Add support for the following Meraki ipq40xx based devices:
* MR30H
POE powered 802.11ac access point with an integrated 5 port
Gigabit switch.
This device is configured with only LAN ports,
as there is no "WAN" port by default.
Port 4 has POE output (802.3af) and is the port used for tftp
booting in U-Boot.
The device does not have secure boot enabled at this time.
However, the stock U-Boot does not allow interrupting boot to obtain a
shell, so it is highly recommended to flash a custom U-Boot build.
An external programmer is required to overwrite the stock U-Boot region
of NAND, similar to other recent Meraki devices such as the MR33.
* Z3
"Teleworker" device with 802.11ac and an integrated 5 port
Gigabit switch.
Port 5 has POE output (802.3af).
The WAN port is used for tftp booting in U-Boot.
This device ships with secure boot, and cannot be flashed without an
external programmer. More details on secure boot can be found at:
https://watchmysys.com/blog/2024/04/breaking-secure-boot-on-the-meraki-z3-and-meraki-go-gx20/
Information about flashing can be found on the OpenWrt Z3 device page.
* Z3C
"Teleworker" device with 802.11ac, 5 port Gigabit switch,
and integrated LTE modem (currently unsupported).
Port 5 has POE output (802.3af).
The WAN port is used for tftp booting in U-Boot.
This device ships with secure boot, and cannot be flashed without an
external programmer. More details on secure boot can be found at:
https://watchmysys.com/blog/2024/04/breaking-secure-boot-on-the-meraki-z3-and-meraki-go-gx20/
Information about flashing can be found on the OpenWrt Z3 device page.
* Go GX20
Wired router with 5 port Gigabit switch. It shares the same PCB as the Z3,
but without the WiFi radios.
Port 5 has POE output (802.3af).
The WAN port is used for tftp booting in U-Boot.
This device ships with secure boot, and cannot be flashed without an
external programmer. More details on secure boot can be found at:
https://watchmysys.com/blog/2024/04/breaking-secure-boot-on-the-meraki-z3-and-meraki-go-gx20/
Information about flashing can be found on the OpenWrt Z3 device page.
Signed-off-by: Hal Martin <1230969+halmartin@users.noreply.github.com>
Trying to use 'package_whatdepends' feature of the ImageBuilder with OPKG
will currently fail as OPKG does not support "list --depends" call at all,
it seems that this is a mixup from the original APK support commit.
So, lets restore 'package_whatdepends' support for OPKG by calling
"whatdepends -A" instead as we used to before APK support.
Fixes: d788ab376f ("build: add APK package build capabilities")
Link: https://github.com/openwrt/openwrt/pull/17022
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently trying to use the 'package_depends' feature of ImageBuilder will
result in it trying to call OPKG:
make package_depends PACKAGE="usbutils"
OK: 26 MiB in 142 packages
bash: line 1: openwrt-imagebuilder-qualcommax-ipq807x.Linux-x86_64/staging_dir/host/bin/opkg: No such file or directory
make: *** [Makefile:363: package_depends] Error 127
It looks like a copy/paste error when APK support was being added, so lets
fix it by calling APK and its "info --depends" command.
Fixes: #16996
Fixes: d788ab376f ("build: add APK package build capabilities")
Link: https://github.com/openwrt/openwrt/pull/17022
Signed-off-by: Robert Marko <robimarko@gmail.com>
Since kernel_oldconfig doesn't work properly with it, I ran that first
and then moved all the config symbols to config-6.6 and found the
differences.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16847
Signed-off-by: Robert Marko <robimarko@gmail.com>
Since kernel_oldconfig doesn't work properly with it, I ran that first
and then moved all the config symbols to config-6.6 and found the
differences.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16847
Signed-off-by: Robert Marko <robimarko@gmail.com>
Since kernel_oldconfig doesn't work properly with it, I ran that first
and then moved all the config symbols to config-6.6 and found the
differences.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16847
Signed-off-by: Robert Marko <robimarko@gmail.com>
Adjusts the default config to modern kernels.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16847
Signed-off-by: Robert Marko <robimarko@gmail.com>
Allows us to drop the description backport.
