Add yang check

.gitignore

@@ -2,6 +2,7 @@
 .claude
 .gdb_history
 .claude
+AGENTS.md
 /.backup
 /.ccache
 /dl
@@ -11,4 +12,3 @@
 /test/.log
 /local.mk
 /test/spec/Readme.adoc
-

patches/sysrepo/4.2.10/0001-sysrepo-plugind-add-support-for-running-in-foregroun.patch

@@ -1,11 +1,15 @@
 From efe7706fd7397c2feb384afea00ee97e74287df0 Mon Sep 17 00:00:00 2001
 From: Joachim Wiberg <troglobit@gmail.com>
 Date: Tue, 28 Mar 2023 10:37:53 +0200
-Subject: [PATCH 1/9] sysrepo-plugind: add support for running in foreground
+Subject: [PATCH 01/10] sysrepo-plugind: add support for running in foreground
  with syslog
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
 Organization: Wires
 
 Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
+Signed-off-by: Mattias Walström <lazzer@gmail.com>
 ---
  src/executables/sysrepo-plugind.c | 10 +++++++++-
  1 file changed, 9 insertions(+), 1 deletion(-)

patches/sysrepo/4.2.10/0002-Allow-SR_EV_DONE-to-return-any-error-to-sysrepocfg.patch

@@ -1,7 +1,10 @@
 From 11b9938206cf2bafc456bb22e14c7f85a604760c Mon Sep 17 00:00:00 2001
 From: Joachim Wiberg <troglobit@gmail.com>
 Date: Tue, 7 May 2024 15:41:53 +0200
-Subject: [PATCH 2/9] Allow SR_EV_DONE to return any error to sysrepocfg
+Subject: [PATCH 02/10] Allow SR_EV_DONE to return any error to sysrepocfg
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
 Organization: Wires
 
 Importing a system configuration with sysrepocfg the model callbacks do
@@ -17,6 +20,7 @@ This patch is a clumsy way of forcing the (first) error to bubble up to
 the surface and cause a non-zero exit code from sysrepocfg.
 
 Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
+Signed-off-by: Mattias Walström <lazzer@gmail.com>
 ---
  src/shm_sub.c | 40 +++++++++++++++++++++++++++++++---------
  src/shm_sub.h |  2 +-

patches/sysrepo/4.2.10/0003-Allow-to-copy-from-factory-default.patch

@@ -1,10 +1,13 @@
 From 9e0267d4f20733b2a26df6d0ee0bc4019db8b13f Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Mattias=20Walstr=C3=B6m?= <lazzer@gmail.com>
 Date: Wed, 8 May 2024 17:00:50 +0200
-Subject: [PATCH 3/9] Allow to copy from factory default
+Subject: [PATCH 03/10] Allow to copy from factory default
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
 Organization: Wires
 
-Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
+Signed-off-by: Mattias Walström <lazzer@gmail.com>
 ---
  src/sysrepo.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

patches/sysrepo/4.2.10/0004-Add-z-switch-to-sysrepoctl-to-install-factory-config.patch

@@ -1,13 +1,16 @@
 From e0c899ba266b959544d7cc08c917cebba7ac91c7 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Mattias=20Walstr=C3=B6m?= <lazzer@gmail.com>
 Date: Mon, 6 May 2024 14:49:32 +0200
-Subject: [PATCH 4/9] Add -z switch to sysrepoctl to install factory config
+Subject: [PATCH 04/10] Add -z switch to sysrepoctl to install factory config
  from a json file
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
 Organization: Wires
 
 This to be able to load the yang modules during build time instead on boot.
 
-Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
+Signed-off-by: Mattias Walström <lazzer@gmail.com>
 ---
  src/executables/sysrepoctl.c | 20 +++++++++++++--
  src/lyd_mods.h               |  7 ++++++

patches/sysrepo/4.2.10/0005-Introduce-new-log-level-SEC-for-audit-trails.patch

@@ -1,7 +1,10 @@
 From c7602dc8eabb941e0a163208aaf4de92dd5ef526 Mon Sep 17 00:00:00 2001
 From: Joachim Wiberg <troglobit@gmail.com>
 Date: Wed, 21 Aug 2024 16:00:35 +0200
-Subject: [PATCH 5/9] Introduce new log level [SEC] for audit trails
+Subject: [PATCH 05/10] Introduce new log level [SEC] for audit trails
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
 Organization: Wires
 
 This adds a new log level for security and audit trail related log
@@ -19,6 +22,7 @@ system log daemon, dropping any [SEVERITY] prefix.  Also, \n is most
 often dropped by log daemons.
 
 Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
+Signed-off-by: Mattias Walström <lazzer@gmail.com>
 ---
  src/log.c           | 18 +++++++++++++++++-
  src/log.h           |  1 +

patches/sysrepo/4.2.10/0006-Add-audit-trail-for-high-priority-system-changes.patch

@@ -1,7 +1,10 @@
 From a86dfdd4a5cb74c1f8c90c8d5aea6f5505c1b88c Mon Sep 17 00:00:00 2001
 From: Joachim Wiberg <troglobit@gmail.com>
 Date: Wed, 21 Aug 2024 16:04:43 +0200
-Subject: [PATCH 6/9] Add audit trail for high priority system changes
+Subject: [PATCH 06/10] Add audit trail for high priority system changes
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
 Organization: Wires
 
 Committing a change to running, copying to a datastore, or calling an
@@ -13,6 +16,7 @@ is when the system actually activates the changes.  Copying to startup
 or other datastores is handled separately.
 
 Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
+Signed-off-by: Mattias Walström <lazzer@gmail.com>
 ---
  src/sysrepo.c | 12 ++++++++++++
  1 file changed, 12 insertions(+)

patches/sysrepo/4.2.10/0007-On-error-in-sr_shmsub_listen_thread-exit-process.patch

@@ -1,14 +1,18 @@
 From dbf08c67d8f17bdf98466b18fd72a230269e5d46 Mon Sep 17 00:00:00 2001
 From: Joachim Wiberg <troglobit@gmail.com>
 Date: Fri, 23 Aug 2024 12:22:06 +0200
-Subject: [PATCH 7/9] On error in sr_shmsub_listen_thread(), exit process
+Subject: [PATCH 07/10] On error in sr_shmsub_listen_thread(), exit process
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
 Organization: Wires
 
 If processing callback events in, e.g., sysrepo-plugind, make sure to
 log the error and exit(1) the entire process so the system can decide
 to handle the problem.  For example, restart all dependent services.
 
 Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
+Signed-off-by: Mattias Walström <lazzer@gmail.com>
 ---
  src/shm_sub.c | 2 ++
  1 file changed, 2 insertions(+)

patches/sysrepo/4.2.10/0008-Cross-compile-fixes.patch

@@ -1,10 +1,13 @@
 From 2549c966c090dd38a7a09907d27d13107d15aedd Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Mattias=20Walstr=C3=B6m?= <lazzer@gmail.com>
 Date: Tue, 16 Dec 2025 08:18:32 +0100
-Subject: [PATCH 8/9] Cross compile fixes
+Subject: [PATCH 08/10] Cross compile fixes
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
 Organization: Wires
 
-Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
+Signed-off-by: Mattias Walström <lazzer@gmail.com>
 ---
  CMakeModules/SetupPrintedContext.cmake | 9 +++++++++
  1 file changed, 9 insertions(+)

patches/sysrepo/4.2.10/0009-sr_mkfifo-set-sysrepo-group-if-available.patch

@@ -1,13 +1,17 @@
 From 78d62382bf9d665764844a0f686b27e42d73bea9 Mon Sep 17 00:00:00 2001
 From: Joachim Wiberg <troglobit@gmail.com>
 Date: Wed, 7 Jan 2026 18:09:32 +0100
-Subject: [PATCH 9/9] sr_mkfifo(): set sysrepo group if available
+Subject: [PATCH 09/10] sr_mkfifo(): set sysrepo group if available
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
 Organization: Wires
 
 We already set the umask, set the group to allow users of the sysrepo
 group to initiate events.
 
 Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
+Signed-off-by: Mattias Walström <lazzer@gmail.com>
 ---
  src/common.c | 12 ++++++++++++
  1 file changed, 12 insertions(+)

patches/sysrepo/4.2.10/0010-Fix-sr_lyd_new_path-reporting-stale-libyang-errors.patch

@@ -0,0 +1,32 @@
+From ab76b2dd926cd181838b555ef4e25712539aeabc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mattias=20Walstr=C3=B6m?= <lazzer@gmail.com>
+Date: Tue, 24 Feb 2026 16:45:35 +0100
+Subject: [PATCH 10/10] Fix sr_lyd_new_path() reporting stale libyang errors
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Organization: Wires
+
+Signed-off-by: Mattias Walström <lazzer@gmail.com>
+---
+ src/ly_wrap.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/ly_wrap.c b/src/ly_wrap.c
+index 340b8b2a..465580e0 100644
+--- a/src/ly_wrap.c
++++ b/src/ly_wrap.c
+@@ -610,6 +610,10 @@ sr_lyd_new_path(struct lyd_node *parent, const struct ly_ctx *ctx, const char *p
+ {
+     sr_error_info_t *err_info = NULL;
+     uint32_t temp_lo = LY_LOSTORE;
++    const struct ly_ctx *err_ctx = ctx ? ctx : LYD_CTX(parent);
++
++    /* clear any stale errors so sr_errinfo_new_ly() only finds fresh ones */
++    ly_err_clean((struct ly_ctx *)err_ctx, NULL);
+
+     ly_temp_log_options(&temp_lo);
+
+-- 
+2.43.0
+

