Some package postinstall operations, e.g. those emitted by the LuCI build
system, source and delete the uci-defaults themselves upon package insteall,
causing the generic defaults apply code to trigger shell errors like:
.../luci-app-ddns.postinst: .: line 130: can't open './40_luci-ddns'
Rework the generic apply code to check the existence of the uci-defaults
script before trying to source it, use sed to prefilter the list of entries
from the control file and perform the directory change in a subshell,
avoiding the need for cd $OLDPWD.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
reported by reproducible openwrt project[1]:
we package some libtool shell script
- add missing dependencies
- fix paths
- make in InstallDev does not seem to be necessary
tested (cal,dmesg,sfdisk) on x86 qemu VM with allyesconfig
[1]: https://reproducible.debian.net/openwrt/openwrt.html
[Jo-Philipp Wich: fix double slash in sfdisk path, reword commit message]
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Allow path specifications to refer to just '@' or '$' which is useful for
exporting the keys or array indizes of the toplevel object to the shell.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Fix a „semantic typo“ introduced in b78aae793e,
where TARGET_INIT_PATH was used instead of CONFIG_TARGET_INIT_PATH.
Signed-off-by: Dario Ernst <Dario.Ernst@riverbed.com>
Generalize the partition discovery in sysupgrade in order to fix sysupgrade
and config backup/recovery on MMC block devices which use a different naming
scheme compared to mtdblock or sd* devices.
The change also adds the find applet to the ramdisk utilities so that upgrade
code can rely on it.
The commit is based on the initial submission by Russell Senior at
http://patchwork.ozlabs.org/patch/625440/ .
Signed-off-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Centralize setting all version information in include/version.mk
* Set RELEASE env variable in include/version.mk instead of toplevel.mk.
Stop exporting the variable.
* Remove hardcoded release name from /etc/banner
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
The busybox ntpd utility currently uses ntp servers specified in uci.
This patch allows the ntpd utility to use NTP servers received via DHCP(v6)
Following uci parameters have been added:
use_dhcp : enables NTP server config via DHCP(v6)
dhcp_interface : use NTP servers received only on the specified DHCP(v6) interfaces; if empty all interfaces are considered
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Instead of making assumptions about the leasefile and resolv file make sure
we use what the user configures, but fall back to defaults if no configuration
is specified
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
Update to dnsmasq2.76. Refresh patches. Add new patch to fix musl
'poll.h' location warning.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Storage of such zones is provided by a nf_ct_ext struct, hence conntrack
memory foot print will not be increased if zones are not used.
Signed-off-by: Alin Năstac <alin.nastac@gmail.com>
According to the author, all SPI related configs are copy & paste
leftovers. Which makes sense since nothing is connected to the SPI bus
on this device.
The NOR SPL isn't required for this board, since the NOR is directly
memory mapped.
Allow to overwrite the env in ram while using brn variant. Do not set
the power GPIO pin twice.
Signed-off-by: Mathias Kresin <dev@kresin.me>
use:
- 00nn for u-boot patches
- 01nn for new boards
While doing the rework, the board definitions for the easy50712 and
easy80920 were moved to distinct board definitions patches.
Signed-off-by: Mathias Kresin <dev@kresin.me>
wolfssl has a fine grained feature and compatibility control
for compiling stunnel, lighthttp or (partly) openssl dropin
ustream-ssl uses features that require normally
HAVE_SNI, HAVE_STUNNEL and the openssl compatibility headers
ar71xx ipkg sizes of wolfssl 3.9.0:
- with stunnel: 144022
- this patch (w.o. stunnel): 131712
- without openssl(extra): 111104
- w.o openssl/sni:108515
- w.o openssl/sni/ecc: 93954
so patch 300 saves around 12k compressed ipkg size
v2: keep & rename patch 300 for clarity, fixes ustream-ssl/cyassl
that broke with v1
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
Typo, missing space before ] in previous commit caused shell syntax
failure and incorrect restoration of time.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
fixes:
CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL
- remove crypto auth compile fix
curl changelog of 7.46 states its fixed
- fix mbedtls and cyassl usability #19621 :
add path to certificate file (from Mozilla via curl) and
provide this in a new package
tested on ar71xx w. curl/mbedtls/wolfssl
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
conditionally save dnsmasq.time across sysupgrade
dnsmasq uses /etc/dnsmasq.time as record of the last known good
system time to aid its validation of dnssec timestamps. dnsmasq
updates the timestamp on process start/stop once it considers the system
time as valid. The timestamp file should be preserved across system
upgrade but should not be included as part of normal configuration
backups to prevent restores corrupting the current timestamp.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
dnsmasq maintains dnsmasq.time across reboots and uses it as a means of
determining if current time is good enough to validate dnssec time
stamps. By including /etc/dnsmasq.time as a time source for sysfixtime,
the mechanism was effectively defeated because time was set to the
last time that dnsmasq considered current even though that time is in
the past. Since that time is out of date, dns(sec) resolution would
fail thus defeating any ntp based mechanisms for setting the clock
correctly.
