Commit Graph

215 Commits

Author SHA1 Message Date
Christian Marangi
25bbefcdd9
apk: limit CONFIG_IPK_FILES_CHECKSUMS config to OPKG
Limit CONFIG_IPK_FILES_CHECKSUMS config to OPKG as APK have different
way to validate package integrity (apk audit)

Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-06-11 23:58:19 +02:00
Christian Marangi
93d49529a1
apk: provide csum for static conffiles
For non-overlay configuration we need checksum for config file that
weren't modified by the user. For OPKG in sysupgrade we check the status
file for the Conffiles: entry of every package. this entry contains
checksum for every static file that the package contains.

Provide the same info for APK by creating a conffiles_static file and
parse this file on sysupgrade for non-overlay configurations.

This is also used by the sysupgrade -u option to exclude non-changed
files from the final backup.

Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-06-11 23:58:17 +02:00
Rafał Miłecki
4efbfcd996 base-files: sysupgrade: handle errors when generating backup
1. Return error if any step of generating tar file fails
2. Use pipefail to avoid calling "gzip" if tar failed

Fixes: e36cc53092 ("base-files: sysupgrade: use tar helper to include installed_packages.txt")
Reported-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Cc: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-03-05 11:54:55 +01:00
Álvaro Fernández Rojas
4b3c1251a4 base-files: sysupgrade: allow overriding config restore
Some platforms like Raspberry Pi require patching some backup files like
cmdline.txt in order to set the correct root PARTUUID.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-03-04 16:27:39 +01:00
Jo-Philipp Wich
6f6406a132 base-files: sysupgrade: fix streaming backup archives to stdout
Due to previous refactoring in sysupgrade, writing backup archives to
stdout became impossible since the hardcoded gzip output redirection
did not account for the `-` special case filename.

Fix this issue by substituting `-` with `/proc/self/fd/1` in the tar
archive output path variable.

Also remove a redundant `rm -f` of the target file path that occurs
before the file could've possibly been written.

Fixes: #14773
Fixes: https://github.com/openwrt/luci/issues/6961
Fixes: e36cc53092 ("base-files: sysupgrade: use tar helper to include installed_packages.txt")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2024-03-04 14:58:10 +01:00
Rafał Miłecki
0ad062a21b base-files: sysupgrade: add uci-defaults script disabling services #2
Disabled services should be kept disabled after sysupgrade. This can be
easily handled using a proper uci-defaults script.

Extend sysupgrade to check for disabled services, generate uci-defaults
script disabling them and include it in backup.

Cc: Christian Marangi <ansuelsmth@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2024-02-29 16:12:06 +01:00
Rafał Miłecki
e36cc53092 base-files: sysupgrade: use tar helper to include installed_packages.txt
Replace mount + overlay with manually built tar archive that gets
prepended to the actual config files backup. This allows more
flexibility with including extra backup files. They can be included at
any paths and don't require writing to flash or mounting an overlay
which has its own limitations (mount points).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2024-02-29 16:12:06 +01:00
Rafał Miłecki
788122cc12 base-files: sysupgrade: rename add_*files() functions
Usage of word "add" was somehow misleading in those functions:
1. They don't really add (as in: append) anything. Result files are
   created from scratch.
2. It wasn't clear what adding files means. It could be understood as
   adding actual files somewhere (to existing archive?).

Also the word "add" was also a bit ambiguous.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-02-22 22:19:13 +01:00
Rafał Miłecki
4a1b94adba base-files: sysupgrade: s/do_save_conffiles/create_backup_archive/
Rename function to more accurate and self-explanatory name:
1. Use "archive" in name as this functions creates tar archive
2. Avoid "conffiles" as this function may archive more than that

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-02-22 22:19:01 +01:00
Rafał Miłecki
4ba5eba94c base-files: sysupgrade: exit with no error for --help
Calling "sysupgrade --help" should result in printing help and exiting
with 0 code.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-02-22 22:18:36 +01:00
Rafał Miłecki
73da77fd00 base-files: sysupgrade: group & cleanup global variables
Group & describe them by type, drop unneeded exports.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-02-22 22:18:36 +01:00
Rafał Miłecki
57be93c16d base-files: sysupgrade: replace UMOUNT_ETCBACKUP_DIR with a local variable
It was used inside do_save_conffiles() only.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-02-22 22:18:36 +01:00
Luiz Angelo Daros de Luca
61ac147bb6 base-files: sysupgrade: fix error message and typo
Some minor error message and comment fixes.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2024-02-22 22:14:54 +01:00
Rafał Miłecki
157d6019df Revert "base-files: sysupgrade: always setup overlay when creating backup"
This reverts commit 4fa9aaf0be.

