T7557: Updates for Debian Trixie

[sarthurdev]

Change summary

• Update tests for nose2 (nose package removed)
• Serial session check no longer possible with utmp (utmp removed)
• Use Debian update-locale to change time format (localectl setting is unsupported/blocked)
• Add e2fsprogs for installer mkfs.ext4
• Add systemd units for SysV init files (systemd-sysv-generator deprecated)
• Silence verbose dmesg log from console
• Migrate and remove SSH DSA keys (unsupported and removed in Trixie)
• Resolve container issues by migrating to podman quadlet for container/network unit handling
• Add workaround for test_ssh_trusted_user_ca test due to upstream Paramiko bug
• Service https/api requires python3-fastapi package
• Added workaround for DNS forwading legacy config format

Outstanding issues:

• Podman network aardvark-dns does not work, disabled until local or upstream fix found
• Migrate DNS forwarding to new YAML config format

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• Other (please describe):

Related Task(s)

Related PR(s)

• T7557: Update the Python requirement to 3.13 vyos-http-api-tools#25
• T7557: Use Debian trixie as build base for container and VyOS image vyos-build#978
• T7557: Updates for Debian Trixie vyatta-cfg#104
• vbash: T7575: Update to bash 5.2.37 vyatta-bash#15

How to test / Smoketest result

Smoketests fail spectacularly, this is draft for now.

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• I have run the components SMOKETESTS if applicable
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

[github-actions]

👍
No issues in PR Title / Commit Title

[github-actions]

✅ No issues found in unused-imports check.. Please refer the workflow run

[github-actions]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[github-actions]

CI integration ❌ failed!

Details

CI logs

• CLI Smoketests (no interfaces) ❌ failed
• CLI Smoketests (interfaces only) ❌ failed
• Config tests ❌ failed
• RAID1 tests ❌ failed
• TPM tests ❌ failed

[dmbaturin]

I have to admit I got too caught up in the discussion of the Trixie update timeline and overlooked the fact that this PR mixes purely internal changes with feature removals and config syntax changes.

We must create separate tasks and PRs for eventual removal of DSS and DSA support from SSH. We should also add deprecation warnings about those things now (https://vyos.dev/T7705).

[dmbaturin]

I feel this warrants a comment to explain what the old settings in question are. Or can we change the scripts to make this no longer necessary?

[sarthurdev]

PowerDNS changed the settings format to YAML from legacy config files.

This argument enables our legacy .conf templates to work, pending rewrite to YAML.

[dmbaturin]

python3-nose2 exists in Bookworm — can we update these dependencies separately right now?

[dmbaturin]

We could add it right now.

[dmbaturin]

We could add it right now, in a PR to upgrade dependencies.

[dmbaturin]

This certainly deserves a separate task.

[dmbaturin]

I'm sure this also needs its own task.

[dmbaturin]

Configuration syntax changes always require separate tasks and PRs and cannot be lumped together with any other changes under any circumstances — we need to track them separately for release notes as incompatible changes so we must take every step to make sure they aren't lost.

Please create a separate task in Phorge for DSS support removal and move this to a separate PR.

[dmbaturin]

This also must be a separate task and a separate PR.

[dmbaturin]

The idea to upgrade to Trixie is on hold now, so I'm closing this PR series — not because they are bad, we'll reopen and merge them when we are ready to upgrade.