Set sysctl fs.suid_dumpable = 2
This allows suid processes to dump core according to kernel.core_pattern
setting. LEDE typically uses suid to drop root priviledge rather than
gain it but without this setting any suid process would be unable to
produce coredumps (e.g. dnsmasq)
Processes still need to set a non zero core file process limit ('ulimit
-c unlimited' or if procd used 'procd_set_param limits
core="unlimited"') in order to produce a core. This setting removes an
obscure stumbling block along the way.
>From https://www.kernel.org/doc/Documentation/sysctl/fs.txt
suid_dumpable:
This value can be used to query and set the core dump mode for setuid
or otherwise protected/tainted binaries. The modes are
0 - (default) - traditional behaviour. Any process which has changed
privilege levels or is execute only will not be dumped.
1 - (debug) - all processes dump core when possible. The core dump is
owned by the current user and no security is applied. This is
intended for system debugging situations only. Ptrace is unchecked.
This is insecure as it allows regular users to examine the memory
contents of privileged processes.
2 - (suidsafe) - any binary which normally would not be dumped is dumped
anyway, but only if the "core_pattern" kernel sysctl is set to
either a pipe handler or a fully qualified path. (For more details
on this limitation, see CVE-2006-2451.) This mode is appropriate
when administrators are attempting to debug problems in a normal
environment, and either have a core dump pipe handler that knows
to treat privileged core dumps with care, or specific directory
defined for catching core dumps. If a core dump happens without
a pipe handler or fully qualifid path, a message will be emitted
to syslog warning about the lack of a correct setting.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
With failsafe disabled there is no point in early network setup. We
don't send announcement over UDP and there is no way to ssh to the
device.
A side effect of this is avoiding a possibly incorrect network config
(only with failsafe disabled). This problem is related to possible
changes made by user in /etc/config/network.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
When processes don't die on SIGKILL (usually because of kernel bugs), it's
better to give up instead of looping forever.
upgraded will trigger a reboot in this case (and if this fails, a hardware
watchdog will eventually time out and reset the system, if present).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
For targets using the generic board detection and board specific
settings in diag.sh, the board name is still unset at the time the
set_state() provided by diag.sh is called by 10_indicate_preinit.
Change the execution order to ensure the boardname is populated before
required the first time. Do the target specific board detection as
early as possible, directly followed by the generic one to allow a
seamless switch to the generic function for populating /tmp/sysinfo/.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Depending on busybox applet selection, paths of basic utiilties may differ,
and may not work as symlinks to busybox. Simply using whatever binary is
found in PATH and detecting symlinks automatically is more robust and
easier to maintain.
The list of binaries is also slightly cleaned up and duplicates are
removed.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This is needed for an upcoming change to the hotplug default rules which
will cause /dev/tty* nodes to get assigned to the "tty" group in order
to support unprivileged user access when needed.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for
VERSION_SED command. We should keep these configs to make sure package
gets refreshed when needed.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
There already exist static assignment of uid/gid 65533 in packages feed
and we have nobody/nogroup taking 65534 as their ids. Let's change the
pid of dynamic assignment to start from 65536 so that the two assignment
scheme will not collide with each other
While at it, fix the scan command checking existence of uid/gid
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The offset and factor are only related for LEDs which can have
different brightness values. But binary LEDs are more common and don't
require any further configuation than setting the factor to 1.
Use offset = 0 and factor = 1 in case nothing else is specified.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Don't pass the value unconditionally to swconfig as a parameter but
instead only call reset if it is 1.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* Change network_get_subnet6() to sensibly guess a suitable prefix
Attempt to return the first non-linklocal, non-ula range, then attempt
to return the first non-linklocal range and finally fall back to the
previous behaviour of simply returning the first found item.
* Fix network_get_ipaddrs_all()
Instead of replicating the flawed logic appending a fixed ":1" suffix
to IPv6 addresses, rely on network_get_ipaddrs() and network_get_ipaddrs6()
to build a single list of all interface addresses.
