When running a failsafe shell on a console, job control was unavailable,
and ^C did not function correctly.
This change invokes console failsafe shells via `setsid`, making them
session leaders and allowing them to claim controlling terminals, which
makes job control function properly. To support this, the busybox
`setsid` utility is enabled. This has a minimal 149-byte size impact on
a test x86_64 squashfs rootfs image.
^C was ignored in subprocesses of failsafe shells: it was not possible
to ^C out of a program that would not exit on its own, such as many
typical `ping` invocations. As job control was unavailable, it was not
possible to suspend these subprocesses either, causing a hung program to
tie up a console indefinitely, unless another means to signal the
program was available. This was caused by SIGINT being placed at
disposition SIG_IGN by the shell running preinit, which it did because
the console shell was executed asynchronously with &. That disposition
was inherited by the console shell and its subprocesses, generally
causing ^C to have no effect.
As there is no way in busybox `ash` to reset the disposition of a signal
already ignored at shell entry, and no apparent way to avoid SIGINT
being placed at SIG_IGN when & is used in preinit, an alternative
construct is needed. Now, `start-stop-daemon` is used to start (-S) the
console failsafe shell in the background (-b). This approach does not
alter SIGINT, allowing the console shell to be started with that
signal's handling intact, and normal ^C processing to occur.
busybox `ash` has some behaviors conditional on SHLVL, and while the
console shells ought to run at SHLVL=1, they were not by virtue of being
started by the shell-based preinit system. Additionally, a variety of
detritus was present in the console shell's environment, carried over
from preinit. These conditions are corrected by running the console
shell via `env -i` to clear the environment and establish a minimum and
correct set of environment variables for operation, in the same manner
as `login`. HOME is not explicitly set, because it's addressed in
/etc/profile. For non-failsafe console shells when
system.@system[0].ttylogin = 0, `login -f root` achieves a similar
effect. (`login` already started non-failsafe console shells when
ttylogin = 1 and behaved correctly. This brings the ttylogin = 0 case to
parity.) Note that even `login -f` is somewhat undesirable for failsafe
shells because it requires a viable /etc/passwd, hence the `env -i`
construct in that case.
The TERM environment variable from the preinit environment, with value
"linux", would rarely be correct for serial consoles. Now, the preinit
TERM value is preserved (or set to "linux" if unset) only when the
console is /dev/console or /dev/tty[0-9]*. Otherwise, it will be set to
a safe default appropriate for serial consoles, "vt102", as used for
serial consoles by busybox init. This "linux"/"vt102" TERM setting is
also duplicated for non-failsafe console shells.
This also indicates failsafe mode by showing "- failsafe -" on all
consoles (not just the last-defined one). It sets a hostname of
"OpenWrt-failsafe" in failsafe mode which is rendered in the shell's
prompt as a reminder of the mode during interactive failsafe use.
Previously, no hostname was set, which resulted in the kernel-default
hostname, "(none)", appearing in failsafe shell prompts.
Signed-off-by: Mark Mentovai <mark@mentovai.com>
Link: https://github.com/openwrt/openwrt/pull/16113
Signed-off-by: Robert Marko <robimarko@gmail.com>
Fixes#16075
When the SSL certificate used by uhttpd has been changed, calling
`/etc/init.d/uhttpd reload` will now have the effect of restarting the
daemon to make the change effective.
Signed-off-by: Sylvain Monné <sylvain@monne.contact>
Link: https://github.com/openwrt/openwrt/pull/16076
Signed-off-by: Robert Marko <robimarko@gmail.com>
Like other Ethernet drivers, print link speed and duplex mode
when the interface is up. Formatting output at the same time.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Like other Ethernet drivers, print link speed and duplex mode
when the interface is up. Formatting output at the same time.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Like other Ethernet drivers, print link speed and duplex mode
when the interface is up. Formatting output at the same time.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Like other Ethernet drivers, print link speed and duplex mode
when the interface is up. Formatting output at the same time.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This log is noisy and useless, just ignore it.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
This log is noisy and useless, just ignore it.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
r8168, r8125 and r8126 have been transferred from https://github.com/noltari to
https://github.com/openwrt.
