Empty trailing fields get lost when the lines are split and merged again
at colons, resulting in unparsable entries. Only use the split fields for
matching against the other file, but emit the original line unchanged
to fix the issue.
Fixes: de7ca7dafa ("base-files: merge /etc/passwd et al at sysupgrade config restore")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
When running a failsafe shell on a console, job control was unavailable,
and ^C did not function correctly.
This change invokes console failsafe shells via `setsid`, making them
session leaders and allowing them to claim controlling terminals, which
makes job control function properly. To support this, the busybox
`setsid` utility is enabled. This has a minimal 149-byte size impact on
a test x86_64 squashfs rootfs image.
^C was ignored in subprocesses of failsafe shells: it was not possible
to ^C out of a program that would not exit on its own, such as many
typical `ping` invocations. As job control was unavailable, it was not
possible to suspend these subprocesses either, causing a hung program to
tie up a console indefinitely, unless another means to signal the
program was available. This was caused by SIGINT being placed at
disposition SIG_IGN by the shell running preinit, which it did because
the console shell was executed asynchronously with &. That disposition
was inherited by the console shell and its subprocesses, generally
causing ^C to have no effect.
As there is no way in busybox `ash` to reset the disposition of a signal
already ignored at shell entry, and no apparent way to avoid SIGINT
being placed at SIG_IGN when & is used in preinit, an alternative
construct is needed. Now, `start-stop-daemon` is used to start (-S) the
console failsafe shell in the background (-b). This approach does not
alter SIGINT, allowing the console shell to be started with that
signal's handling intact, and normal ^C processing to occur.
busybox `ash` has some behaviors conditional on SHLVL, and while the
console shells ought to run at SHLVL=1, they were not by virtue of being
started by the shell-based preinit system. Additionally, a variety of
detritus was present in the console shell's environment, carried over
from preinit. These conditions are corrected by running the console
shell via `env -i` to clear the environment and establish a minimum and
correct set of environment variables for operation, in the same manner
as `login`. HOME is not explicitly set, because it's addressed in
/etc/profile. For non-failsafe console shells when
system.@system[0].ttylogin = 0, `login -f root` achieves a similar
effect. (`login` already started non-failsafe console shells when
ttylogin = 1 and behaved correctly. This brings the ttylogin = 0 case to
parity.) Note that even `login -f` is somewhat undesirable for failsafe
shells because it requires a viable /etc/passwd, hence the `env -i`
construct in that case.
The TERM environment variable from the preinit environment, with value
"linux", would rarely be correct for serial consoles. Now, the preinit
TERM value is preserved (or set to "linux" if unset) only when the
console is /dev/console or /dev/tty[0-9]*. Otherwise, it will be set to
a safe default appropriate for serial consoles, "vt102", as used for
serial consoles by busybox init. This "linux"/"vt102" TERM setting is
also duplicated for non-failsafe console shells.
This also indicates failsafe mode by showing "- failsafe -" on all
consoles (not just the last-defined one). It sets a hostname of
"OpenWrt-failsafe" in failsafe mode which is rendered in the shell's
prompt as a reminder of the mode during interactive failsafe use.
Previously, no hostname was set, which resulted in the kernel-default
hostname, "(none)", appearing in failsafe shell prompts.
Signed-off-by: Mark Mentovai <mark@mentovai.com>
Link: https://github.com/openwrt/openwrt/pull/16113
Signed-off-by: Robert Marko <robimarko@gmail.com>
The function fitblk_get_bootdev doesn't exist any more, using it in
export_bootdevice anyway never made much sense and only worked for
classic block devices.
Just drop /dev/fit* handling there, it isn't needed anywhere.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
By default nand_do_upgrade() can only deal with raw and gzipped firmware
files. Vendors often use custom firmware containers. Allow passing
custom extraction command to allow using nand_do_upgrade() with vendor
firmwares.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
If we're being paranoid and quote all the arguments to ipcalc.sh,
it's possible to pass in empty start and range arguments. This
should be handled the same as their being absent.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Link: https://github.com/openwrt/openwrt/pull/15946
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
NAND code uses either "cat" or "zcat" for getting firmware image
content. Code was full of duplicated ${gz}cat calls. Use "cmd" variable
that is determined by a caller and passed to lower level functions. This
avoids code duplication and allows adding support for more formats.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The function was moved to /lib/upgrade/fit.sh which is part of the fitblk
package. Remove it from /lib/upgrade/common.sh to safe space on boards
not using unified uImage.FIT images.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This reverts commit 25bbefcdd9.
Only the Config-build.in change needed to be merged and this contains
leftover from previous revision of the feature.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Old "interface" sections for bridges were mixing layer 2 and layer 3.
That syntax got deprecated and UCI section "device" is used for bridge
configuration now.