That seemed like a good idea allowing us to include any runtime
generated file in archive. Unfortuantely it broke backups with files
from mounted directories.

When mounting overlay with / as lowerdir its mounts don't propagete in
the mountpoint. That resulted in empty directories:
/tmp/overlay.XXXXXX/backup/tmp/
/tmp/overlay.XXXXXX/backup/var/
/tmp/overlay.XXXXXX/backup/dev/
/tmp/overlay.XXXXXX/backup/proc/
etc.

As some platforms / users try to backup files like /var/dhcp.leases or
/boot/cmdline.txt it means we can't use that solution.

Link: http://lists.openwrt.org/pipermail/openwrt-devel/2024-February/042320.html
Link: https://lore.kernel.org/linux-fsdevel/67bb0571-a6e0-44ea-9ab6-91c267d0642f@gmail.com/T/#u
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-02-22 22:08:14 +01:00
Rafał Miłecki
7bffa8ab10 Revert "base-files: sysupgrade: include uci-defaults script disabling services"
This reverts commit bf304d10e9.

That uci-defaults script worked great but generating it required
mounting root dir as overlay lowerdir that needs to be reverted.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-02-22 22:08:04 +01:00
Rafał Miłecki
bf304d10e9 base-files: sysupgrade: include uci-defaults script disabling services
Disabled services should be kept disabled after sysupgrade. This can be
easily handled using a proper uci-defaults script.

Extend sysupgrade to check for disabled services, generate uci-defaults
script disabling them and include it in backup.

Cc: Christian Marangi <ansuelsmth@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2024-02-19 13:53:14 +01:00
Rafał Miłecki
4fa9aaf0be base-files: sysupgrade: always setup overlay when creating backup
Setting overlay while creating backup allows including extra files in
archive without actually writing them to flash. Right now this feature
is limited to /etc/backup/ directory and is used only for including
installed_packages.txt.

Extend this solution to make it more generic:
1. Always mount overlay while creating backup
2. Overlay whole / to don't limit it to /etc/backup/

This allows including any additional files in backups and adding more
sysupgrade features.

Cc: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Cc: Christian Marangi <ansuelsmth@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-02-19 13:53:14 +01:00
Luiz Angelo Daros de Luca
700907bc63 base-files: sysupgrade: always cleanup after backups
When tar was failing, it was exiting immediately. Some files and the
tmpfs mount (-k) would remain breaking the next backup attempt.

Also remove redundant $? from exit builtin call as exit already returns
the last command exit code when called.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2024-02-19 12:41:40 +01:00
Luiz Angelo Daros de Luca
14ac91c68c base-files: sysupgrade: do not hide tar errors
tar stderr was probably discarded only to remove this message:

  tar: removing leading '/' from member names

However, together with that, any other error would also be discarded.
It is easier to fix that allowing the error message to be printed.

In sysupgrade, the backup file list only uses absolute paths. That way,
the solution is to remove the leading '/' from all files (sed) and chdir
to / (option -C /)

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2024-02-19 12:41:40 +01:00
Felix Fietkau
2716853132 wifi-scripts: add new package, move wifi scripts to a single place
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-03 16:16:36 +01:00
Felix Fietkau
b993a00b82 base-files: fix duplicate wifi radio sections when using phy renaming
The duplicate sections are caused by a race condition at boot, when board.json
is not available. In that case, the final phy name cannot be resolved, and extra
sections referring to the path are created.
Fix this by making sure that wifi config is not being run before board.json
is created.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-07-17 14:33:57 +02:00
Andre Heider
28e357d528
base-files: add 'isup' to the wifi script
This is a silent command that allows easy wifi up/down automation for
scripts.

It takes one or multiple devices as arguments (or all if none are passed),
and the exit code indicates if any of those is not up.

E.g.:
wifi isup && echo "all wifi devices are up"
wifi isup radio0 || echo "this wifi is down"

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-04-12 19:49:30 +02:00
Andre Heider
8fbe7738b9
base-files: use named variables in the wifi script
Use the already present but unused $cmd and $dev variables instead of
positional parameters in ubus_wifi_cmd() to improve readability.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-04-12 19:49:22 +02:00
Bob Cantor
80a62a675d
base-files: wifi: for wifi reconf, scan_wifi after network reload
Commit e8b5429609 included an unintended change and we now call
scan_wifi before a network reload.

Restore the original behaviour and call scan_wifi only after a network
reload.

Fixes: e8b5429609 ("base-files: wifi: tidy up the reconf code")
Signed-off-by: Bob Cantor <bobc@confidesk.com>
2022-10-25 09:24:37 +02:00
Bob Cantor
fcfce8f208
base-files: wifi: for wifi up, scan_wifi after network reload
Commit b82cc80713 included an unintended change and we now call
scan_wifi before a network reload.