src/confd/src/keystore.c

@@ -12,8 +12,6 @@
 
 #define XPATH_KEYSTORE_ASYM "/ietf-keystore:keystore/asymmetric-keys"
 #define XPATH_KEYSTORE_SYM  "/ietf-keystore:keystore/symmetric-keys"
-#define SSH_PRIVATE_KEY  "/tmp/ssh.key"
-#define SSH_PUBLIC_KEY   "/tmp/ssh.pub"
 
 /* return file size */
 static size_t filesz(const char *fn)
@@ -91,6 +89,9 @@ static int keystore_update(sr_session_ctx_t *session, struct lyd_node *config, s
 	}
 
 	for (size_t i = 0; i < count; i++) {
+		char tmpdir[] = "/tmp/keystore.XXXXXX";
+		char priv_path[sizeof(tmpdir) + 16];
+		char pub_path[sizeof(tmpdir) + 16];
 		char *name = srx_get_str(session, "%s/name", list[i].xpath);
 		char *public_key_format, *private_key_format;
 		char *pub_key = NULL, *priv_key = NULL;
@@ -115,16 +116,24 @@ static int keystore_update(sr_session_ctx_t *session, struct lyd_node *config, s
 			continue;
 
 		NOTE("SSH key (%s) does not exist, generating...", name);
-		if (systemf("/usr/libexec/infix/mkkeys %s %s", SSH_PRIVATE_KEY, SSH_PUBLIC_KEY)) {
+
+		if (!mkdtemp(tmpdir)) {
+			ERRNO("Failed creating temp dir for SSH key generation");
+			goto next;
+		}
+		snprintf(priv_path, sizeof(priv_path), "%s/ssh.key", tmpdir);
+		snprintf(pub_path, sizeof(pub_path), "%s/ssh.pub", tmpdir);
+
+		if (systemf("/usr/libexec/infix/mkkeys %s %s", priv_path, pub_path)) {
 			ERROR("Failed generating SSH keys for %s", name);
 			goto next;
 		}
 
-		priv_key = filerd(SSH_PRIVATE_KEY, filesz(SSH_PRIVATE_KEY));
+		priv_key = filerd(priv_path, filesz(priv_path));
 		if (!priv_key)
 			goto next;
 
-		pub_key = filerd(SSH_PUBLIC_KEY, filesz(SSH_PUBLIC_KEY));
+		pub_key = filerd(pub_path, filesz(pub_path));
 		if (!pub_key)
 			goto next;
 
@@ -140,10 +149,8 @@ static int keystore_update(sr_session_ctx_t *session, struct lyd_node *config, s
 			goto next;
 		}
 	next:
-		if (erase(SSH_PRIVATE_KEY))
-			ERRNO("Failed removing SSH server private key");
-		if (erase(SSH_PUBLIC_KEY))
-			ERRNO("Failed removing SSH server public key");
+		if (rmrf(tmpdir))
+			ERRNO("Failed removing temp dir %s", tmpdir);
 
 		if (priv_key)
 			free(priv_key);

src/confd/src/ntp.c

@@ -35,18 +35,11 @@ static int change(sr_session_ctx_t *session, struct lyd_node *config, struct lyd
 		return SR_ERR_OK;
 
 	case SR_EV_DONE:
-		/* Check if NTP container exists (presence container) */
-		if (!lydx_get_xpathf(config, XPATH_NTP_)) {
-			DEBUG("NTP server disabled, removing config");
-			systemf("rm -f %s", NTP_CONF);
-
-			return SR_ERR_OK;
-		}
-
 		/* Check if passed validation in previous event */
-		if (!fexist(NTP_NEXT))
+		if (!fexist(NTP_NEXT)) {
+			(void)remove(NTP_CONF);
 			return SR_ERR_OK;
-
+		}
 		(void)remove(NTP_PREV);
 		(void)rename(NTP_CONF, NTP_PREV);
 		(void)rename(NTP_NEXT, NTP_CONF);