* Fix network_get_subnets6()
Instead of replicating the flawed logic appending a fixed ":1" suffix
to IPv6 addresses, rely on the ipv6-prefix-assignment.local-address
field to figure out the proper network address.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Rework the network_get_ipaddr6() and network_get_ipaddrs6() functions to
fetch the effective local IPv6 address of delegated prefix from the
"local-address" field instead of naively hardcoding ":1" as static suffix.
Fixes FS#829.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
mvebu was modifying RAMFS_COPY_BIN and RAMFS_COPY_DATA from a
sysupgrade_pre_upgrade hook. As the ramfs is created from stage2, this
did not have an effect anymore after the staged sysupgrade changes.
As it doesn't really hurt to copy fw_printenv and fw_setenv
unconditionally, simply add them in /lib/upgrade/platform.sh, so stage2
will see them.
Config copying is moved to a function called by platform_copy_config, where
it belongs.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: FS#821
Fixes: 30f61a34b4 "base-files: always use staged sysupgrade"
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This patch is in continuation of: commit 93aa860405
"procd: nand: make it possible to configure kernel and ubi partition"
The $CI_KERNPART variable should be used in place
of the fixed "kernel" partition name. This allows
targets to specifiy alternate names for the kernel
partition.
Cc: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Some functions only used by stage2 are moved there from common.sh.
One piece that could still use more cleanup is platform_pre_upgrade: many
targets reference files from there are aren't available in the ramfs, so
we need to evaluate it before the switch; conversely, flash writes happen
in that function on some targets. Targets that do the latter should be
fixed eventually to use platform_do_upgrade for that purpose.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Support for the -d and -p options is dropped; it may be added again at some
point by adding these flags to the ubus sysupgrade call.
A downside of this is that we get a lot less information about the progress
of the upgrade: as soon as the actual upgrade starts, all shell sessions
are killed to allow unmounting the root filesystem.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
We always want to support staged upgrades now, so it's better to include
upgraded into the main package. /lib/upgrade/nand.sh is moved to
base-files.
The procd-nand-firstboot package is removed for now, it may return later
as a separate package.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This reverts commit e96a9a9af8.
The change breaks sysupgrade through LuCI and two-stage sysupgrade on
NAND targets. There is also a mismatch of file paths in lock and unlock
operations.
This commit was apparently neither properly tested, nor reviewed, so
drop it for now.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Bug introduced with 6713694.
I did not count on procd handling reload as mentioned
in this doc:
https://wiki.openwrt.org/inbox/procd-init-scripts
```
procd_set_param file /var/etc/your_service.conf # /etc/init.d/your_service reload will restart the daemon if these files have changed
procd_set_param netdev dev # likewise, except if dev's ifindex changes.
procd_set_param data name=value ... # likewise, except if this data changes.
```
The service would be restarted regardless of any of those params.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
uci_set_leds_ataport() allows to set a led to show activity
on a specific (s)ata port, which is needed for devices that have
a Sata led for each sata port.
The led trigger is from the 834-ledtrig-libata.patch LEDE kernel patch.
uci_set_leds_usbhost() allows to set a led to show total usb activity.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
[Jo-Philipp Wich: use a single underscore to denote private functions]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
create a function with code common to all led functions,
create another function with code common to functions setting
a simple led trigger, restore alphabetical order in function names.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
[Jo-Philipp Wich: use a single underscore to denote private functions]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commit 2036ae4 (base-files: support hostname and ntp servers through board.d)
was supposed to implement these procedures but lacked the required changes
to uci-defaults.sh.
Add the missing procedures now to fix config generation on targets relying
on hostname or NTP server presetting.
Fixes FS#754.
Reported-by: Cristian Morales Vega <cristian@samknows.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This was also working before, with a slightly
different semantic.
[ Original semantic ]
If no reload hooks was implemented, the default one would
kick in, it would return fail, and restart would happen.
