aboutsummaryrefslogtreecommitdiffstats
path: root/package/system
Commit message (Collapse)AuthorAgeFilesLines
* procd: add hotplug-call dispatcher ubus objectsDaniel Golle2021-02-081-3/+3
| | | | | | Add per-subsystem ubus objects exposing hotplug-call. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* selinux-policy: update to version 0.6Daniel Golle2021-02-051-2/+2
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-02-021-4/+4
| | | | | | | | | | 0aee1c3 hotplug.c: set nl_pid to zero d6dda31 procd: fix compiler warning 92c8e8f jail: remove duplicate check for hook file permissions 0a74c06 jail: only output BPF instr. table header if debugging fd18379 jail: cgroups: fix uninitialized variabl Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* selinux-policy: update to git tag v0.5Daniel Golle2021-01-311-2/+2
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ca-certicficates: Update to version 20210119Paul Menzel2021-01-291-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the ca-certificates and ca-bundle package from version 20200601 to version 2021019. This version uses Python 3 for the build, fixing a build issue on systems, where `/usr/bin/python3` is a wrapper script [1]. Debian change-log entry [2]: > [ Julien Cristau ] > * New maintainer (closes: #976406) > * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate > authority > bundle to version 2.46. > The following certificate authorities were added (+): > + "certSIGN ROOT CA G2" > + "e-Szigno Root CA 2017" > + "Microsoft ECC Root Certificate Authority 2017" > + "Microsoft RSA Root Certificate Authority 2017" > + "NAVER Global Root Certification Authority" > + "Trustwave Global Certification Authority" > + "Trustwave Global ECC P256 Certification Authority" > + "Trustwave Global ECC P384 Certification Authority" > The following certificate authorities were removed (-): > - "EE Certification Centre Root CA" > - "GeoTrust Universal CA 2" > - "LuxTrust Global Root 2" > - "OISTE WISeKey Global Root GA CA" > - "Staat der Nederlanden Root CA - G2" (closes: #962079) > - "Taiwan GRCA" > - "Verisign Class 3 Public Primary Certification Authority - G3" > > [ Michael Shuler ] > * mozilla/blacklist: > Revert Symantec CA blacklist (#911289). Closes: #962596 > The following root certificates were added back (+): > + "GeoTrust Primary Certification Authority - G2" > + "VeriSign Universal Root Certification Authority" > > [ Gianfranco Costamagna ] > * debian/{rules,control}: > Merge Ubuntu patch from Matthias Klose to use Python3 during build. > Closes: #942915 [1]: https://github.molgen.mpg.de/mariux64/mxtools/issues/148 [2]: https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20210119_changelog Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
* treewide: drop shebang from non-executable lib filesAdrian Schmutzler2021-01-294-5/+2
| | | | | | | | | | | | This drops the shebang from another bunch of files in various /lib folders, as these are sourced and the shebang is useless. Fix execute bit in one case, too. This should cover almost all trivial cases now, i.e. where /lib is actually used for library files. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* rpcd: update to git HEADDaniel Golle2021-01-071-4/+4
| | | | | | | | | | fd017ba iwinfo: add ht and vht operation info to wifi scan 4c66b31 iwinfo: export center channel for info ubus call e28d4a5 iwinfo: add support for 802.11ad and GCMP 5c15f57 iwinfo: return hwmode 'ad' on 802.11ad-only hardware ea7f471 iwinfo: include ht_operation data only if available Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* Revert "rpcd: update to git HEAD"Jo-Philipp Wich2021-01-061-4/+4
| | | | | | | | | | | This reverts commit 190e7939639846b86ab487c50169963382720e2b. This update introduces a potential null-pointer deref with subsequent rpcd crash when querying wireless info for non-nl80211 wdevs. Additionally it wrongly includes ht frequency information for non-ht BSSes. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* rpcd: update to git HEADDaniel Golle2021-01-051-4/+4
