Skip to content

Candidate backports for v25.08.2#1328

Merged
wkz merged 9 commits intov25.08.xfrom
cand/v25.08.x
Dec 19, 2025
Merged

Candidate backports for v25.08.2#1328
wkz merged 9 commits intov25.08.xfrom
cand/v25.08.x

Conversation

@troglobit
Copy link
Contributor

Description

Proposed fixes to backport to v25.08.2:

Checklist

Tick relevant boxes, this PR is-a or has-a:

  • Bugfix
    • Regression tests
    • ChangeLog updates (for next release)
  • Feature
    • YANG model change => revision updated?
    • Regression tests added?
    • ChangeLog updates (for next release)
    • Documentation added?
  • Test changes
    • Checked in changed Readme.adoc (make test-spec)
    • Added new test to group Readme.adoc and yaml file
  • Code style update (formatting, renaming)
  • Refactoring (please detail in commit messages)
  • Build related changes
  • Documentation content changes
    • ChangeLog updated (for major changes)
  • Other (please describe):

troglobit and others added 9 commits December 18, 2025 14:11
Actually disable iitod on Styx DCP-SC-28p to work around #670, this
prohibits software control of LEDs, leaving the default HW control,
which has proven more stable on this platform.

Backported from origin/main b0dce8a

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Prevent patch releases from stealing the "latest" tag from newer minor
versions. Only vXX.YY and vXX.YY.0 releases should be marked as latest.

Fixes #1187

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This is a backport of the following commits from origin/main: 3b24fab
e6a04fb 92e80b4 ad96965 3e03ece 21256a8 b7d91e4 d26e311 0977ab4 f83fbc6

---

cli: fix 'copy FILE running-config' use-case

When copying to the running datastore we cannot use sr_copy_config(),
instead we must use sr_replace_config().  This fix covers both the case
of 'copy startup-config running-config' and 'copy FILE running-config'.

Fixes #1203

---

cli: add 'validate', or '-n', dry run to copy command

This commit adds config file validation to the copy command, discussed
in #373.  Allowing users to test their config files before restoring a
backup.  The feature could also be used for the automatic rollback when
downgrading to an earlier version of the OS.

Fixes #373

---

cli: fix copy to missing startup-config file

Fixes #981

---

cli: restrict copy and erase commands

This is a follow-up to PR #717 where path traversal protection was
discussed.  A year later and it's clear that having a user-friendly
copy tool in the shell is a good thing, but that we proably want to
restrict what it can do when called from the CLI.

A sanitize flag (-s) is added to control the behavior, when used in the
shell without -s, both commands act like traditional UNIX tools and do
assume . for relative paths, and allow ../, whereas when running from
the CLI only /media/ is allowed and otherwise files are assumed to be
in $HOME or /cfg

---

cli: sanitize regular file to file copy

The regular file-to-file copy, was missing calls to cfg_adjust(), this
commit fixes that and adds some helpful comments for each use-case.

Also, drop insecure mktemp() in favor of our own version which uses the
basename of the remote source file.

---

bin: add bash completion for copy command

Add bash completion for the common datastores, like we already do in the
CLI, and update the usage text accordingly.

Also, make sure to install to /usr/bin, not /bin since we've now merged
the hierarchies since a while back.

---

bin: copy: Refactor

copy() made some...creative...use of control flow that made it quite
difficult to follow.

Take a first priciples approach to simplify the logic.

---

bin: copy: Always get startup from sysrepo

This will make sure to apply NACM rules for all the data. It also
makes it possible for a luser access a subset of the data, even if
they to do not have read access to /cfg/startup-config.cfg.

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Backported from origin/main 5420fb0

Includes the latest DRAM ECC status, with/without sudo, and temperature.

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Backported from origin/main 7edc3c1

Fixes #1281

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Dec  8 15:22:44 ix-00-00-00 watchdogd[2599]: Memory usage: 195036 kB, cached: 69740 kB, total: 423628 kB
Dec  8 15:22:44 ix-00-00-00 watchdogd[2599]: File system /var usage: blocks 4710/52564 inodes 80/65456
Dec  8 15:22:44 ix-00-00-00 watchdogd[2599]: File descriptor usage: 640/34603

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Turn on OOPS-to-panic, soft/hard lockup panic, hung-task panic, and
extra workqueue watchdog reporting. This makes latent stalls visible
instead of silently freezing, improving diagnosis of issues like the
recent resource-pressure lockup.

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Usable by all Server Base System Architecture (SBSA) compliant SoCs,
e.g., CN9130.
This will be us the ability to test a hardware watchdog's ability to
trigger on different kinds of lockups.
@troglobit
Copy link
Contributor Author

When PR #1329 has been merged to main we can lift in that kernel bump on this branch as well.

Copy link
Contributor

@mattiaswal mattiaswal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

Copy link
Contributor

@wkz wkz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Super! 🔥

@wkz wkz merged commit 96fad20 into v25.08.x Dec 19, 2025
6 checks passed
@wkz wkz deleted the cand/v25.08.x branch December 19, 2025 09:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants

Comments