Changes:
e3464d0 db: make repository description an atom instead of allocation
417a93c pkg: truncate apkv3 description to 256 bytes
d26b65d db, audit: remove support for files without embedded checksum
64ff8c7 db: allow files starting with a dot in the root directory of apk3 packages
89e4bf1 db, fs: do not extract devices in --usermode
4050f9e db: fix hardlink handling: root directory and v3 checksums
ade0be3 db, extract: handle file/directory extraction errors more consistently
a4837ae package: don't call make_device_tree when APK_NO_CHROOT is set
1e04115 package: respect libexecdir instead of hard-coding /usr/libexec
76970a9 package: move the location of executable package scripts
19b1df7 blob: refactor apk_blob_for_each_segment into apk_blob_foreach_word
e38d5b5 test: add missing alpine tests makefile
fcd4def test: move vertest to cmocka based unit testing infrastructure
8a13ed9 test: fix solver.sh for parallel use
5add6fc (tag: v3.0.0_pre4) apk-tools-3.0.0_pre4
5dd91e3 db: consider --force-no-chroot when determining /dev/fd availability
d86afde db: print message when a file is written to .apk-new
a5aeb3d test: unify makefile and meson tests
a236fdd pkg: use memfd_create only if target root has dev/fd working
563d364 tests: minor updates to root tests
08b4d21 tests: move solver test data to separate directory
c259642 tests: rework solver tests to not require apk-test binary
d2aaf13 commit: sort matched dependencies on error analysis
98d7196 db: fix permissions of arch file
b231eac db: simplify add_repos_from_file
2a3dbfc db: add and use apk_db_parse_file helper to parse files line by line
c1a3e69 db: validate package arch against compatible arches
Link: https://github.com/openwrt/openwrt/pull/17015
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently, when "apk add --initdb" is called it will populate the
/etc/apk/arch file with the architecture of the host instead of the target
package architecture and this will then make it impossible for new packages
to be installed on the device as the target architecture will not match
after APK is updated to include [1].
So, lets use override the architecture by passing the target package one
by using the "--arch" argument to "apk add".
[1] c1a3e69f24Fixes: #16953
Link: https://github.com/openwrt/openwrt/pull/17015
Signed-off-by: Robert Marko <robimarko@gmail.com>
We have a lot of script-only packages that are universal for all arch-s
and those set PKGARCH:=all to indicate it.
Unfortunately, APK expects architecture to be set to "noarch" instead to
indicate that its universal so instead of having to update all packages
that set PKGARCH:=all and thus break OPKG lets simply translate "all" to
"noarch" when generating the APK package.
This will be required as soon we update APK to include [1] as it will start
enforcing package architecture checks.
[1] c1a3e69f24
Suggested-by: Jonas Gorski <jonas.gorski@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17015
Signed-off-by: Robert Marko <robimarko@gmail.com>
The original set of stock partitions was kept in the TR4400 v2 port,
with the same partition numbers but their names prefixed with 'stock_'.
This allowed scripts (installation, back to stock, etc) to run on both
stock and OpenWrt firmware. But this triggers warnings in the device
tree compiler, as partitions of the old and new schemes overlap.
This commit fixes the dtc warnings by deleting the stock partitions,
also renumbering some of the remaining MTD partitions in the process.
Additionally, the 'fw_env' partition is set to read-only.
These changes can break existing scripts as well as user configurations
that utilize the 'extra' partition. Users wanting to run old scripts can
do so by reverting to the 23.05 series releases.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16958
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently, trying to use APK to install a package that has a dependency on
a virtual package that needs to be resolved via 'provides' it will fail if
package does not have 'DEFAULT_VARIANT:=1' like:
apk add usbutils
ERROR: unable to select packages:
libudev (virtual):
note: please select one of the 'provided by' packages explicitly
provided by: libudev-zero
required by: usbutils-017-r1[libudev]
Issue is that we dont set 'provider_priority' that APK uses to break ties
when choosing a virtual package to satisfy a dependency and thus despite
only one package providing the dependency it will still end up with a tie
and just error out.
So, lets simply fix this by providing a default value for
'provider_priority' when 'DEFAULT_VARIANT' is not set and then APK will
be able to resolve dependencies.
Fixes: #16976
Link: https://github.com/openwrt/openwrt/pull/17008
Signed-off-by: Robert Marko <robimarko@gmail.com>
b6ae9ffaeb0e odhcp6c: allow to request specific ipv6 prefix
Signed-off-by: He Ping <pinghejk@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17013
Signed-off-by: Petr Štetiar <ynezz@true.cz> [hash, commit]
The broadcom PHY driver only has to depend upon PTP_1588_CLOCK_OPTIONAL
if NETWORK_PHY_TIMESTAMPING is enabled. The PTP functionality is stubbed
in this case.
