aboutsummaryrefslogtreecommitdiffstats
path: root/package/base-files
Commit message (Collapse)AuthorAgeFilesLines
* base-files: chmod 1777 /var/lockDeomid Ryabkov2021-10-231-2/+3
| | | | | | | | | | | | | Per FHS 3.0, /var/lock is the location for lock files [1]. However its current permissions (755) are too restrictive for use by unprivileged processes. Debian and Ubuntu set them to 1777, and now so do we. [1] <https://refspecs.linuxfoundation.org/FHS_3.0/fhs-3.0.html#varlockLockFiles> Signed-off-by: Deomid Ryabkov <rojer@rojer.me> [fixed typo in commit message, had to remove "rojer" due to git hooks] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* base-files: reduce number of `mkdir` callsPaul Spooren2021-09-231-17/+19
| | | | | | | | | | | | | The `mkdir` commands supports passing multiple arguments to batch create multiple folders, instead of calling the tool every single time. If the creation of one of the folders fails, all other folder are still created and therefore doesn't change the error handling. Also stop creating `/etc/` explicitly after subfolders of `/etc/` were already created. Signed-off-by: Paul Spooren <mail@aparcar.org>
* base-files: reduce `sed` callsPaul Spooren2021-09-231-4/+2
| | | | | | | | | The `sed`-script shouldn't be called multiple times, especially not with the same files. This commit merges all files together in a single `sed`-script call. Signed-off-by: Paul Spooren <mail@aparcar.org>
* base-files: fix option to make /var persistentStijn Tintel2021-08-231-1/+1
| | | | | | | | | | | | The option was initially named TARGET_ROOTFS_LN_VAR_TMP, and the check was correct. When renaming the option to something more suitable, the check was changed to check for n, but when an option is not set, it's not n but empty. This results in the check always evaluating to false. Fix the check by checking for y with ifneq. Fixes: 57807f50ded6 ("base-files: add option to make /var persistent") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* base-files: add option to make /var persistentStijn Tintel2021-08-221-0/+5
| | | | | | | | | | | | | | | | In OpenWrt, /var is symlinked to /tmp by default. This is done to reduce the amount of writes to the flash chip, which often have not the greatest durability. As a result, things like DHCP or UPnP lease files, are not persistent across reboots. Since OpenWrt can run on devices with more durable storage, it makes sense to have an option for a persistent /var. Add an option to make /var persistent. When enabled, /var will no longer be symlinked to /tmp, but /var/run will be symlink to /tmp/run, as it should contains only files that should not be kept during reboot. The option is off by default, to maintain the current behaviour. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* base-files: rename 'sdcard' to 'legacy-sdcard'Daniel Golle2021-08-162-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While an image layout based on MBR and 'bootfs' partition may be easy to understand for users who are very used to the IBM PC and always have the option to access the SD card outside of the device (and hence don't really depend on other recovery methods or dual-boot), in my opinion it's a dead end for many desirable features on embedded systems, especially when managed remotely (and hence without an easy option to access the SD card using another device in case things go wrong, for example). Let me explain: * using a MSDOS/VFAT filesystem to store kernel(s) is problematic, as a single corruption of the bootfs can render the system into a state that it no longer boots at all. This makes dual-boot useless, or at least very tedious to setup with then 2 independent boot partitions to avoid the single point of failure on a "hot" block (the FAT index of the boot partition, written every time a file is changed in bootfs). And well: most targets even store the bootloader environment in a file in that very same FAT filesystem, hence it cannot be used to script a reliable dual-boot method (as loading the environment itself will already fail if the filesystem is corrupted). * loading the kernel uImage from bootfs and using rootfs inside an additional partition means the bootloader can only validate the kernel -- if rootfs is broken or corrupted, this can lead to a reboot loop, which is often a quite costly thing to happen in terms of hardware lifetime. * imitating MBR-boot behavior with a FAT-formatted bootfs partition (like IBM PC in the 80s and 90s) is just one of many choices on embedded targets. There are much better options with modern U-Boot (which is what we use and build from source for all targets booting off SD cards), see examples in mediatek/mt7622 and mediatek/mt7623. Hence rename the 'sdcard' feature to 'legacy-sdcard', and prefix functions with 'legacy_sdcard_' instead of 'sdcard_'. Tested-by: Stijn Tintel <stijn@linux-ipv6.be> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* base-files: add generic sdcard upgrade methodStijn Tintel2021-08-072-0/+100
