aboutsummaryrefslogtreecommitdiffstats
path: root/package/system
Commit message (Collapse)AuthorAgeFilesLines
* ca-certificates: fix python3-cryptography woes in certdata2pem.pyChristian Lamparter2023-03-041-0/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch is a revert of the upstream patch to Debian's ca-certificate commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.") The reason is, that this change broke builds with the popular Ubuntu 20.04 LTS (focal) releases which are shipping with an older version of the python3-cryptography package that is not compatible. |Traceback (most recent call last): | File "certdata2pem.py", line 125, in <module> | cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) |TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend' |make[5]: *** [Makefile:6: all] Error 1 ...or if the python3-cryptography was missing all together: |Traceback (most recent call last): | File "/certdata2pem.py", line 31, in <module> | from cryptography import x509 |ModuleNotFoundError: No module named 'cryptography' More concerns were raised by Jo-Philipp Wich: "We don't want the build to depend on the local system time anyway. Right now it seems to be just a warning but I could imagine that eventually certs are simply omitted of found to be expired at build time which would break reproducibility." Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697> Reported-by: Chen Minqiang <ptpt52@gmail.com> Reported-by: Shane Synan <digitalcircuit36939@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 25bc66eb40ea2c062940778fba601032b2579734)
* ca-certicficates: Update to version 20211016Christian Lamparter2023-03-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the ca-certificates and ca-bundle package from version 20210119 to version 20211016. Debian change-log entry [1]: |[...] |[ Julien Cristau ] |* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority | bundle to version 2.50 | The following certificate authorities were added (+): | + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" | + "GlobalSign Root R46" | + "GlobalSign Root E46" | + "GLOBALTRUST 2020" | + "ANF Secure Server Root CA" | + "Certum EC-384 CA" | + "Certum Trusted Root CA" | The following certificate authorities were removed (-): | - "QuoVadis Root CA" | - "Sonera Class 2 Root CA" | - "GeoTrust Primary Certification Authority - G2" | - "VeriSign Universal Root Certification Authority" | - "Chambers of Commerce Root - 2008" | - "Global Chambersign Root - 2008" | - "Trustis FPS Root CA" | - "Staat der Nederlanden Root CA - G3" | * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) |[...] [1] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20211016_changelog> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 7c99085bd69742f66207d61e9f2da5ec4f8f9d2f)
* opkg: add patch to avoid remove package repeatly with forceJosef Schlehofer2023-01-062-1/+37
| | | | | | | | | | | | | | | | This patch was taken from the OpenWrt-devel mailing list: https://www.mail-archive.com/openwrt-devel@lists.openwrt.org/msg59794.html It is included already in OpenWrt master branch and OpenWrt 22.03 release as it was included in opkg-lede repository: https://git.openwrt.org/?p=project/opkg-lede.git;a=commit;h=9c44557a776da993c2ab80cfac4dbd8d59807d01 However, it is not included in OpenWrt 21.02, where the same issue is happening. Fixes: CI for https://github.com/openwrt/packages/pull/20074 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* procd: add patch to fix compilation errorChristian Marangi2022-12-041-0/+36
| | | | | | | | | | | procd complain for an unused verbose variable causing compilation error. Fix this by setting the variable static following upstream procd changes. This is a variant of 0ee73b2c86a853ae3274c7080e2dcd36b81aa1fa that introduced major change and fixed the verbose variable to static. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* rpcd: backport 802.11ax supportŠimon Bořek2022-02-191-3/+3
| | | | | | | | | | | Backport of commit 7a560a1a5769 ("iwinfo: add 802.11ax HE support"). enables 802.11ax capability detection through ubus in OpenWrt 21.02 (e.g. with MT7915E 802.11ax PCI Express Wireless Network Adapter) Signed-off-by: Šimon Bořek <simon.borek@nic.cz> [commit message facelift, use openwrt-21.02 branch] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* uci: update to the latest masterRafał Miłecki2022-01-231-3/+3
