Commit Graph

1604 Commits

Author SHA1 Message Date
Philip Prindeville
f0612c0d84 base-files: ipcalc.sh: Add some commentary, etc.
Explain some of the more obscure logic, or where we deviate from
what the original awk code did.  Also, give a count of the usable
addresses on the subnet.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2023-12-12 12:30:35 -07:00
Philip Prindeville
5ee3a78242 base-files: ipcalc.sh: Add support for decimal output
This is useful if you later need to perform numeric range-checking
on addresses, i.e. to see if an address falls inside a CIDR range,
etc. and what interface it corresponds to.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2023-12-12 12:30:35 -07:00
Philip Prindeville
854739b32c base-files: ipcalc.sh: Rewrite in pure shell
Also add better error checking on input.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2023-12-12 12:30:35 -07:00
Daniel Golle
45c85c1827 base-files: add mmc_get_mac_ascii function
Similar to the *_get_mac_binary function, also split the common parts
off mtd_get_mac_ascii into new get_mac_ascii function and introduce
mmc_get_mac_ascii which uses it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-12-09 22:47:10 +00:00
Shiji Yang
e814acc599 base-files: support parse DT LED color and function
The 'label' property in led node has been deprecated and we'd better
to avoid using it. This patch allows us to extract DT OF LED name
from the newly introduced LED properties "color", "function" and
"function-enumerator".

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2023-12-02 19:46:14 +01:00
Philip Prindeville
1481d5cb0b base-files: ipcalc.sh: Should take netmask or prefix after slash
dnmasq.init now invokes ipcalc.sh as either:

ipcalc.sh address/netmask ...

or:

ipcalc.sh address/prefix

but the existing version doesn't accept the 2nd notation.  We're
trying to rationalize the usage of ipcalc.sh, and here we add
support for the 2nd format.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2023-11-19 20:36:40 +00:00
Philip Prindeville
516a3176a6 base-files: Create /root w/ appropriate permissions
If /root is created with too permissive permissions, then sshd won't
trust the contents of /root/.ssh as being adequately protected.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2023-11-12 16:32:42 +01:00
Christian Marangi
01d675687c
base-files: add additional uci-defaults function for GRO and conduit
Add additional uci-defaults function for configuring GRO settings and
conduit for network devices.

Tweaking the GRO values might increase performance on some low spec
device that lack some offload feature on gmac.

Tweaking conduit interface is specific to DSA based devices and is
useful for multi-CPU scenario where one CPU is dedicated to one single
port.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-10 12:30:34 +01:00
Christian Marangi
da7ad22931
base-files: generalize ucidef_set_network_device
Generalize ucidef_set_network_device functions to use a more generic
_ucidef_set_network_device_common that takes as args the option and the
value to apply instead of hardcoding.

This is to reduce duplicated code in preparation for addition of
additional option for board.d usage.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-10 12:30:33 +01:00
Philip Prindeville
1998027d7c base-files: functions.sh: Add prepend() homologue to append()
Sometimes it's useful to be able to prepend to a variable as
well, such as when dealing with domain names, e.g.

    prepend fdqn "$subdomain" "."

will result in:

   fqdn="$subdomain.$fqdn"

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2023-10-23 19:18:04 +02:00
Christian Marangi
c0e30b17eb
treewide: disable QUILT refresh for unsupported packages
Some packages won't ever have something to patch as they normally
install files or are meta-packages.

For these special packages, disable QUILT refresh.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-10-20 16:13:13 +02:00
Michael 'ASAP' Weinrich
12bc79d6d5
base-files: fix wrong ucidef_set_network_device_mac network-device entry
The ucidef_set_network_device_* functions in uci-defaults.sh disagree
on whether to use "network-device" or "network_device" in board.json.
With the additional caveat that jshn will translate hyphens (-) into
underscores (_). This casues problems in netifd which expected
"network_device" causing boards which depend on assigning MACs in
board.json via uci-defaults.sh (or jshn in general) to fail.

This commit addresses the issue by using network_device in
uci-defaults.sh.

The bug was uncovered in the forums here:
https://forum.openwrt.org/t/support-for-rtl838x-based-managed-switches/57875/2596

This was exposed by commit 4ebba8a05d ("realtek: add support for HPE
1920-8g-poe+") where the board_config_load call from 03_gpio introduced
the key normalization by jshn.

Fixes: 9290539ca9 ("base-files: allow setting device and bridge macs")
Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Michael 'ASAP' Weinrich <michael@a5ap.net>
[ improve commit title, description and fix wrong Tested-by tag ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-10-20 12:53:43 +02:00
Leon M. Busch-George
25aab738ef base-files: ipcalc.sh: make check slightly more future-proof
The previous code handling the equal-condition might be removed or
altered in the future and the case might be overlooked.

Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
2023-09-25 15:02:49 +02:00
Leon M. Busch-George
270f694f11 base-files: ipcalc.sh: turn error into warning
Some users have their routers configured to supply a DHCP range that
includes the local interface address.
That worked with dnsmasq because it automatically skips the local
address.

Re-enable those existing configurations for the release and hint at
possible future problems.

Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
[ wrap commit description and remove unecessary text ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-09-25 15:02:49 +02:00
Leon M. Busch-George
d7978e1f39 base-files: ipcalc.sh clarify range parameters in comment
To avoid confusion when working with ipcalc.sh, clarify that the last two
parameters belong to the range calculation and rename 'num' to the slightly
less ambiguous 'size'.

Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
2023-09-25 15:02:49 +02:00
Leon M. Busch-George
6b23836071 package: avoid the use of eval to parse ipcalc.sh output
Add a function 'ipcalc' to /lib/functions.sh that sets variables more
safely using export.
With this new function, dnsmasq also handles the return value of ipcalc
correctly.

Fixes: e4bd3de1be ("dnsmasq: refuse to add empty DHCP range")
Co-Authored-By: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
2023-09-25 15:02:49 +02:00
Leon M. Busch-George
59e681eea1 base-files: ipcalc.sh: don't print broadcast addr for prefix > 30
Printing a broadcast address doesn't make any sense for /31 and /32
prefixes.
Strictly speaking, the same goes for the network address but it is useful
to get the first address in the prefix, e.g. to create a canonical
CIDR notation "$NETWORK/$PREFIX".

Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
2023-09-25 15:02:49 +02:00
Leon M. Busch-George
9b2f8a33b6 base-files: ipcalc.sh: correctly set limit for prefix > 30
For /31 and /32 prefixes, there are only host addresses - no network and
broadcast address with all-zero and all-one bits.
Reflect this when setting the limit.

Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
2023-09-25 15:02:49 +02:00
Leon M. Busch-George
9e8bbd4265 base-files: ipcalc.sh: correctly interpret num parameter
The start and end addresses are inclusive.
Thus, adding num without substracting one results in num + 1 addresses.
Add the substraction and to implement the documented behaviour.

Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
2023-09-25 15:02:49 +02:00
Hannu Nyman
47d56ae546
base-files: sysupgrade: Add 2 sec sleep into process KILL loop
Add 2 seconds sleep after each forcibly killed/tried-to-kill process
in the final process termination loop in sysupgrade stage2.

This is needed especially for qualcommax/ipq807x, where ath11k
wireless driver may have a long 10-20 seconds delay after termination
before actually getting killed. This often breaks sysupgrade.

The current KILL loop in kill_remaining does all 10 kill attempts
consecutively without any delay, as evidenced here in a failing sysupgrade.
It does not allow any time for the process to finalize its internal
termination.

Sat Sep  2 19:05:56 EEST 2023 upgrade: Sending TERM to remaining processes ...
Sat Sep  2 19:05:56 EEST 2023 upgrade: Sending signal TERM to hostapd (2122)
Sat Sep  2 19:05:56 EEST 2023 upgrade: Sending signal TERM to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending KILL to remaining processes ...
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2122)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Failed to kill all processes.
sysupgrade aborted with return code: 256

The change in this commit adds a 2 seconds delay after each kill attempt
in order to allow some processes to more gracefully handle their
internal termination.

The result is like this:

Sun Sep  3 11:15:10 EEST 2023 upgrade: Sending TERM to remaining processes ...
Sun Sep  3 11:15:10 EEST 2023 upgrade: Sending signal TERM to hostapd (2309)
Sun Sep  3 11:15:10 EEST 2023 upgrade: Sending signal TERM to hostapd (2324)
Sun Sep  3 11:15:14 EEST 2023 upgrade: Sending KILL to remaining processes ...
Sun Sep  3 11:15:14 EEST 2023 upgrade: Sending signal KILL to hostapd (2309)
[  699.827521] br-lan: port 7(hn5wpa2r) entered disabled state
[  699.908673] device hn5wpa2r left promiscuous mode
[  699.908721] br-lan: port 7(hn5wpa2r) entered disabled state
[  701.038029] br-lan: port 6(hn5wpa3) entered disabled state
Sun Sep  3 11:15:16 EEST 2023 upgrade: Sending signal KILL to hostapd (2324)
[  702.058256] br-lan: port 5(hn2wlan) entered disabled state
[  709.250063] stage2 (8237): drop_caches: 3
Sun Sep  3 11:15:25 EEST 2023 upgrade: Switching to ramdisk...

The delay introduced here only kicks in if there is some process that
does not get terminated by the first TERM call. Then there is at least
one 2 sec wait after the first KILL loop round.

This commit is related to discussion in PRs #12235 and #12632

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Reviewed-by: Robert Marko <robimarko@gmail.com>
2023-09-12 14:52:50 +02:00
Felix Fietkau
b993a00b82 base-files: fix duplicate wifi radio sections when using phy renaming
The duplicate sections are caused by a race condition at boot, when board.json
is not available. In that case, the final phy name cannot be resolved, and extra
sections referring to the path are created.
Fix this by making sure that wifi config is not being run before board.json
is created.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-07-17 14:33:57 +02:00
Álvaro Fernández Rojas
434df8df54 base-files: upgrade: nand: add JFFS2 cleanmarkers support
Some Broadcom MIPS devices require JFFS2 cleanmarkers to be present on the
kernel partition or the bootloader will identify the partition as corrupt and
won't boot the kernel.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-06-15 10:49:41 +02:00
Tony Ambardar
b3aaede2a7 base-files: enable BPF JIT kallsyms by default
Set net.core.bpf_jit_kallsyms=1 in /etc/sysctl.d/10-default.conf.

For privileged users, this exports addresses of JIT-compiled programs to
appear in /proc/kallsyms when present, allowing their use for debugging
and in traces.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2023-06-02 20:53:49 +02:00
Arınç ÜNAL
10a29216ce base-files: add protocol ncm support for ucidef_set_interface()
Make it possible to set up a default network (interface) for devices with
cellular modems using NCM.

Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
2023-05-18 14:44:07 +02:00
Olliver Schinagl
3da70c6469 base-files: Do not break on non-eth ports
When using OpenWRT with DSA and 'lan' ports, we could get an empty
`next_eth`. This is of course not desirable, as this causes `sh: out of
range` errors when trying to determine which one would be greater.

It turns out, that we don't even need this check at all because, when
looking for all existin eth*s on a system, and take the highest index
and then iterate a set of devices and rename to eth${highest_index+n},
it is guaranteed that there will be no conflict.

Fixes: b688bf83f9 ("base-files: rename ethernet devs on known boards")
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
2023-05-09 22:54:38 +02:00
Andre Heider
28e357d528
base-files: add 'isup' to the wifi script
This is a silent command that allows easy wifi up/down automation for
scripts.

It takes one or multiple devices as arguments (or all if none are passed),
and the exit code indicates if any of those is not up.

E.g.:
wifi isup && echo "all wifi devices are up"
wifi isup radio0 || echo "this wifi is down"

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-04-12 19:49:30 +02:00
Andre Heider
8fbe7738b9
base-files: use named variables in the wifi script
Use the already present but unused $cmd and $dev variables instead of
positional parameters in ubus_wifi_cmd() to improve readability.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-04-12 19:49:22 +02:00
Rafał Miłecki
c798adad6b base-files: fix nand_upgrade_ubinized()
When using "ubiformat" with stdin it requires passing image size using
the -S argument. Provide it just like we do for "ubiupdatevol".

This fixes:
ubiformat: error!: must use '-S' with non-zero value when reading from stdin

This change fixes sysupgrade for bcm53xx and bcm4908 NAND devices
possibly some other targets too.