This would happen also in the case where a reload hook
would be implemented, it would fail, and it would restart
the service.
[ New semantic ]
The default reload hook calls restart.
Services can implement their own reload.
If reload fails, then the '/etc/init.d/<service> reload'
would return a non-zero code, and the caller can choose
a way to handle this.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Overwrite an already set proto if a new one is passed to
_ucidef_set_interface() similar to what is done for the interface.
It is required when using ""ucidef_set_interface_wan 'ptm0' 'pppoe'"
after some initial wan interface configuration is already done by
ucidef_add_switch.
The "json_is_a protocol string" guard is meant to not reset an earlier
set interface proto in case something like
"ucidef_set_interface_lan 'eth0'" is used afterwards.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This can be used to tweak the buildbot behavior without having to change
buildbot's configuration.
It will also allow us to add more aggressive clean steps (e.g. on
toolchain changes), which would break developers' workflows if enable
by default.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When running wifi detect, the user will be told on error output that
wifi detect is deprecated, that wifi config must be used instead. Also
the commit that changes it is referenced for further info.
Signed-off-by: David Pinilla Caparrós <dpinitux@gmail.com>
Since commit 5f8f8a3661 wifi detect does
not longer work and wifi config it's used to configure not yet
configured wireless devices.
This commit changes command usage to reflect that change.
Signed-off-by: David Pinilla Caparrós <dpinitux@gmail.com>
Instead of only using tagged CPU port configurations when more than one VLAN
is present on the switch, always emit tagged configurations unless a board
explicitely opts out of this behaviour by using the previously introduced
[0-9]u@netdev syntax.
Emitting default tagged configurations has the following benefits:
- Relation of switch vlans to netdevs is easier to understand, especially
for multi-cpu-port switches
- Adding additional VLANs (e.g. to break out a LAN port for other purposes)
becomes easier as users are not forced to change the existing untagged
VLAN to tagged and the existing ifname notation from ethX to ethX.Y
anymore, drastly reducing the likelyhood of soft-bricks.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The condition is always true due to the literal string followed the
-n test parameter. A model name set by target scripts always gets
overwritten this way.
Change the condition to check for an already existing destination file
as it was before 5e85ae9 ("base-files: fix error message during boot").
Signed-off-by: Mathias Kresin <dev@kresin.me>
The name will appear in shell prompt and LuCI page title. Uppercase
letters seem to be more vigorous
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
If only a single opkg control file exists (which can happen with
CONFIG_CLEAN_IPKG), grep would not print the file name by default. Instead
of forcing it using -H, we just switch to -l (print only file names) and
get rid of the cut.
Add -s to suppress an error message when no control files exist.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Knowing the package architecture at runtime can be useful, e.g. to
configure opkg repository URLs. The value of ARCH_PACKAGES ("%A" in
VERSION_SED) as added to openwrt_release (as DISTRIB_ARCH) and os-release
(as LEDE_ARCH).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
It has never been used by default (due to being too bloated), and it is
properly replaced by usign (which has been the default for a long time
now).
Remove this feature to simplify the build system
Signed-off-by: Felix Fietkau <nbd@nbd.name>
currently (after blogic's edit to my commit) it prints like this:
root@lede:/# service aa
aa does not exist. the following services are available :adblock dnsmasq gpio_switch rpcd system
boot done led sqm uhttpd
crelay dropbear log sysctl umount
cron firewall network sysfixtime urandom_seed
ddns fstab odhcpd sysntpd
which looks pretty bad, and is even worse if someone writes only "service" without arguments, as it will print " does not exist. " which is confusing.
with this commit it looks like this:
root@lede:/# service
service "" not found, the following services are available:
adblock dnsmasq gpio_switch rpcd system
boot done led sqm uhttpd
crelay dropbear log sysctl umount
cron firewall network sysfixtime urandom_seed
ddns fstab odhcpd sysntpd
Yes there is some play with " and ', it is to display "name" or just "" if no service name is entered (like in the example).
