aboutsummaryrefslogtreecommitdiffstats
path: root/package/system
Commit message (Collapse)AuthorAgeFilesLines
* openwrt-keyring: fix broken install stepPetr Štetiar2022-03-271-0/+1
| | | | | | | | | | In commit 2d03f27f0f07 ("openwrt-keyring: make opkg use 22.03 usign key") I've accidentally removed the `endef` keyword, so fix it by adding it back. Fixes: 2d03f27f0f07 ("openwrt-keyring: make opkg use 22.03 usign key") Reported-by: Hannu Nyman <hannu.nyman@iki.fi> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* openwrt-keyring: make opkg use 22.03 usign keyPetr Štetiar2022-03-271-4/+3
| | | | | | | | | | | | In order to make opkg usable with artifacts produced by project's buildbot: Downloading https://downloads.openwrt.org/releases/22.03-SNAPSHOT/packages/x86_64/luci/Packages.sig Signature check failed. Remove wrong Signature file. References: https://gitlab.com/openwrt/docker/-/jobs/2255191689 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* openwrt-keyring: add OpenWrt 22.03 GPG/usign keysPetr Štetiar2022-03-251-3/+3
| | | | | | | | 62471e693b4f usign: add 22.03 release build public key 70817cffc905 gpg: add OpenWrt 22.03 signing key Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 759886345d900139f38bd9200a32ce12868d3343)
* procd: move service command to procdFlorian Eckert2022-03-192-0/+31
| | | | | | | | The service command belongs to the procd and does not belong in the shinit. In the course of the move, the script was also checked with shellcheck and cleaned up. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* procd: remove support for mounting /tmp in zramRui Salvaterra2022-03-031-10/+1
| | | | | | | | | | | | | | | | | The /tmp directory is mounted as tmpfs. The tmpfs filesystem is backed by anonymous memory, which means it can be swapped out at any time, if there is memory pressure [1]. For this reason, a zram swap device is a much better choice than mounting /tmp on zram, since it's able to compress all anonymous memory, and not just the memory assigned to /tmp. We already have the zram-swap package for this specific purpose, which means procd's tmp-on-zram is both redundant and more limited. A follow-up patch will remove support for mounting /tmp in zram from procd itself. [1] https://www.kernel.org/doc/Documentation/filesystems/tmpfs.txt Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* ubus: bump to git HEADStijn Tintel2022-02-281-3/+3
| | | | | | | | 66baa44 libubus: introduce new status messages b3cd5ab cli: use UBUS_STATUS_PARSE_ERROR 584f56a cli: improve error logging for call command Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* iucode-tool: fix host-compile on macos and non-x86 linuxSergey V. Lobanov2022-02-262-1/+45
| | | | | | | | | | | | | | | | | | | | | | | iucode-tool/host is used by intel-microcode to manipulate with microcode.bin file. iucode-tool requires cpuid.h at compile time for autodection feature, but non-x86 build hosts does not have this header file (e.g. ubuntu 20.04 aarch64) or this header generates compile time error (#error macro) (e.g. macos arm64). This patch provides compat cpuid.h to build iucode-tool/host on non-x86 linux hosts and macos. CPU autodectection is not required for intel-microcode package build so compat cpuid.h is ok for OpenWrt purposes. glibc and argp lib are not present in macos so iucode-tool/host build fails. This patch adds argp-standalone/host as build dependency if host os is macos. Generated ucode (intel-microcode package) is exactly the same on Linux x86_64 (Ubuntu 20.04), Linux aarch64 (Ubuntu 20.04) and Darwin arm64 (MacOS 11.6) build hosts. Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
* procd: update to git HEADDaniel Golle2022-02-191-3/+3
| | | | | | | | | | a87d010 uxc: remove unused printf parameter ad65249 instance: exit in case asprintf() fails Build with glibc should again work after this commit. Fixes: e9e61d76fd ("procd: update to git HEAD") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2022-02-181-3/+3
| | | | | | | | df1123e uxc: add support for user-defined settings 0272c7c uxc: allow editing settings using 'create' a839518 uxc: clean up error handling Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: simplify uxc init scriptDaniel Golle2022-02-131-7/+1