Cc: Rodrigo Balerdi <lanchon@gmail.com>
Cc: Daniel Golle <daniel@makrotopia.org>
Fixes: 9710712120 ("base-files: accept gzipped nand sysupgrade images")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Daniel Golle <daniel@makrotopia.org>
Tested-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
2023-04-11 13:42:47 +01:00
Mark Baker
f35e2422b8 base-files: add support for retrieving IPv6 assignments
In DHCPv6-PD enabled environments, addresses are assigned to interfaces.
These new functions retrieve the IPv6 assigned prefix(es).

Signed-off-by: Mark Baker <mark@vpost.net>
2023-02-24 23:56:36 +01:00
Yuan Tao
fa08d900d4 base-files: sysfixtime: Fix time on the fake RTC
On some devices the chip has RTC but no battery save time.
This leads back to getting the wrong time
and skipping the check of the last file modification date.

This commit ensures that the file time is checked even
if the RTC exists.
which would ordinarily return an approbiate
system time used for e.g. certificate generation.

Tested-on: NanoPi R2S

Signed-off-by: Yuan Tao <ty@wevs.org>
2023-02-19 20:04:59 +08:00
Stijn Tintel
baf76634f3 build: add option to use preinit IP as LAN IP
We currently have build options to customize the IP address used in the
preinit phase of the boot process, but not to set the default LAN IP.

Introduce a boolean build option that, when enabled, results in the IP
address configured for the preinit phase, to be also used as the default
LAN IP address.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2023-02-17 16:20:03 +02:00
Daniel Golle
e8625c89ef treewide: replace /sys/devices/virtual/ubi by /sys/class/ubi
Starting from Linux Kernel version 6.3 UBI devices will no longer be
considered virtual, but rather have an MTD device parent. Hence they
will no longer be listed under /sys/devices/virtual/ubi which is
used in multiple places in OpenWrt. Prepare for future kernels by
using /sys/class/ubi instead of /sys/devuces/virtual/ubi.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-02-15 03:27:59 +00:00
Leon M. George
67d2a7ef9e
base-files: ipcalc.sh: fix awk regex syntax
It worked fine before but gawk warns about it.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:58 +01:00
Leon M. George
2903924b57
base-files: ipcalc.sh: trim for statement
For gawk compatibility.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:57 +01:00
Leon M. George
6ce9f42b98
base-files: ipcalc.sh: use shebang to invoke awk
There's hardly an shell logic in ipcalc.sh and a $* that would garble
parameter positions.
Move the awk invokation to the shebang.

A rename from "ipcalc.sh" to "ipcalc" is desirable but could prove tricky
with packages in other repositories depending on the filename.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:57 +01:00
Leon M. George
a40a96e54b
base-files: ipcalc.sh: fail when network is too small
It's possible to move range boundaries in a way that the start address
lies behind the end address.
Detect this condition and exit with an error message.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:56 +01:00
Leon M. George
4fe106afd1
base-files: ipcalc.sh: don't include own address in range
Make sure our own address doesn't lie in the calculated range.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:56 +01:00
Leon M. George
00a20335ba
base-files: ipcalc.sh: check for params before calculating start/end
With this patch, ipcalc only calculates range boundaries if the
corresponding parameters are supplied.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:52 +01:00
Brian Norris
3cd882744d base-files: upgrade: Fix export_partdevice() quoting
$BOOTDEV_MAJOR may be empty for many of the uevents parsed in this
function. This condition thus tends to fail benignly (we just skip to
the next device), but it can really clutter the stage2 sysupgrade
stderr, since it looks like the "=" operand doesn't have an appropriate
left-hand argument.

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
2023-02-03 14:09:46 +01:00
Chen Minqiang
781a3ae5dc base-files: fix nand_do_platform_check fail
This change ensures compatibility with both types of sysupgrade-tar files.

1. For some boards like xiaomi,redmi-router-ax6s, sysupgrade-tar
   is pack in directory `vendor,name/`

2. For some boards like xiaomi,mi-router-3g, sysupgrade-tar is pack
   in directory `vendor_name/`

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2023-01-29 01:02:45 +00:00
Brian Norris
d3c19c71f6
base-files: Remove nand.sh dependency from emmc upgrade
emmc_do_upgrade() relies on identify() from the nand.sh upgrade helper.
This only works because FEATURES=emmc targets also tend to include
FEATURES=nand.

Rename identify_magic() to identify_magic_long() to match the common.sh
style and make it clear it pairs with other *_long() variants (and not,
say *_word()).

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
2023-01-21 01:02:23 +01:00
Michael Pratt
1e3a8f454e base-files: rework mtd_get_mac_text()
It's necessary to be able to specify the length
for MAC addresses that are stored in flash, for example,
in a case where it is stored without any delimiter.

Let both offset and length have default values.

Add a sanity check related to partition size.

Also, clean up syntax and unnecessary lines.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2023-01-06 15:34:07 +01:00
Nikolay Martynov
665c2154ef ramips: add basic support for tp-link er605-v2
This is a MT7621-based device with 128MB NAND flash, 256MB RAM, and a USB port.
The board has headers to attach console. In order for them to work two solder
bridges near those pads need to be made.

The defice has the following partition table:

```
0x000000000000-0x000000080000 : "u-boot"
0x000000080000-0x000000100000 : "u-boot-env"
0x000000100000-0x000000140000 : "factory"
0x000000140000-0x000007e00000 : "firmware"
0x000007e00000-0x000008000000 : "panic-ops"
```

`firmware` partition contains UBI volumes. Unfortunately I accidentally wiped
partition and I no longer have access to it.

`firmware` partition contains 'secondary' U-Boot which is run by 'first' u-boot.
It also contains various configuration partitions that include device info and
MAC address. There also seems to be 'primary' and 'backup' set of 'main' volumes.

U-boot has `mtkupgrade` command that just overrides data on firmware partitions.
Firmware file provided by TP-Link cannot be used with that command.

U-boot also has 'recovery' http server. Unfortunately I was not able to make it
work with manufacturer's firmware.

Manufacturer's firmware essentially contains multiple UBI volumes along with
'partition table'. Unfortunately I no longer can properly run manufacturer's
firmware so I cannot at the moment try to a support for building 'factory' images.

This patch adds support for initramfs image as well as sysupgrade image.

This seems to be pretty standard MT7621 board otherwise.