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
This adds support for install-overlay define. When used in package it
allows installing files to a special directory that gets copied to the
root when installing it.
It allows overwriting files provided by other packages.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Calling a build ##.##-CURRENT might mislead users into thinking that this
build is the most current release of a branch.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Now that the VERSION_NUMBER variable holds the human friendly name and not
the commit ID anymore, we need to support adding the revision ID as well.
Introduce a new config variable CONFIG_VERSION_CODE_FILENAMES which, if set,
causes the resulting file names to contain a commit ID designation as printed
by scripts/getver.sh.
Also sanitize the input variables to ensure that the resulting strings are
lowercased and no not contain spaces.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Move the revision info to the VERSION_CODE variable and default VERSION_NUMBER
to CURRENT for master branch builds.
Also introduce a new menuconfig option CONFIG_VERSION_CODE which allows users
to override the revision value put into VERSION_CODE and adjust the template
files used by the base-files package to accomodate for the changed semantics.
While we're at it, also adjust the various URLs to match the current web site.
After this commit, the relevent files will look like the examples given below:
# cat /etc/openwrt_version
r2398+1
# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='CURRENT'
DISTRIB_REVISION='r2398+1'
DISTRIB_CODENAME='reboot'
DISTRIB_TARGET='x86/64'
DISTRIB_DESCRIPTION='LEDE Reboot CURRENT r2398+1'
DISTRIB_TAINTS='no-all override'
# cat /usr/lib/os-release
NAME="LEDE"
VERSION="CURRENT, Reboot"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Reboot CURRENT"
VERSION_ID="current"
HOME_URL="http://lede-project.org/"
BUG_URL="http://bugs.lede-project.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r2398+1"
LEDE_BOARD="x86/64"
LEDE_TAINTS="no-all override"
LEDE_DEVICE_MANUFACTURER="LEDE"
LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="LEDE Reboot CURRENT r2398+1"
On a release branch, those files would look like:
# cat /etc/openwrt_version
r2399
# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='16.12-CURRENT'
DISTRIB_REVISION='r2399'
DISTRIB_CODENAME='test_release'
DISTRIB_TARGET='x86/64'
DISTRIB_DESCRIPTION='LEDE Test Release 16.12-CURRENT r2399'
DISTRIB_TAINTS='no-all override'
# cat /usr/lib/os-release
NAME="LEDE"
VERSION="16.12-CURRENT, Test Release"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Test Release 16.12-CURRENT"
VERSION_ID="16.12-current"
HOME_URL="http://lede-project.org/"
BUG_URL="http://bugs.lede-project.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r2399"
LEDE_BOARD="x86/64"
LEDE_TAINTS="no-all override"
LEDE_DEVICE_MANUFACTURER="LEDE"
LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="LEDE Test Release 16.12-CURRENT r2399"
On a release tag, those files would look like:
# cat /etc/openwrt_version
r2500
# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='17.02.1'
DISTRIB_REVISION='r2500'
DISTRIB_CODENAME='mighty_unicorn'
DISTRIB_TARGET='x86/64'
DISTRIB_DESCRIPTION='LEDE Mighty Unicorn 17.02.1 r2500'
DISTRIB_TAINTS='no-all override'
# cat /usr/lib/os-release
NAME="LEDE"
VERSION="17.02.1, Mighty Unicorn"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Mighty Unicorn 17.02.1"
VERSION_ID="17.02.1"
HOME_URL="http://lede-project.org/"
BUG_URL="http://bugs.lede-project.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r2500"
LEDE_BOARD="x86/64"
LEDE_TAINTS="no-all override"
LEDE_DEVICE_MANUFACTURER="LEDE"
LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="LEDE Mighty Unicorn 17.02.1 r2500"
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Felix Fietkau <nbd@nbd.name>
"service" is a simple wrapper that will allow to call init.d scripts
current method: # /etc/init.d/network reload
with the wrapper: # service network reload
If the wrapper is called without arguments or with a wrong init script name, it will print an error and list the content of /etc/init.d/ folder
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Packages that do a killall <cmd> with the same name as the init script
will fail the prerm step when the service isn't running. Do make them
removable without having to restart the service, ignore the return code.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Properly stop/start services on upgrade, but don't change the enabled
state.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Use fwtool to extract it, only require metadata to be present if the
platform sysupgrade script sets REQUIRE_IMAGE_METADATA=1
Image metadata is in JSON format and contains a list of supported
devices, along with version information that could be displayed by a UI
later before the actual upgrade happens.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
A firmware compiled with BUSYBOX_CONFIG_ARP should also use by default the
arp binary from busybox. Otherwise the extra functionality the user
requested can only be used when running arp with the path to the binary.
