aboutsummaryrefslogtreecommitdiffstats
path: root/package/system
Commit message (Collapse)AuthorAgeFilesLines
* procd: update to git HEADDaniel Golle2022-02-181-3/+3
| | | | | | | | df1123e uxc: add support for user-defined settings 0272c7c uxc: allow editing settings using 'create' a839518 uxc: clean up error handling Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: simplify uxc init scriptDaniel Golle2022-02-131-7/+1
| | | | | | | | 'uxc boot' is inteded to be called multiple times, so there is not need to guard the first call on boot -- the actual code anyway didn't do that, so just remove it. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* rpcd: update to latest Git HEADJo-Philipp Wich2022-02-071-5/+6
| | | | | | | | | 909f2a0 ucode: adjust to latest ucode api 4c532bf ucode: add ucode interpreter plugin 9c6ba38 treewide: adjust ubus object type names 75a96dc build: honour CMake install prefix in hardcoded paths Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ubox: fix broken deferred start of logfile writerDaniel Golle2022-01-311-9/+1
| | | | | | | | | Just use 'start' action which will have the desired effect instead of trying to introduce a 'start_file' action which didn't work that way because procd jshn magic would have to wrap around it. Fixes: 88baf6ce2c ("ubox: only start log to file when filesystem has been mounted") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: seccomp/jail: Fix build error on arm with glibcDaniel Golle2022-01-311-3/+3
| | | | | | | | | | | | | | | | | | From: Peter Lundkvist <peter.lundkvist@gmail.com> This fixes the make_syscall_h.sh script to recognize both __NR_Linux, used by mips, and __NR_SYSCALL_BASE and __ARM_NR_BASE used by arm. Run-tested on arm (ipq806x) and mips (ath79), both with glibc. Compile-tested and checked resulting syscall_names.h file wuth glibc: aarch64, powerpc, x86_64, i486 musl: arm, mips Fixes: FS#4194, FS#4195 Signed-off-by: Peter Lundkvist <peter.lundkvist@gmail.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ubox: only start log to file when filesystem has been mountedDaniel Golle2022-01-301-3/+25
| | | | | | | | | If log_file is on an filesystem mounted using /etc/config/fstab we have to wait for that to happen before starting the logread process. Inhibit the start of the file-writer process and use a mount trigger to fire it up once the filesystem actually becomes available. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: support generic mount triggers and clean upDaniel Golle2022-01-301-11/+9
| | | | | | | | Allow init scripts to trigger free-form actions by exposing procd_add_action_mount_trigger. Clean up mount trigger wrappers while at it to reduce code duplication. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2022-01-121-3/+3
| | | | | | | | | | ca6c35c uxc: usage message cosmetics e083dd4 uxc: fix two minor issues reported by Coverity 35dfbff procd: jail/cgroups: correctly enable "rdma" when requested 3b3ac64 procd: mount /dev with noexec ac2b8b3 procd: clean up /dev/pts mounts Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* opkg: update to git HEAD of 2022-01-09Daniel Golle2022-01-091-3/+3
| | | | | | | | | | db7fb64 libopkg: pkg_hash: prefer to-be-installed packages 2edcfad libopkg: set 'const' attribute for argv This should fix the ImageBuilder problems people are having since we introduced the 'uci-firewall' providers. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-12-202-17/+3
| | | | | | | | eb522fc uxc: consider uvol and etc location for configurations 16a6ee9 uxc: integrate console into uxc 129d050 remove ujail-console Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-12-111-3/+3