Things that work:
* network
* leds
* usb
* factory MAC detection

Signed-off-by: Nikolay Martynov <mar.kolya@gmail.com>
2023-01-04 23:19:19 +01:00
Tony Ambardar
9cbc825b30 base-files: stage2: add 'tail' to sysupgrade environment
This is used to access footer data in firmare files, and is simpler and
less error-prone than using 'dd' with calculated offsets.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2022-12-31 05:02:38 -08:00
Jan-Niklas Burfeind
c7d3bbb909 sunxi: ensure NanoPi R1 has unique MAC address
Ensure the MAC address for all NanoPi R1 boards is assigned uniquely for
each board.

The vendor ships the device in two variants; one with and one without
eMMC; but both without static mac-addresses.
In order to assign both board types unique MAC addresses, fall back on
the same method used for the NanoPi R2S and R4S in case the EEPROM
chip is not present by generating the board MAC from the SD card CID.

[0] https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R1#Hardware_Spec

Similar too and based on:

commit b5675f500d ("rockchip: ensure NanoPi R4S has unique MAC address")

Co-authored-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
2022-12-25 02:27:55 +01:00
Chuanhong Guo
189637c964 base-files: sysupgrade-tar: allow separated kernel/rootfs ubi
There are some devices putting kernel and rootfs on separated
ubi volumes. To make OpenWrt compatible with their bootloader,
we need to put kernel and rootfs into separated ubi volumes.
Add support for CI_KERN_UBIPART and CI_ROOT_UBIPART for this
situation.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2022-12-17 14:08:58 +08:00
Chuanhong Guo
c48e511fef base-files: split ubi attaching out of nand_upgrade_prepare_ubi
split ubi reformat/attach into nand_attach_ubi in preparation
for reusing this code in other functions.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2022-12-17 14:08:58 +08:00
Daniel Golle
84ff6c90dd
base-files: bring back nand_do_upgrade_success
Several Broadcom targets were using the nand_do_upgrade_success
shell function which has been removed by commit e25e6d8e54
("base-files: fix and clean up nand sysupgrade code"). Refactor the
new nand_do_upgrade to bring back nand_do_upgrade_success with the
behavior expected by those users.

Fixes: e25e6d8e54 ("base-files: fix and clean up nand sysupgrade code")
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-10-30 20:26:12 +00:00
Rodrigo Balerdi
9d1e687da3 base-files: verify nand sysupgrade images
For nand sysupgrade image files having tar/gzip/tgz envelopes, verify
envelope integrity before starting sysupgrade.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-10-30 14:29:56 +00:00
Rodrigo Balerdi
9710712120 base-files: accept gzipped nand sysupgrade images
When firmware images only contained compressed kernels and squashfs roots,
uncompressed tar files were a good option. We are now using UBIFS images,
both raw and tarred, as well as ubinized (full UBI partition) images, all
of which benefit greatly from compression.

For example, a raw ubinized backup taken from a running Askey RT4230W REV6
(such full backups can be restored via the LUCI's sysupgrade UI) is over
400 MB, but compresses to less than 10 MB.

This commit adds support for gzipped versions of all file types already
accepted by the nand sysupgrade mechanism, be them raw or tarred.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-10-30 14:29:56 +00:00
Rodrigo Balerdi
af34733593 base-files: fix ubinized nand sysupgrade
It has been reported that ubinized nand sysupgrade fails under certain
circumstances, being unable to detach the existing ubi partition due to
volumes within the partition being mounted.

This is an attempt to solve such issues by unmounting and removing
ubiblock devices and unmounting ubi volumes within the target partition
prior to detaching and formatting it.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-10-30 14:29:56 +00:00
Rodrigo Balerdi
e25e6d8e54 base-files: fix and clean up nand sysupgrade code
- Never return from 'nand_do_upgrade', not even in case of errors, as that
  would cause execution of sysupgrade code not intended for NAND devices.
- Unify handling of sysupgrade success and failure.
- Detect and report more error conditions.
- Fix outdated/incorrect/unclear comments.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-10-30 14:29:56 +00:00
Bob Cantor
80a62a675d
base-files: wifi: for wifi reconf, scan_wifi after network reload
Commit e8b5429609 included an unintended change and we now call
scan_wifi before a network reload.

Restore the original behaviour and call scan_wifi only after a network
reload.

Fixes: e8b5429609 ("base-files: wifi: tidy up the reconf code")
Signed-off-by: Bob Cantor <bobc@confidesk.com>
2022-10-25 09:24:37 +02:00
Bob Cantor
fcfce8f208
base-files: wifi: for wifi up, scan_wifi after network reload
Commit b82cc80713 included an unintended change and we now call
scan_wifi before a network reload.

Restore the original behaviour and call scan_wifi only after a network
reload.

Fixes: b82cc80713 ("base-files: wifi: swap the order of some ubus calls")
Signed-off-by: Bob Cantor <bobc@confidesk.com>
2022-10-25 09:24:27 +02:00
Andrey Butirsky
bf9dc17651 base-files: add protocol qmi/mbim support for ucidef_set_interface()
Make it possible to setup default WAN interface for devices with built-in LTE
modems, using QMI or MBIM.

Signed-off-by: Andrey Butirsky <butirsky@gmail.com>
Reviewed-by: Lech Perczak <lech.perczak@gmail.com>
2022-10-18 15:09:23 +02:00
Felix Fietkau
7f9d3a00d8 base-files: add helper functions for adding wlan device entries to board.json
These will be used to give WLAN PHYs a specific name based on path specified
in board.json. The platform board.d script can assign a specific order based
on available slots (PCIe slots, WMAC device) and device tree configuration.

This helps with maintaining config compatibility in case the device path
changes due to kernel upgrades.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-14 13:12:30 +02:00
Olliver Schinagl
211f4302e4
base-files: Actually set default name
The currently used shell expansion doesn't seem to exist [0] and also
does not work. This surely was not intended, so lets allow default
naming to actually work.

