aboutsummaryrefslogtreecommitdiffstats
path: root/package/base-files
Commit message (Collapse)AuthorAgeFilesLines
* basefiles: allow suid coredumpsKevin Darbyshire-Bryant2017-09-122-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set sysctl fs.suid_dumpable = 2 This allows suid processes to dump core according to kernel.core_pattern setting. LEDE typically uses suid to drop root priviledge rather than gain it but without this setting any suid process would be unable to produce coredumps (e.g. dnsmasq) Processes still need to set a non zero core file process limit ('ulimit -c unlimited' or if procd used 'procd_set_param limits core="unlimited"') in order to produce a core. This setting removes an obscure stumbling block along the way. >From https://www.kernel.org/doc/Documentation/sysctl/fs.txt suid_dumpable: This value can be used to query and set the core dump mode for setuid or otherwise protected/tainted binaries. The modes are 0 - (default) - traditional behaviour. Any process which has changed privilege levels or is execute only will not be dumped. 1 - (debug) - all processes dump core when possible. The core dump is owned by the current user and no security is applied. This is intended for system debugging situations only. Ptrace is unchecked. This is insecure as it allows regular users to examine the memory contents of privileged processes. 2 - (suidsafe) - any binary which normally would not be dumped is dumped anyway, but only if the "core_pattern" kernel sysctl is set to either a pipe handler or a fully qualified path. (For more details on this limitation, see CVE-2006-2451.) This mode is appropriate when administrators are attempting to debug problems in a normal environment, and either have a core dump pipe handler that knows to treat privileged core dumps with care, or specific directory defined for catching core dumps. If a core dump happens without a pipe handler or fully qualifid path, a message will be emitted to syslog warning about the lack of a correct setting. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* base-files: add /etc/profile.d to conffilesStijn Tintel2017-09-031-0/+1
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* base-files: order conffiles alphabeticallyStijn Tintel2017-09-031-10/+10
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* base-files: drop unused preinit_echo functionRafał Miłecki2017-08-091-5/+0
| | | | | | It isn't used for years since the old 99_10_run_init has been dropped. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* base-files: don't setup network in preinit if failsafe is disabledRafał Miłecki2017-08-091-1/+4
| | | | | | | | | | | | With failsafe disabled there is no point in early network setup. We don't send announcement over UDP and there is no way to ssh to the device. A side effect of this is avoiding a possibly incorrect network config (only with failsafe disabled). This problem is related to possible changes made by user in /etc/config/network. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* base-files: suppress uci not found output in login.shFlorian Eckert2017-08-041-1/+1
| | | | | | | Fix "uci: Entry not found" output if "ttylogin" is not set in "etc/config/system" Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* base-files: upgrade: don't loop forever trying to kill processesMatthias Schiffer2017-07-201-1/+10
| | | | | | | | | | When processes don't die on SIGKILL (usually because of kernel bugs), it's better to give up instead of looping forever. upgraded will trigger a reboot in this case (and if this fails, a hardware watchdog will eventually time out and reset the system, if present). Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* treewide: populate boardname and model earlierMathias Kresin2017-07-151-0/+0
| | | | | | | | | | | | | For targets using the generic board detection and board specific settings in diag.sh, the board name is still unset at the time the set_state() provided by diag.sh is called by 10_indicate_preinit. Change the execution order to ensure the boardname is populated before required the first time. Do the target specific board detection as early as possible, directly followed by the generic one to allow a seamless switch to the generic function for populating /tmp/sysinfo/. Signed-off-by: Mathias Kresin <dev@kresin.me>
* base-files: automatically handle paths and symlinks for RAMFS_COPY_BINMatthias Schiffer2017-07-113-39/+33
| | | | | | | | | | | | Depending on busybox applet selection, paths of basic utiilties may differ, and may not work as symlinks to busybox. Simply using whatever binary is found in PATH and detecting symlinks automatically is more robust and easier to maintain. The list of binaries is also slightly cleaned up and duplicates are removed. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* bcm53xx: upgrade: fix RAMFS_COPY_*Matthias Schiffer2017-07-111-1/+1
| | | | | Fixes: 30f61a34b4cf "base-files: always use staged sysupgrade" Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* base-files: upgrade: correctly handle nand_do_upgrade argument passed from ↵Matthias Schiffer2017-07-112-2/+2
| | | | | | | preupgrade Fixes: 30f61a34b4cf "base-files: always use staged sysupgrade" Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* base-files: add "tty" user groupJo-Philipp Wich2017-06-261-0/+1
| | | | | | | | This is needed for an upcoming change to the hotplug default rules which will cause /dev/tty* nodes to get assigned to the "tty" group in order to support unprivileged user access when needed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: fix PKG_CONFIG_DEPENDS to include version.mk entriesRafał Miłecki2017-06-221-1/+2
| | | | | | | | Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for VERSION_SED command. We should keep these configs to make sure package gets refreshed when needed. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* base-files: allocate uid/gid starting from 65536Yousong Zhou2017-06-182-5/+5
| | | | | | | | | | | There already exist static assignment of uid/gid 65533 in packages feed and we have nobody/nogroup taking 65534 as their ids. Let's change the pid of dynamic assignment to start from 65536 so that the two assignment scheme will not collide with each other While at it, fix the scan command checking existence of uid/gid Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* base-files: make ucidef_set_led_rssi offset and factor optionalMathias Kresin2017-06-171-2/+2
| | | | | | | | | | The offset and factor are only related for LEDs which can have different brightness values. But binary LEDs are more common and don't require any further configuation than setting the factor to 1. Use offset = 0 and factor = 1 in case nothing else is specified. Signed-off-by: Mathias Kresin <dev@kresin.me>
* base-files: board.json's switch reset means existence, not argumentJonas Gorski2017-06-111-1/+4
| | | | | | | Don't pass the value unconditionally to swconfig as a parameter but instead only call reset if it is 1. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* base-files: network.sh: fix a number of IPv6 logic flawsJo-Philipp Wich2017-06-081-17/+48
| | | | | | | | | | | | | | | | | | | | | | * Change network_get_subnet6() to sensibly guess a suitable prefix Attempt to return the first non-linklocal, non-ula range, then attempt to return the first non-linklocal range and finally fall back to the previous behaviour of simply returning the first found item. * Fix network_get_ipaddrs_all() Instead of replicating the flawed logic appending a fixed ":1" suffix to IPv6 addresses, rely on network_get_ipaddrs() and network_get_ipaddrs6() to build a single list of all interface addresses. * Fix network_get_subnets6() Instead of replicating the flawed logic appending a fixed ":1" suffix to IPv6 addresses, rely on the ipv6-prefix-assignment.local-address field to figure out the proper network address. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: network.sh: properly report local IPv6 addressesJo-Philipp Wich2017-06-082-18/+14
| | | | | | | | | | Rework the network_get_ipaddr6() and network_get_ipaddrs6() functions to fetch the effective local IPv6 address of delegated prefix from the "local-address" field instead of naively hardcoding ":1" as static suffix. Fixes FS#829. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mvebu: fix sysupgradeMatthias Schiffer2017-06-011-1/+1
| | | | | | | | | | | | | | | | | mvebu was modifying RAMFS_COPY_BIN and RAMFS_COPY_DATA from a sysupgrade_pre_upgrade hook. As the ramfs is created from stage2, this did not have an effect anymore after the staged sysupgrade changes. As it doesn't really hurt to copy fw_printenv and fw_setenv unconditionally, simply add them in /lib/upgrade/platform.sh, so stage2 will see them. Config copying is moved to a function called by platform_copy_config, where it belongs. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> Fixes: FS#821 Fixes: 30f61a34b4cf "base-files: always use staged sysupgrade"
* base-files: nand: use CI_KERNPART whenever the kernel volume is neededChristian Lamparter2017-05-311-4/+4
| | | | | | | | | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. This patch is in continuation of: commit 93aa86040523 "procd: nand: make it possible to configure kernel and ubi partition" The $CI_KERNPART variable should be used in place of the fixed "kernel" partition name. This allows targets to specifiy alternate names for the kernel partition. Cc: Chris Blake <chrisrblake93@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
* base-files: add support for staged sysupgrades from failsafe modeMatthias Schiffer2017-05-293-10/+25
| | | | Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* base-files: sysupgrade cleanupMatthias Schiffer2017-05-293-105/+102
| | | | | | | | | | | | Some functions only used by stage2 are moved there from common.sh. One piece that could still use more cleanup is platform_pre_upgrade: many targets reference files from there are aren't available in the ramfs, so we need to evaluate it before the switch; conversely, flash writes happen in that function on some targets. Targets that do the latter should be fixed eventually to use platform_do_upgrade for that purpose. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* base-files: always use staged sysupgradeMatthias Schiffer2017-05-294-148/+162
| | | | | | | | | | | Support for the -d and -p options is dropped; it may be added again at some point by adding these flags to the ubus sysupgrade call. A downside of this is that we get a lot less information about the progress of the upgrade: as soon as the actual upgrade starts, all shell sessions are killed to allow unmounting the root filesystem. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* procd: remove procd-nand packageMatthias Schiffer2017-05-292-2/+387