| | | | | | bb95fe8 jail: make sure jailed process is terminated Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ca-certificates: fix python3-cryptography woes in certdata2pem.pyChristian Lamparter2021-12-011-0/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch is a revert of the upstream patch to Debian's ca-certificate commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.") The reason is, that this change broke builds with the popular Ubuntu 20.04 LTS (focal) releases which are shipping with an older version of the python3-cryptography package that is not compatible. |Traceback (most recent call last): | File "certdata2pem.py", line 125, in <module> | cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) |TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend' |make[5]: *** [Makefile:6: all] Error 1 ...or if the python3-cryptography was missing all together: |Traceback (most recent call last): | File "/certdata2pem.py", line 31, in <module> | from cryptography import x509 |ModuleNotFoundError: No module named 'cryptography' More concerns were raised by Jo-Philipp Wich: "We don't want the build to depend on the local system time anyway. Right now it seems to be just a warning but I could imagine that eventually certs are simply omitted of found to be expired at build time which would break reproducibility." Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697> Reported-by: Chen Minqiang <ptpt52@gmail.com> Reported-by: Shane Synan <digitalcircuit36939@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ca-certicficates: Update to version 20211016Christian Lamparter2021-11-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the ca-certificates and ca-bundle package from version 20210119 to version 20211016. Debian change-log entry [1]: |[...] |[ Julien Cristau ] |* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority | bundle to version 2.50 | The following certificate authorities were added (+): | + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" | + "GlobalSign Root R46" | + "GlobalSign Root E46" | + "GLOBALTRUST 2020" | + "ANF Secure Server Root CA" | + "Certum EC-384 CA" | + "Certum Trusted Root CA" | The following certificate authorities were removed (-): | - "QuoVadis Root CA" | - "Sonera Class 2 Root CA" | - "GeoTrust Primary Certification Authority - G2" | - "VeriSign Universal Root Certification Authority" | - "Chambers of Commerce Root - 2008" | - "Global Chambersign Root - 2008" | - "Trustis FPS Root CA" | - "Staat der Nederlanden Root CA - G3" | * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) |[...] [1] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20211016_changelog> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* procd: setup /dev/stdin, /dev/stdout and /dev/stderr symlinksJo-Philipp Wich2021-11-231-1/+11
| | | | | | | | Extend the hotplug.json ruleset to setup the common /dev/std{in,out,err} symbolic links which are needed by some applications, e.g. nftables when applying rulesets from stdin. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: update to git HEADDaniel Golle2021-11-231-3/+3
| | | | | | | | | 8de12de system: add diskfree infos to ubus bf3fe0e service: move jail parsing to end of instance parser 87b5836 procd: add full service shutdown prior to sysupgrade 01ac2c4 procd: service_stop_all: also kill inittab actions Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to git HEADDaniel Golle2021-11-201-3/+3
| | | | | | 77c0288 fstools: fix a couple of minor code problems Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-11-111-3/+3
| | | | | | | | | | 9d1431e jail: allow passing environment variable to procd jailed process Fixes dnsmasq in ujail which needs USER_SCRIPT env variable to be passed to jailed process. Reported-by: Bastian Bittorf <bb@npl.de> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* rpcd: reload rpcd on installation of rpcd-mod-*Daniel Golle2021-11-081-1/+6
| | | | | | | | | | When installing additional rpcd modules, a restart of rpcd is required. This often confuses users as even after installing rpcd-mod-rpcsys the relevant ubus objects are still missing until rpcd has been reloaded (or the system has been rebooted, obviously). Let rpcd-mod-* reload rpcd as post-install action. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: make rpcd dependency conditionalFelix Fietkau2021-11-041-1/+1
| | | | | | Avoids building rpcd when not needed Signed-off-by: Felix Fietkau <nbd@nbd.name>
* procd: bump to git HEADStijn Tintel2021-11-041-3/+3
| | | | | | 0ee8e73 trigger: use uloop_timeout_remaining64 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* rpcd: bump to git HEADStijn Tintel2021-11-041-3/+3