[0]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html

Fixes: be09c5a3cd ("base-files: add board.d support for bridge device")
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
2022-09-22 21:37:45 +02:00
Nick French
20581ee8b5 ath79: add support for TP-Link Deco S4
Add support for TP-Link Deco S4 wifi router

The label refers to the device as S4R and the TP-Link firmware
site calls it the Deco S4 v2. (There does not appear to be a v1)

Hardware (and FCC id) are identical to the Deco M4R v2 but the
flash layout is ordered differently and the OEM firmware encrypts
some config parameters (including the label mac address) in flash

In order to set the encrypted mac address, the wlan's caldata
node is removed from the DTS so the mac can be decrypted with
the help of the uencrypt tool and patched into the wlan fw
via hotplug

Specifications:
SoC: QCA9563-AL3A
RAM: Zentel A3R1GE40JBF
Wireless 2.4GHz: QCA9563-AL3A (main SoC)
Wireless 5GHz: QCA9886
Ethernet Switch: QCA8337N-AL3C
Flash: 16 MB SPI NOR

UART serial access (115200N1) on board via solder pads:
RX = TP1 pad
TX = TP2 pad
GND = C201 (pad nearest board edge)

The device's bootloader and web gui will only accept images that
were signed using TP-Link's RSA key, however a memory safety bug
in the bootloader can be leveraged to install openwrt without
accessing the serial console. See developer forum S4 support page
for link to a "firmware" file that starts a tftp client, or you
may generate one on your own like this:
```
python - > deco_s4_faux_fw_tftp.bin <<EOF
import sys
from struct import pack

b = pack('>I', 0x00008000) + b'X'*16 + b"fw-type:" \
  + b'x'*256 + b"S000S001S002" + pack('>I', 0x80060200) \

b += b"\x00"*(0x200-len(b)) \
  + pack(">33I", *[0x3c0887fc, 0x35083ddc, 0xad000000, 0x24050000,
                   0x3c048006, 0x348402a0, 0x3c1987f9, 0x373947f4,
                   0x0320f809, 0x00000000, 0x24050000, 0x3c048006,
                   0x348402d0, 0x3c1987f9, 0x373947f4, 0x0320f809,
                   0x00000000, 0x24050000, 0x3c048006, 0x34840300,
                   0x3c1987f9, 0x373947f4, 0x0320f809, 0x00000000,
                   0x24050000, 0x3c048006, 0x34840400, 0x3c1987f9,
                   0x373947f4, 0x0320f809, 0x00000000, 0x1000fff1,
                   0x00000000])

b += b"\xff"*(0x2A0-len(b)) + b"setenv serverip 192.168.0.2\x00"
b += b"\xff"*(0x2D0-len(b)) + b"setenv ipaddr 192.168.0.1\x00"
b += b"\xff"*(0x300-len(b)) + b"tftpboot 0x81000000 initramfs-kernel.bin\x00"
b += b"\xff"*(0x400-len(b)) + b"bootm 0x81000000\x00"
b += b"\xff"*(0x8000-len(b))

sys.stdout.buffer.write(b)
EOF
```

Installation:
1. Run tftp server on pc with static ip 192.168.0.2
2. Place openwrt "initramfs-kernel.bin" image in tftp root dir
3. Connect pc to router ethernet port1
4. While holding in reset button on bottom of router, power on router
5. From pc access router webgui at http://192.168.0.1
6. Upload deco_s4_faux_fw_tftp.bin
7. Router will load and execture in-memory openwrt
8. Switch pc back to dhcp or static 192.168.1.x
9. Flash openwrt sysupgrade image via luci/ssh at 192.168.1.1

Revert to stock:
Press and hold reset button while powering device to start the
bootloader's recovery mode, where stock firmware can be uploaded
via web gui at 192.168.0.1

Please note that one additional non-github commits is also needed:
firmware-utils: add tplink-safeloader support for Deco S4

Signed-off-by: Nick French <nickfrench@gmail.com>
2022-09-11 21:54:00 +02:00
Martin Kennedy
b688bf83f9 base-files: rename ethernet devs on known boards
Some platforms lack an established way to name netdevs; for example,
on x86, PCIe-based ethernet interfaces will be named starting from
eth0 in the order they are probed. This is a problem for many devices
supported explicitly by OpenWrt which have hard-wired, standalone or
on-CPU NICs not supported by DSA (which is usually used to rename the
ports based on their ostensible function).

To fix this, add a mapping between ethernet device name and sysfs
device path to board.json; this allows us to configure ethernet device
names we know about for a given board so that they correspond to
external labeling.

Signed-off-by: Martin Kennedy <hurricos@gmail.com>
2022-09-10 21:16:20 +02:00
Rafał Miłecki
7f443d2d9a base-files: support "metric" in board.json
It allows prepopulating /etc/config/network interface-s with predefined
metric. It may be useful for devices with multiple WAN ports.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-09-10 16:58:01 +02:00
Mikhail Zhilkin
12c971bc26
base-files: add mtd_get_mac_encrypted_arcadyan function
Some Arcadyan devices (e.g. MTS WG430223) keep their config in encrypted
mtd. This adds mtd_get_mac_encrypted_arcadyan() function to get the MAC
address from the encrypted partition. Function uses uencrypt utility for
decryption (and openssl if the uencrypt wasn't found).

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
2022-08-19 14:41:14 +02:00
Olliver Schinagl
404cad6470 base-files: LED/trigger/heartbeat: Add support for inversion
The heartbeat trigger has the option to be inverted, however
openwrt/uci/luci have no way to set this.

This patch adds this support.

Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
2022-08-06 19:58:46 +02:00
Olliver Schinagl
b8f27251c9 base-files: LED/gpio: Ensure inverted is read as a boolean
The sysfs interface for the GPIO takes a boolean value. Ensure we get
one from uci.

Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
2022-08-06 19:58:46 +02:00
Mark Mentovai
c9725d4fb6 failsafe: run on all consoles listed in /proc/cmdline
On x86, when both CONFIG_GRUB_CONSOLE and CONFIG_GRUB_SERIAL are set (as
they are by default), the kernel command line will have two console=
entries, such as

    console=tty0 console=ttyS0,115200n8

Failsafe was only running a shell on the first defined console, the VGA
console. This is a problem for devices like apu2, where there is only a
serial console and it appears on ttyS0.

Moreover, the console prompt to enter failsafe during boot was delivered
to, and its input read from, the last console= on the kernel command
line. So while the failsafe shell was on the first defined console, only
the last defined console could be used to enter failsafe during boot.

In contrast, the x86 bootloader (GRUB) operates on both the serial
console and the VGA console by virtue of "terminal_{input,output}
console serial". GRUB also provided an alternate means to enter failsafe
from either console. The presence of two console= kernel command line
parameters causes kernel messages to be delivered to both. Under normal
operation (not failsafe), procd runs login in accordance with inittab,
which on x86 specifies ttyS0, hvc0, and tty1, allowing login through any
of serial, hypervisor, or VGA console. Thus, serial access was
consistently available on x86 devices with serial consoles under normal
operation, except for shell access in failsafe mode (without editing the
kernel command line).

