| E: ngcp-mediator: service-file-is-not-a-file [lib/systemd/system/mediator.service] Change-Id: Ib27cfddefaeb95f52703f695e938736e91fc9939	1 year ago
Sipwise Jenkins Builder	512f3c3638	Release new version 13.0.0.0+0~mr13.0.0.0	1 year ago
Sipwise Jenkins Builder	800599f6cf	Release new version 12.5.0.0+0~mr12.5.0.0	2 years ago
Sipwise Jenkins Builder	d8fd20ab70	Release new version 12.4.0.0+0~mr12.4.0.0	2 years ago
Sipwise Jenkins Builder	057a547db3	Release new version 12.3.0.0+0~mr12.3.0.0	2 years ago
Sipwise Jenkins Builder	a903f0c968	Release new version 12.2.0.0+0~mr12.2.0.0	2 years ago
Sipwise Jenkins Builder	96f6961060	Release new version 12.1.0.0+0~mr12.1.0.0	2 years ago
Guillem Jover	cc5a0937c9	MT#58356 Update packaging for bookworm - Add Rules-Requires-Root field. - Switch to Standards-Version 4.6.2. - Update copyright years. Change-Id: I2aeb804a0268218cd307a61d7e9ba697b930156d	2 years ago
Sipwise Jenkins Builder	52ec3078b4	Release new version 12.0.1.0+0~mr12.0.1.0	2 years ago
Sipwise Jenkins Builder	dbc0d974c8	Release new version 11.5.0.0+0~mr11.5.0.0	3 years ago
Sipwise Jenkins Builder	274133b957	Release new version 11.4.0.0+0~mr11.4.0.0	3 years ago
Sipwise Jenkins Builder	45c3e1a806	Release new version 11.3.0.0+0~mr11.3.0.0	3 years ago
Sipwise Jenkins Builder	4cf86cdb52	Release new version 11.2.0.0+0~mr11.2.0.0	3 years ago
Sipwise Jenkins Builder	5326c63dd7	Release new version 11.1.0.0+0~mr11.1.0.0	3 years ago
Sipwise Jenkins Builder	ee38fbf611	Release new version 11.0.0.0+0~mr11.0.0.0	4 years ago
Sipwise Jenkins Builder	076bfd6140	Release new version 10.5.0.0+0~mr10.5.0.0	4 years ago
Sipwise Jenkins Builder	2bf839bbcc	Release new version 10.4.0.0+0~mr10.4.0.0	4 years ago
Mykola Malkov	5896ce4670	TT#154255 Remove redis dependency from unit file We are migrating from redis to keydb so for now we need to support both so we should not depend on specific key-value storage in unit file but should use database.key_value.flavor value in override file. But we can't redefine dependencies in override file just add additional ones. So remove it from unit file. Change-Id: I16e94e938bd9f1da14e1068bc6b94485b08a4ca5	4 years ago
Sipwise Jenkins Builder	f31b937539	Release new version 10.3.0.0+0~mr10.3.0.0	4 years ago
Guillem Jover	22d33bc9db	TT#124273 Update packaging for bullseye - Switch to debhelper compat level 13. - Switch to Standards-Version 4.5.1. - Update copyright years. Change-Id: I9938e387bd86a1b80fcd23c20b95732537e42ba8	4 years ago
Sipwise Jenkins Builder	7079f957a8	Release new version 10.2.0.0+0~mr10.2.0.0	4 years ago
Sipwise Jenkins Builder	8681a491a7	Release new version 10.1.0.0+0~mr10.1.0.0	4 years ago
Sipwise Jenkins Builder	3edd5aa819	Release new version 10.0.0.0+0~mr10.0.0.0	5 years ago
Sipwise Jenkins Builder	807f53ac51	Release new version 9.5.0.0+0~mr9.5.0.0	5 years ago
Sipwise Jenkins Builder	95ab768304	Release new version 9.4.0.0+0~mr9.4.0.0	5 years ago
Michael Prokop	0cbeddf0a2	TT#110904 TT#76552 Fix systemd hardening for rand() access We need readonly access to /dev/urandom, otherwise the rand() calls might fail, as seen in kamailio-config-tests. Change-Id: Id132191994ae5fe74ec3ebb7d34a4a5d50769dbc Thanks: Victor Seva for reporting	5 years ago