| | | | | | | | | | | We always want to support staged upgrades now, so it's better to include upgraded into the main package. /lib/upgrade/nand.sh is moved to base-files. The procd-nand-firstboot package is removed for now, it may return later as a separate package. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* Revert "sysupgrade: run only one instance at a time."Jo-Philipp Wich2017-05-261-14/+0
| | | | | | | | | | | | | This reverts commit e96a9a9af82c00dcce606a84a7bb87a00411385d. The change breaks sysupgrade through LuCI and two-stage sysupgrade on NAND targets. There is also a mismatch of file paths in lock and unlock operations. This commit was apparently neither properly tested, nor reviewed, so drop it for now. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* sysupgrade: run only one instance at a time.Kenneth Johansson2017-05-251-0/+14
| | | | | | | Things do not work well if running multiple instances of upgrade at the same time. Signed-off-by: Kenneth Johansson <kenneth.johansson@inteno.se>
* base-files: fix default procd reloadAlexandru Ardelean2017-05-201-1/+1
| | | | | | | | | | | | | | | | | | Bug introduced with 6713694. I did not count on procd handling reload as mentioned in this doc: https://wiki.openwrt.org/inbox/procd-init-scripts ``` procd_set_param file /var/etc/your_service.conf # /etc/init.d/your_service reload will restart the daemon if these files have changed procd_set_param netdev dev # likewise, except if dev's ifindex changes. procd_set_param data name=value ... # likewise, except if this data changes. ``` The service would be restarted regardless of any of those params. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* base-files: add led functions to uci-defaults.shAlberto Bursi2017-05-141-0/+8
| | | | | | | | | | | | | uci_set_leds_ataport() allows to set a led to show activity on a specific (s)ata port, which is needed for devices that have a Sata led for each sata port. The led trigger is from the 834-ledtrig-libata.patch LEDE kernel patch. uci_set_leds_usbhost() allows to set a led to show total usb activity. Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it> [Jo-Philipp Wich: use a single underscore to denote private functions] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: cleanup led functions in uci-defaults.shAlberto Bursi2017-05-141-145/+91
| | | | | | | | | | create a function with code common to all led functions, create another function with code common to functions setting a simple led trigger, restore alphabetical order in function names. Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it> [Jo-Philipp Wich: use a single underscore to denote private functions] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: implement ucidef_set_hostname(), ucidef_set_ntpserver()Jo-Philipp Wich2017-05-031-0/+20
| | | | | | | | | | | | | | Commit 2036ae4 (base-files: support hostname and ntp servers through board.d) was supposed to implement these procedures but lacked the required changes to uci-defaults.sh. Add the missing procedures now to fix config generation on targets relying on hostname or NTP server presetting. Fixes FS#754. Reported-by: Cristian Morales Vega <cristian@samknows.com> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: use restart if no reload hook for serviceAlexandru Ardelean2017-04-121-4/+3
| | | | | | | | | | | | | | | | | | | | | | | This was also working before, with a slightly different semantic. [ Original semantic ] If no reload hooks was implemented, the default one would kick in, it would return fail, and restart would happen. This would happen also in the case where a reload hook would be implemented, it would fail, and it would restart the service. [ New semantic ] The default reload hook calls restart. Services can implement their own reload. If reload fails, then the '/etc/init.d/<service> reload' would return a non-zero code, and the caller can choose a way to handle this. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* base-files: add generic board_name function to functions.shFelix Fietkau2017-03-221-0/+4
| | | | | | | This will be used to replace all those nasty board specific scripts that do basically the same thing Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: add devel option to store build config in firmwareVitaly Chekryzhev2017-03-181-0/+4
| | | | | | Store config.seed in firmware /etc/build.config Signed-off-by: Vitaly Chekryzhev <13hakta@gmail.com>
* base-files: always set proto passed to _ucidef_set_interface()Mathias Kresin2017-03-111-1/+1
| | | | | | | | | | | | | | | Overwrite an already set proto if a new one is passed to _ucidef_set_interface() similar to what is done for the interface. It is required when using ""ucidef_set_interface_wan 'ptm0' 'pppoe'" after some initial wan interface configuration is already done by ucidef_add_switch. The "json_is_a protocol string" guard is meant to not reset an earlier set interface proto in case something like "ucidef_set_interface_lan 'eth0'" is used afterwards. Signed-off-by: Mathias Kresin <dev@kresin.me>
* base-files: add submission service portLucian Cristian2017-03-111-0/+2
| | | | | | prevent postfix start failure fatal: 0.0.0.0:submission: Unrecognized service Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* build: add buildbot specific config option for setting defaultsFelix Fietkau2017-02-141-1/+1
| | | | | | | | | | This can be used to tweak the buildbot behavior without having to change buildbot's configuration. It will also allow us to add more aggressive clean steps (e.g. on toolchain changes), which would break developers' workflows if enable by default. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* base-files: Added a deprecation notice on wifi detectDavid Pinilla Caparrós2017-02-131-1/+7
