Commit graph

311 commits

Author SHA1 Message Date
Yousong Zhou
b2aa820b48 base-files: fix getting gid from group_add_next
Shell function return code only has range [0, 255].  Other values will
be truncated, e.g. return 65536 will have the same effect as return 0

While at it, drop other "return $rc" where rc will almost always take
value 0 and whose value current callers actually do not check

Fixes FS#988

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-11-09 17:42:36 +08:00
Edmunt Pienkowsky
fdc7cc9907 base-files: add interval option to netdev LED trigger configuration
Add an uci option to set the interval parameter of the netdev trigger.

Signed-off-by: Edmunt Pienkowsky <roed@onet.eu>
2017-11-03 20:04:52 +01:00
Hauke Mehrtens
3adafda07c base-files: create /etc/config/ directory
The /bin/config_generate script and some other scripts are assuming the
/etc/config directory exists in the image. This is true in case for
example the package firewall, dropbear or dnsmasq are included, which
are adding the files under /etc/config/. Without any of these package
the system will not boot up fully because the /etc/config/ directory is
missing and some init scripts just fail.

Make sure all images with the base-files contain a /etc/config/
directory.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: John Crispin <john@phrozen.org>
2017-09-30 22:22:38 +02:00
Hans Dedecker
400c5f03c3 base-files: fix wan6 interface config generation for pppoe
Setting ipv6 to auto in case of a pppoe interface will trigger the
creation of a dynamic wan_6 interface meaning two IPv6 interfaces
(wan6 and wan_6) will be active on top of the pppoe interface.
This leads to unpredictable behavior in the network; therefore set
ipv6 to 1 which will prevent the dynamic creation of the wan_6
interface.
Further alias the wan6 interface on top of the wan interface for pppoe
as the wan6 interface can only be started when the link local address is
ready. In case of pppoe the link local address is negotiated during the
Internet Protocol Control Protocol when the PPP link is setup meaning
all the IP address info is only available when the wan interface is up.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-18 09:57:34 +02:00
Kevin Darbyshire-Bryant
7765e442d0 basefiles: allow suid coredumps
Set sysctl fs.suid_dumpable = 2

This allows suid processes to dump core according to kernel.core_pattern
setting.  LEDE typically uses suid to drop root priviledge rather than
gain it but without this setting any suid process would be unable to
produce coredumps (e.g. dnsmasq)

Processes still need to set a non zero core file process limit ('ulimit
-c unlimited' or if procd used 'procd_set_param limits
core="unlimited"') in order to produce a core.  This setting removes an
obscure stumbling block along the way.

>From https://www.kernel.org/doc/Documentation/sysctl/fs.txt

suid_dumpable:

This value can be used to query and set the core dump mode for setuid
or otherwise protected/tainted binaries. The modes are

0 - (default) - traditional behaviour. Any process which has changed
	privilege levels or is execute only will not be dumped.
1 - (debug) - all processes dump core when possible. The core dump is
	owned by the current user and no security is applied. This is
	intended for system debugging situations only. Ptrace is unchecked.
	This is insecure as it allows regular users to examine the memory
	contents of privileged processes.
2 - (suidsafe) - any binary which normally would not be dumped is dumped
	anyway, but only if the "core_pattern" kernel sysctl is set to
	either a pipe handler or a fully qualified path. (For more details
	on this limitation, see CVE-2006-2451.) This mode is appropriate
	when administrators are attempting to debug problems in a normal
	environment, and either have a core dump pipe handler that knows
	to treat privileged core dumps with care, or specific directory
	defined for catching core dumps. If a core dump happens without
	a pipe handler or fully qualifid path, a message will be emitted
	to syslog warning about the lack of a correct setting.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2017-09-12 22:18:45 +02:00
Stijn Tintel
ef255fc57e base-files: add /etc/profile.d to conffiles
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-03 01:27:46 +03:00
Stijn Tintel
8446d3de05 base-files: order conffiles alphabetically
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-03 01:27:46 +03:00
Rafał Miłecki
b91a38d647 base-files: fix PKG_CONFIG_DEPENDS to include version.mk entries
Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for
VERSION_SED command. We should keep these configs to make sure package
gets refreshed when needed.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-06-22 10:05:23 +02:00
Yousong Zhou
f334a0cdb8 base-files: allocate uid/gid starting from 65536
There already exist static assignment of uid/gid 65533 in packages feed
and we have nobody/nogroup taking 65534 as their ids.  Let's change the
pid of dynamic assignment to start from 65536 so that the two assignment
scheme will not collide with each other

While at it, fix the scan command checking existence of uid/gid

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-06-18 10:39:35 +08:00
Jo-Philipp Wich
7f91cabd0d base-files: network.sh: properly report local IPv6 addresses
Rework the network_get_ipaddr6() and network_get_ipaddrs6() functions to
fetch the effective local IPv6 address of delegated prefix from the
"local-address" field instead of naively hardcoding ":1" as static suffix.