| | | | | | | | | fd017ba iwinfo: add ht and vht operation info to wifi scan 4c66b31 iwinfo: export center channel for info ubus call e28d4a5 iwinfo: add support for 802.11ad and GCMP 5c15f57 iwinfo: return hwmode 'ad' on 802.11ad-only hardware Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: fix 'firstboot' on unmounted UBIFS overlayDaniel Golle2021-01-041-3/+3
| | | | | | | | | | | The usual OpenWrt-way of writing the JFFS2-marker in order to have a filesystem erased at the next boot fails on UBIFS volumes due to UBI being a different beast when it comes to writing. As truncating a UBIFS volume only takes a few milliseconds and has the desired effect of wiping-out all content of that volume, just do that instead. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* opkg: update to git HEADDaniel Golle2020-12-241-3/+3
| | | | | | 9bbc7ea pkg_hash: pkg_hash_check_unresolved: fix segfault Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* zram-swap: remove the compression streams settingsRui Salvaterra2020-12-131-15/+0
| | | | | | | | | Zram switched to per-cpu compression streams since Linux 4.7 [1]. Drop the irrelevant configuration (no-op). [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/block/zram?h=v4.7&id=43209ea2d17aae1540d4e28274e36404f72702f2 Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* procd: update to git HEADDaniel Golle2020-12-121-3/+3
| | | | | | | 111416d jail: remove unreachable code 7f12c89 treewide: replace local mkdir_p implementations Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to git HEADDaniel Golle2020-12-121-3/+3
| | | | | | | | 0c6fb90 jffs2-reset: allow doing a factory reset and passing a sysupgrade.tgz 4862530 mount: restorecon: guard against execl() errors f415323 block: replace local mkdir_p implementation Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* selinux-policy: update to version 0.4Daniel Golle2020-12-121-2/+3
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* opkg: remove legacy dist and extra_dataPaul Spooren2020-12-091-3/+3
| | | | | | | | | efb26a3 libopkg: remove "extra_data" option 1d67ab7 libopkg: remove support for "dist" config Reduces opkg size by about 400 Bytes. Signed-off-by: Paul Spooren <mail@aparcar.org>
* procd: also depend on jshnSven Roederer2020-12-051-2/+2
| | | | | | fixes "file no found" error on stripped down images, caused by prod.sh:43. Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
* procd: output warning if user 'ubus' doesn't existDaniel Golle2020-12-041-3/+3
| | | | | | 6acc48c early: fall-back to run ubus as root if user can't be found Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ubus: make sure ubusd starts in case user 'ubus' doesn't existDaniel Golle2020-12-041-3/+3
| | | | | | d1d9ddf ubusd: attempt to create socket folder Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2020-11-301-3/+3
| | | | | | | | f3c3563 jail: improve seccomp BPF generator f67a66f jail: always call cgroups_free() 4625350 jail: seccomp: improve code readability Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2020-11-271-3/+3
| | | | | | | | | | | | | | | | 3019f50 jail: leak less memory 7e01453 jail: fix segfault on missing name and refactor 5abee8f jail: fix and simplify userns uid/gid maps from OCI 4ba72ec jail: relax /etc/resolv.conf creation db5ef86 jail: don't use NULL arguments for mount syscall 19ac9df jail: don't fail if can't mount-bind /etc/resolv.conf acf36f2 jail: seteuid before clone(CLONE_NEWUSER) e40828f jail: fix typo in usage output b87984b jail: don't attempt to mount /sys with noatime b275b11 jail: enter existing cgroups namespace if given 31e0a46 jail: properly initialize timens_fd Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* opkg: cleanup man pages and md5 fixupPaul Spooren2020-11-251-3/+3
| | | | | | | 66f458d fix md5sum calculation 02eaf9c man: remove obsolete manual pages Signed-off-by: Paul Spooren <mail@aparcar.org>
* opkg: purge package from cache on hash mismatchPaul Spooren2020-11-241-4/+4