| | | | | | | | Add a generic sdcard upgrade method instead of duplicating code in yet another target, and add a feature flag to only install this upgrade method in targets that set this flag. Copied from mvebu. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* base-files: upgrade: try umount lvm and loop devicesDaniel Golle2021-08-041-0/+4
| | | | | | | | Try umount on device mapper and loop devices still mounted, so the subsequent call to disactivate all physical volumes and delete all loop devices is more likely to succeed. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* base-files: sysupgrade stage2: fix losetup detectionDaniel Golle2021-08-031-1/+1
| | | | | | | | | | | | If the busybox applet losetup was selected, `command -v` selects that during sysupgrade. As this applet is in another path and doesn't cover the '-D' option which is used to make sure user-defined loop devices are no longer active during sysupgrade. Detect losetup at the path of the full utility to avoid error messages in case of the busybox applet being selected. Reported-by: fda77 <fda77@users.noreply.github.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* base-files: wifi: tidy up the reconf codeBob Cantor2021-06-281-1/+2
| | | | | | | | | | | | commit 5edbd390d321532d9a697d6895a1a7c71c40bd5d rearranged the "wifi up" code. This commit tidies up the "wifi reconf" code so as to keep it aligned with the "wifi up" code. branches affected: trunk, 21.02 Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
* base-files: wifi: swap the order of some ubus callsBob Cantor2021-06-281-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | "/sbin/wifi up" makes three ubus calls: 1. ubus call network reload 2. ubus call network.wireless down 3. ubus call network.wireless up The first and third ubus calls call drv_mac80211_setup, while the second ubus call triggers wireless_device_setup_cancel, so the call sequence becomes, 1. drv_mac80211_setup 2. wireless_device_setup_cancel 3. drv_mac80211_setup This commit swaps the order of the first two ubus calls, 1. ubus call network.wireless down 2. ubus call network reload 3. ubus call network.wireless up Consequently drv_mac80211_setup is only called once, and two related bugs (#FS3784 and #FS3902) are no longer triggered by /sbin/wifi. branches affected: trunk, 21.02 Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
* base-files: fix /tmp/TZ when zoneinfo not installedPaul Spooren2021-06-241-7/+4
| | | | | | | | | | | | The zoneinfo packages are not installed per default so neither /tmp/localtime nor /tmp/TZ is generated. This patch mostly reverts the previous fix and instead incooperates a solution suggested by Jo. Fixes "base-files: fix zoneinfo support " 8af62ed Signed-off-by: Paul Spooren <mail@aparcar.org>
* base-files: fix zoneinfo supportRosen Penev2021-06-231-7/+9
| | | | | | | | | | | | | | | | The system init script currently sets /tmp/localinfo when zoneinfo is populated. However, zoneinfo has spaces in it whereas the actual files have _ instead of spaces. This made the if condition never return true. Example failure when removing the if condition: /tmp/localtime -> /usr/share/zoneinfo/America/Los Angeles This file does not exist. America/Los_Angeles does. Ran through shfmt -w -ci -bn -sr -s Signed-off-by: Rosen Penev <rosenp@gmail.com>
* base-files: bring up vlan interface tooLuiz Angelo Daros de Luca2021-06-221-0/+3
| | | | | | | Vlan subinterface was never brought up when using vlan-based preinit network. Tested forcing ifname="" before preinit_ip() on a Tp-Link Archer C5v4. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* base-files: failsafe: Remove the VLAN modifier from interface nameHauke Mehrtens2021-06-221-0/+2
| | | | | | | Some interfaces have a VLAN modifier like :t in lan1:t, this modifier should be removed from the interface before calling preinit_ip_config(). Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* base-files: failsafe: Fix IP configurationHauke Mehrtens2021-06-221-3/+9