| | | | | | | 4b3db11 cli: add option for changing save path Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 05a4273058303c8cfb5ff9c087739b924df056b3)
* procd: update to git HEADDaniel Golle2022-01-181-3/+3
| | | | | | | | 945d0d7 utils: fix C style in header file 2cfc26f inittab: detect active console from kernel if no console= specified Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit ffeb37047e85a5efd96890db12710e9d60b4b76a)
* procd: update to git HEADDaniel Golle2022-01-181-3/+3
| | | | | | | 64e9f3a procd: fix compilation with newer musl Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 1cd4a02c8e3f8574f1ba8c40b1bd4decbfb49e62)
* treewide: unmark selected packages nonsharedPetr Štetiar2021-07-022-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This partially reverts changes done in commit 72cc44958ef4 ("treewide: mark selected packages nonshared") as it removes the nonshared flag, but keeps the PKG_RELEASE as the PKG_RELEASE bump while adding nonshared flag was incorrect. Unmark uci, ubus, libubox, lua, libnl-tiny and libjson-c as nonshared packages as this fix attempt didn't worked out. Currently the imagebuilder is broken again: openwrt-imagebuilder-21.02.0-rc3-ipq40xx-generic.Linux-x86_64$ make image PROFILE=avm_fritzbox-7530 PACKAGES=luci-ssl-openssl ... Collected errors: * pkg_hash_check_unresolved: cannot find dependency libiwinfo20210430 for luci-mod-status * pkg_hash_fetch_best_installation_candidate: Packages for luci-mod-status found, but incompatible with the architectures configured * pkg_hash_check_unresolved: cannot find dependency libiwinfo20210430 for rpcd-mod-iwinfo * pkg_hash_fetch_best_installation_candidate: Packages for rpcd-mod-iwinfo found, but incompatible with the architectures configured * satisfy_dependencies_for: Cannot satisfy the following dependencies for luci-ssl-openssl: * libiwinfo20210430 * opkg_install_cmd: Cannot install package luci-ssl-openssl. Everything because iwinfo's ABI was changed two times since rc3 release: +IWINFO_ABI_VERSION:=20210430 +IWINFO_ABI_VERSION:=20210420 Since iwinfo is marked as nonshared, it wasn't built by phase2 builders, but luci-mod-status was already updated 2 times since rc3 and was thus rebuilt by phase2 builders: d1d452ed2fb3 luci-mod-status: don't set '-' hostname when creating static lease 95b3633055c1 luci-mod-status: switch to html table for wlan channel analysis So now luci-mod-status depends on libiwinfo20210430 but only libiwinfo20210106 can be downloaded. This is first part of the fix, in the upcoming commit Jo is going to remove nonshared flag from iwinfo package as well. References: https://lists.infradead.org/pipermail/openwrt-devel/2021-July/035736.html References: https://lists.infradead.org/pipermail/openwrt-devel/2021-July/035741.html Acked-by: Jo-Philipp Wich <jo@mein.io> Reported-by: Nick Hainke <vincent@systemli.org> Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 8307da3dbdaff13d5ce99f8aefa32f5b7a2e18e6)
* ubus: update to the latest versionFelix Fietkau2021-06-301-3/+3
| | | | | | 4fc532c8a55b ubusd: fix tx_queue linked list usage Signed-off-by: Felix Fietkau <nbd@nbd.name>
* opkg: update to git HEADHauke Mehrtens2021-06-141-3/+3
| | | | | | | 1bf042d libopkg: pkg_hash: print unresolved dependencies Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit da86064611db657bce8c3c96b2e58eca8551c3d0)
* treewide: mark selected packages nonsharedHannu Nyman2021-06-142-2/+4
| | | | | | | | | | | | | | | | | | | | | Mark uci, ubus, libubox, lua, libnl-tiny and libjson-c as nonshared packages. This helps to keep coherent dependencies if these ABI versioned packages are later updated. Before this commit it is possible to get missing dependencies in target-specific nonshared packages (like iwinfo) that depend on these shared ABI versioned packages. If these are later updated and rebuilt, only the new ABI version will be available for download, while the target-specific packages in releases continue to depend on the old ABI version. After this commit the packages are built along the other nonshared packages by the phase1 images buildbot and will be available at the target/ download directories instead of packages/base dir. That will help to keep a coherent set available. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> (cherry picked from commit 72cc44958ef4e0df1a152178514c92899d6a957a)