| | | | | | | 20bf958 session: use uloop_timeout_remaining64 d11ffe9 session: use blobmsg_get_u64 for RPC_DUMP_EXPIRES Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* procd: update to git HEADDaniel Golle2021-11-011-3/+3
| | | | | | | 1056fc4 jail: elf: Use 64 bit variables for elf offsets c1976e5 jail: elf: Remove MIPS 64 warning Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to git HEADDaniel Golle2021-11-011-3/+3
| | | | | | | 19fd7fc libfstools: make sure file is closed on error d390744 libfstools: use uevent instead of relying on custom kernel patch Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ubus: update to the latest versionFelix Fietkau2021-11-011-3/+3
| | | | | | | | | b743a331421d ubusd: log ACL init errors 2099bb3ad997 libubus: use list_empty/list_first_entry in ubus_process_pending_msg ef038488edc3 libubus: process pending messages in data handler if stack depth is 0 a72457b61df0 libubus: increase stack depth for processing obj msgs Signed-off-by: Felix Fietkau <nbd@nbd.name>
* selinux-policy: update to version 1.0Dominick Grift2021-10-281-3/+3
| | | | | | | | | | | | | | | | | wifi: writes to terminal hotplugcall and sqm read class sysfile symlinks unbound and sqm related loose ends support/example: policycoreutils host-compile is required TODO: this was wrong and it is actually needed linguist detectable does not work this way linguist-detectable updates README adds workflows adds a note about persistent /var option project moved to https://github.com/DefenSec/selinux-policy Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* uci: update to git HEADHauke Mehrtens2021-10-221-3/+3
| | | | | | cmake: Allow override of install directories Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* procd: update to git HEADHauke Mehrtens2021-10-221-3/+3
| | | | | | jail: Fix build with glibc Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* procd: update to git HEADDaniel Golle2021-10-171-3/+3
| | | | | | | | | 9b1e035 jail: netifd: code cosmetics d2a2ecc jail: netifd: fix error handling issue reported by coverity e1d7cee jail: netifd: check target netns fd before using it 59f7699 uxc: add missing 'break' statement Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* buildsystem: add CONFIG_SECCOMPFlorian Eckert2021-10-161-2/+1
| | | | | | | | | | | | | | | | | | | | | Until now, this feature was switched on via the kernel configuration option KERNEL_SECCOMP. The follwing change a7f794cd2aa104fdbd4c6e38f9b76373bf9b96e1 now requires that the package procd-seccomp must also enabled for buildinmg. However, this is not the case we have no dependency and the imagebuilder cannot build the image, because of the implicit package selection. This change adds a new configuration option CONFIG_SECCOMP. The new option has the same behaviour as the configuration option CONFIG_SELINUX. If the CONFIG_SECCOMP is selected then the package procd-seccomp and KERNEL_SECCOMP is enabled for this build. Signed-off-by: Florian Eckert <fe@dev.tdt.de> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-10-131-4/+4
| | | | | | | | | | | | | | 97bcdcf uxc: fix segfault caused by use-after-free 6398e05 uxc: don't free the stack 324ebd0 jail: fs: add support for asymmetric mount bind c44ab7f jail: netifd: generate netifd uci config and mount it 82dd390 jail: make use of per-container netifd via ubus The new per-jail netifd is now configured by filtering the host network configuration. As libuci is used for that, procd-ujail now depends on libuci. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* Revert "gpio-cdev: add nu801 userspace driver"Christian Lamparter2021-10-102-56/+0
| | | | | | | | | | | This reverts commit f536f5ebddd9c532a08ac4a9be3ef0c02f7bfeb8. As Hauke commented, this causes builder failures on 5.4 kernels. This revert includes changes to the mx100 kernel modules dependency as well as the uci led definitions. Tested-by: Chris Blake <chrisrblake93@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* gpio-cdev: add nu801 userspace driverChris Blake2021-10-102-0/+56
