From a481cccaefac2c53d75fa073e6e8974e045b53ce Mon Sep 17 00:00:00 2001
From: Natalia Serrano <natalia.serrano@qindel.com>
Date: Fri, 16 May 2025 14:56:35 +0200
Subject: [PATCH 1/5] refs #2025 install stunnel4

---
 mkoglive.cfg | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mkoglive.cfg b/mkoglive.cfg
index 8c7976f..f39d3bb 100644
--- a/mkoglive.cfg
+++ b/mkoglive.cfg
@@ -131,7 +131,8 @@ xwindows =
   #roxterm gparted       #+80M
   #openbox midori        #xvesa en compilacion
 
+ogagent = stunnel4
+
 ogbrowser = sway libinput-tools hwdata ogbrowser
 
 oggit = python3 python3-git python3-pyxattr python3-libarchive-c python3-pylibacl python3-pip opengnsys-libarchive-c python3-termcolor bsdextrautils opengnsys-pyblkid ntfs-3g-system-compression python3-tqdm
-

From a627be89ba2f5f8c9f233144474da112320678b4 Mon Sep 17 00:00:00 2001
From: Natalia Serrano <natalia.serrano@qindel.com>
Date: Fri, 16 May 2025 15:37:08 +0200
Subject: [PATCH 2/5] refs #2026 add template for stunnel config

---
 chroot-tasks.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/chroot-tasks.py b/chroot-tasks.py
index 8b75937..2a4486e 100755
--- a/chroot-tasks.py
+++ b/chroot-tasks.py
@@ -108,6 +108,22 @@ def updateCaCertificates():
     print ('Updating CA trust Store', file=sys.stderr)
     utils.run (['update-ca-certificates'])
 
+def configure_stunnel():
+    with open ('/etc/stunnel/menu.conf', 'w') as fd:
+        fd.write ('setuid = stunnel4\n')
+        fd.write ('setgid = stunnel4\n')
+        fd.write ('pid = /var/run/stunnel4/menu.pid\n')
+        fd.write ('\n')
+        fd.write ('[menu]\n')
+        fd.write ('client = yes\n')
+        fd.write ('accept = 127.0.0.1:81\n')
+        fd.write ('connect = __OGCORE_IP__:__OGCORE_PORT__\n')
+        fd.write ('cert = /opt/opengnsys/etc/ogagent.crt\n')
+        fd.write ('key = /opt/opengnsys/etc/ogagent.key\n')
+        fd.write ('CAfile = /opt/opengnsys/etc/ca.crt\n')
+        fd.write ('requireCert = yes\n')
+        fd.write ('verifyChain = yes\n')
+
 def boottoolsPythonModules():
     utils.run (['pip3', 'install', 'pyblkid', '--break-system-packages'])
 
@@ -158,6 +174,7 @@ if __name__ == '__main__':
     debconf_settings = config['General'].get ('debconf_settings')
 
     updateCaCertificates()
+    configure_stunnel()
     setup_resolvconf()
     boottoolsSoftwareInstall (args.osarch, args.osrelease)
     boottoolsSoftwareCompile()

From 809af2cbc20e893005b0888db895f56cb7041687 Mon Sep 17 00:00:00 2001
From: Natalia Serrano <natalia.serrano@qindel.com>
Date: Fri, 16 May 2025 15:51:05 +0200
Subject: [PATCH 3/5] refs #2026 configure stunnel after installing it

---
 chroot-tasks.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chroot-tasks.py b/chroot-tasks.py
index 2a4486e..db375cf 100755
--- a/chroot-tasks.py
+++ b/chroot-tasks.py
@@ -174,11 +174,11 @@ if __name__ == '__main__':
     debconf_settings = config['General'].get ('debconf_settings')
 
     updateCaCertificates()
-    configure_stunnel()
     setup_resolvconf()
     boottoolsSoftwareInstall (args.osarch, args.osrelease)
     boottoolsSoftwareCompile()
     boottoolsPythonModules()
     boottoolsRemovePackages()
+    configure_stunnel()
     setup_resolvconf()    ## do this again, since someone seems to be overwriting the file
     boottoolsInitrdGenerate (args.osrelease)

From 2d6db5e47598c4b8115c4cd19a0e8bc23651f459 Mon Sep 17 00:00:00 2001
From: Natalia Serrano <natalia.serrano@qindel.com>
Date: Sun, 18 May 2025 11:18:54 +0200
Subject: [PATCH 4/5] refs #2026 run stunnel in the foreground

---
 chroot-tasks.py                                  | 4 ++++
 includes/etc/initramfs-tools/scripts/VERSION.txt | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/chroot-tasks.py b/chroot-tasks.py
index db375cf..9546ea6 100755
--- a/chroot-tasks.py
+++ b/chroot-tasks.py
@@ -109,10 +109,13 @@ def updateCaCertificates():
     utils.run (['update-ca-certificates'])
 
 def configure_stunnel():
+    print ('configure_stunnel', file=sys.stderr)
     with open ('/etc/stunnel/menu.conf', 'w') as fd:
         fd.write ('setuid = stunnel4\n')
         fd.write ('setgid = stunnel4\n')
         fd.write ('pid = /var/run/stunnel4/menu.pid\n')
+        fd.write ('foreground = yes\n')
+        fd.write ('debug = info\n')
         fd.write ('\n')
         fd.write ('[menu]\n')
         fd.write ('client = yes\n')
@@ -128,6 +131,7 @@ def boottoolsPythonModules():
     utils.run (['pip3', 'install', 'pyblkid', '--break-system-packages'])
 
 def boottoolsRemovePackages():
+    print ('boottoolsRemovePackages', file=sys.stderr)
     apt.remove (['python3-dev', 'python3-setuptools', 'python3-pip'])
 
 def setup_resolvconf():
diff --git a/includes/etc/initramfs-tools/scripts/VERSION.txt b/includes/etc/initramfs-tools/scripts/VERSION.txt
index fac038b..3269160 100644
--- a/includes/etc/initramfs-tools/scripts/VERSION.txt
+++ b/includes/etc/initramfs-tools/scripts/VERSION.txt
@@ -1 +1 @@
-OpenGnsys Client 3.3.0
+OpenGnsys Client 3.4.0

From c9152b5e2d968a8a6ecb0ff4b429968837c6f29d Mon Sep 17 00:00:00 2001
From: Natalia Serrano <natalia.serrano@qindel.com>
Date: Sun, 18 May 2025 12:16:59 +0200
Subject: [PATCH 5/5] refs #2026 update changelog

---
 CHANGELOG.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9078439..44a5fc1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.4.0] - 2025-05-18
+
+### Changed
+
+- Install and configure stunnel in the image
+
 ## [3.3.0] - 2025-05-14
 
 ### Changed