Reflect this circumstance in the dependence condition. This allows to
build the driver as a built-in module even if PTP is built as a module.
This is required to include the broadcom PHY module regardless of the
built-setting of the PTP subsystem. On ath79 (and probably more)
targets with Broadcom PHY, Gigabit operation is currently broken as the
PHY driver is only built as a module in case all kernel-packages are
built. Due to this circumstance, affected devices fall back to using the
generic PHY driver.
Signed-off-by: David Bauer <mail@david-bauer.net>
Now that omnia-eeprom is marked nonshared building the cortex-a9 mvebu
subtarget will fail with:
ERROR: unable to select packages:
omnia-eeprom (no such package):
required by: world[omnia-eeprom]
This is because omnia-eeprom depends on TARGET_mvebu_cortexa9_DEVICE_cznic_turris-omnia
which will not be satisfied in buildbots since CONFIG_TARGET_ALL_PROFILES
and CONFIG_TARGET_PER_DEVICE_ROOTFS are set in which case
CONFIG_TARGET_mvebu_cortexa9_DEVICE_cznic_turris-omnia is not set.
So, lets simply depend on the mvebu/cortex-a9 subtarget.
Fixes: 371e7bef40 ("omnia-eeprom: Mark it nonshared")
Link: https://github.com/openwrt/openwrt/pull/17007
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add ubihealthd to the nand-utils package, auto-create UCI config for
each UBI device and launch the daemon on boot.
The default time interval between scrubbing a random PED is 120 seconds
which means that a fully used 128 MiB flash chip gets scrubbed in about
a day and a half. The interval can be adjusted in UCI using the
'interval' option.
Suggested-by: Rodrigo Balerdi <lanchon@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Link: https://github.com/openwrt/openwrt/pull/16973
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Sync patch with upstream version and tag them.
Minor changes done to Pinctrl patch to support older kernel.
Patch automatically refreshed with make target/linux/refresh.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
DEFAULT_PACKAGES handling was moved in commit 40be892a02
("imagebuilder: move handling of DEFAULT_PACKAGES into shareable place")
to `include/default-packages.mk`, but they weren't removed from
ImageBuilder's Makefile, so lets remove it now.
Once removed, I've noticed, that it stopped working as there is
target.mk included later in that file, overriding the DEFAULT_PACKAGES
again, so moved it after this target.mk include.
Fixes: 40be892a02 ("imagebuilder: move handling of DEFAULT_PACKAGES into shareable place")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Robert reported, that in firmware images generated by ASU, there is
`apk` package manager missing after the commit 44598c233d ("build:
remove broken dependency of metadata on toplevel .config variables").
That is happening, because apk got removed from `default_packages` list in
`profiles.json`, which is being generated by `json_overview_image_info` Make
target, which uses `scripts/json_overview_image_info.py` helper script,
which gets the information from `DEFAULT_PACKAGES` Make variable.
So lets fix it by providing `DEFAULT_PACKAGES` variable when its needed.
The reason why we didn't added those packages as a dependency to
base-files like any other packages, was to allow disabling them (in
order to save space).
Fixes: #16969
Fixes: openwrt/asu/issues/1084
Fixes: 44598c233d ("build: remove broken dependency of metadata on toplevel .config variables")
Reported-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Link: https://github.com/openwrt/openwrt/pull/16986
Signed-off-by: Robert Marko <robimarko@gmail.com>
It seems, that handling of DEFAULT_PACKAGES is needed in more places, so
lets move it into dedicated include file so it can be easily shared.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Link: https://github.com/openwrt/openwrt/pull/16986
Signed-off-by: Robert Marko <robimarko@gmail.com>
Remove the remaining special handling of procd-ujail in a same way as
the rest of the packages was handled in the commit 4c65359af4 ("build:
fix including busybox, procd and apk/opkg in imagebuilder").