* ubus: update to version 2021-06-03Petr Štetiar2021-06-031-3/+3
| | | | | | | | | | | | This update contains following changes: * ubusd: protect against too-short messages * ubusd: add per-client tx queue limit * ubusd: convert tx_queue to linked list Fixes: FS#1525 Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 4f2243d40a400aa1ce6ae5d06325f93b4d9463a5)
* ubox: fix init script validation of log_ip optionJo-Philipp Wich2021-05-282-2/+2
| | | | | | | | | The underlying logread process uses usock() to handle remote connections which is able to handle both hostnames and IP addresses. Ref: https://github.com/openwrt/luci/issues/5077 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit ec83fb9ced138b7945135adffb9ff0ba63b695ec)
* treewide: Mark packages nonshared if they depend on @TARGET_Hauke Mehrtens2021-05-241-0/+2
| | | | | | | | | | | | | | | This marks all packages which depend on a target with @TARGET nonshared. If they are not marked nonshared they would be build by the SDK build and if this happens with a different SDK, then the SDK from the target the package depends on, the package would not be added to the index. This should fix the image builder for some of these packages. This should fix the image builder at least for bcm27xx/bcm2710 and bcm4908/generic. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 1903233f2b312caf87aa369cd325d9689c45a1c6)
* openwrt-keyring: Only copy sign key for 21.02Hauke Mehrtens2021-05-171-2/+3
| | | | | | | | | | Instead of adding all public signature keys from the openwrt-keyring repository only add the key which is used to sign the OpenWrt 21.02 feeds. If one of the other keys would be compromised this would not affect users of 21.02 release builds. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* procd: update to git HEADDaniel Golle2021-05-161-3/+3
| | | | | | | | 2be57ed cosmetics: provide compatible system info on Aarch64 37eed13 system: expose if system was booted from initramfs Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry-picked from commit 5f1bd952785e3257199879248e0b82216757b0b6)
* zram-swap: bail out early if the kernel doesn't support swapRui Salvaterra2021-04-181-0/+5
| | | | | | | | | Since KERNEL_SWAP is only enabled by default for !SMALL_FLASH targets, we need to check if the current kernel supports swap before trying to configure zram-swap, as opkg can't check for kernel dependencies. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> (cherry picked from commit 565dfeb1280343fb3f838581169e5d7a1c947862)
* rpcd: update to git HEADDaniel Golle2021-03-151-3/+3
| | | | | | | | d3f2041 uci: manually clear uci_ptr flags after uci_delete() operations ccb7517 sys: packagelist: drop ABI version from package name (cherry picked from commit da339a6d3f78f86bb653f29dd1d1aea8351bfdad) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* opkg: update to git HEADDaniel Golle2021-03-151-3/+3
| | | | | | | | | | | d71856a pkg: pass-through ABIVersion to status file d3a63b3 libopkg: add option to strip ABI versions from listed names 5936c4f libopkg: pkg_hash: prefer original packages to satisfy dependencies (cherry squashed from commit 6a7a1f1c64cb307aef561b66956d32867b119a24, commit 988ed0080284903d1fe4851c5ae8f1238bc61da2 and commit b5f6d20560b71025d376cb3052f1d1c2e92b409d) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* selinux-policy: update to version v0.8Daniel Golle2021-03-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a857b45 resolv/locale: eventually this should be more efficient 11ed281 some more optimization 764a475 add redundant calls to file.search_conffile_dirs() 7d4558e fs: treat devtmpfs that same as tmpfs 81b677e adds irqbalance skeleton 5506244 irqbalance rules cc96cd8 adds usbutil and gtpfdisk skels 01e2a55 some fsck, gptfdisk, mkfs and usbutil rules d6d1e7d usbutil: output to terminal da576fa fsck, gptfdisk and usbutil rules 09b39e9 unbound 241a029 hotplugcall: allow dac_read_search (is a subset of dac_override) af0fe90 adds label for tcsh 160f79e adds tcpdump 6d02b96 adds coreutil execfile for busybox alternatives ac54884 coreutilexecfile: these are known to require privileges, so exclude 8cb3b66 adds chrootexecfile 6d329d3 this saves 9KiB and its a bit more robust 88e2425 move addpart/delpart/partx to