In theory the process is defeated by any files in /etc that are newer
than /etc/dnsmasq.time however dnsmasq now updates the file's timestamp
on process TERM so hopefully /etc/dnsmasq.time is the latest file
timestamp in /etc as part of LEDE shutdown/reboot.
Either way, including /etc/dnsmasq.time as a time source for
sysfixtime is not helpful.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
conditionally save dnsmasq.time across sysupgrade
dnsmasq uses /etc/dnsmasq.time as record of the last known good
system time to aid its validation of dnssec timestamps. dnsmasq
updates the timestamp on process start/stop once it considers the system
time as valid. The timestamp file should be preserved across system
upgrade but should not be included as part of normal configuration
backups to prevent restores corrupting the current timestamp.
dnsmasq maintains dnsmasq.time across reboots and uses it as a means of
determining if current time is good enough to validate dnssec time
stamps. By including /etc/dnsmasq.time as a time source for sysfixtime,
the mechanism was effectively defeated because time was set to the
last time that dnsmasq considered current even though that time is in
the past. Since that time is out of date, dns(sec) resolution would
fail thus defeating any ntp based mechanisms for setting the clock
correctly.
In theory the process is defeated by any files in /etc that are newer
than /etc/dnsmasq.time however dnsmasq now updates the file's timestamp
on process TERM so hopefully /etc/dnsmasq.time is the latest file
timestamp in /etc as part of LEDE shutdown/reboot.
Either way, including /etc/dnsmasq.time as a time source for
sysfixtime is not helpful.
Some SSL applications requires a certificates bundle rather
than a directory containing certificates. For thos applications
we build the ca-bundle package
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
Add packaging of it87 hardware monitor kernel module. It is
a common thermal and voltage monitor that is in many x86
(at least) devices, and is just another i2c hwmon module.
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
The patch 300-ath9k-force-rx_clear-when-disabling-rx.patch broke TX99 support
in ath9k. Fix the patch by only applying rx_clear if TX99 mode is not used.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
The libusb package is not parallel build save, a make -j16 reliably breaks it.
Forcibly disable parallel building.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
the recent fixes to make mount_root work during failsafe caused lots of
unwanted side effects. use the new preinit sentinel file to detect if
we are in preinit. this will also work if logged in via ssh.
Signed-off-by: John Crispin <john@phrozen.org>
- Update the terminal window title with the current directory and hostname, if using an xterm-compatible terminal emulator.
- Add ll, an useful alias to ls.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
This was found while investigating why luarocks does not work. It was
traced to a quite old lnum patch for 5.1.3. I compared against the
latest 5.1.4 patch - https://github.com/LuaDist/lualnum and discovered
the lessthan/lessequal evaluation was not falling through to the
call_orderTM (tag methods).
I have tested LuCI (simple tests) and used the following lua code to
validate the patch (both host and target patches supplied): -
> local my_mt = {
> __eq = function(v1, v2)
> print("__eq")
> return false
> end,
> __lt = function(v1, v2)
> print("__lt")
> return false
> end,
> __le = function(v1, v2)
> print("__le")
> return false
> end
> }
>
> function get_my(vstring)
> local my = {}
> my.string = vstring;
> setmetatable(my, my_mt);
> return my;
> end
>
> local a = get_my("1.0")
> local b = get_my("1.0")
>
> local eq_works = a == b;
> local lt_works = a < b;
> local gt_works = a > b;
>
> local lte_works = a <= b;
> local gte_works = a >= b;
Without the patch the following error will be presented: -
“attempt to compare two table values”
Signed-off-by: David Thornley <david.thornley@touchstargroup.com>
Update the dropbear package to version 2016.73, refresh patches.
The measured .ipk sizes on an x86_64 build are:
94588 dropbear_2015.71-3_x86_64.ipk
95316 dropbear_2016.73-1_x86_64.ipk
This is an increase of roughly 700 bytes after compression.
Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The original iperf package is unmaintained. This switches to the "iperf2"
project on sourceforge, a fork that started where the previous iperf left
off.
Version 2.0.8 fixes the issue that patch 002 handled, so that can be dropped.
Due to a faulty check in configure.ac, this version needs _GNU_SOURCE
defined to build properly against musl. Various other obsolete build
options were also removed.
Signed-off-by: Bert Vermeulen <bert@biot.com>
The option --disable-utmpx was deleted by accident in commit 7545c1d;
add it again to the CONFIGURE_ARGS list
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
this patch fixes a bug when using uclibc on MIPS. The bug does not exist when
using musl, so drop the fix.
Signed-off-by: John Crispin <john@phrozen.org>
The json_select call fails when there are no roles or ports objects in board.json. "json_select .." must not be executed after failing.
This fixes for example LEDs not being set up in /etc/config/system.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
Remove the udhcpc -R release option as sending a DHCP release
is configurable via the uci option release.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The patch made sure the ncursesw library was not selected to save space,
but that library doesn't exist in this distribution at all.