| | | | | | | | | | | This adds a userspace interpretation of the nu801 driver used by Meraki hardware. Previously this was a driver that was added per target, but as multiple targets now have this driver, we should move to something that can be shared by all targets since no driver exists upstream. Co-developed-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Chris Blake <chrisrblake93@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* fstools: ensure filesystems are mounted before log service startsTimo Sigurdsson2021-09-221-2/+4
| | | | | | | | | | | | Currently, the fstab service starts after the log service which breaks the ability to write a persistent log file to a filesystem mounted by the fstab service. Thus, change the start order of the fstab service so it starts right before the log service. Fixes: b131853 ("ubox: update to latest git revision") Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de> [set to 11 to be explicitly before log, not only alphabetically, SPDX] Signed-off-by: Paul Spooren <mail@aparcar.org>
* procd: update to git HEADDaniel Golle2021-09-151-3/+3
| | | | | | | | | | | | 8a60e7e trace: don't leak file descriptor in error path 68df9ac procd: fix container deletion f16abe0 uxc: add JSON output option for 'list' command a23c888 jail: prepare for adding process to existing namespace 50da8a4 instance: allow jailed service to join namespace(s) 482d1ab Revert "jail: do not hack /etc/resolv.conf on container rootfs" 1eb4371 jail: start ubus and netifd instances for container with netns Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: fix issue mounting overlay fsDaniel Golle2021-08-311-2/+2
| | | | | | | | | | | | The previous procd update broke mounting overlayfs in an attempt to fix an off-by-one error. Revert that broken fix and apply fix from Nick Hainke <vincent@systemli.org> instead to bring things back to life. 20adf53 Revert "initd: fix off-by-one error in mkdev.c" 773e8da initd: fix off-by-one error in mkdev.c Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-08-311-3/+3
| | | | | | | | | | 96d8bf2 trace: fix potential use-after-free occurence 8eb1d78 initd: fix off-by-one error in mkdev.c 86f82f3 utils: don't ignore open() return value f5fe04b jail: actually check calloc return value 269c9e4 trace: preload: avoid NULL-dereference here as well Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-08-301-3/+3
| | | | | | | df251c2 uxc: move mountpoint of persistent config to /var/run/uxc e5b38fd trace: free memory allocated by blobmsg_format_json_indent() Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to git HEADDaniel Golle2021-08-251-3/+3
| | | | | | | 50e6b20 libfstools: handle open() return value properly in F2FS check e1b6811 blockd: include missing libubox/utils.h Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-08-241-3/+3
| | | | | | | | | | | | | | | | 8a8306d uxc.c: fix coverity resource leak warning 7f2398e jail: devices: create parent folder when creating devices 0603c8d jail: return to hook callback instead of just calling it 3edb7eb jail: check return value when opening console af048a3 jail: use portable sizeof(void *) 6010bd3 utils: make sure read() string is 0 terminated f6daca3 uxc: free string returned by blobmsg_format_json_indent() 51f1cd2 trace: free string returned by blobmsg_format_json_indent() d716cb5 trace: handle open() return value and make sure string is terminated b824a89 jail: preload: avoid NULL-dereference in case things go wrong 167dc24 jail: protect against strcat buffer overflows Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* selinux-policy: update to version 0.9Daniel Golle2021-08-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | 592ac0f add a note 4bacd14 sslcertfile: list /etc/ssl 7bdefa4 example: indicate that skip is an option d1e9a85 wifi: sys pipe usage eb903e1 README: add note about policycoreutils-setfiles weak dependency 762e011 ttyd: signull all subjects fbfc079 acme: add basic support for acme_cleanup.sh and acme_setup.sh 9ac7592 acme: transition to sys.subj on generic initscript execution f3dd1ba acme: missing rules related to sys.subj trans on file.initscriptfile ae273fa odhcp6c/netifd: support drop-in directories 5fa9b41 subj: do not encourage misconfiguration 44722b6 blockd, logd, odhcpc6, ubiutil, mtdstordev a775d93 21.02 related a473691 rcboot runs rcuhttpd which creates /tmp/etc for /tmp/etc/uhttpd 290e9fb rcuhttpd: related to rcboot and uci-defaults 3fc0d8b rcuhttpd: lists /etc/uci-defaults 1f5ef48 removes ubvol.lock policy and adds move mtd/ubi partitions Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: add missing dependency and fix empty mount triggersDaniel Golle2021-08-152-3/+7