gptfdisk.cil 261012d ntphotplug: reads ubox data files 0473ace various 740e820 work through to genfs_seclabel_symlinks loose ends (Linux 5.10) bef21f5 TODO adds a note about how I dont need to upgrade to polver 33 from 31 cb2e5a3 ubus uses ntpdhotplug fd, and some genfs_seclabel_symlink changes 07df9b9 luci, rpcd and wpad (mainly genfs_selabel related but not all) 8d86cab genfs_seclabel loose ends for blockmount, hotplugcall, irqbalance, zram-swap b8156cd adds a note about how i forgot to target blockd 6e82ab8 adds blockd and related 254ff43 Makefile: exclude blockd from mintesttgt 4dc6bc2 pppd update related and unbound-odhcp rules 3d7da7a igmpproxy tidy some loose ends c84ba0f rcigmpproxy: add entries to /etc when creating /etc/igmpproxy.conf 5a18967 adds igmpproxy skeleton 7e6a218 logread: support resolving dns names e39ca8b netifd: add support for /etc/udhcpc.user 7952bd0 odhcp6c: support /etc/odhcp6c.user ba0eb4e swconfig, fwenv, agent 4556b8a pppd cosmetic 9324d9d pppd: sends AT commands to model using /dev/ttyUSBN 417b14a ttydev: add some more ttyUSB ed739dc example: dont depend on policycoreutils 97613f9 dropbear: using dropbear as scp: dns name resolving 12c193b dropbear tcp connect ssh ports for scp c050077 rcdnsmasq: remove redundant rule and make rcsysntpd optional 8c5de35 this is a bug 8d5c463 uhttpd rcboot rcdnsmasq 094266e hostapd and wpa_supplicant aef0bd7 mountroot: maintains /tmp/sysupgrade.tar 24f0406 dropbear: allow it to read tmp.fs files 2901433 firstboot mkfsf2fs rcboot 2c4afb7 blockmount mmc 465ca98 adds industrial i/o (iio) nodedev 82f686e mtd stordev: back that ubiblock0_4p1 up with a filecon 7df78bd ubus: "support" older ubusd versions that run as root 4458bce swconfig: allow using terminal (to print output) e8d606d sslcert: openssl linked: this shaves off 200 bytes 93afffb jshn ntpdhotplug 0b847f0 wpad: reads /etc/ssl/openssl.cnf f14ee34 indent fix a0c7cad mtd, uhttpd, ubus and ntpdhotplug d74f98f adds a not about checkreqprot requirement in some scenarios affacce example: add policycoreutils-setfiles for make check 4f944dc kmodloader and fwenv: efe36a3 netifd: adds a comment/reminder 581b087 more fw_printenv loose ends 30177a4 fw_setenv: needs mtd write access to set and delete env da28f4c fw_printenv: some minor clean ups a062053 fw_printenv missing rules 244ba5f blockmount: extroot and /rwm 0745a6a squid: allow squid to run sslcrtd with domain transition b851df6 squid fix 8c55acd squid: adds certfile and allow connect http but... b7c1f6d Makefile: exclude tinyproxy from mintesttgt (using squid) 5ff39bd squid: forgot about luci 5366c97 squid/rcsquid some basic fill in 8743da6 squid skeleton 687a43b adds squid 3128 port to httpproxy port Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry squashed from commit 3ffc30f05aef1a72bc16af8665032164b152fc15 and commit 41a8f093fb26f372fc94e0016cf544ac65718b0b) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* openwrt-keyring: add OpenWrt 21.02 GPG/usign keysPetr Štetiar2021-02-201-3/+3
| | | | | | | | 49283916005d usign: add 21.02 release build pubkey bc4d80f064f2 gpg: add OpenWrt 21.02 signing key Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 1bf6d70e60fdb45d81a8f10b90904cef38c73f70)
* build: reorder more BuildPackages lines to deal with ABI_VERSIONFelix Fietkau2021-02-161-1/+1
| | | | | | | | After the ABI version rework, packages need to be declared in the order of their dependencies, so that dependent packages will use the right ABI version Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 75455b75a7ee)
* libubox: update to the latest version, set ABI_VERSION dynamicallyFelix Fietkau2021-02-151-6/+8
| | | | | | 2537be018587 cmake: add a possibility to set library version Signed-off-by: Felix Fietkau <nbd@nbd.name>
* procd: add hotplug-call dispatcher ubus objectsDaniel Golle2021-02-081-3/+3
| | | | | | Add per-subsystem ubus objects exposing hotplug-call. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* selinux-policy: update to version 0.6Daniel Golle2021-02-051-2/+2
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-02-021-4/+4
| | | | | | | | | | 0aee1c3 hotplug.c: set nl_pid to zero d6dda31 procd: fix compiler warning 92c8e8f jail: remove duplicate check for hook file permissions 0a74c06 jail: only output BPF instr. table header if debugging fd18379 jail: cgroups: fix uninitialized variabl Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* selinux-policy: update to git tag v0.5Daniel Golle2021-01-311-2/+2