| | | | | | | | When running wifi detect, the user will be told on error output that wifi detect is deprecated, that wifi config must be used instead. Also the commit that changes it is referenced for further info. Signed-off-by: David Pinilla Caparrós <dpinitux@gmail.com>
* base-files: Add wifi config to wifi command usageDavid Pinilla Caparrós2017-02-131-2/+2
| | | | | | | | | | Since commit 5f8f8a366136a07df661e31decce2458357c167a wifi detect does not longer work and wifi config it's used to configure not yet configured wireless devices. This commit changes command usage to reflect that change. Signed-off-by: David Pinilla Caparrós <dpinitux@gmail.com>
* base-files: emit tagged switch configuration by defaultJo-Philipp Wich2017-02-021-1/+1
| | | | | | | | | | | | | | | | | | | Instead of only using tagged CPU port configurations when more than one VLAN is present on the switch, always emit tagged configurations unless a board explicitely opts out of this behaviour by using the previously introduced [0-9]u@netdev syntax. Emitting default tagged configurations has the following benefits: - Relation of switch vlans to netdevs is easier to understand, especially for multi-cpu-port switches - Adding additional VLANs (e.g. to break out a LAN port for other purposes) becomes easier as users are not forced to change the existing untagged VLAN to tagged and the existing ifname notation from ethX to ethX.Y anymore, drastly reducing the likelyhood of soft-bricks. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: don't overwrite model name set by targetMathias Kresin2017-01-301-1/+1
| | | | | | | | | | | The condition is always true due to the literal string followed the -n test parameter. A model name set by target scripts always gets overwritten this way. Change the condition to check for an already existing destination file as it was before 5e85ae9 ("base-files: fix error message during boot"). Signed-off-by: Mathias Kresin <dev@kresin.me>
* base-files: uppercase default hostname: LEDEYousong Zhou2017-01-261-1/+1
| | | | | | | The name will appear in shell prompt and LuCI page title. Uppercase letters seem to be more vigorous Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* base-files: fix user creation on sysupgrade with few opkg control filesMatthias Schiffer2017-01-241-1/+1
| | | | | | | | | | | If only a single opkg control file exists (which can happen with CONFIG_CLEAN_IPKG), grep would not print the file name by default. Instead of forcing it using -H, we just switch to -l (print only file names) and get rid of the cut. Add -s to suppress an error message when no control files exist. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* base-files: add /etc/iproute2/rt_protosHans Dedecker2017-01-182-1/+20
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* base-files: add ARCH_PACKAGES to openwrt_release and os-releaseMatthias Schiffer2017-01-162-0/+2
| | | | | | | | | Knowing the package architecture at runtime can be useful, e.g. to configure opkg repository URLs. The value of ARCH_PACKAGES ("%A" in VERSION_SED) as added to openwrt_release (as DISTRIB_ARCH) and os-release (as LEDE_ARCH). Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* opkg: drop S/MIME supportFelix Fietkau2017-01-101-39/+0
| | | | | | | | | | It has never been used by default (due to being too bloated), and it is properly replaced by usign (which has been the default for a long time now). Remove this feature to simplify the build system Signed-off-by: Felix Fietkau <nbd@nbd.name>
* base-files: save /bin/mknod for sysupgradeFelix Fietkau2017-01-061-1/+2
| | | | | | It is used on NAND devices in case hotplug is too slow Signed-off-by: Felix Fietkau <nbd@nbd.name>
* base-files: export x86 platform upgrade functions to common.shYousong Zhou2017-01-051-0/+90
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* build: use mkhash to replace various quirky md5sum/openssl callsFelix Fietkau2017-01-051-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* base-files: fix message of initscript wrapperAlberto Bursi2017-01-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | currently (after blogic's edit to my commit) it prints like this: root@lede:/# service aa aa does not exist. the following services are available :adblock dnsmasq gpio_switch rpcd system boot done led sqm uhttpd crelay dropbear log sysctl umount cron firewall network sysfixtime urandom_seed ddns fstab odhcpd sysntpd which looks pretty bad, and is even worse if someone writes only "service" without arguments, as it will print " does not exist. " which is confusing. with this commit it looks like this: root@lede:/# service service "" not found, the following services are available: adblock dnsmasq gpio_switch rpcd system boot done led sqm uhttpd crelay dropbear log sysctl umount cron firewall network sysfixtime urandom_seed ddns fstab odhcpd sysntpd Yes there is some play with " and ', it is to display "name" or just "" if no service name is entered (like in the example). Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
* base-files: add support for overlaying rootfs contentRafał Miłecki2016-12-201-0/+5
| | | | | | | | | This adds support for install-overlay define. When used in package it allows installing files to a special directory that gets copied to the root when installing it. It allows overwriting files provided by other packages. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>