Restore the original behaviour and call scan_wifi only after a network
reload.

Fixes: b82cc80713 ("base-files: wifi: swap the order of some ubus calls")
Signed-off-by: Bob Cantor <bobc@confidesk.com>
2022-10-25 09:24:27 +02:00
David Bauer
34437af888 base-files: allow ignoring minor compat-version check
Downstream projects might re-generate device-specific configuration
based on OpenWrt's defaults on each upgrade, thus being unaffected by
forward- as well as backwards-breaking configuration.

Add a new sysupgrade parameter, which allows sysupgrades between minor
compat-versions. Upgrades will still fail upon mismatching major compat
versions.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-06-18 22:11:04 +02:00
Bob Cantor
e8b5429609 base-files: wifi: tidy up the reconf code
commit 5edbd390d321532d9a697d6895a1a7c71c40bd5d rearranged the
"wifi up" code.

This commit tidies up the "wifi reconf" code so as to
keep it aligned with the "wifi up" code.

branches affected: trunk, 21.02

Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
2021-06-28 17:24:15 +02:00
Bob Cantor
b82cc80713 base-files: wifi: swap the order of some ubus calls
"/sbin/wifi up" makes three ubus calls:
1. ubus call network reload
2. ubus call network.wireless down
3. ubus call network.wireless up

The first and third ubus calls call drv_mac80211_setup,
while the second ubus call triggers wireless_device_setup_cancel,
so the call sequence becomes,

1. drv_mac80211_setup
2. wireless_device_setup_cancel
3. drv_mac80211_setup

This commit swaps the order of the first two ubus calls,
1. ubus call network.wireless down
2. ubus call network reload
3. ubus call network.wireless up

Consequently drv_mac80211_setup is only called once,
and two related bugs (#FS3784 and #FS3902) are no longer triggered
by /sbin/wifi.

branches affected: trunk, 21.02

Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
2021-06-28 17:24:11 +02:00
Florian Eckert
fdbdbe8eaa base-files: add logging for configuration import
Make sysupgrade backup import more verbose.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-03-21 22:45:20 +01:00
Daniel Golle
9c845a5ad1 base-files: wifi: add support for 802.11ad
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-05 02:16:24 +00:00
Adrian Schmutzler
93b6122212 base-files: sysupgrade: add function for conffiles retrieval
The find command to retrieve files from /etc/sysupgrade.conf and
/lib/upgrade/keep.d/* is used twice in almost the same way.

Move it into a function to consolidate, enhance readability and make
future adjustments easier.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Paul Spooren <mail@aparcar.org>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-12-30 00:00:13 +01:00
Robert Marko
20d847d133 base-files: upgrade: fix initramfs detection
Commit "initramfs: switch to tmpfs to fix ujail" switched initramfs to
now use tmpfs, it causes $(rootfs_type) to now return tmpfs when
running initramfs image instead of being empty.

This broke initramfs detection which prevents config files from
being saved as it does not work from initramfs.

So, lets test for $(rootfs_type) returning "tmpfs" instead.

Fixes: 7fd3c68 ("initramfs: switch to tmpfs to fix ujail)

Signed-off-by: Robert Marko <robimarko@gmail.com>
2020-12-20 17:14:56 +00:00
Adrian Schmutzler
9362ea1661 base-files: remove useless cat
Check file contents directly instead of using cat.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-11 12:52:01 +02:00
Adrian Schmutzler
d7d6e055e9 base-files: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

This does not touch lib/upgrade/nand.sh, as there replacement is
not trivial.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-11 12:52:01 +02:00
Huangbin Zhan
fed9bfbfeb base-files: coreutil-sha256sum breaks status code
With package "coreutil-sha256sum" installed "sysupgrade" fails to perform 'sha256sum -s' and instead returns 'invalid option -- 's''.
This is caused due to:
	different syntax for a sha256sum status check ('sha256sum --status' with "coreutil-sha256sum")
	'/usr/bin/sha256sum' being symlinked to '/usr/bin/gnu-sha256sum' (after installation of "coreutil-sha256sum")
"coreutil-sha256sum" package from the packages feed replaces the Busybox sha256sum
This patch restores for 'sysupgrade' the busybox call to its sha256sum applet.