| | | | | | | | | | | | | Adapt the preinit_config_board() to the board.json network changes. It now looks for the device and the ports variables to configure the LAN network. This works with swconfig configurations. Fixes: FS#3866 Fixes: d42640e389a8 ("base-files: use "ports" array in board.json network for bridges") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Reviewed-by: Rafał Miłecki <rafal@milecki.pl>
* base-files: fix enabled for services with only STOPKarel Kočí2021-06-221-1/+6
| | | | | | | | | | | | | | | There are services that have only STOP value set. They are executed only on shutdown and it is common to use them for system cleanup. There is one such service shipped directly with base-files, it is 'umount'. Those work the same way as those with START but enabled does not report them as enabled although it should have as they can be enabled and disabled as any other service. This also changes check from check for executable to check for symbolic link. The implementation depends on those being links to service file and it is much cleaner and direct to check for them being links. Signed-off-by: Karel Kočí <karel.koci@nic.cz>
* base-files: redirect kill ouptut for ash, telnetd and dropbearFlorian Eckert2021-06-201-3/+3
| | | | | | | | | | | If one of the programmes is not running, then we see the following output in the logs. `killall: telnetd: no process killed` To ensure that the log is clean, redirect the output to /dev/null Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* base-files: remove unused vn and _vn functionFlorian Eckert2021-06-201-8/+0
| | | | | | | The remaining vn calls have been ported to v. Therefore, these functions are no longer needed and will be removed. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* base-files: change logging for upgrade on stage2Florian Eckert2021-06-201-4/+2
| | | | | | | Remove vn call in favour of v call. This commit serves as preparation for removing the vn function call. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* base-files: add syslog logging for v functionFlorian Eckert2021-06-202-1/+2
| | | | | | | | The logging output should not only be displayed in the calling shell session but also in the syslog. A sysupgrade and a configuration import, export can thus be traced in the syslog. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* base-files: upgrade: use zcat command provided by busyboxChuck Fan2021-06-201-1/+1
| | | | | | | | | | | Calling `switch_to_ramfs()` will not copy the gzip executable (/bin/gzip) to ramfs, but `/bin/zcat` will call `/bin/gzip` when package gzip is installed, instead of the busybox-supplied zcat. This will cause `zcat` to fail to find `gzip`, then cause the sysupgrade to fail. Adding the `busybox` prefix here will solve the problem. Signed-off-by: Chuck Fan <fanck0605@qq.com>
* busybox: disable bzip2Sergey Ponomarev2021-06-202-2/+1
| | | | | | | | | | bzip2 adds about 8kb of size. For tiny builds it's often disabled. It's not directly used by stock OpenWrt programs. Kernel images compressed with bzip2 are also not fully supported. Signed-off-by: Sergey Ponomarev <stokito@gmail.com> [fix \ indention] Signed-off-by: Paul Spooren <mail@aparcar.org>
* base-files: fix typo in config_generate MAC checkRafał Miłecki2021-06-141-1/+1
| | | | | Fixes: 8d8eb9d13fc6 ("base-files: set MAC for bridge ports (devices) instead of bridge itself") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* base-files: set MAC for bridge ports (devices) instead of bridge itselfRafał Miłecki2021-06-141-1/+9
| | | | | | | | | | | | | This restores the original config_generate behaviour. With MAC set for bridged devices the bridge automatically gets its MAC adjusted (it picks the lowest MAC of bridged devices). This fixes confusing interfaces setup (bridge ports not having custom MAC assigned). Reported-by: Koen Vandeputte <koen.vandeputte@citymesh.com> Fixes: e002179a6d2e ("base-files: simplify setting device MAC") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* base-files: upgrade: use procd to kill managed daemonsMichael Pratt2021-06-121-2/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | These processes are managed by procd and set to start again when killed via the procd instance parameter "respawn" being set during init. Example: procd_set_param respawn 3600 1 0 When they are killed manually during sysupgrade, they are started again in 5 seconds or less, depending on how the "respawn" parameter is set. Use procd through ubus to disable the instances that respawn them, however, allow dnsmasq, netifd, and logd to restart for remote logging. Properly closing all these processes increases free memory by about 3 MB, which should help low memory devices upgrade without crashing. For very low memory devices (set to 32 MB for now) also kill dnsmasq, netifd, and logd for an additional 3 MB of free memory. Also, bump sleep values to allow at least 10 seconds for network interfaces and daemons to come up after they are killed and restarted before caches are dropped. Signed-off-by: Michael Pratt <mcpratt@pm.me>