The old URL should still work after the transfer, but let's update it anyway.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
There is no need to build BL31 as anyway only the bl2 image is
relevant for use with mtk_uartboot. Build only bl2 in this case.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Specification:
- MT7629 CPU
- MT7531 switch
- MT7761N and MT7762N wifi
- 256 MB RAM
- 128 MB NAND flash with dual-boot partitions
- 2 buttons: WPS and reset
- 1 WAN port (1G)
- 4 LAN ports (1G)
- 1 USB port
Limitations (same as other MT7629/MT7761N/MT7762N devices):
- Wifi is not working
- Second core is not working (kernel error message "CPU1: failed to come online")
Disassembly:
- There are two screws under the front rubber feet and two under the label on the bottom (in the corners towards the back, you should be able to feel them).
Serial Interface:
- UART pin header is already soldered on the board. Pinning from front to back:
1 - VCC
2 - TX
3 - RX
4 - n/a
5 - GND
GPIO:
- 1 white LED, connected to GPIO 52
- 1 reset button, connected to GPIO 60
- 1 WPS button, connected to GPIO 58
MAC Adresses:
- The MAC address printed on the device label is used for LAN and WAN
- The MAC address is stored in the devinfo partition in ASCII format (hw_mac_addr=aa:bb:cc:dd:ee)
- 2.4 GHz wifi uses MAC of the device label + 1
- 5 GHz wifi uses MAC of the device label + 2
Flashing:
- OpenWrt is only runnig in the first partition of dual boot
- To ensure to be able to go back to the factory image, flash the last OEM firmware via OEM web interface. This will ensure that the OEM firmware is present on both partitions
- Because of dual boot partitions, flashing via OEM interface is not supported
- Start a TFTP server and provide the initramfs image. Default settings:
- Router IP: 192.168.1.1
- TFTP server IP: 192.168.1.100
- TFTP file name: 7531.bin
- Open the device, connect UART and select " 1. System Load Linux to SDRAM via TFTP." during startup
- Adapt the settings to your environment, if required
- After initramfs is booted, flash the sysupgrade image
Return to OEM firmware:
- Run the following commands in OpenWrt to switch to the second partition
fw_setenv boot_part 2
fw_setenv bootimage 2
- Reboot the device. OEM firmware will start up again
Signed-off-by: Roland Reinl <reinlroland+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16067
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commits adds the RTW89 driver from Realtek.
Supports the Realtek 8851BE/8852AE/8852BE/8852CE PCIe wireless chips.
Signed-off-by: Antonio Flores <antflores627@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16131
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The recommended maximum validity period is currently 397 days
and some browsers throw warning with longer periods.
Reference to
https://cabforum.org/working-groups/server/baseline-requirements/
6.3.2 Certificate operational periods and key pair usage periods
Subscriber Certificates issued on or after 1 September 2020
SHOULD NOT have a Validity Period greater than 397 days and
MUST NOT have a Validity Period greater than 398 days.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/15366
Signed-off-by: Robert Marko <robimarko@gmail.com>
The introduction of MacOS Catalina includes new requirements for self-signed certificates.
See: https://support.apple.com/en-us/HT210176
These new requirements include the addition of two TLS server certificate extensions.
- extendedKeyUsage
- subjectAltName
The extendedKeyUsage must be set to serverAuth.
The subjectAltName must be set to the DNS name of the server.
In the absense of these new extensions, when the LUCI web interface is configured to use HTTPS and
self-signed certs, MacOS user running Google Chrome browsers will not be able to access the LUCI web enterface.
If you are generating self-signed certs which do not include that extension, Chrome will
report "NET::ERR_CERT_INVALID" instead of "NET::ERR_CERT_AUTHORITY_INVALID". You can click through to
ignore the latter, but not the former.
This change updates the uhttpd init script to generate self-signed cert that meets the new requirements.
Signed-off-by: Pat Fruth <pat@patfruth.com>
Link: https://github.com/openwrt/openwrt/pull/15366
Signed-off-by: Robert Marko <robimarko@gmail.com>
To better acommodate with the current browsers' requirements, also
self-signed certificates should have subjectAltName and
extendedKeyUsage defined in the self-signed x509 SSL certificates.
The following case sensitive options are now possible:
-addext subjectAltName=DNS:...
-addext subjectAltName=EMAIL:...
-addext subjectAltName=IP:...
-addext subjectAltName=URI:...
-addext extendedKeyUsage=serverAuth OR -addext extendedKeyUsage=any
Initial draft by Paul Donald <newtwen@gmail.com>
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/15366
Signed-off-by: Robert Marko <robimarko@gmail.com>
Bump `omnia-mcu-firmware` to version 4.1.
