Some SSL applications requires a certificates bundle rather
than a directory containing certificates. For thos applications
we build the ca-bundle package
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
the recent fixes to make mount_root work during failsafe caused lots of
unwanted side effects. use the new preinit sentinel file to detect if
we are in preinit. this will also work if logged in via ssh.
Signed-off-by: John Crispin <john@phrozen.org>
Currently system log is always included as a part of ubox.
Add logd as a seperate package and add it to default packages list.
Signed-off-by: Andrej Vlasic <andrej.vlasic@sartura.hr>
SVN-Revision: 49285
So far fixtrx was calculating checksum over amount of data matching
partition erase size. It was mostly a workaround of checksum problem
after changing anything in initial TRX content (e.g. formatting JFFS2).
Its main purpose was to make bootloader accept modified TRX. This didn't
provide much protection of flash data against corruption.
This new option lets caller request calculating checksum over a bigger
amount of data. It may be used e.g. to include whole kernel data for
checksum and hopefully make bootloader go info failsafe mode if
something goes wrong.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
We plan to adjust usage of the main buffer to allow reading custom
amount of data for CRC32. This means we need another buffer that will be
always block aligned.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
1) Put sanity checks in one place
2) Respect provided offset
3) Read only as much data as needed for MD5 calculation
Thanks to the last change this is a great speedup and memory saver. On
devices with NAND flash we were allocating & reading about 128 MiB while
something about 8 MiB is enough.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
This avoid long (and unneeded) process of reading all data in case of
running on MTD not containig Seama entity.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
On platforms supporting both: TRX and Seama calling "fixtrx" was
resulting in trying to fix Seama as well.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Remove the public unatteded buildkey from the opkg package to avoid
having hardcoded keys in tree. Use the external keyring package instead
which can be easily updated by users.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When the same package file is specified multiple times on the opkg install
command line, the name pointer on the argv array becomes stale after the
package structures have been merged, leading to invalid memory accesses
upon install.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Respect user configured mount flags such as "ro" or "sync" when processing
external overlay mount points.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
SVN-Revision: 49223
procd from revision b12bb150ed38a4409bef5127c77b060ee616b860 supports
writing a pidfile. This adds support for setting that parameter with
standard init script hooks:
procd_set_param pidfile /var/run/someprocess.pid
Signed-off-by: Karl Palsson <karlp@etactica.com>
SVN-Revision: 48984
MD5s are shorter than SHA256, so reading buffer has to be bigger to read the
whole hash.
Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
SVN-Revision: 48917
Extend /etc/config/system with a parameter to set the
default respawn retry for procd launched services that
have respawn enabled.
config service
option respawn_retry -1
All services that don't specify specific respawn parameters
will get their defaults added by procd.sh. If respawn_retry
is specified in /etc/config/system the default retry limit
will be set to this value by procd.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
SVN-Revision: 48915
The image_check currently fails when it cannot read all magic bytes in a
single chunk. But this can happen when the data are read from a pipe. This
currently breaks the openmesh.sh upgrade script with musl because it uses
dd with a blocksize of 1 to copy the image file to the mtd process.
The read can simply be repeated until enough bytes are read for the magic
byte check. It only stops when either an error was returned or 0 bytes were
read.
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
SVN-Revision: 48891
Opkg now uses sha256 by default and expects them. Making it optionally
understand md5s also and detect md5 sum so we can migrate from configuration
that used md5.
Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
SVN-Revision: 48867
There are time that programs need to be notified of events from
subsystems that are not enumerated in the .json definition, e.g. QEMU
guest agent by default requires /dev/virtio-ports/org.qemu.guest_agent.0
which is a symlink to /dev/vportMpN from virtio-ports subsystem.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 48799
Seama header has MD5 similarly to TRX and its CRC32. We need to update
it after replacing anything in Seama entity content to make bootloader
accept it.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48688
Recently TRX checking code was changed to detect Seama format and don't
abort whole writing operation because of it. This isn't a good long-term
solution. It's a poor idea to teach every format handler recognizing all
possible formats. Instead it should be handled in a generic code which
should run check depending on the detected format.
This will also allow further improvements like fixing formats other than
TRX after replacing JFFS2.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48639
- update to latest version 20160104
- remove cpu dependency (PKGARCH:=all)
- set myself as package maintainer
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 48271
This fixes diverging executable search paths observed in programs
launched throughn etifd which in turn inherited the search path from
procd early on boot.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 48235
Add 'platform_nand_pre_upgrade' callback to allow platform specific
preparation right before flashinng, when already in ramdisk.
Example uses might be setting correct values for CI_{KERNPART,UBIPART}.
Signed-off-by: Nikolay Martynov <mar.kolya@gmail.com>
SVN-Revision: 47879
Bump ubus to current Git HEAD in order to:
* Fix a null pointer access when user ACLs are loaded into memory
* Fix wrong permission handling for uid=0, gid!=0 peers
* Fix return code for permission defined cases
* Fix socket error handling when the server connection dies
* Make ACL file path configurable
* Remove invalid usages of poll() when using a zero timeout
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47816
This version fixes a potential uncontrolled format string problem. This
makes it possible to activate the format security check.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47600
This version fixes a potential uncontrolled format string problem. This
makes it possible to activate the format security check.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47599
This version fixes a potential uncontrolled format string problem. This
makes it possible to activate the format security check.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47598
I accidentally deactivated it. This should be set to active it in any case
independently what was set in the user config.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47587
Now we have all targets using platform_pre_upgrade (and calling
nand_do_upgrade directly) we don't need nand_upgrade_stage1 to be in
sysupgrade_pre_upgrade hooks anymore.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47489
This is done with existing code from the WRT1900AC port.
It makes sure the "auto_recovery" bootloader option is set,
and resets the s_env boot counter after a successful boot.
This gives users without a serial console connection some
measure of safety.
Signed-off-by: Claudio Leite <leitec@staticky.com>
SVN-Revision: 47433
Recently all targets have been updated to call nand_do_upgrade directly.
It's not needed anymore to leave a magic /tmp/sysupgrade-nand-path mark
during image check.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Acked-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 47079
'opkg list' command only displays the available packages' name, version and
description. It would be useful to also see the approximate size of the
available package.
This patch extends "opkg list" command with "--size" to optionally show also
the *.ipk size.
* Default behaviour is to list the available packages as earlier:
"name - version - description"
* with "--size" the output of is "name - version - size - description".
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
SVN-Revision: 46980
this need to be applied after my work on ujail (procd git)
ujail doesn't depend on seccomp and some archs dont support seccomp
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
SVN-Revision: 46936
Expose the "lists_dir" configuration file option as command line
switch so that we can override it for the Image Builder environment.
Also add a more standard PKG_MAINTAINER variable while touching
the Makefile.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 46911
As the OpenWrt build system only resolves build dependencies per directory,
all opkg variants were causing libopenssl to be downloaded and built,
not only opkg-smime. Fix this by applying the same workaround as in
ustream-ssl.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
SVN-Revision: 46850