| | | | | | | | 'uxc boot' is inteded to be called multiple times, so there is not need to guard the first call on boot -- the actual code anyway didn't do that, so just remove it. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* rpcd: update to latest Git HEADJo-Philipp Wich2022-02-071-5/+6
| | | | | | | | | 909f2a0 ucode: adjust to latest ucode api 4c532bf ucode: add ucode interpreter plugin 9c6ba38 treewide: adjust ubus object type names 75a96dc build: honour CMake install prefix in hardcoded paths Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ubox: fix broken deferred start of logfile writerDaniel Golle2022-01-311-9/+1
| | | | | | | | | Just use 'start' action which will have the desired effect instead of trying to introduce a 'start_file' action which didn't work that way because procd jshn magic would have to wrap around it. Fixes: 88baf6ce2c ("ubox: only start log to file when filesystem has been mounted") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: seccomp/jail: Fix build error on arm with glibcDaniel Golle2022-01-311-3/+3
| | | | | | | | | | | | | | | | | | From: Peter Lundkvist <peter.lundkvist@gmail.com> This fixes the make_syscall_h.sh script to recognize both __NR_Linux, used by mips, and __NR_SYSCALL_BASE and __ARM_NR_BASE used by arm. Run-tested on arm (ipq806x) and mips (ath79), both with glibc. Compile-tested and checked resulting syscall_names.h file wuth glibc: aarch64, powerpc, x86_64, i486 musl: arm, mips Fixes: FS#4194, FS#4195 Signed-off-by: Peter Lundkvist <peter.lundkvist@gmail.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ubox: only start log to file when filesystem has been mountedDaniel Golle2022-01-301-3/+25
| | | | | | | | | If log_file is on an filesystem mounted using /etc/config/fstab we have to wait for that to happen before starting the logread process. Inhibit the start of the file-writer process and use a mount trigger to fire it up once the filesystem actually becomes available. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: support generic mount triggers and clean upDaniel Golle2022-01-301-11/+9
| | | | | | | | Allow init scripts to trigger free-form actions by exposing procd_add_action_mount_trigger. Clean up mount trigger wrappers while at it to reduce code duplication. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2022-01-121-3/+3
| | | | | | | | | | ca6c35c uxc: usage message cosmetics e083dd4 uxc: fix two minor issues reported by Coverity 35dfbff procd: jail/cgroups: correctly enable "rdma" when requested 3b3ac64 procd: mount /dev with noexec ac2b8b3 procd: clean up /dev/pts mounts Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* opkg: update to git HEAD of 2022-01-09Daniel Golle2022-01-091-3/+3
| | | | | | | | | | db7fb64 libopkg: pkg_hash: prefer to-be-installed packages 2edcfad libopkg: set 'const' attribute for argv This should fix the ImageBuilder problems people are having since we introduced the 'uci-firewall' providers. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-12-202-17/+3
| | | | | | | | eb522fc uxc: consider uvol and etc location for configurations 16a6ee9 uxc: integrate console into uxc 129d050 remove ujail-console Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-12-111-3/+3
| | | | | | bb95fe8 jail: make sure jailed process is terminated Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ca-certificates: fix python3-cryptography woes in certdata2pem.pyChristian Lamparter2021-12-011-0/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch is a revert of the upstream patch to Debian's ca-certificate commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.") The reason is, that this change broke builds with the popular Ubuntu 20.04 LTS (focal) releases which are shipping with an older version of the python3-cryptography package that is not compatible. |Traceback (most recent call last): | File "certdata2pem.py", line 125, in <module> | cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) |TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend' |make[5]: *** [Makefile:6: all] Error 1 ...or if the python3-cryptography was missing all together: |Traceback (most recent call last): | File "/certdata2pem.py", line 31, in <module> | from cryptography import x509 |ModuleNotFoundError: No module named 'cryptography' More concerns were raised by Jo-Philipp Wich: "We don't want the build to depend on the local system time anyway. Right now it seems to be just a warning but I could imagine that eventually certs are simply omitted of found to be expired at build time which would break reproducibility." Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697> Reported-by: Chen Minqiang <ptpt52@gmail.com> Reported-by: Shane Synan <digitalcircuit36939@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ca-certicficates: Update to version 20211016Christian Lamparter2021-11-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the ca-certificates and ca-bundle package from version 20210119 to version 20211016. Debian change-log entry [1]: |[...] |[ Julien Cristau ] |* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority | bundle to version 2.50 | The following certificate authorities were added (+): | + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" | + "GlobalSign Root R46" | + "GlobalSign Root E46" | + "GLOBALTRUST 2020" | + "ANF Secure Server Root CA" | + "Certum EC-384 CA" | + "Certum Trusted Root CA" | The following certificate authorities were removed (-): | - "QuoVadis Root CA" | - "Sonera Class 2 Root CA" | - "GeoTrust Primary Certification Authority - G2" | - "VeriSign Universal Root Certification Authority" | - "Chambers of Commerce Root - 2008" | - "Global Chambersign Root - 2008" | - "Trustis FPS Root CA" | - "Staat der Nederlanden Root CA - G3" | * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) |[...] [1] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20211016_changelog> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* procd: setup /dev/stdin, /dev/stdout and /dev/stderr symlinksJo-Philipp Wich2021-11-231-1/+11
| | | | | | | | Extend the hotplug.json ruleset to setup the common /dev/std{in,out,err} symbolic links which are needed by some applications, e.g. nftables when applying rulesets from stdin. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: update to git HEADDaniel Golle2021-11-231-3/+3
| | | | | | | | | 8de12de system: add diskfree infos to ubus bf3fe0e service: move jail parsing to end of instance parser 87b5836 procd: add full service shutdown prior to sysupgrade 01ac2c4 procd: service_stop_all: also kill inittab actions Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to git HEADDaniel Golle2021-11-201-3/+3
| | | | | | 77c0288 fstools: fix a couple of minor code problems Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-11-111-3/+3
| | | | | | | | | | 9d1431e jail: allow passing environment variable to procd jailed process Fixes dnsmasq in ujail which needs USER_SCRIPT env variable to be passed to jailed process. Reported-by: Bastian Bittorf <bb@npl.de> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* rpcd: reload rpcd on installation of rpcd-mod-*Daniel Golle2021-11-081-1/+6
| | | | | | | | | | When installing additional rpcd modules, a restart of rpcd is required. This often confuses users as even after installing rpcd-mod-rpcsys the relevant ubus objects are still missing until rpcd has been reloaded (or the system has been rebooted, obviously). Let rpcd-mod-* reload rpcd as post-install action. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: make rpcd dependency conditionalFelix Fietkau2021-11-041-1/+1
| | | | | | Avoids building rpcd when not needed Signed-off-by: Felix Fietkau <nbd@nbd.name>
* procd: bump to git HEADStijn Tintel2021-11-041-3/+3
| | | | | | 0ee8e73 trigger: use uloop_timeout_remaining64 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* rpcd: bump to git HEADStijn Tintel2021-11-041-3/+3
| | | | | | | 20bf958 session: use uloop_timeout_remaining64 d11ffe9 session: use blobmsg_get_u64 for RPC_DUMP_EXPIRES Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* procd: update to git HEADDaniel Golle2021-11-011-3/+3
| | | | | | | 1056fc4 jail: elf: Use 64 bit variables for elf offsets c1976e5 jail: elf: Remove MIPS 64 warning Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to git HEADDaniel Golle2021-11-011-3/+3
| | | | | | | 19fd7fc libfstools: make sure file is closed on error d390744 libfstools: use uevent instead of relying on custom kernel patch Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ubus: update to the latest versionFelix Fietkau2021-11-011-3/+3