| | | | | | | | | | 61b3c62 opkg_verify_integrity: better logging and error conditions f73d42f download: purge cached packages that have incorrect checksum 1c1480e download: factor out the logic for building cache filenames 293b1ce libopkg: factor out checksum and size verification a786e25 download: remove compatibility with old cache naming scheme Signed-off-by: Paul Spooren <mail@aparcar.org>
* procd: update to git HEADDaniel Golle2020-11-231-3/+3
| | | | | | | d4d78db uxc: also delete procd runtime state on 'delete' e935c0c jail: add 'debug' extern variable to preload_seccomp Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* Revert "refpolicy: add variant that builds modular policy"Daniel Golle2020-11-221-33/+2
| | | | | | | | | | This reverts commit 9eb9943f82e0b2d5e32ffe1c63f5a82caca5094d. Building the 'modular' variant requires 'semodule_package' from 'selinux-python' to be installed on the buildhost. Apart from that, this change also broke the monolithic refpolicy 'targeted' build. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2020-11-221-3/+3
| | | | | | | | | 04a2edd uxc: make force-delete kill container process be6da62 seccomp: silence 'unknown syscall' warnings b22e625 jail: cgroup hack: rewrite cgroup -> cgroup2 df7fa7b uxc: fix incomplete commit Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: drop legacy seccomp support, switch to OCI parsersDaniel Golle2020-11-171-3/+3
| | | | | | | | d8f36f5 seccomp: specifying architectures is optional d352e6e seccomp: switch to new OCI compliant parser c110405 trace: switch to OCI seccomp JSON output Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* rpcd: remove file when appliedHuangbin Zhan2020-11-122-5/+7
| | | | | | Make sure exit value of this script is zero. Or the file won't be deleted. Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
* ca-certificates: canonical the build dirJianhui Zhao2020-11-121-1/+7
| | | | | | | The previous build directory "build_dir/target-xx/work/" contaminated the entire build directory. Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
* refpolicy: add variant that builds modular policyW. Michael Petullo2020-11-091-2/+33
| | | | | | | | | This adds a variant of refpolicy that builds the modular form of the policy. While this requires more memory on the target device, along with some tricks to deal with OpenWrt's volatile /var directory, it is useful for experiementing with SELinux policy. Signed-off-by: W. Michael Petullo <mike@flyn.org>
* procd: bump to git HEADDaniel Golle2020-11-071-3/+3
| | | | | | b0de894 jail: fix capabilities Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: bump to git HEADDaniel Golle2020-11-051-3/+3
| | | | | | | | | | | | 2f381fe jail: guard boolean blobmsg attributes 602b8fa jail: add option for pidfile bba6de7 jail: handle mount propagation flags 6963d50 jail: relax seccomp unknown syscall handling e1fcfdc jail: add support for absolute root path in OCI spec 257f29b jail: don't fail if maskedPath cannot be found 75f2374 uxc: mimic runc cmdline by using getopt_long Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* opkg: clean up and fix performance regressionDaniel Golle2020-11-031-3/+3
| | | | | | | da9746a libopkg: clean up handling of unresolved dependencies Signed-off-by: Daniel Golle <daniel@makrotopia.org> Signed-off-by: Paul Spooren <mail@aparcar.org>
* opkg: fix yet another dependency resolution bugDaniel Golle2020-11-021-3/+3
| | | | | | | | | | The previous fix of a fix caused yet another problem leading to `opkg show-upgradable` ending up in an infinite loop. Fix that. Fixes: 4a2b1ff7fb ("opkg: fix dependency resolution") Reported-by: Huangbin Zhan <zhanhb88@gmail.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* opkg: fix dependency resolutionDaniel Golle2020-11-021-3/+3
| | | | | | | | | | | | The previous commit broke opkg in a way that it would no longer include dependencies when installing a package, effectively leading to broken images and unusable systems. Fix that by making sure dependencies are still going to be checked. Also reduce size of struct abstract_pkg as suggested by @jow- while at it. Fixes: 1445d333aa ("opkg: bump to git HEAD") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* zram-swap: use new extra_command wrapperFlorian Eckert2020-11-022-4/+3