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-06-27 00:19:13 +02:00
Florian Eckert
0f33c6b74a base-files: use jshn lib for ubus sysupgrade argument generation
With this change the well known jshn library will be used, to build the
json arguments for the ubus sysupgrade method. This is also used in all
other shell program that uses JSON. This commit unifies that.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-01-14 00:06:03 +01:00
Petr Štetiar
cf3da66d2c base-files: sysupgrade: exit if the firmware download failed
Sysupgrade process shouldn't continue if the firmware image couldn't be
downloaded.

Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020940.html
Reported-by: Petr Novák <petrn@me.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-05 14:13:01 +01:00
Daniel Golle
d89427662d base-files: include 'reconf' in help output of 'wifi' command
Reported-by: Dirk Brenken <dev@brenken.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-18 12:58:31 +01:00
John Crispin
6becc37f33 base-files: add 'wifi reconf'
Now that netifd and hostapd allow dynamic reconfiguration, add a
command to trigger it.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-12 11:52:38 +01:00
Yousong Zhou
f526e85426 base-files: hotplug-call: exit success when dir is absent
"block mount" invokes "hotplug-call mount".  It emits the following
error when mount is not present

	hotplug-call call failed

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-29 13:28:49 +00:00
Rafał Miłecki
a858db3136 treewide: sysupgrade: use $UPGRADE_BACKUP to check for backup
Now that $UPGRADE_BACKUP is set conditionally there is no need to check
the $UPGRADE_OPT_SAVE_CONFIG anymore. All conditions can be simplified.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-11 09:05:35 +02:00
Rafał Miłecki
c5223b26a4 base-files: sysupgrade: pass "backup" ubus attribute
This explicitly tells procd what backup file should be used during
sysupgrade (if any). It's much more generic this way compared to the
magic /tmp/sysupgrade.tgz file that had to be created before a call.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-11 08:57:24 +02:00
Rafał Miłecki
b71962da16 base-files: pass "force" parameter to the "sysupgrade" call
This makes sysupgrade work with the most recent procd that validates
firmware before proceeding.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-04 11:07:41 +02:00
Rafał Miłecki
f522047958 base-files: use JSON for storing firmware validation info
So far firmware validation result was binary limited: it was either
successful or not. That meant various limitations, e.g.:
1) Lack of proper feedback on validation problems
2) No way of marking firmware as totally broken (impossible to install)

This change introduces JSON for storing detailed validation info. It
provides a list of performed validation tests and their results. It
allows marking firmware as non-forceable (broken image that can't be
even forced to install).
Example:
{
        "tests": {
                "fwtool_signature": true,
                "fwtool_device_match": true
        },
        "valid": true,
        "forceable": true
}

Implementation is based on *internal* check_image bash script that:
1) Uses existing validation functions
2) Provides helpers for setting extra validation info

This allows e.g. platform_check_image() to call notify_check_broken()
when needed & prevent user from bricking a device.

Right now the new JSON info is used by /sbin/sysupgrade only. It still
doesn't make use of "forceable" as that is planned for later
development.

Further plans for this feature are:
1) Expose firmware validation using some new ubus method
2) Move validation step from /sbin/sysupgrade into "sysupgrade" ubus
   method so:
   a) It's possible to safely sysupgrade using ubus only
   b) /sbin/sysupgrade can be more like just a CLI

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-08-30 08:34:10 +02:00
Rafał Miłecki
b6f4cd57e1 treewide: sysupgrade: pass "save_partitions" option to the "sysupgrade" method
This explicitly lets stage2 know if partitions should be preserved. No
more "touch /tmp/sysupgrade.always.overwrite.bootdisk.partmap" hack.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-08-22 13:47:51 +02:00
Rafał Miłecki
b534ba9611 base-files: pass "save_config" option to the "sysupgrade" method
This explicitly lets stage2 know if config should be preserved.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-08-22 13:47:47 +02:00
Rafał Miłecki
3f4c785a6b base-files: don't set ARGV and ARGC
Those are not used by any image check function anymore.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-17 08:10:40 +02:00
Rafał Miłecki
f7edd94a65 base-files: move stage2 upgrade to separated file
do_upgrade_stage2() isn't really any common code. It isn't used anywhere
except for /sbin/sysupgrade that passes it to the stage2.

Moving its code to separated file also simplifies COMMAND variable.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-11 17:05:20 +02:00
Petr Štetiar
27bfde9c9f base-files: move urandom seed bits into separate package
So it's possible to install or remove it as needed.

Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-11 08:06:28 +02:00
David Bauer
28cd2caa35 base-files: sysupgrade: support additional mtd options
Add support for passing additional parameters to mtd called during
sysupgrade. It will be required to toggle the "recovery moe" flag
supported by recent tp-link boards.

Signed-off-by: David Bauer <mail@david-bauer.net>
[split code from board support patch; add commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2019-01-26 21:46:32 +01:00