By presenting the failsafe prompt, reading failsafe prompt input, and
running failsafe shells on all consoles listed in /proc/cmdline,
failsafe mode will work correctly on devices with a serial console (like
apu2), and the same image without any need for reconfiguration can be
shared by devices with the more traditional (for x86) VGA console. This
improvement should benefit any system with multiple console= arguments,
including x86 and bcm27xx (Raspberry Pi).

Signed-off-by: Mark Mentovai <mark at moxienet.com>
2022-06-19 12:40:30 +02:00
David Bauer
34437af888 base-files: allow ignoring minor compat-version check
Downstream projects might re-generate device-specific configuration
based on OpenWrt's defaults on each upgrade, thus being unaffected by
forward- as well as backwards-breaking configuration.

Add a new sysupgrade parameter, which allows sysupgrades between minor
compat-versions. Upgrades will still fail upon mismatching major compat
versions.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-06-18 22:11:04 +02:00
Daniel Golle
7b07c3cff5
base-files: simplify restorecon logic
Remove forgotten redundant selinuxenabled call and skip the whole
thing in case $IPKG_INSTROOT is set as labels are anyway applied only
later on in fakeroot when squashfs is created.

Fixes: 6d7272852e ("base-files: add missing $IPKG_INSTROOT to restorecon call")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-05-02 21:11:05 +01:00
Daniel Golle
6d7272852e
base-files: add missing $IPKG_INSTROOT to restorecon call
Update to overlooked v2 version of Dominick Grift's patch.

Fixes: 5109bd164c ("base-files: address sed in-place without SELinux awareness")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-05-02 19:59:58 +01:00
Dominick Grift
5109bd164c
base-files: address sed in-place without SELinux awareness
sed(1) in busybox does not support this functionality:
https://git.savannah.gnu.org/cgit/sed.git/tree/sed/execute.c#n598

This causes /etc/group to become mislabeled when a package requests
that a uid/gid be added on OpenWrt with SELinux

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[move restorecon inside lock]
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2022-05-02 18:56:02 +01:00
Rodrigo Balerdi
7d02fc0951 base-files: fix sysupgrade for kernel-out-of-UBI
Commit ecbcc0b595 bricks devices on which the raw kernel and UBI mtd
partitions overlap.

This is the case of the ZyXEL NR7101 for example. Its OEM bootloader has
no UBI support. OpenWrt splits the stock kernel mtd partition into a raw
kernel part used by the bootloader and a UBI part used to store rootfs
and rootfs_data. Running mtd erase on the complete partition during
sysupgrade erases the UBI part and results in a soft brick.

Arguably the best solution would be to fix the partition layouts so that
kernel and UBI partitions do not overlap, also including a stock_kernel
partition to help reverting to stock firmware. This would have the added
benefit of protecting UBI from kernel images that are excessively large.

Fixes: ecbcc0b595 ("base-files: safer sysupgrade.tar for kernel-out-of-UBI")
Reported-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-05-02 12:42:15 +01:00
Rodrigo Balerdi
9ba28f978c base-files: minimize critical time in sysupgrade
Attempt to minimize the time during which an interrupted nand sysupgrade
can lead to a non-functional device by flushing caches before starting
the upgrade procedure.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-04-19 16:28:25 +01:00
Rodrigo Balerdi
9a2f08f6e7 base-files: trim unnecessary nand sysupgrade code
Remove unnecessary sync commands during nand sysupgrade.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-04-19 16:28:25 +01:00
Rodrigo Balerdi
bfd9afc38d base-files: fix issues in nand sysupgrade
Fix issues while retaining configuration during nand sysupgrade:
- abort configuration saving if data partition is not found
- generate diagnostics if saving fails (eg, because of lack of space)
- do not output "sysupgrade successful" in case of errors

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-04-19 16:28:25 +01:00
Rodrigo Balerdi
f8351d65bb base-files: clean up nand sysupgrade code
Fix some inconsistent quoting in nand sysupgrade code.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-04-19 16:28:25 +01:00
Rodrigo Balerdi
de4b65a793 base-files: clean up ubinized sysupgrade code
Remove redundant check from nand ubinized sysupgrade code. This check
has already been done in the only caller of the affected function:
nand_do_upgrade.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-04-19 16:28:25 +01:00
Rodrigo Balerdi
264d948302 base-files: clean up nand tar sysupgrade code
Prepares code for ubirename-based safe sysupgrade implementation.

Fixes several issues:
- the special CI_KERNPART value "none" is ignored if an MTD partition
  named "none" exists
- misleading variable names (such as has_kernel to mean "tar has kernel
  and it should not be written to an MTD partition but a UBI volume")
- inconsistent treatment of zero-length tar member files
- inconsistent meaning of "0" and "" variable values
- redundant operations (unneeded untaring, repeated untaring, unneeded
  partition lookups)
- inconsistent variable quoting

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-04-19 16:28:25 +01:00
Rodrigo Balerdi
ecbcc0b595 base-files: safer sysupgrade.tar for kernel-out-of-UBI
Ensure that the kernel CRC is invalidated while rootfs is being updated.
This allows the bootloader to detect an interrupted sysupgrade and fall
back to an alternate booting method, such as TFTP, instead of just going
ahead with normal boot and effectively bricking the device.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-04-19 16:28:25 +01:00
Rodrigo Balerdi
073dc450b5 base-files: safer sysupgrade for kernel-in-UBI devices
Ensure that the kernel CRC is invalidated while rootfs is being updated.
This allows the bootloader to detect an interrupted sysupgrade and fall
back to an alternate booting method, instead of just going ahead with
normal boot and effectively bricking the device.