Fixes FS#829.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-08 12:06:01 +02:00
Matthias Schiffer
393817df5d
procd: remove procd-nand package
We always want to support staged upgrades now, so it's better to include
upgraded into the main package. /lib/upgrade/nand.sh is moved to
base-files.

The procd-nand-firstboot package is removed for now, it may return later
as a separate package.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:50:32 +02:00
Vitaly Chekryzhev
01337ba472 build: add devel option to store build config in firmware
Store config.seed in firmware /etc/build.config

Signed-off-by: Vitaly Chekryzhev <13hakta@gmail.com>
2017-03-18 12:08:04 +01:00
Hans Dedecker
5f7a081553 base-files: add /etc/iproute2/rt_protos
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-18 13:15:28 +01:00
Felix Fietkau
84bd74057f build: use mkhash to replace various quirky md5sum/openssl calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-05 11:09:12 +01:00
Jonas Gorski
afaa34ccd7 base-files: don't modify enabled state of service on upgrade
Properly stop/start services on upgrade, but don't change the enabled
state.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2016-11-21 18:40:15 +01:00
Felix Fietkau
cc853810a4 base-files: validate metadata of sysupgrade images
Use fwtool to extract it, only require metadata to be present if the
platform sysupgrade script sets REQUIRE_IMAGE_METADATA=1

Image metadata is in JSON format and contains a list of supported
devices, along with version information that could be displayed by a UI
later before the actual upgrade happens.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-11-19 11:24:09 +01:00
Florian Fainelli
ef64c8694b base-files: Allow subtargets to define base-files.mk
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2016-09-19 19:42:10 +02:00
Mathias Kresin
5fadd4397b preinit: use only the image config options
The pi_* variables and the fs_failsafe_wait_timeout variable are set by
the CONFIG_TARGET_PREINIT_* config options. No need to maintain the same
values twice.

All other fs_ variables were never used.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2016-08-10 03:04:08 +02:00
Felix Fietkau
5fd2eabeb2 base-files: remove support of profile-specific base-files
It is incompatible with multi-profile builds and has not been used
in-tree anyway.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-26 08:26:24 +02:00
Jo-Philipp Wich
8d51706616 base-files: use LEDE NTP vendor pool
The vendor NTP pool for the LEDE project got approved, so switch to it now.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-28 19:14:31 +02:00
Daniel Dickinson
f954f4337b base-files: Add standard os-release file
/etc/os-release is the standard distribution release information
file, therefore add it (and image configuration options for
fields not previously present in LEDE).  Once it is deemed
reasonable the non-standard openwrt_release, openwrt_version,
and device_info files could be removed (that is with this patch
we consider them deprecated in favour of the standard file).

Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
2016-06-24 13:52:53 +02:00
John Crispin
87eb8fad13 base-files: remove fstab symlink
the symlink no longer gets used since we switched to the block-mount tool.

Signed-off-by: John Crispin <john@phrozen.org>
2016-06-17 04:13:07 +02:00
Hannu Nyman
df7581e4c0 base-files: increase default system log size to 64 kB
Increase the default system log buffer size
from 16 kB (built-in default in ubox logd)
to 64 kB by setting the option in /etc/config/system.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-06-07 23:13:29 +02:00
John Crispin
a13f47760c base-files: add a conditional dependency to lede-keyring
Signed-off-by: John Crispin <john@phrozen.org>
2016-04-29 04:15:34 +02:00
John Crispin
b4e33a1c08 base-files: Allow to disable failsafe mode
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
2016-04-19 10:07:35 +02:00
Jo-Philipp Wich
9e04019024 package: flag essential components as nonshared
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-06 22:38:47 +02:00
John Crispin
fa69553900 branding: add LEDE branding
Signed-off-by: John Crispin <blogic@openwrt.org>
2016-03-24 22:40:13 +01:00
Jo-Philipp Wich
eced3b3a35 base-files: support passing mode to ucidef_set_led_netdev()
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48806
2016-02-26 14:49:17 +00:00
Jo-Philipp Wich
117cef6d44 base-files: add netifd's default prelocal table to /etc/iproute2/rt_tables
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48685
2016-02-09 12:34:05 +00:00
Jo-Philipp Wich
cc289e0adb base-files: honor CONFIG_TARGET_INIT_PATH
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48678
2016-02-08 14:28:50 +00:00
John Crispin
3f78186f76 base-files: allow timezone to be overriden by zonename (proper zoneinfo support)
Signed-off-by: Roman Yeryomin <roman@advem.lv>