Backward compatibility may be dropped from netifd soon now so migrate
old configs using uci-defaults script.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
netifd supports more accurate "ports" option (instead of "ifname") for
years now. Relevant changes were even backported to OpenWrt 21.02. Add
uci-defaults script that translates config files using deprecated
syntax.
Identical commit f716c30241 ended up reverted back in 2021 by
80be798d4a due to breaking downgrades. With 19.07 support ended it
should no longer be an issue.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
A small regress from the translation to shell.
Fixes#12921, originally fixed in #12925 (Github).
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Link: https://github.com/openwrt/openwrt/pull/15430
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This reverts commit 80d1c353b7 with the
fix which won't break running systems. A logic error on how shell
handles && and || more the init process.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Limit CONFIG_IPK_FILES_CHECKSUMS config to OPKG as APK have different
way to validate package integrity (apk audit)
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
For APK installation we don't have /usr/lib/opkg/info and user fixup are
handled dirrectly. Skip the script in such case.
Also remove this uci-defaults if we have CONFIG_USE_APK enabled.
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
For non-overlay configuration we need checksum for config file that
weren't modified by the user. For OPKG in sysupgrade we check the status
file for the Conffiles: entry of every package. this entry contains
checksum for every static file that the package contains.
Provide the same info for APK by creating a conffiles_static file and
parse this file on sysupgrade for non-overlay configurations.
This is also used by the sysupgrade -u option to exclude non-changed
files from the final backup.
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This reverts commit 17d8c5825e.
This commit is breaking init somehow, even the hostname is not set,
so until its fixed, revert it.
Signed-off-by: Robert Marko <robimarko@gmail.com>
When running unit tests this causes trouble since `/lib/config/uci.sh`
isn't available in those cases. Instead exit with a clean status fo the
unit test framework don't wrongly interpret things as an error.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Other than OPKG which only uses signed package list, APK uses
individually signed packages in addition to signed package lists. Hence,
in order to be able to generate package, the private key needs to be
generated before compiling packages. Express that dependency and
generate the private key before building any packages instead of doing
so as part of the base-files package build.
Fixes: d788ab376f ("build: add APK package build capabilities")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The function incorrectly tried to APK keys even if there were none.
Correctly separate it into its own `ifdef` section.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Link: https://github.com/openwrt/openwrt/pull/15519
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Both package managers work slightly different, i.e. stores files at
different places. Modify the `functions.sh` file to cover those.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The APK package manager does not support handling of package
alternatives itself, so implement it via a simple shell script.
Signed-off-by: Paul Spooren <mail@aparcar.org>
A new option called `USE_APK` is added which generated APK packages
(.apk) instead of OPKG packages (.ipk).
Some features like fstools `snapshot` command are not yet ported
Signed-off-by: Paul Spooren <mail@aparcar.org>
uid/gid range should be limited to 16bit unsigned integer range to
avoid "wraparound" issues with permissions where jffs2
is employed for storage and chown 65536 (first auto-created user)
becomes equivalent to chown 0
Fixes: #13927
Signed-off-by: Thomas Winkler <tewinkler86@gmail.com>
Add new functions for ath11k caldata:
- ath11k_patch_mac (from 0 to 5)
- ath11k_remove_regdomain
- ath11k_set_macflag (some pre-caldata have the nvMacFlag flag unset which is needed to change the MAC address)
Additionaly for ath10k caldata:
- ath10k_remove_regdomain
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
Reduce calls and pipes and read from urandom once directly with hexdump
for the necessary 5 bytes of random data to build the 48 bit ULA Prefix.
Fewer calls and forks; finish quicker; less memory used.
Tested on: 23.05.3
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
This is mostly a cosmetic cleanup. The absence of
the return statement was not causing any problems.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Different from OPKG, APK uses a deterministic version schema which chips
the version into chunks and compares them individually. This enforces a
certain schema which was previously entirely flexible.
- Releases are added at the very and end prefixed with an `r` like
`1.2.3-r3`.
- Hashes are prefixed with a `~` like `1.2.3~abc123`.
- Dates become semantic versions, like `2024.04.01`
- Extra tags are possible like `_git`, `_alpha` and more.
For full details see the APK test list:
https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/test/version.data
Signed-off-by: Paul Spooren <mail@aparcar.org>
1. Return error if any step of generating tar file fails
2. Use pipefail to avoid calling "gzip" if tar failed
Fixes: e36cc53092 ("base-files: sysupgrade: use tar helper to include installed_packages.txt")
Reported-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Cc: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Some platforms like Raspberry Pi require patching some backup files like
cmdline.txt in order to set the correct root PARTUUID.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Due to previous refactoring in sysupgrade, writing backup archives to
stdout became impossible since the hardcoded gzip output redirection
did not account for the `-` special case filename.