| | | | | | | | | b743a331421d ubusd: log ACL init errors 2099bb3ad997 libubus: use list_empty/list_first_entry in ubus_process_pending_msg ef038488edc3 libubus: process pending messages in data handler if stack depth is 0 a72457b61df0 libubus: increase stack depth for processing obj msgs Signed-off-by: Felix Fietkau <nbd@nbd.name>
* selinux-policy: update to version 1.0Dominick Grift2021-10-281-3/+3
| | | | | | | | | | | | | | | | | wifi: writes to terminal hotplugcall and sqm read class sysfile symlinks unbound and sqm related loose ends support/example: policycoreutils host-compile is required TODO: this was wrong and it is actually needed linguist detectable does not work this way linguist-detectable updates README adds workflows adds a note about persistent /var option project moved to https://github.com/DefenSec/selinux-policy Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* uci: update to git HEADHauke Mehrtens2021-10-221-3/+3
| | | | | | cmake: Allow override of install directories Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* procd: update to git HEADHauke Mehrtens2021-10-221-3/+3
| | | | | | jail: Fix build with glibc Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* procd: update to git HEADDaniel Golle2021-10-171-3/+3
| | | | | | | | | 9b1e035 jail: netifd: code cosmetics d2a2ecc jail: netifd: fix error handling issue reported by coverity e1d7cee jail: netifd: check target netns fd before using it 59f7699 uxc: add missing 'break' statement Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* buildsystem: add CONFIG_SECCOMPFlorian Eckert2021-10-161-2/+1
| | | | | | | | | | | | | | | | | | | | | Until now, this feature was switched on via the kernel configuration option KERNEL_SECCOMP. The follwing change a7f794cd2aa104fdbd4c6e38f9b76373bf9b96e1 now requires that the package procd-seccomp must also enabled for buildinmg. However, this is not the case we have no dependency and the imagebuilder cannot build the image, because of the implicit package selection. This change adds a new configuration option CONFIG_SECCOMP. The new option has the same behaviour as the configuration option CONFIG_SELINUX. If the CONFIG_SECCOMP is selected then the package procd-seccomp and KERNEL_SECCOMP is enabled for this build. Signed-off-by: Florian Eckert <fe@dev.tdt.de> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-10-131-4/+4
| | | | | | | | | | | | | | 97bcdcf uxc: fix segfault caused by use-after-free 6398e05 uxc: don't free the stack 324ebd0 jail: fs: add support for asymmetric mount bind c44ab7f jail: netifd: generate netifd uci config and mount it 82dd390 jail: make use of per-container netifd via ubus The new per-jail netifd is now configured by filtering the host network configuration. As libuci is used for that, procd-ujail now depends on libuci. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* Revert "gpio-cdev: add nu801 userspace driver"Christian Lamparter2021-10-102-56/+0
| | | | | | | | | | | This reverts commit f536f5ebddd9c532a08ac4a9be3ef0c02f7bfeb8. As Hauke commented, this causes builder failures on 5.4 kernels. This revert includes changes to the mx100 kernel modules dependency as well as the uci led definitions. Tested-by: Chris Blake <chrisrblake93@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* gpio-cdev: add nu801 userspace driverChris Blake2021-10-102-0/+56
| | | | | | | | | | | This adds a userspace interpretation of the nu801 driver used by Meraki hardware. Previously this was a driver that was added per target, but as multiple targets now have this driver, we should move to something that can be shared by all targets since no driver exists upstream. Co-developed-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Chris Blake <chrisrblake93@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* fstools: ensure filesystems are mounted before log service startsTimo Sigurdsson2021-09-221-2/+4
| | | | | | | | | | | | Currently, the fstab service starts after the log service which breaks the ability to write a persistent log file to a filesystem mounted by the fstab service. Thus, change the start order of the fstab service so it starts right before the log service. Fixes: b131853 ("ubox: update to latest git revision") Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de> [set to 11 to be explicitly before log, not only alphabetically, SPDX] Signed-off-by: Paul Spooren <mail@aparcar.org>