Michael Prokop	fa565ef32c	TT#110904 TT#76552 Fix systemd hardening for carrier environments In carrier environments we have foreign DB hosts configured in /etc/ngcp-mediator/ngcp-mediator.conf, therefore we can't easily apply IP address filtering. JFTR, new and current systemd hardening state for ngcp-mediator: \| $ sudo COLUMNS=142 systemd-analyze security ngcp-mediator \| grep -v '✓' \| NAME DESCRIPTION EXPOSURE \| ✗ PrivateNetwork= Service has access to the host's … 0.5 \| ✗ User=/DynamicUser= Service runs as root user 0.4 \| ✗ RestrictAddressFamilies=~AF_(INET… Service may allocate Internet soc… 0.3 \| ✗ RestrictAddressFamilies=~… Service may allocate exotic socke… 0.3 \| ✗ DeviceAllow= Service has a device ACL with som… 0.1 \| ✗ IPAddressDeny= Service does not define an IP add… 0.2 \| ✗ RestrictAddressFamilies=~AF_PACKET Service may allocate packet socke… 0.2 \| ✗ SystemCallFilter=~@privileged System call whitelist defined for… 0.2 \| ✗ RestrictAddressFamilies=~AF_NETLI… Service may allocate netlink sock… 0.1 \| ✗ RootDirectory=/RootImage= Service runs within the host's ro… 0.1 \| SupplementaryGroups= Service runs as root, option does… \| RemoveIPC= Service runs as root, option does… \| ✗ RestrictAddressFamilies=~AF_UNIX Service may allocate local sockets 0.1 \| \| → Overall exposure level for ngcp-mediator.service: 2.1 OK 🙂 Change-Id: I0e7c474eddd5d4d4c77b9bda157448294ed0a5c4	5 years ago
Michael Prokop	29cf8436b8	TT#76552 Harden ngcp-mediator service ngcp-mediator service state BEFORE this change: \| $ systemd-analyze security ngcp-mediator \| tail -1 \| → Overall exposure level for ngcp-mediator.service: 9.5 UNSAFE 😨 ngcp-mediator service state AFTER this change: \| $ sudo COLUMNS=142 systemd-analyze security ngcp-mediator \| grep -v '✓' \| NAME DESCRIPTION EXPOSURE \| ✗ PrivateNetwork= Service has access to the host's network 0.5 \| ✗ User=/DynamicUser= Service runs as root user 0.4 \| ✗ RestrictAddressFamilies=~AF_(INET\|INET6) Service may allocate Internet sockets 0.3 \| ✗ RestrictAddressFamilies=~… Service may allocate exotic sockets 0.3 \| ✗ DeviceAllow= Service has a device ACL with some special devices 0.1 \| ✗ IPAddressDeny= Service defines IP address whitelits with only localhost entries 0.1 \| ✗ RestrictAddressFamilies=~AF_PACKET Service may allocate packet sockets 0.2 \| ✗ SystemCallFilter=~@privileged System call whitelist defined for service, and @privileged is included 0.2 \| ✗ RestrictAddressFamilies=~AF_NETLINK Service may allocate netlink sockets 0.1 \| ✗ RootDirectory=/RootImage= Service runs within the host's root directory 0.1 \| SupplementaryGroups= Service runs as root, option does not matter \| RemoveIPC= Service runs as root, option does not apply \| ✗ RestrictAddressFamilies=~AF_UNIX Service may allocate local sockets 0.1 \| \| → Overall exposure level for ngcp-mediator.service: 2.0 OK 🙂 Change-Id: If33c303b9df465393f15c0b685d1aab54a465df6	5 years ago
Sipwise Jenkins Builder	6adedfa95f	Release new version 9.3.0.0+0~mr9.3.0.0	5 years ago
Sipwise Jenkins Builder	3ecc47f72e	Release new version 9.2.0.0+0~mr9.2.0.0	5 years ago
Sipwise Jenkins Builder	6e025352f5	Release new version 9.1.0.0+0~mr9.1.0.0	5 years ago
Sipwise Jenkins Builder	de07b98dfe	Release new version 9.0.0.0+0~mr9.0.0.0	6 years ago
Sipwise Jenkins Builder	a29d4ac6fa	Release new version 8.6.0.0+0~mr8.6.0.0	6 years ago
Sipwise Jenkins Builder	358ce4fea6	Release new version 8.5.0.0+0~mr8.5.0.0	6 years ago
Sipwise Jenkins Builder	65cf58705c	Release new version 8.4.0.0+0~mr8.4.0.0	6 years ago
Sipwise Jenkins Builder	1fda50b57c	Release new version 8.3.0.0+0~mr8.3.0.0	6 years ago
Sipwise Jenkins Builder	7fffed14db	Release new version 8.2.0.0+0~mr8.2.0.0	6 years ago
Sipwise Jenkins Builder	7904253051	Release new version 8.1.0.0+0~mr8.1.0.0	6 years ago
Sipwise Jenkins Builder	c854814e9c	Release new version 8.0.0.0+0~mr8.0.0.0	7 years ago
Guillem Jover	6dd2cbb121	TT#61954 Set debhelper compat level in Build-Depends instead of debian/compat Change-Id: I3eb126cad7dad217d1b6d37d1cbf5d25b6af8418	7 years ago
Guillem Jover	a1e9a99e83	TT#61954 Update copyright years Change-Id: I13e83a56a7a6962296ceeb40fb79a20e3bac29aa	7 years ago

1 2 3 4

165 Commits (master)