This version fixes the following issue on boards with GD32 MCU:
* the user has old GD32 MCU bootloader and application (version 2.0)
* the user upgraded MCU application firmware to newer version (from
2.99 to 4.0)
* the user wants to upgrade application again, but it is impossible,
because when MCU application firmware jumps into the old MCU
bootloader firmware (2.0), the old bootloader firmware gets stuck in
exception
* the user has to restart the board and upgrade the bootloader firmware
first, which is not ideal, since if bootloader firmware upgrade is
interrupted, the board gets bricked
Therefore the `omnia-mcutool` utility version 0.3-rc3 will refuse to
upgrade MCU application firmware to versions 2.99 to 4.0 if the MCU
bootloader firmware is at version 2.0.
For users to be able to upgrade MCU application firmware on GD32
boards, they will need this new 4.1 version.
Users that already upgraded the MCU application firmware to a version
version between 2.99 and 4.0 (using a previous version of the
`omnia-mcutool` utility) have no other choice but to upgrade MCU
bootloader firmware as well.
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/16159
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add support this boards to envtools config
This commit integrates the latest changes from new U-Boot, which includes important updates to the DTSI files for the Orange Pi R1 Plus and Orange Pi R1 Plus LTS boards.
Signed-off-by: Vyacheslav Ivanov <islavaivanov76@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16090
Signed-off-by: Robert Marko <robimarko@gmail.com>
Use ath10k-ct 6.9 to better match mac80211 backports 6.9.x
Drop patch 010 that is merged upstream.
Add patch 001 to fix version to 6.9 (overlooked by upstream).
Refresh patches.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/16036
Signed-off-by: Robert Marko <robimarko@gmail.com>
The function fitblk_get_bootdev doesn't exist any more, using it in
export_bootdevice anyway never made much sense and only worked for
classic block devices.
Just drop /dev/fit* handling there, it isn't needed anywhere.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
A bug has plagued bl2 which caused failure to boot and bricked Linksys
E8450 and Belkin RT3200 devices in case of correctable bitflips being
detected during a read operation. A simple logic error resulted in read
to be considered errornous instead of just continueing in case of
correctable bitflips.
Address this by importing a patch fixing that logic error.
The issue, which has been dubbed as the "OpenWrt Kiss of Death", and is
now a thing of the past.
Users should preemptively update bl2 to prevent their devices being at
risk.
Link: https://github.com/mtk-openwrt/arm-trusted-firmware/pull/11
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Backporting support for the NanoPi R6S from upstream
uboot.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15607
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Upstream uboot have merged in kernel dts files, we need
the update for the rk3588 boards.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15607
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Adding support for the rk3588 platform
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15607
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Instead of enabling RSS support, let's introduce a variant and let users
choose between both variants since it can cause network issues.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Instead of enabling RSS support, let's introduce a variant and let users
choose between both variants since it can cause network issues.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The keys are created differently compared to the old OPKG keys. Instead
of being part of base-files/configure, they are created as a Makefile
requirement of `package/compile`, which is a cleaner solution.
This requirement would only be added to non SDK environments, however
APK always requires keys to be available. Add an `else` case for the SDK
and create keys.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Cambium Networks XE3-4 is a tri-radio Wi-Fi 6/6E 4×4/2×2 AP.
Hardware:
Model: Cambium Networks XE3-4
CPU: IPQ6010/AP-CP01-C3, SoC Version: 1.0 @ 800 MHz
Memory: 1 GiB
Flash: 512 MiB Macronix MX30UF2G18AC + W25Q128FW
Ethernet: 1x 1 GbE (QCA8072)
1x 2.5 GbE (QCA8081)
Buttons: 1x Reset
Serial: TX, RX, GND
Baudrate: 115200
Radios: Qualcomm Atheros IPQ6018 802.11ax - 2x2 - 2GHz
Qualcomm Atheros IPQ6018 802.11ax - 2x2 - 5GHz
Qualcomm Atheros QCN9074 802.11ax - 4x4 - 5GHz or 6GHz
BLE 4.1
Power: 32.0W 802.3bt5 PoE++
25.5W 802.3at with USB, BT disabled
Size: 215mm x 215mm
Ports: 1x USB 2.0
Antenna: 6 GHz: 6.29 dBi, Omni 30 dBm
5 GHz: 6.12 dBi, Omni 31 dBm
2.4 GHz: 4.85 dBi, Omni 29 dBm
LEDs: Multi-color status LEDs
Mounting: Wall, ceiling or T-bar
Installation: Serial connection
1. Open the AP to get access to the board. Connect RX, TX and GND.
2. Power on the AP, and short the CS pin of the SPI flash with
one of the APs GND pins.