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ca-certicficates: Update to version 20210119Paul Menzel2021-01-291-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the ca-certificates and ca-bundle package from version 20200601 to version 2021019. This version uses Python 3 for the build, fixing a build issue on systems, where `/usr/bin/python3` is a wrapper script [1]. Debian change-log entry [2]: > [ Julien Cristau ] > * New maintainer (closes: #976406) > * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate > authority > bundle to version 2.46. > The following certificate authorities were added (+): > + "certSIGN ROOT CA G2" > + "e-Szigno Root CA 2017" > + "Microsoft ECC Root Certificate Authority 2017" > + "Microsoft RSA Root Certificate Authority 2017" > + "NAVER Global Root Certification Authority" > + "Trustwave Global Certification Authority" > + "Trustwave Global ECC P256 Certification Authority" > + "Trustwave Global ECC P384 Certification Authority" > The following certificate authorities were removed (-): > - "EE Certification Centre Root CA" > - "GeoTrust Universal CA 2" > - "LuxTrust Global Root 2" > - "OISTE WISeKey Global Root GA CA" > - "Staat der Nederlanden Root CA - G2" (closes: #962079) > - "Taiwan GRCA" > - "Verisign Class 3 Public Primary Certification Authority - G3" > > [ Michael Shuler ] > * mozilla/blacklist: > Revert Symantec CA blacklist (#911289). Closes: #962596 > The following root certificates were added back (+): > + "GeoTrust Primary Certification Authority - G2" > + "VeriSign Universal Root Certification Authority" > > [ Gianfranco Costamagna ] > * debian/{rules,control}: > Merge Ubuntu patch from Matthias Klose to use Python3 during build. > Closes: #942915 [1]: https://github.molgen.mpg.de/mariux64/mxtools/issues/148 [2]: https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20210119_changelog Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
* treewide: drop shebang from non-executable lib filesAdrian Schmutzler2021-01-294-5/+2
| | | | | | | | | | | | This drops the shebang from another bunch of files in various /lib folders, as these are sourced and the shebang is useless. Fix execute bit in one case, too. This should cover almost all trivial cases now, i.e. where /lib is actually used for library files. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* rpcd: update to git HEADDaniel Golle2021-01-071-4/+4
| | | | | | | | | | fd017ba iwinfo: add ht and vht operation info to wifi scan 4c66b31 iwinfo: export center channel for info ubus call e28d4a5 iwinfo: add support for 802.11ad and GCMP 5c15f57 iwinfo: return hwmode 'ad' on 802.11ad-only hardware ea7f471 iwinfo: include ht_operation data only if available Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* Revert "rpcd: update to git HEAD"Jo-Philipp Wich2021-01-061-4/+4
| | | | | | | | | | | This reverts commit 190e7939639846b86ab487c50169963382720e2b. This update introduces a potential null-pointer deref with subsequent rpcd crash when querying wireless info for non-nl80211 wdevs. Additionally it wrongly includes ht frequency information for non-ht BSSes. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* rpcd: update to git HEADDaniel Golle2021-01-051-4/+4
| | | | | | | | | fd017ba iwinfo: add ht and vht operation info to wifi scan 4c66b31 iwinfo: export center channel for info ubus call e28d4a5 iwinfo: add support for 802.11ad and GCMP 5c15f57 iwinfo: return hwmode 'ad' on 802.11ad-only hardware Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: fix 'firstboot' on unmounted UBIFS overlayDaniel Golle2021-01-041-3/+3
| | | | | | | | | | | The usual OpenWrt-way of writing the JFFS2-marker in order to have a filesystem erased at the next boot fails on UBIFS volumes due to UBI being a different beast when it comes to writing. As truncating a UBIFS volume only takes a few milliseconds and has the desired effect of wiping-out all content of that volume, just do that instead. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* opkg: update to git HEADDaniel Golle2020-12-241-3/+3
| | | | | | 9bbc7ea pkg_hash: pkg_hash_check_unresolved: fix segfault Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* zram-swap: remove the compression streams settingsRui Salvaterra2020-12-131-15/+0