* procd: update to git HEADDaniel Golle2021-09-151-3/+3
| | | | | | | | | | | | 8a60e7e trace: don't leak file descriptor in error path 68df9ac procd: fix container deletion f16abe0 uxc: add JSON output option for 'list' command a23c888 jail: prepare for adding process to existing namespace 50da8a4 instance: allow jailed service to join namespace(s) 482d1ab Revert "jail: do not hack /etc/resolv.conf on container rootfs" 1eb4371 jail: start ubus and netifd instances for container with netns Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: fix issue mounting overlay fsDaniel Golle2021-08-311-2/+2
| | | | | | | | | | | | The previous procd update broke mounting overlayfs in an attempt to fix an off-by-one error. Revert that broken fix and apply fix from Nick Hainke <vincent@systemli.org> instead to bring things back to life. 20adf53 Revert "initd: fix off-by-one error in mkdev.c" 773e8da initd: fix off-by-one error in mkdev.c Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-08-311-3/+3
| | | | | | | | | | 96d8bf2 trace: fix potential use-after-free occurence 8eb1d78 initd: fix off-by-one error in mkdev.c 86f82f3 utils: don't ignore open() return value f5fe04b jail: actually check calloc return value 269c9e4 trace: preload: avoid NULL-dereference here as well Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-08-301-3/+3
| | | | | | | df251c2 uxc: move mountpoint of persistent config to /var/run/uxc e5b38fd trace: free memory allocated by blobmsg_format_json_indent() Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to git HEADDaniel Golle2021-08-251-3/+3
| | | | | | | 50e6b20 libfstools: handle open() return value properly in F2FS check e1b6811 blockd: include missing libubox/utils.h Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-08-241-3/+3
| | | | | | | | | | | | | | | | 8a8306d uxc.c: fix coverity resource leak warning 7f2398e jail: devices: create parent folder when creating devices 0603c8d jail: return to hook callback instead of just calling it 3edb7eb jail: check return value when opening console af048a3 jail: use portable sizeof(void *) 6010bd3 utils: make sure read() string is 0 terminated f6daca3 uxc: free string returned by blobmsg_format_json_indent() 51f1cd2 trace: free string returned by blobmsg_format_json_indent() d716cb5 trace: handle open() return value and make sure string is terminated b824a89 jail: preload: avoid NULL-dereference in case things go wrong 167dc24 jail: protect against strcat buffer overflows Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* selinux-policy: update to version 0.9Daniel Golle2021-08-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | 592ac0f add a note 4bacd14 sslcertfile: list /etc/ssl 7bdefa4 example: indicate that skip is an option d1e9a85 wifi: sys pipe usage eb903e1 README: add note about policycoreutils-setfiles weak dependency 762e011 ttyd: signull all subjects fbfc079 acme: add basic support for acme_cleanup.sh and acme_setup.sh 9ac7592 acme: transition to sys.subj on generic initscript execution f3dd1ba acme: missing rules related to sys.subj trans on file.initscriptfile ae273fa odhcp6c/netifd: support drop-in directories 5fa9b41 subj: do not encourage misconfiguration 44722b6 blockd, logd, odhcpc6, ubiutil, mtdstordev a775d93 21.02 related a473691 rcboot runs rcuhttpd which creates /tmp/etc for /tmp/etc/uhttpd 290e9fb rcuhttpd: related to rcboot and uci-defaults 3fc0d8b rcuhttpd: lists /etc/uci-defaults 1f5ef48 removes ubvol.lock policy and adds move mtd/ubi partitions Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: add missing dependency and fix empty mount triggersDaniel Golle2021-08-152-3/+7
| | | | | | | | | | | | | procd.sh: Instead of triggering on every mount.add event, there should be no mount trigger at all in case none of the directories passed to procd_add_*_mount_trigger() are located on a mountpoint configured in /etc/config/fstab. uxc: add missing dependency on rpcd. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-08-151-3/+3
| | | | | | | | | | 040fecc system: fix issues reported by Coverity 48f481b service: make sure string read is null terminated 16dbc2a uxc: fix a bunch of issues discovered by Coverity ff9002f uxc: fix help output 104b49d uxc: support config in uvol Signed-off-by: Daniel Golle <daniel@makrotopia.org>