3. Transfer the initramfs image with TFTP
(Default server IP is 192.168.0.120)
# tftpboot factory.ubi
4. Flash the rootfs partition
# flash rootfs
5. Reboot the AP
# reset
Signed-off-by: Kristian Skramstad <kristian+github@83.no>
Link: https://github.com/openwrt/openwrt/pull/15633
Signed-off-by: Robert Marko <robimarko@gmail.com>
6.1.103 and 6.6.44 introduced breakage complaining about missing mtd_test.ko
for some targets.
Signed-off-by: Zxl hhyccc <zxlhhy@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16093
Signed-off-by: Robert Marko <robimarko@gmail.com>
Initially APK would sign packages and package index and verify
signatures individually. With the latest change, all packages inside a
trusted index are automatically trusted.
This is important within the OpenWrt eco-system since signing the index
happens on another machine than the package creation.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Compilation of mtd_test.ko should be added only for kernel 6.6 or above.
Fixes 26df88a ("kernel: Add kmod-mfd-test")
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/16085
Signed-off-by: Robert Marko <robimarko@gmail.com>
Bump omnia-mcutool to 0.3-rc3:
* The `--upgrade` option will now work even if MCU is in bootloader (for
example if previous upgrade was aborted).
* On boards with GD32 MCUs, `omnia-mcutool` will now refuse to upgrade
application firmware to version lower than 4.1 if bootloader version
is 2.0 (the original for first batch of boards with GD32 MCUs) since
these versions of application and bootloader are not compatible.
If user already upgraded to such a combination, an upgrade of
bootloader firmware is required.
The `--upgrade` option will inform about this and will automatically
upgrade bootloader firmware if the `--force` option is given.
(Note that version 4.1 of the MCU firmware was will be released soon,
once it is properly tested.)
* Various other improvements.
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/16086
Signed-off-by: Robert Marko <robimarko@gmail.com>
6.6.44 introduced breakage complaining about missing mtd_test.ko
for some targets.
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/16061
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch backports fixes for a security vulnerability impacting the
hostapd implementation of SAE H2E.
As upgrading hostapd would require more testing, the second mitigation
step which involves backporting several patches was adopted as outlined
in the official advisory[1].
An explanation of the impact of the vulnerability is provided from the
advisory[1]:
This vulnerability allows the attacker to downgrade the negotiated group
to another enabled group if both the AP and STA have enabled SAE H2E and
multiple groups. It should be noted that the H2E option is not enabled
by default and the attack is not applicable to the default option, i.e.,
hunting-and-pecking, since it does not have any downgrade protection for
group negotiation. In addition, the default configuration for enabled
SAE groups in hostapd is to enable only a single group, so the
vulnerability is not applicable unless hostapd has been explicitly
configured to enable more groups for SAE.
[1]: https://w1.fi/security/2024-2/sae-h2h-and-incomplete-downgrade-protection-for-group-negotiation.txt
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/16042
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add a new utility, omnia-mcutool, which main purpose is to upgrade the
firmware on the microcontroller on the Turris Omnia router. Depends on
omnia-mcu-firmware, and the upgrade process is pretty simple:
omnia-mcutool --upgrade
Besides firmware upgrade, the utility can be used to show and configure
various firmware settings.
Signed-off-by: Marek Mojík <marek.mojik@nic.cz>
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add a new package, omnia-mcu-firmware, containing firmware binaries for
the microcontroller on the Turris Omnia router.
Signed-off-by: Marek Mojík <marek.mojik@nic.cz>
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
Handle the KEY_VENDOR key in gpio-button-hotplug driver. This is used
by Turris Omnia.
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
68c8a4f system-linux: re-apply ethtool on phy attachment
890929b wireless: add support for defining wifi interfaces via procd service data
b57e40b wireless: use blobmsg_parse_attr
7a6532f proto-shell: add proto property for skipping device config
33ec3da CMake: bump the minimum required CMake version to 3.5
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Build the amd64-microcode package on all architectures even if it only
makes sense to use it on x86. If the package build is done by a builder
not building for x86 it will not include the package otherwise.
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>