* base-files: simplify setting device MACRafał Miłecki2021-05-281-11/+8
| | | | | | | | | | | | | | 1. Move code above interface generation It results in more logical order. Device gets its config section above interface section. 2. Drop the loop We have separated code handling bridges now so $device should be guaranteed to contain a single device name. 3. Drop section name It's not required by netifd or LuCI & it's not needed by this script as $device contains a single device name now. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* base-files: generate network config with "device" optionsRafał Miłecki2021-05-272-18/+18
| | | | | | | Replace "ifname" with "device" as netifd has been recently patches to used the later one. It's more clear and accurate. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* base-files: fix configuration generation of network if "bridge" existsINAGAKI Hiroshi2021-05-241-2/+3
| | | | | | | | | | | | | | | | After the commit 43fc720657c6e3b30c6ed89d7227ee6e646c158b ("base-files: generate "device UCI type section for bridge"), the wrong network configuration is generated for the devices that already have the bridge device section for VLAN, such as the devices in realtek target. As a result, the bridge device by additional "device" section is specified to the "ports" option in the "bridge-vlan" section and netifd shuts down the switch and the ethernet when the network service started. Fixes: 43fc720657 ("base-files: generate "device" UCI type section for bridge") Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com> [rmilecki: use $ports for generate_bridge_vlan argument] Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* base-files: support setting bridge MAC addressRafał Miłecki2021-05-241-0/+2
| | | | | Fixes: 43fc720657c6 ("base-files: generate "device" UCI type section for bridge") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* Revert "base-files: migrate old UCI network bridge ports syntax"Rafał Miłecki2021-05-201-23/+0
| | | | | | | | | This reverts commit f716c30241d5fd9d821560f58d0af0c3ffe78600. Migrating everyone to the new syntax could break downgrades. We may reintroduce it way later if needed. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* base-files: generate bridge device sections with br- name prefixRafał Miłecki2021-05-201-2/+2
| | | | | | | | | | | Missing br- prefix could result in name conflict between DSA port interface and bridge interface. Some devices with just one LAN port use "lan" interface name for DSA port. Trying to create bridge with the same "lan" name was failing. Reported-by: David Bauer <mail@david-bauer.net> Fixes: 43fc720657c6 ("base-files: generate "device" UCI type section for bridge") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* busybox: preserve crontabsPhilip Prindeville2021-05-191-1/+0
| | | | | | | | | | | | /etc/syslog.conf is used by sysklogd, and /etc/crontabs is used by crond, both features of busybox. Given this, ownership for these files should be bound to busybox, especially if one day there's a way to do an in-place opkg update of busybox. There's also the busybox provided syslogd which uses this file if CONFIG_BUSYBOX_FEATURE_SYSLOGD_CFG is set. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* base-files: migrate old UCI network bridge ports syntaxRafał Miłecki2021-05-181-0/+23
| | | | | | | | netifd has been recently patched to use more accurate "ports" option instead of "ifname". This is a simple translation between two UCI options. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* base-files: generate "device" UCI type section for bridgeRafał Miłecki2021-05-181-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This switches from the old way of defining bridges in an "interface" UCI section type (that should be used for layer 3 only). From now a defualt board switch will have its own "device" UCI section type. It's a new & preferred way of defining L2 devices. Before: config interface 'lan' option type 'bridge' option ifname 'lan1 lan2 lan3 lan4' option proto 'static' option ipaddr '192.168.1.1' option netmask '255.255.255.0' After: config device option name 'lan' option type 'bridge' list ports 'lan1' list ports 'lan2' list ports 'lan3' list ports 'lan4' config interface 'lan' option ifname 'lan' option proto 'static' option ipaddr '192.168.1.1' option netmask '255.255.255.0' Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* base-files: use "ports" array in board.json network for bridgesRafał Miłecki2021-05-182-7/+20