Signed-off-by: Marek Lindner <marek.lindner@open-mesh.com>
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Currently, the wifi detection script is executed as part of
the (early) boot process. Pluggable wifi USB devices, which
are inserted at a later time are not automatically
detected and therefore they don't show up in LuCI.
A user has to deal with wifi detection manually, or restart
the router.
However, the current "sleep 1" window - which the boot
process waits for wifi devices to "settle down" - is too
short to detect wifi devices for some routers anyway.
For example, this can happen with USB WLAN devices on the
WNDR4700. This is because the usb controller needs to load
its firmware from UBI and initialize, before it can operate.
The issue can be seen on a BT HomeHub 5A as well as soon as
the caldata are on an ubi volume. This is because the ath9k
card has to be initialized by owl-loader first. Which has to
wait for the firmware extraction script to retrieve the pci
initialization values inside the caldata.
This patch moves the wifi configuration to hotplug scripts.
For mac80211, the wifi configuration will now automatically
run any time a "ieee80211" device is added. Likewise
broadcom-wl's script checks for new "net" devices which
have the "wl$NUMBER" moniker.
Issues with spawning multiple interface configuration - in
case the detection script is run concurrently - have been
resolved by using a named section for the initial
configuration. Concurrent configuration scripts will now
simply overwrite the same existing configuration.
A workaround which preserves the "sleep 1" window for just
the first boot has been added. This allows the existing
brcm47xx boot and mvebu uci-default scripts to correctly
setup the initial mac addresses and regulatory domain.
And finally, the patch renames the "wifi detect" into
"wifi config". As the script no longer produces any output
that has to be redirected or appended to the configuration
file.
Thanks to Martin Blumenstingl for helping with the implementation
and testing of the patch.
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Previously, wifi detect simply dumped its generated wireless
configuration to STDOUT. A second step was needed to append
the configuration to /etc/config/wireless (or create it, if
it didn't exist).
With this patch, The wifi detection script will now use uci
to update the wireless configuration directly.
This patch also makes the initially created wifi-iface a
named section ('default_radio$X' for mac80211 and
'default_wl$X' for broadcom). With this change, uci will
not print the cfgHASH to STDOUT (which would now corrupt
the wireless configuration). It will also prevent adding
duplicated wifi interface configurations, if the wifi
configuration is run concurrently.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch adds a check in "wifi detect" to test if the wireless
configuration file does exist. If it doesn't exist, an empty
/etc/config/wireless file will be created.
This is necessary because uci doesn't create new files,
instead the tool just exits with "uci: Entry not found".
Signed-off-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Introduce support for a new [0-9]u@netdev syntax to ucidev_add_switch() to let
board.d network files request default network switch configurations which do
not use tagged CPU ports.
This commit itself has no effect on generated configurations at the moment
since we still emit untagged configurations by default but it allows boards to
opt-out from default tagged configs in case we start emitting tagged settings
by default.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
We need to tell hwclock with -u commandline option, that we would like
to keep our RTC clock in UTC timezone. Linux kernel expects RTC in UTC
timezone anyway.