| | | | | | | | | | | | | procd.sh: Instead of triggering on every mount.add event, there should be no mount trigger at all in case none of the directories passed to procd_add_*_mount_trigger() are located on a mountpoint configured in /etc/config/fstab. uxc: add missing dependency on rpcd. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-08-151-3/+3
| | | | | | | | | | 040fecc system: fix issues reported by Coverity 48f481b service: make sure string read is null terminated 16dbc2a uxc: fix a bunch of issues discovered by Coverity ff9002f uxc: fix help output 104b49d uxc: support config in uvol Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-08-141-3/+3
| | | | | | | | 48638ad hotplug-dispatch: yet another rare memory leak disovered by Coverity 459b3e8 jail: fix several issues discovered by Coverity 2562e2b ujail-console: add missing error handling discovered by coverity Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to git HEADDaniel Golle2021-08-141-3/+3
| | | | | | | | | 629726d blockd: fix resource leak discovered by coverity scan 68ae639 libubi: fix several issues discovered by Coverity a77c4fa ubi: fix resource leak in legacy codepath 2e3aca2 block: fix two resources leaks discovered by Coverity Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-08-131-3/+3
| | | | | | 9f233f5 system: make rootfs type accessible through board call Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: change procd_add_start_mount_trigger to do restartDaniel Golle2021-08-081-3/+3
| | | | | | | | | | | Change procd_add_start_mount_trigger to procd_add_restart_mount_trigger and make it call 'restart' instead of 'start'. This is more useful as it allows to handle both cases, intial start of a services as well as restarting services. Calling 'restart' on a service which has not yet been started has the same result as calling 'start'. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEAD and add new script helpersDaniel Golle2021-08-052-3/+78
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | e10de28 jail: cgroups-bpf: fix compile with musl 1.2 f5d9b14 hotplug-dispatch: fix rare memory leaks in error paths Add new init script helpers: procd_add_start_mount_trigger procd_add_reload_mount_trigger procd_get_mountpoints Both trigger helpers expect a list of paths which are checked against the mount targets configured in /etc/config/fstab and a trigger for all mountpoints covered by the list of paths is setup. procd_get_mountpoints is useful to find out if and which mountpoints are covered by a list of paths. Example: DATADIRS="/mnt/data/foo /mnt/data/bar /etc/foo/baz /var/lib/doe" start_service() { [ "$_BOOT" = "1" ] && [ "$(procd_get_mountpoints $DATADIRS)" ] && return 0 procd_open_instance # ... procd_close_instance } boot() { _BOOT=1 start } service_triggers() { procd_add_start_mount_trigger $DATADIRS } Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to git HEADDaniel Golle2021-08-051-3/+3
| | | | | | d4f0129 blockd: also report target in notifications Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-08-041-3/+3
| | | | | | | | | | | | | | | Fix build on glibc targets and address a bunch of compiler warnings. 93fc089 jail: cgroups-bpf: don't use sys/reg.h when building with glibc 548d057 jail: don't ignore return value of seteuid() 220b716 jail: ignore return value when creating default /dev symlinks 78d5baa hotplug-dispatch: don't ignore asprintf() return value 736aee5 uxc: always handle asprintf() return value 2b20456 hotplug-dispatch: replace wrongly used assert() bfc86a2 jail: cgroups: replace wrongly used assert() 516bdf2 jail: don't ignore return value of write() Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to git HEADDaniel Golle2021-08-041-3/+3
| | | | | | | 141ac85 libblkid-tiny: fix invalid open syscall return check 9e26563 libblkid-tiny: install header file to include dir Signed-off-by: Daniel Golle <daniel@makrotopia.org>