Fixes: 44598c233d ("build: remove broken dependency of metadata on toplevel .config variables")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Link: https://github.com/openwrt/openwrt/pull/16986
Signed-off-by: Robert Marko <robimarko@gmail.com>
CONFIG_FB_INTEL is now visible on x86 since i915 driver is packaged as kmod
now and it stops compilation, so add it to the generic config.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Escape special char for package description for APK mkpkg as the
description is passed as an args to mkpkg with --info option and can
easily escape from the "".
Currently escaped char `, $, ", \.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The config_get_bool also works with on/off, yes/no, true/false.
Add 'main' section name. This will make it easier to change settings from uci.
Add a link to documentation.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15579
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
These get dynamically set based on compiler version. Not relevant for
targets.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16770
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This symbol is no longer present.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16770
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Move settings CONFIG_INTEL_MEI_GSC_PROXY, CONFIG_INTEL_MEI_HDCP
and CONFIG_INTEL_MEI_PXP to target generic.
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/16971
Signed-off-by: Robert Marko <robimarko@gmail.com>
This tool was build in the phase 2 build, there the
TARGET_mvebu_cortexa9_DEVICE_cznic_turris-omnia dependecy was probably
not meat. Mark it as non shared to build it together with the target
where this option is set.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Link: https://github.com/openwrt/openwrt/pull/16975
Signed-off-by: Robert Marko <robimarko@gmail.com>
This tool was build in the phase 2 build, there the TARGET dependencies
are probably not meat. Mark it as non shared to build it together with
the targets where this option is set.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Link: https://github.com/openwrt/openwrt/pull/16975
Signed-off-by: Robert Marko <robimarko@gmail.com>
Disable drm-i915 module for target x86/geode.
Fixes: 77cfe8f ("x86: make i915 as a kmod with required firmware")
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/16977
Signed-off-by: Robert Marko <robimarko@gmail.com>
All ipq807x devices that were using the legacy 'mmc_do_upgrade' eMMC
sysupgrade code were ported to the replacement 'emmc_do_upgrade' code.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16505
Signed-off-by: Robert Marko <robimarko@gmail.com>
Alphabetically sort devices in platform.sh
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16505
Signed-off-by: Robert Marko <robimarko@gmail.com>
Note that the old ad-hoc method did not explicitly align backup data
to 64 KiB boundaries.
Also note that the qnap 301w has a 'rootfs_data' partition in the eMMC
that is being ignored by fstools during boot, presumably due to a bug.
This is why the partition is also ignored in the sysupgrade code and
there is no definition of CI_DATAPART="rootfs_data".
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16505
Signed-off-by: Robert Marko <robimarko@gmail.com>
Note that the old ad-hoc method did not explicitly align backup data
to 64 KiB boundaries.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16505
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently the build fails due to the following:
mv: cannot stat 'linux-mediatek_filogic/target-dir-7872e783/etc/apk/repositories': No such file or directory
as the changes done in the commit e031dab93e ("base-files: move apk
distfeeds into directory") forget to adapt image generation part.
While looking into this, I've realized, that we don't need this explicit
handling in the image generating code since the feeds are solely
configured by `base-files` and `apk` packages, so those should always
provide the correct feeds content, so lets simply drop this unnecessary
code.
Moving away /etc/opkg is done to prevent opkg from picking up the remote
feeds defined from base-files and only use the local feeds, but for apk
we explicitly pass --repositories-file which disables parsing of
/etc/apk/repositories and /etc/apk/repositories.d, so we do not need to
backup anything.
Fixes: #16981
Fixes: e031dab93e ("base-files: move apk distfeeds into directory")
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[jonas.gorski: add an explicit explanation where the original mv comes
from and why we don't need it for apk].
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
On aarch64 musl gcc 14.x compiler, trying compiling elfutils 0.192 with
lto option enabled will cause null-dereference error.
Example error message:
...
elf_compress.c: In function 'elf_compress':
elf_compress.c:675:26: error: potential null pointer dereference [-Werror=null-dereference]
675 | shdr->sh_flags |= SHF_COMPRESSED;
| ^
elf_compress_gnu.c: In function 'elf_compress_gnu':
elf_compress_gnu.c:127:25: error: potential null pointer dereference [-Werror=null-dereference]
127 | shdr->sh_size = new_size;
| ^ ^
...
This is a false postive warning but will abort compilation if gcc has
`-Werror` flag. This commit add a patch for this, see the bugzilla
report below.
This commit backports a series of patches to fix some errors.