Possible fallbacks include a recovery initramfs partition or UBI volume
and TFTP. See here for an example U-Boot configuration with fallbacks:
https://shorturl.at/befsA (https://github.com/Lanchon/openwrt-tr4400-v2/
blob/e7d707d6bd7839fbd0b8d0bd180fce451df77e47/install-recovery.sh#L52-L63)

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-04-19 16:28:25 +01:00
Rodrigo Balerdi
1e191adb20 base-files: fix nand sysupgrade comments
Erroneous comments possibly applied to an earlier code revision.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-04-19 16:28:25 +01:00
Rodrigo Balerdi
e3238a486f base-files: improve sysupgrade ubiblock handling
Only remove ubiblock devices required for nand sysupgrade.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-04-19 16:28:25 +01:00
Rodrigo Balerdi
f5ed603d0c base-files: emit diagnostics on sysupgrade abort
Emit diagnostics if nand sysupgrade is aborted because UBI partition
cannot be attached. Also avoid redudndant checks.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-04-19 16:28:25 +01:00
Daniel Golle
0dbca1b2ba
base-files: more robust sysupgrade on NAND
Make sure sysupgrade on NAND also works in case of UBI volumes having
index >9. While at it, also make sure UBI device is detected and abort
in case it isn't. Use Shell built-in shorthand ':' instead of 'true'.

Fixes #9708
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-04-13 19:50:45 +01:00
Brian Norris
17b05045bd ipq40xx: Support Chromium OS image-type creation
See firmware-utils.git commits [1], which implemented the cros-vbutil
verified-boot payload-packing tool, and extended ptgen for the CrOS
kernel partition type. With these, it's now possible to package kernel +
rootfs to make disk images that can boot a Chrome OS-based system (e.g.,
Chromebooks, or even a few AP models).

Regarding PARTUUID= changes: Chromium bootloaders work well with a
partition number offset (i.e., relative to the kernel partition), so
we'll be using a slightly different root UUID line.

NB: I've made this support specific to ip40xx for now, because I only
plan to support an IPQ4019-based AP that uses a Chromium-based
bootloader, but this image format can be used for essentially any
Chromebook, as well as the Google OnHub, a prior Chromium-based AP using
an IPQ8064 chipset.

[1]
ptgen: add Chromium OS kernel partition support
https://git.openwrt.org/?p=project/firmware-utils.git;a=commit;h=6c95945b5de973026dc6f52eb088d0943efa96bb

cros-vbutil: add Chrome OS vboot kernel-signing utility
https://git.openwrt.org/?p=project/firmware-utils.git;a=commit;h=8e7274e02fdc6f2cb61b415d6e5b2e1c7e977aa1

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
2022-03-25 18:14:13 +01:00
Florian Eckert
09c41ea679 base-files: add wrapper for procd service list command
A service managed by procd does have a json object with usefull information.
This information could by dumped with the following command.

ubus call service list "{ 'verbose':true, 'name': '<service-name>)'". }"

This line is long and complicated to enter. This commit adds a wrapper
call to the procd service section tool to simplify the input and get the
output faster.

We could now enter the command /etc/initd/<service> info to get the info
faster.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-03-19 16:13:58 +01:00
Florian Eckert
b9017384ca procd: move service command to procd
The service command belongs to the procd and does not belong in the
shinit. In the course of the move, the script was also checked with
shellcheck and cleaned up.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-03-19 16:13:58 +01:00
Brian Norris
e8a0c55909 base-files: Align rootfs_data upgrades to 64KiB on eMMC
Rootfs overlays get created at a ROOTDEV_OVERLAY_ALIGN (64KiB)
alignment after the rootfs, but emmc_do_upgrade() is assuming
it comes at the very next 512-byte sector.

Suggested-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
(move spaces around, mention fstools' libtoolfs)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-03-16 17:50:06 +01:00
Rafał Miłecki
9851d4b6ce base-files: call "sync" after initial setup
OpenWrt uses a lot of (b)ash scripts for initial setup. This isn't the
best solution as they almost never consider syncing files / data. Still
this is what we have and we need to try living with it.

Without proper syncing OpenWrt can easily get into an inconsistent state
on power cut. It's because:
1. Actual (flash) inode and data writes are not synchronized
2. Data writeback can take up to 30 seconds (dirty_expire_centisecs)
3. ubifs adds extra 5 seconds (dirty_writeback_centisecs) "delay"

Some possible cases (examples) for new files:
1. Power cut during 5 seconds after write() can result in all data loss
2. Power cut happening between 5 and 35 seconds after write() can result
   in empty file (inode flushed after 5 seconds, data flush queued)

Above affects e.g. uci-defaults. After executing some migration script
it may get deleted (whited out) without generated data getting actually
written. Power cut will result in missing data and deleted file.

There are three ways of dealing with that:
1. Rewriting all user-space init to proper C with syncs
2. Trying bash hacks (like creating tmp files & moving them)
3. Adding sync and hoping for no power cut during critical section

This change introduces the last solution that is the simplest. It
reduces time during which things may go wrong from ~35 seconds to
probably less than a second. Of course it applies only to IO operations
performed before /etc/init.d/boot . It's probably the stage when the
most new files get created.

All later changes are usually done using smarter C apps (e.g. busybox or
uci) that creates tmp files and uses rename() that is expected to be
atomic.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2022-03-12 11:13:54 +00:00
Rucke Teg
e040d31177 base-file: remove password aging feature form /etc/shadow
In the default shadow file, as visible in the failsafe mode, the user
root has value of `0` set in  the 3rd field, the date of last password
change. This setting means that the password needs to be changed the
next time the user will log in the system. `dropbear` server is ignoring
this setting but `openssh-server` tries to enforce it and fails in the
failsafe mode because the rootfs is R/O.

Disable the password aging feature for user root by setting the 3rd
filed empty.

Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
2022-02-24 18:10:30 +01:00
Daniel Golle
2baded9ecc
base-files: make sure tools are present in sysupgrade ramdisk
Not all targets create /var/lock or touch /var/lock/fw_printenv.lock in
their platform.sh. This is problematic as fw_printenv then fails in
case /var/lock/fw_printenv.lock has not been created by previous calls
to fw_printenv/fw_setenv before sysupgrade is run.

Targets using fw_printenv/fw_setenv during sysupgrade:
 * ath79/*
 * ipq40xx/*
 * ipq806x/*
 * kirkwood/*
 * layerscape/*
 * mediatek/mt7622
 * mvebu/*
 * ramips/*
 * realtek/*

Targets currently using additional steps in /lib/upgrade/platform.sh
to make sure /var/lock/fw_printenv.lock (or at least /var/lock)
actually exists:
 * ath79/* (openmesh devices)
 * ipq40xx/* (linksys devices)
 * ipq806x/* (linksys devices)
 * kirkwood/* (linksys devices)
 * layerscape/*
 * mvebu/cortexa9 (linksys devices)

Given that accessing the U-Boot environment during sysupgrade is not
uncommon and the situation across targets is currently quite diverse,
just make sure both tools as well fw_env.config are always copied to
the ramdisk used for sysupgrade. Also make sure /var/lock always
exists.