| | | | | | | | | Zram switched to per-cpu compression streams since Linux 4.7 [1]. Drop the irrelevant configuration (no-op). [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/block/zram?h=v4.7&id=43209ea2d17aae1540d4e28274e36404f72702f2 Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* procd: update to git HEADDaniel Golle2020-12-121-3/+3
| | | | | | | 111416d jail: remove unreachable code 7f12c89 treewide: replace local mkdir_p implementations Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to git HEADDaniel Golle2020-12-121-3/+3
| | | | | | | | 0c6fb90 jffs2-reset: allow doing a factory reset and passing a sysupgrade.tgz 4862530 mount: restorecon: guard against execl() errors f415323 block: replace local mkdir_p implementation Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* selinux-policy: update to version 0.4Daniel Golle2020-12-121-2/+3
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* opkg: remove legacy dist and extra_dataPaul Spooren2020-12-091-3/+3
| | | | | | | | | efb26a3 libopkg: remove "extra_data" option 1d67ab7 libopkg: remove support for "dist" config Reduces opkg size by about 400 Bytes. Signed-off-by: Paul Spooren <mail@aparcar.org>
* procd: also depend on jshnSven Roederer2020-12-051-2/+2
| | | | | | fixes "file no found" error on stripped down images, caused by prod.sh:43. Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
* procd: output warning if user 'ubus' doesn't existDaniel Golle2020-12-041-3/+3
| | | | | | 6acc48c early: fall-back to run ubus as root if user can't be found Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ubus: make sure ubusd starts in case user 'ubus' doesn't existDaniel Golle2020-12-041-3/+3
| | | | | | d1d9ddf ubusd: attempt to create socket folder Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2020-11-301-3/+3
| | | | | | | | f3c3563 jail: improve seccomp BPF generator f67a66f jail: always call cgroups_free() 4625350 jail: seccomp: improve code readability Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2020-11-271-3/+3
| | | | | | | | | | | | | | | | 3019f50 jail: leak less memory 7e01453 jail: fix segfault on missing name and refactor 5abee8f jail: fix and simplify userns uid/gid maps from OCI 4ba72ec jail: relax /etc/resolv.conf creation db5ef86 jail: don't use NULL arguments for mount syscall 19ac9df jail: don't fail if can't mount-bind /etc/resolv.conf acf36f2 jail: seteuid before clone(CLONE_NEWUSER) e40828f jail: fix typo in usage output b87984b jail: don't attempt to mount /sys with noatime b275b11 jail: enter existing cgroups namespace if given 31e0a46 jail: properly initialize timens_fd Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* opkg: cleanup man pages and md5 fixupPaul Spooren2020-11-251-3/+3
| | | | | | | 66f458d fix md5sum calculation 02eaf9c man: remove obsolete manual pages Signed-off-by: Paul Spooren <mail@aparcar.org>
* opkg: purge package from cache on hash mismatchPaul Spooren2020-11-241-4/+4
| | | | | | | | | | 61b3c62 opkg_verify_integrity: better logging and error conditions f73d42f download: purge cached packages that have incorrect checksum 1c1480e download: factor out the logic for building cache filenames 293b1ce libopkg: factor out checksum and size verification a786e25 download: remove compatibility with old cache naming scheme Signed-off-by: Paul Spooren <mail@aparcar.org>
* procd: update to git HEADDaniel Golle2020-11-231-3/+3
| | | | | | | d4d78db uxc: also delete procd runtime state on 'delete' e935c0c jail: add 'debug' extern variable to preload_seccomp Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* Revert "refpolicy: add variant that builds modular policy"Daniel Golle2020-11-221-33/+2
| | | | | | | | | | This reverts commit 9eb9943f82e0b2d5e32ffe1c63f5a82caca5094d. Building the 'modular' variant requires 'semodule_package' from 'selinux-python' to be installed on the buildhost. Apart from that, this change also broke the monolithic refpolicy 'targeted' build. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2020-11-221-3/+3
| | | | | | | | | 04a2edd uxc: make force-delete kill container process be6da62 seccomp: silence 'unknown syscall' warnings b22e625 jail: cgroup hack: rewrite cgroup -> cgroup2 df7fa7b uxc: fix incomplete commit Signed-off-by: Daniel Golle <daniel@makrotopia.org>