Fix this issue by substituting `-` with `/proc/self/fd/1` in the tar
archive output path variable.
Also remove a redundant `rm -f` of the target file path that occurs
before the file could've possibly been written.
Fixes: #14773
Fixes: https://github.com/openwrt/luci/issues/6961
Fixes: e36cc53092 ("base-files: sysupgrade: use tar helper to include installed_packages.txt")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Disabled services should be kept disabled after sysupgrade. This can be
easily handled using a proper uci-defaults script.
Extend sysupgrade to check for disabled services, generate uci-defaults
script disabling them and include it in backup.
Cc: Christian Marangi <ansuelsmth@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Replace mount + overlay with manually built tar archive that gets
prepended to the actual config files backup. This allows more
flexibility with including extra backup files. They can be included at
any paths and don't require writing to flash or mounting an overlay
which has its own limitations (mount points).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
This allows building uncompressed tar archives from shell scripts (and
compressing them later if needed)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
[rmilecki: adapt to sysupgrade needs]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
After commit ad62247800 ("base-files: improve lib/upgrade/common.sh")
behavior of export_bootdevice has been made consistent in such way that
always the whole disk device is exported (as that was the case already
when matching via UUID) rather than the partition device.
Do the same for the device holding the fitblk backing partition.
Fixes: 5992f976b3 ("base-files: recognize bootdevice on devices using fitblk")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Boards using the fitblk driver need special treatment when it comes to
detecting the actual block device used to store the image used to boot
from. Transparently handle this in 'export_bootdevice' and provide new
'fitblk_get_bootdev' function to replace implementations in
/lib/upgrade/platform.sh.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Usage of word "add" was somehow misleading in those functions:
1. They don't really add (as in: append) anything. Result files are
created from scratch.
2. It wasn't clear what adding files means. It could be understood as
adding actual files somewhere (to existing archive?).
Also the word "add" was also a bit ambiguous.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rename function to more accurate and self-explanatory name:
1. Use "archive" in name as this functions creates tar archive
2. Avoid "conffiles" as this function may archive more than that
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This reverts commit 4fa9aaf0be.
That seemed like a good idea allowing us to include any runtime
generated file in archive. Unfortuantely it broke backups with files
from mounted directories.
When mounting overlay with / as lowerdir its mounts don't propagete in
the mountpoint. That resulted in empty directories:
/tmp/overlay.XXXXXX/backup/tmp/
/tmp/overlay.XXXXXX/backup/var/
/tmp/overlay.XXXXXX/backup/dev/
/tmp/overlay.XXXXXX/backup/proc/
etc.
As some platforms / users try to backup files like /var/dhcp.leases or
/boot/cmdline.txt it means we can't use that solution.
Link: http://lists.openwrt.org/pipermail/openwrt-devel/2024-February/042320.html
Link: https://lore.kernel.org/linux-fsdevel/67bb0571-a6e0-44ea-9ab6-91c267d0642f@gmail.com/T/#u
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This reverts commit bf304d10e9.
That uci-defaults script worked great but generating it required
mounting root dir as overlay lowerdir that needs to be reverted.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Disabled services should be kept disabled after sysupgrade. This can be
easily handled using a proper uci-defaults script.
Extend sysupgrade to check for disabled services, generate uci-defaults
script disabling them and include it in backup.
Cc: Christian Marangi <ansuelsmth@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Setting overlay while creating backup allows including extra files in
archive without actually writing them to flash. Right now this feature
is limited to /etc/backup/ directory and is used only for including
installed_packages.txt.
Extend this solution to make it more generic:
1. Always mount overlay while creating backup
2. Overlay whole / to don't limit it to /etc/backup/
This allows including any additional files in backups and adding more
sysupgrade features.
Cc: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Cc: Christian Marangi <ansuelsmth@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
When tar was failing, it was exiting immediately. Some files and the
tmpfs mount (-k) would remain breaking the next backup attempt.
Also remove redundant $? from exit builtin call as exit already returns
the last command exit code when called.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
tar stderr was probably discarded only to remove this message:
tar: removing leading '/' from member names
However, together with that, any other error would also be discarded.
It is easier to fix that allowing the error message to be printed.
In sysupgrade, the backup file list only uses absolute paths. That way,
the solution is to remove the leading '/' from all files (sed) and chdir
to / (option -C /)
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
PoE devices in the realtek target have the possibility to add PSE info
to the board description via 02_network. Make this available for all
targets, by moving the uci_set_poe() function to the globally available
uci-default.sh script.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Add the possibility that colored LEDs can also be configured via the uci.
config led 'led1'
option name '<name>'
option sysfs '<path>'
option trigger 'default-on'
option default '1'
--> option color_{$color} '<0-255>'
The supported names of the variable "${color}" for the selected LED can be
queried in the file with the name 'multi_index'.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>