In current state of things, we don't tell hwclock to load/store time
from/to RTC in UTC timezone so it uses the timezone from the system
time. If it's set to different timezone then UTC, sysfixtime is going to
screw the time in RTC.
I've following in the setup script:
uci set system.@system[0].timezone='CET-1CEST,M3.5.0,M10.5.0/3'
uci set system.@system[0].zonename='Europe/Prague'
I've this RTC setup (rtc1 is RTC on i.MX6 SoC, rtc0 is battery backed RTC mcp7941x):
rtc-ds1307 3-006f: rtc core: registered mcp7941x as rtc0
snvs_rtc 20cc000.snvs:snvs-rtc-lp: rtc core: registered 20cc000.snvs:snvs-r as rtc1
Then we can experience following (current time is 10:15am):
$ date
Fri Oct 21 10:15:07 CEST 2016
$ hwclock -r -f /dev/rtc0
Fri Oct 21 08:14:46 2016 0.000000 seconds
$ hwclock -u -r -f /dev/rtc0
Fri Oct 21 10:14:46 2016 0.000000 seconds
And after current broken sysfixtime:
$ /etc/init.d/sysfixtime stop
$ date
Fri Oct 21 10:15:25 CEST 2016
$ hwclock -r -f /dev/rtc0
Fri Oct 21 10:15:31 2016 0.000000 seconds
Now we've time in our battery backed RTC in CEST timezone instead of
UTC. Then once again, but with this patch applied to sysfixtime, where
hwclock is using correctly the -u parameter:
$ /etc/init.d/sysfixtime stop
$ date
Fri Oct 21 10:15:53 CEST 2016
$ hwclock -r -f /dev/rtc0
Fri Oct 21 08:15:55 2016 0.000000 seconds
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Currently the reset script will try to run jffs2reset on boards that are
running a rw rootfs, such as ext4. This will cause jffs2reset to fail
and the board to never reboot while the LED blinks until a manual
reboot.
This commit does two different things:
1. Disables reset on boards that do not have an overlay mount
2. Disables the Blinking LED after 5 seconds if the board does not
support reset
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
mkfs.ext4 und losetup are needed for sysupgrade support on mmc devices
with automatic rootfs split (loopback device usage).
Signed-off-by: André Valentin <avalentin@marcant.net>
This helper allows using usbport trigger directly. It requires usbport
compatible syntax and supports specifying multiple USB ports, e.g.:
ucidef_set_led_usbport "usb" "USB" "devicename:colour:function" "usb1-port1" "usb2-port1"
This adds a proper object to the board.json, e.g.
"usb": {
"name": "USB",
"type": "usbport",
"sysfs": "devicename:colour:function",
"ports": [
"usb1-port1",
"usb2-port1"
]
}
and supports translating it into uci section.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This makes init.d script handle existing UCI entries using the new
trigger. It also switches all targets to use its package.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Before a configuration is generated, an empty file is created to store
it in. (required by UCI)
If something happens during config generation
(power cut, interruption, ..) an empty file exists and it is never
regenerated again, causing some daemons to fail starting
(NTPD, logread, ..)
Fix this by also generating new configs if a critical file
is empty.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This patch removes the non-working wifi driver filter for
the wifi detection script.
I figured that rather than replacing ${2:-$DRIVERS} with
${1:-$DRIVERS}, it would be better to remove it. Nobody
needed it in the previous years.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Now that we know that the password is in /etc/shadow and not in
/etc/passwd, we can properly fix the logic for the empty password check.
Only 'root::' is an empty password, 'root❌' and 'root:!:' allow no
password login at all.
This fixes the empty password warning still showing after the root password
has been locked using 'passwd -l root' (e.g. to allow public-key auth
only).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Local variable declarations outside of functions are illegal since the Busybox
update to v1.25.0, therfore remove them from the appropriate places.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
oneshot trigger configurations for LEDs are created, but the on/off
timing configurations are ignored. generate_config is correctly creating
oneshot configs, but the later led script doesn't recognise the trigger
details.