Add patch:
- 007-add-libeu-symbols-to-libelf.patch
- 008-fix-autoconf-ENABLE_IMA_VERIFICATION.patch
- 009-fix-null-dereference-with-lto.patch
Link: https://sourceware.org/bugzilla/show_bug.cgi?id=32311
Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16886
Signed-off-by: Robert Marko <robimarko@gmail.com>
Since the start of the Realtek target OpenWrt works with RTL83XX as the
target architecture. Upstream is using MACH_REALTEK_RTL instead. To
simplify further development align that.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
Link: https://github.com/openwrt/openwrt/pull/16963
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Analog to how we handle custom feeds in opkg, add a customfeeds.list for
custom package feeds and mark it as a configuration file.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16940
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Analog to how we handle distfeeds with opkg, have the base feeds defined
in a file in repositories.d instead of the base /etc/apk/repositories.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16940
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Currently, libreadline only installs
```
/usr/lib/libhistory.so.8 -> libhistory.so.8.2
/usr/lib/libhistory.so.8.2
/usr/lib/libreadline.so.8 -> libreadline.so.8.2
/usr/lib/libreadline.so.8.2
```
But there is no `libreadline.so` or `libhistory.so` available.
So this happens:
```
root@OpenWRT:~# cat a.c
int main() {
}
root@OpenWRT:~# gcc a.c -lreadline
/usr/bin/ld: cannot find -lreadline: No such file or directory
collect2: error: ld returned 1 exit status
```
Unless, of course, one uses `-l:libreadline.so.8`... But that
doesn't help with binaries that try to dynamically open
`libreadline.so`. I have one of those here (the STklos Scheme
compiler -- I didn't make a PR for it because it's far from
being ready, but one issue is that it does use dlopen to use
readline...)
With the symlink, it works:
```
root@OpenWRT:~# ln -s /usr/lib/libreadline.so.8 /usr/lib/libreadline.so
root@OpenWRT:~#
root@OpenWRT:~# gcc a.c -lreadline
root@OpenWRT:~#
```
Another example: when trying to package rlwrap, the build failed
complaining it could not find readline (using `-lreadline`).
It would then be necessary to change rlwrap's `configure.ac`
(and also in all packages that use readline), but it seems
simpler to add the symlinks...
This PR changes the Makefile so it will include the links.
Signed-off-by: Jeronimo Pellegrini <j_p@aleph0.info>
Link: https://github.com/openwrt/openwrt/pull/16445
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This commit fixes and closes#16313.
Switch the x86 kernel's timer to tickless operation which is
more power efficient since it is not woken up by periodic timer
interrupts when idle. Also add several other options for CPU
idle governors particularly the upstream default for tickless
kernels, CONFIG_CPU_IDLE_GOV_MENU. Without this commit, my AMD
Ryzen 7 5800U can only achieve a minimum core frequency of 1,384
MHz which is over 3x higher than the processor's minimum
frequency of 400 MHz which is accessible with this modification.
In addition to the lower clock rate, I have seen a concomitant
reduction in both idle temps and at-the-wall power consumption.
Summary:
* Idle CPU freqs dropped from 1,384 MHz to 400 Mhz.
* Idle power consumption dropped from 7 W avg to 5 W.
* Idle temps have dropped from 50C on avg to 43C.
There are other well known reasons to switch to a tickless
timer including: reduced interrupt overhead, better use of CPU
resources, and reduced latency to name a few.
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/16317
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The ppp package can support all features since Linux 4.7.0 kernel.
Therefore, most kernel version checks can pass unconditionally on
OpenWrt v18.06 and later version. This patch can reduce the size
of ppp package by approximately 2.5 KB.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16695
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
These permissions are not needed. Systemd also mounts these file systems
without these permissions on other Linux distributions.
Dropping these permissions should make the system more secure.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Link: https://github.com/openwrt/openwrt/pull/16960
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Create the folder /run and /run/lock using symlinks. Other Linux
distributions also have these folders and some applications might already
depend on them. Just create symlinks pointing to the older folder.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Link: https://github.com/openwrt/openwrt/pull/16961
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Do not add the file /run/apk/db.lock to the root file system. The /run
folder should be on a tmpfs.
At runtime we should make /run point to a tmpfs. At build time we should
just remove the folder.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Link: https://github.com/openwrt/openwrt/pull/16961
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>