| | | | | | Use new `extra_command` wrapper to fix the alignement. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* opkg: bump to git HEADDaniel Golle2020-10-301-3/+3
| | | | | | 8769c75 pkg_hash: don't suggest incompatible packages Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uci: fix package mirror hashPetr Štetiar2020-10-271-1/+1
| | | | | | | | I've forget to update PKG_MIRROR_HASH in my previous package version bump. Fixes: 095cc2b7454a ("uci: update to version 2020-10-06") Signed-off-by: Petr Štetiar <ynezz@true.cz>
* uci: update to version 2020-10-06Petr Štetiar2020-10-271-2/+2
| | | | | | | | | | | | | | | | 52bbc99f69ea Replace malloc() + memset() with calloc() 3fbd6c923434 ucimap: Check return of malloc() eae126f66663 file: Check buffer size after strtok() 7f574273180a file: use size_t for position and pointer 19770b6949b9 file: use dynamic memory allocation for tempfile name aa46546794ac file: uci_file_commit: fix memory leak 671c7554bfde uci: silence UBSAN error by using offsetof macro from compiler ea5bbd57d0e1 tests: cram: add uci import testing on fuzzer corpus 31f78bfbf75f cmake: add uci-san cli built with clang sanitizers a3e650911f5e file: uci_parse_package: fix heap use after free 9bd361ca3236 tests: add libFuzzer based fuzzing Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ubus: bump to git HEADDaniel Golle2020-10-251-3/+3
| | | | | | ad0cd11 ubusd_acl: add support for wildcard in methods Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: ujail fixesDaniel Golle2020-10-251-3/+3
| | | | | | | ec461ff jail: mount more stuff read-only 33b799b ujail: elf: work around GCC bug on MIPS64 Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ubox: run logd non-root as user logdDaniel Golle2020-10-251-4/+5
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* rpcd: adapt defaults for changed ubus.sock pathDaniel Golle2020-10-223-2/+10
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: jail: clean up capability handling and non-root ubusdDaniel Golle2020-10-211-3/+3
| | | | | | | | | | | | | | | Unify capability handling to only use OCI spec parsers even for ujail slim containers which previously supposedly used their own format. 80c9516 cgroups: restrict allowed keys in 'unified' section 5ade567 cgroups: memory controller fixes 3121467 early: run ubusd non-root as user ubus, group ubus 12a5b97 jail: adapt to new ubus socket path 788d144 instance: actually wire up capabilities filename ebc5a7f jail: nuke old capabilities code in favour of reusing OCI code 6c5233a jail: capabilities: apply in two phases Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ubus: prepare to run ubusd as non-root userDaniel Golle2020-10-211-3/+4
| | | | | | | Move /var/run/ubus.sock to /var/run/ubus/ubus.sock in preparation for having ubusd run as non-root user. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* selinux-policy: update to git tag v0.3Daniel Golle2020-10-161-3/+3
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to git HEADDaniel Golle2020-10-161-3/+3
| | | | | | | | | | | 8e0f29a mount: remove support for legacy overlayfs before v2.3 0f8a443 mount: fix log format string and indentation 46a56d3 overlay: use precompiler macros for reoccuring path names f25ab8a mount: apply SELinux labels before overlayfs mount Total ipk size change (ipq40xx): +120b Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* selinux-policy: adds new packageDominick Grift2020-10-092-0/+55
| | | | Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* refpolicy: fix path to setfiles and checkpolicyPaul Spooren2020-09-301-3/+2
| | | | | | | | Directly set path via MAKE vars instead of defning TESTTOOLS. This way setfiles, which is required by the ImageBuilder, ends up in /host/bin while checkpolicy can stay in hostpkg/bin. Signed-off-by: Paul Spooren <mail@aparcar.org>
* refpolicy: mark as architecture independentDaniel Golle2020-09-291-1/+2
| | | | | | | Use PKGARCH:=all to declare this package to be free of any architecture dependent code. Signed-off-by: Daniel Golle <daniel@makrotopia.org>