SVN-Revision: 47980
2015-12-23 14:44:31 +00:00
Felix Fietkau
ce98f1d264 base-files: drop the now unnecessary dependency on opkg/host
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47886
2015-12-13 17:03:51 +00:00
John Crispin
2f42d9e27d base-file: remove /tmp/.jail (now useless)
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>

SVN-Revision: 47855
2015-12-11 15:06:31 +00:00
Jo-Philipp Wich
6d3901bf76 base-files: config_generate: honour port_mask property (#20963)
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 47609
2015-11-24 13:39:53 +00:00
Felix Fietkau
b61e77aedd base-files: use the correct path in case of modified preinit options
If the user sets any preinit options in .config, the wrong path may get
applied due to wrong default value in image-config.in and due to Makefile
writing also the unchanged options into 00_preinit.conf

Modify the default path in image-config.in to match the current default
path set by r47080. Also modify the fall-back default in Makefile.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

SVN-Revision: 47590
2015-11-22 19:06:20 +00:00
Steven Barth
468c1fb320 base-files: revert to default ECN settings
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 47160
2015-10-07 21:11:24 +00:00
Steven Barth
d7023fc0bc base-files: sanitize and unify $PATH
Previously init and hotplug paths were different from console.

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 47080
2015-10-02 08:24:32 +00:00
Felix Fietkau
5da85f7a01 base-files: add a dependency on fstools
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47066
2015-09-28 09:40:39 +00:00
Steven Barth
00045fe9d0 base-files: add /etc/iproute2/rt_tables, replace ifconfig-usage
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46830
2015-09-08 17:44:13 +00:00
Jo-Philipp Wich
3d1890053c base-files: add /etc/hosts entries for ::1, ff02::1 and ff02::2
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46771
2015-09-02 11:54:03 +00:00
John Crispin
3787c32183 sysctl: read settings from /etc/sysctl.d/*.conf
This changes makes it possible to store custom settings
in individual files inside the directory /etc/sysctl.d/.

Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>

SVN-Revision: 46239
2015-07-07 13:47:23 +00:00
Felix Fietkau
beca028bd6 build: add integration for managing opkg package feed keys
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45286
2015-04-06 19:39:51 +00:00
Nicolas Thill
fe46689f10 packages: use $(LN) macro, make symlinks relative
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 45250
2015-04-03 00:07:43 +00:00
Nicolas Thill
11d4a00c88 base-files: add more config files to conffiles section
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 45244
2015-04-02 14:53:24 +00:00
Jo-Philipp Wich
e3744a7cc7 base-files: fix target/subtarget value in /etc/openwrt_release
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44409
2015-02-11 15:12:32 +00:00
John Crispin
b0d2a9e77a base-files: default_postinst() - create user:group first (resend)
create user:group before running postinst-pkg. the postinst hook might require
the user:group to already exist.

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>

SVN-Revision: 43472
2014-12-01 16:15:13 +00:00
Nicolas Thill
f4417f7ad8 package/*: replace occurences of 'ln -sf' to '$(LN)'
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 43205
2014-11-06 19:35:34 +00:00
John Crispin
74a3a77bcd license info - revert r43155
turns out that r43155 adds duplicate info.

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43167
2014-11-03 09:56:44 +00:00
John Crispin
c10d97484a Add more license tags with SPDX identifiers
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.

I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.

However, I can not garantee that I always picked the correct information
and/or did not miss license information.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 43155
2014-11-03 08:01:08 +00:00
Steven Barth
bec9d38fa4 Add a few SPDX tags
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43151
2014-11-02 12:20:54 +00:00