| | | | | | | | | | | | | | | | | | | | | | | | | Bridge aggregates multiple ports so use a more accurate name ("ports") and format (array) for storing them in board.json. Example: "network": { "lan": { "ports": [ "lan1", "lan2", "lan3", "lan4" ], "protocol": "static" }, "wan": { "ifname": "wan", "protocol": "dhcp" } } Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* base-files: change logging for upgrade on fwtoolFlorian Eckert2021-05-171-3/+3
| | | | | | | | | Remove vn call in favour of v call. This commit serves as preparation for removing the v function call. Signed-off-by: Florian Eckert <fe@dev.tdt.de> [alter slightly to prevent double space after colon] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* build: introduce $(MKHASH)Leonardo Mörlein2021-05-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this commit, it was assumed that mkhash is in the PATH. While this was fine for the normal build workflow, this led to some issues if make TOPDIR="$(pwd)" -C "$pkgdir" compile was called manually. In most of the cases, I just saw warnings like this: make: Entering directory '/home/.../package/gluon-status-page' bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found [...] While these were only warnings and the package still compiled sucessfully, I also observed that some package even fail to build because of this. After applying this commit, the variable $(MKHASH) is introduced. This variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the correct path. Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
* base-files: shinit: properly handle dashes in service namesJo-Philipp Wich2021-05-121-1/+1
| | | | | Fixes: FS#3801 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: upgrade: take down loop and LVM before upgradeDaniel Golle2021-05-051-0/+10
| | | | | | | | | | | | | | Users of devices with large block storage may choose to have an LVM partition on the same device which is used for booting OpenWrt. The presents a problem during sysupgrade as the root device is then still busy and changing partitions will not work as desired, leading to data corruption in case the newly flashed image is larger than the currently installed one. Having loop devices setup causes similar havoc. Make sure all volume groups are offline and all loop devices have been released before sysupgrade. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* base-files: fix status display commandAlexander Egorenkov2021-04-031-1/+1
| | | | | | | | | | | | | | | | | | | | If service() is called w/o parameter then the status display for services with multiple instances is incorrect. E.g. samba4 or wpad have 2 instances. root@OpenWrt:~# /etc/init.d/samba4 status running root@OpenWrt:~# /etc/init.d/wpad status running Before change: /etc/init.d/samba4 enabled stopped /etc/init.d/wpad enabled stopped After change: /etc/init.d/samba4 enabled running /etc/init.d/wpad enabled running Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
* base-files: functions: introduce new helper functionsDaniel Golle2021-03-312-63/+68
| | | | | | | | | | | Introduce cmdline_get_var() to /lib/function.sh and make use of it in export_rootdev() in /lib/upgrade/common.sh, making the code more simple and removing one level of indentation. Introduce get_partition_by_name() to /lib/upgrade/common.sh which is useful on non-EFI GPT platforms like mt7622. Remove some dead-code while at it. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* base-files: add logging for configuration importFlorian Eckert2021-03-211-0/+1
| | | | | | Make sysupgrade backup import more verbose. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* treewide: remove execute bit and shebang from board.d filesAdrian Schmutzler2021-03-062-2/+1