Signed-off-by: Bert Vermeulen <bert@biot.com>
Currently system log is always included as a part of ubox.
Add logd as a seperate package and add it to default packages list.
Signed-off-by: Andrej Vlasic <andrej.vlasic@sartura.hr>
SVN-Revision: 49285
So far fixtrx was calculating checksum over amount of data matching
partition erase size. It was mostly a workaround of checksum problem
after changing anything in initial TRX content (e.g. formatting JFFS2).
Its main purpose was to make bootloader accept modified TRX. This didn't
provide much protection of flash data against corruption.
This new option lets caller request calculating checksum over a bigger
amount of data. It may be used e.g. to include whole kernel data for
checksum and hopefully make bootloader go info failsafe mode if
something goes wrong.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
We plan to adjust usage of the main buffer to allow reading custom
amount of data for CRC32. This means we need another buffer that will be
always block aligned.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
1) Put sanity checks in one place
2) Respect provided offset
3) Read only as much data as needed for MD5 calculation
Thanks to the last change this is a great speedup and memory saver. On
devices with NAND flash we were allocating & reading about 128 MiB while
something about 8 MiB is enough.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
This avoid long (and unneeded) process of reading all data in case of
running on MTD not containig Seama entity.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
On platforms supporting both: TRX and Seama calling "fixtrx" was
resulting in trying to fix Seama as well.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Packages may install scripts into /etc/uci-defaults to be executed once
after installation, usually at the first boot of the target. This works
fine if the package was installed to the rootfs during build or using
the ImageBuilder.
If the package is installed using opkg during run-time uci-defaults
were applied only after a reboot of the device. Avoid the need to
reboot by evaluting the package's uci-defaults in default-postinst.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Bump to the latest version, fixes several security issues:
* CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176
More details at https://www.openssl.org/news/openssl-1.0.2-notes.html
Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
Update to latest HEAD in order to fix MARK rule generation for local traffic,
also fix a possible race condition during firewall start.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This patch adds missing ASCII aliases to the libiconv stub in order to avoid conversion errors like https://github.com/openwrt/packages/issues/2373
Signed-off-by: Gergely Kiss <mail.gery@gmail.com>
Patch Lua packet script defines SHRT_MAX which is already defined in <linux/kernel.h> and
is included indirectly by lauxlib.h. Fix the redefintion as it leads to compile failure
on systems which treat macro redefinition as an error
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Remove the public unatteded buildkey from the opkg package to avoid
having hardcoded keys in tree. Use the external keyring package instead
which can be easily updated by users.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Conntrack support reads the connection track mark associated with
incoming DNS queries and sets the same mark value on the upstream
forwarded DNS query. This can be usefull to track traffic generated
by dnsmasq to associate it with the clients who generate the queries,
usefull for bandwidth accouting and firewall.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
A dropbear instance having an interface config won't start if the interface is down as no
IP address is available.
Adding interface triggers for each configured interface executing the dropbear reload script
will start the dropbear instance when the interface is up.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Utmp support tracks who is currenlty logged in by logging info to the file /var/run/utmp (supported by busybox)
Putuline support will use the utmp structure to write to the utmp file
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Make sending a DHCP release configurable when the client exits allowing to clean up
IP/mac state info in intermediate devices.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
lua_packet_segment parameter start has type char pointer; in function lua_tg
it's assigned an uint16 value generating compiler warnings obviously indicating
posssible seg fault problems. Fix the issue by using the correct skb functions
so the parameter points to the position inside the sk_buff
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Stijn Cleynhens <stijn.cleynhens@gmail.com>
Add nonshared flag to package depending on specific targets or subtargets as
there's no guarantee otherwise that they'll be available in the shared repo.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When the same package file is specified multiple times on the opkg install
command line, the name pointer on the argv array becomes stale after the
package structures have been merged, leading to invalid memory accesses
upon install.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Instead of converting the firmware files ourselves, use the files
generated during the normal kernel build process. This fixes packaging
kmod-e100 in the SDK environment.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
One of the patched files, include/unwind-cxx.h, contains windows newlines
which lead to the following failure:
Applying ./patches/006-eabi_fix.patch using plaintext:
patching file include/typeinfo
patching file include/unwind-cxx.h
Hunk #1 FAILED at 173 (different line endings).
Hunk #2 FAILED at 181 (different line endings).
Add a fixup command to the prepare phase which normalizes the line endings
before applying source patches.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
- Add %A placeholder for substituting the package architecture
- Change %U placeholder to refer to the toplevel repository URL
- Construct package feed URLs relative to the toplevel one to match new layout
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Use the new repository metadata field to choose the output directory of the
final package archives.
Non-sharable packages will be placed in the per-target package directory
while the rest will be placed in a per-repository sub directory within the
$OUTPUT_DIR/packages/$CPU_TYPE/ prefix.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>