From b4e33a1c08f7e0b980b14687ef601bd30634464a Mon Sep 17 00:00:00 2001 From: John Crispin Date: Tue, 19 Apr 2016 10:07:35 +0200 Subject: base-files: Allow to disable failsafe mode Signed-off-by: Daniel Dickinson --- package/base-files/Makefile | 3 ++- .../base-files/files/lib/preinit/10_indicate_failsafe | 1 + package/base-files/files/lib/preinit/30_failsafe_wait | 6 +++++- .../base-files/files/lib/preinit/40_run_failsafe_hook | 1 + package/base-files/image-config.in | 19 +++++++++++++++---- 5 files changed, 24 insertions(+), 6 deletions(-) (limited to 'package') diff --git a/package/base-files/Makefile b/package/base-files/Makefile index 2bc4d15ca4..2286e17208 100644 --- a/package/base-files/Makefile +++ b/package/base-files/Makefile @@ -18,7 +18,7 @@ PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/ PKG_BUILD_DEPENDS:=usign/host PKG_LICENSE:=GPL-2.0 -PKG_CONFIG_DEPENDS := CONFIG_SIGNED_PACKAGES CONFIG_TARGET_INIT_PATH +PKG_CONFIG_DEPENDS := CONFIG_SIGNED_PACKAGES CONFIG_TARGET_INIT_PATH CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE include $(INCLUDE_DIR)/package.mk @@ -82,6 +82,7 @@ define ImageConfigOptions echo 'pi_broadcast=$(if $(CONFIG_TARGET_PREINIT_BROADCAST),$(CONFIG_TARGET_PREINIT_BROADCAST),"192.168.1.255")' >>$(1)/lib/preinit/00_preinit.conf echo 'pi_preinit_net_messages="$(CONFIG_TARGET_PREINIT_SHOW_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf echo 'pi_preinit_no_failsafe_netmsg="$(CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf + echo 'pi_preinit_no_failsafe="$(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE)"' >>$(1)/lib/preinit/00_preinit.conf endef endif diff --git a/package/base-files/files/lib/preinit/10_indicate_failsafe b/package/base-files/files/lib/preinit/10_indicate_failsafe index 6afae410b6..27b94c140f 100644 --- a/package/base-files/files/lib/preinit/10_indicate_failsafe +++ b/package/base-files/files/lib/preinit/10_indicate_failsafe @@ -9,6 +9,7 @@ indicate_failsafe_led () { } indicate_failsafe() { + [ "$pi_preinit_no_failsafe" = "y" ] && return echo "- failsafe -" preinit_net_echo "Entering Failsafe!\n" indicate_failsafe_led diff --git a/package/base-files/files/lib/preinit/30_failsafe_wait b/package/base-files/files/lib/preinit/30_failsafe_wait index 3d69baf3a4..9a34f2de4c 100644 --- a/package/base-files/files/lib/preinit/30_failsafe_wait +++ b/package/base-files/files/lib/preinit/30_failsafe_wait @@ -39,7 +39,7 @@ fs_wait_for_key () { rm -f $keypress_wait } & - echo "Press the [$1] key and hit [enter] $2" + [ "$pi_preinit_no_failsafe" != "y" ] && echo "Press the [$1] key and hit [enter] $2" echo "Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level" # if we're on the console we wait for input { @@ -82,6 +82,10 @@ fs_wait_for_key () { failsafe_wait() { FAILSAFE= + [ "$pi_preinit_no_failsafe" == "y" ] && { + fs_wait_for_key "" "" $fs_failsafe_wait_timeout + return + } grep -q 'failsafe=' /proc/cmdline && FAILSAFE=true && export FAILSAFE if [ "$FAILSAFE" != "true" ]; then pi_failsafe_net_message=true diff --git a/package/base-files/files/lib/preinit/40_run_failsafe_hook b/package/base-files/files/lib/preinit/40_run_failsafe_hook index cb43ad39cb..7301f77349 100644 --- a/package/base-files/files/lib/preinit/40_run_failsafe_hook +++ b/package/base-files/files/lib/preinit/40_run_failsafe_hook @@ -3,6 +3,7 @@ # Copyright (C) 2010 Vertical Communications run_failsafe_hook() { + [ "$pi_preinit_no_failsafe" = "y" ] && return if [ "$FAILSAFE" = "true" ]; then boot_run_hook failsafe lock -w /tmp/.failsafe diff --git a/package/base-files/image-config.in b/package/base-files/image-config.in index c68f0b4a37..ef1d76790a 100644 --- a/package/base-files/image-config.in +++ b/package/base-files/image-config.in @@ -24,13 +24,24 @@ config TARGET_PREINIT_SUPPRESS_STDERR the ash shell launched by inittab will display stderr). That's the same behaviour as seen in previous version of OpenWrt. +config TARGET_PREINIT_DISABLE_FAILSAFE + bool + prompt "Disable failsafe" if PREINITOPT + default n + help + Disable failsafe mode. While it is very handy while + experimenting or developing it really ought to be + disabled in production environments as it is a major + security loophole. + config TARGET_PREINIT_TIMEOUT int - prompt "Failsafe wait timeout" if PREINITOPT + prompt "Failsafe/Debug wait timeout" if PREINITOPT default 2 help - How long to wait for failsafe mode to be entered before - continuing with a regular boot if failsafe not selected. + How long to wait for failsafe mode to be entered or for + a debug option to be pressed before continuing with a + regular boot. config TARGET_PREINIT_SHOW_NETMSG bool @@ -45,7 +56,7 @@ config TARGET_PREINIT_SHOW_NETMSG config TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG bool - prompt "Suppress network message indicating failsafe" if PREINITOPT + prompt "Suppress network message indicating failsafe" if ( PREINITOPT && !TARGET_PREINIT_SHOW_NETMSG && !TARGET_PREINIT_DISABLE_FAILSAFE ) default n help If "Show all preinit network messages" above is not set, then -- cgit v1.2.3