| | | | | | | | | | | | | | | | So far, board.d files were having execute bit set and contained a shebang. However, they are just sourced in board_detect, with an apparantly unnecessary check for execute permission beforehand. Replace this check by one for existance and make the board.d files "normal" files, as would be expected in /etc anyway. Note: This removes an apparantly unused '#!/bin/sh /etc/rc.common' in target/linux/bcm47xx/base-files/etc/board.d/01_network Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* base-files: add new application led trigger backendFlorian Eckert2021-03-051-4/+5
| | | | | | | | | | | | | | | | | For now we have only kernel LED trigger support. With this change it is now possible to use application triggers. If we configure a LED with a non kernel trigger, then we check on every restart and boot of the LED service if we have this trigger as an application in "/usr/libexec/led-trigger". If this file with the name is found, then we execute this to init the LED. Possible use cases are: - Start/Stop/Restart an application led trigger service for this led - Init a LED that is configured by a hotplug script (VPN tunnel established) Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* treewide: fix spelling 'seperate' -> 'separate'Daniel Golle2021-02-281-1/+1
| | | | | | | This popular spelling mistake was also introduced by myself lately. Fix it everywhere. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* base-files: add support for restoring config from tmpfsDaniel Golle2021-02-281-2/+3
| | | | | | | | Instead of only relying in /sysupgrade.tgz being present in rootfs to restore configuration, also grab /tmp/sysupgrade.tar which may have magically gotten there during preinit... Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* base-files: remove unneeded '$' signs in nand.shDaniel Golle2021-02-241-2/+2
| | | | | | | When using Shell arithmetric evaluation via $((..)) the variables in the expression do not need to be prefixed by the '$' sign. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* sysupgrade-nand: allow limiting rootfs_data by setting env variableDaniel Golle2021-02-241-4/+16
| | | | | | | | | | | | | | | | | Check if firmware environment variable 'rootfs_data_max' exists and is set to a numerical value greater than 0. If so, limit rootfs_data volume to that size instead of using the maximum available size. This is useful on devices with lots of flash where users may want to have eg. a volume for persistent logs and statistics or for external applications/containers. Persistence on rootfs overlay is limited by the size of memory available during the sysugprade process as that data needs to be copied to RAM while the volume is being recreated during sysupgrade. Hence it is unsuitable for keeping larger amounts of data accross upgrade which makes additional volume(s) for application data desirable. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* image: add support for building FIT image with filesystemDaniel Golle2021-02-241-37/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow for single (external-data) FIT image to hold kernel, dtb and squashfs. In that way, the bootloader verifies the system integrity including the rootfs, because what's the point of checking that the hash of the kernel is correct if it won't boot in case of squashfs being corrupted? Better allow bootloader to check everything needed to make it at least up to failsafe mode. As a positive side effect this change also makes the sysupgrade process on nand potentially much easier as it is now. In short: mkimage has a parameter '-E' which allows generating FIT images with 'external' data rather than embedding the data into the device-tree blob itself. In this way, the FIT structure itself remains small and can be parsed easily (rather than having to page around megabytes of image content). This patch makes use of that and adds support for adding sub-images of type 'filesystem' which are used to store the squashfs. Now U-Boot can verify the whole OS and the new partition parsers added in the Linux kernel can detect the filesystem sub-images, create partitions for them, and select the active rootfs volume based on the configuration in FIT (passing configuration via device tree could be implemented easily at a later stage). This new FIT partition parser works for NOR flash (on top of mtdblock), NAND flash (on top of ubiblock) as well as classic block devices (ie. eMMC, SDcard, SATA, NVME, ...). It could even be used to mount such FIT images via `losetup -P` on a user PC if this patch gets included in Linux upstream one day ;) Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Daniel Golle <daniel@makrotopia.org>