Fixes: c0c3f2d4c9 leds: support oneshot as well as timer triggers
Signed-off-by: Karl Palsson <karlp@etactica.com>
Due to an empty pi_ifname in the generic failsafe setup, the deconfig
never removed the failsafe networking interface, causing broken
networking later on.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Also configure the switch based on the failsafe config, and create the
failsafe interface as tagged if necessary.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
In preparation of properly setting up vlans and switches, add
support for configuring failsafe on a vlan tagged interface.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Move preinit interface and ip config to its own function to allow
calling it from more than one place.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Instead of board_detect generating the config as a side effect, let
config_generate call board_detect as needed.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
The pi_* variables and the fs_failsafe_wait_timeout variable are set by
the CONFIG_TARGET_PREINIT_* config options. No need to maintain the same
values twice.
All other fs_ variables were never used.
Signed-off-by: Mathias Kresin <dev@kresin.me>
sysupgrade immediately reboots after flashing an image and doesn't
allow to unmount filesystems. At least in case the image used for
sysupgrade is stored on a FAT formatted usb flash drive, the following
warning is printed during the next mount of the flash drive:
FAT-fs (sda1): Volume was not properly unmounted. Some data may be
corrupt. Please run fsck.
Although a data corruption during read operations is unlikely, there is
no need to scare the users.
Signed-off-by: Mathias Kresin <dev@kresin.me>
/etc/init.d/boot tried to create /dev/root based on the kernel's
cmdline which won't work on any recent targets. Remove that code now
that fstools can detect the mounted rootfs based on
/proc/self/mountinfo and /dev/root was long gone anyway.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Network drivers typically allocate memory in atomic context. For that to
be reliable, there needs to be enough free memory. Set the value
heuristically based on the total amount of system RAM.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Treat 'relayd' as an essential service to avoid connection interruptions during sysupgrade on devices configured as a pseudobridge.
Signed-off-by: Conn O'Griofa <connogriofa@gmail.com>
Previous implementation was blocking the init and
breaking halt/reboot/sysupgrade (reported by Daniel Golle)
v2: use procd logging, use set -e + trap for error handling
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Tested-by: Daniel Golle <daniel@makrotopia.org>
This commit:
1) seed /dev/urandom with the saved seeds as early as possible
(see /lib/preinit/81_urandom_seed)
2) save a seed at /etc/urandom.seed if it doesn't exists
3) save a new seed each boot at "system.@system[0].urandom_seed"
(see /etc/init.d/urandom_seed)
We use getrandom() so we are sure /dev/urandom pool is initialized
Seed size is 512 bytes (ie /proc/sys/kernel/random/poolsize / 8)
it's the same size as in ubuntu 14.04 and all systemd systems
Seeding /dev/urandom doesn't change entropy estimation, so we still have
"random: ubus urandom read with 4 bits of entropy available"
messages in the logs, but we can now ignore them if
after "urandom-seed: Seeding with ..." message
Saving a new seed on each boot is disabled by default to avoid too much
writes without user consent
v2: log preinit messages to /dev/kmsg
v3: use non generic function name for logging, as /lib/preinit/ files
are all sourced together in /etc/preinit
v4: after a lot of discussion on the ML, use a uci config param
v5: config param is now the path of the seed
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
dnsmasq's dnssec time checking method now uses a ntp hotplug mechanism,
therefore dnsmasq.time is redudant and no longer needs to be explicitly
excluded from sysfixtime.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
/etc/os-release is the standard distribution release information
file, therefore add it (and image configuration options for
fields not previously present in LEDE). Once it is deemed
reasonable the non-standard openwrt_release, openwrt_version,
and device_info files could be removed (that is with this patch
we consider them deprecated in favour of the standard file).
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>