This now allows to remove copying of fw_printenv/fw_setenv as well as
fw_env.config, creation of /var/lock or even /var/lock/fw_printenv.lock
from lib/upgrade/platform.sh or files included there.

As the same applies also to 'fwtool' which is used by generic eMMC
sysupgrade, also always copy that to ramdisk.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-22 19:16:03 +00:00
Alexey Smirnov
66071729a2 base-files: add support for heartbeat led trigger
This patch adds support for creation heartbeat led trigger with,
for example, this command:

	ucidef_set_led_heartbeat "..." "..." "..."

from /etc/board.d/01_leds.

Signed-off-by: Alexey Smirnov <s.alexey@gmail.com>
2022-02-19 13:10:01 +01:00
Daniel Golle
397de50089
base-files: Make sure rootfs_data_max is considered
For sysupgrade on NAND/UBI devices there is the U-Boot environment
variable rootfs_data_max which can be used to limit the size of the
rootfs_data volume created on sysupgrade.
This stopped working reliable with recent kernels, probably due to a
race condition when reading the number of free erase blocks from sysfs
just after removing a volume.
Change the script to just try creating rootfs_data with the desired
size and retry with maximum size in case that fails. Hence calculating
the available size in the script can be dropped which works around the
problem.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-17 15:15:42 +00:00
Rosen Penev
7994461a5a base-files: replace fgrep with grep -F
fgrep is deprecated and replaced by grep -F. The latter is used
throughout the tree whereas this is the only usage of the former.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-02-06 23:09:15 +01:00
Javier Marcet
018ada5403 base-files: upgrade: fix efi partitions size calculation
We were missing (not using) the last sector of each partition,
compared with the output of gparted.

Signed-off-by: Javier Marcet <javier@marcet.info>
[moved the dot]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-12-27 13:51:41 +01:00
Florian Eckert
dd681838d3 base-files: fix service_running check
The following command checks if a instance of a service is running.
/etc/init.d/<service> running <instance>

 In the variable `$@`, which is passed to the function
`service_running`, the first argument is always the `instance` which
should be checked. Because all other variables where removed from `$@`
with `shift`.

Before this change the first argument of `$@` was set to the `$service`
Variable. So the function does not work as expected. The `$service`
variable was always the instance which should be checked. This is not
what we want.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Reviewed-by: Sungbo Eo <mans0n@gorani.run>
2021-12-04 09:39:11 +09:00
Enrico Mioso
57c1f3f9c5
base-files: add eMMC sysupgrade support
Adds generic support for sysupgrading on eMMC-based devices.

Provide function emmc_do_upgrade and emmc_copy_config to be used in
/lib/upgrade/platform.sh instead of redundantly implementing the same
logic over and over again.
Similar to generic sysupgrade on NAND, use environment variables
CI_KERNPART, CI_ROOTPART and newly introduce CI_DATAPART to indicate
GPT partition names to be used. On devices with more than one MMC
block device, CI_ROOTDEV can be used to specify the MMC device for
partition name lookups.

Also allow to select block devices directly using EMMC_KERN_DEV,
EMMC_ROOT_DEV and EMMC_DATA_DEV, as using GPT partition names is not
always an option (e.g. when forced to use MBR).

To easily handle writing kernel and rootfs make use of sysupgrade.tar
format convention which is also already used for generic NAND support.

Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
CC: Li Zhang <li.zhang@gl-inet.com>
CC: TruongSinh Tran-Nguyen <i@truongsinh.pro>
2021-12-02 20:42:58 +00:00
Robert Marko
f2c4064ecb base-files: dont always create kernel UBI volume
Currently nand_upgrade_tar() will pass the kernel length
to nand_upgrade_prepare_ubi() in all cases except for when
the kernel is to be installed in a separate partition as a
binary with the MTD tool.

While this is fine for almost all cases newer MikroTik NAND
devices like hAP ac3 require the kernel to be installed as a
UBIFS packed UBI volume in its own partition.

So, since we have a custom recipe to use ubiformat to flash
the kernel in its partition it makes no sense for sysupgrade
to also install the kernel as a UBI volume in the "ubi"
partition as it only wastes space and will never be used.

So, simply check whether CI_KERNPART is set to "none" and
if so unset the "has_kernel" variable which will in turn
prevent the kernel length from being passed on and then
the kernel UBI volume wont be created for no usefull purpose.

The ath79 MikroTik NAND target has been setting CI_KERNPART
to "none" for a while now altough that was not preventing
the kernel to be installed as UBI volume as well.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2021-11-28 17:17:22 +01:00
Daniel Golle
4d3303b1bd
base-files: stage2: improve /proc/*/stat parser
Simply reading /proc/*/stat as a space-separated string will not work
as the process name may itself contain spaces. Hence we must match on
the '(' and ')' characters around the process name and can then handle
the remaining string as space-separated values.
This fixes shell error messages which have been popping up the console
due to spaces in process names being interpreted as field separators.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-13 18:36:52 +00:00
Daniel Golle
73657dfbdd
base-files: drop get_partition_by_name shell function
find_mmc_part provides a better alternative and all users of
get_partition_by_name have been removed.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-01 18:01:02 +00:00
Daniel Golle
9f223a20bd
base-files: allow specifiying rootdev for find_mmc_part
Some devices got more than one mmc device.
Allow specifying the root device as 2nd parameter of find_mmc_part so
scripts can avoid matching irrelevant partitions on wrong mmc device.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-01 18:00:42 +00:00
Davide Fioravanti
6e13794344 base-files: add minimal mmc support
Added minimal mmc support for helper functions:

 - find_mmc_part: Look for a given partition name. Returns the
	coresponding partition path
 - caldata_extract_mmc: Look for a given partition name and then
	extracts the calibration data
 - mmc_get_mac_binary: Returns the mac address from a given partition
	name and offset

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
Signed-off-by: Robert Marko <robimarko@gmail.com>
[replace dd with caldata_dd, moved sysupgrade mmc to orbi]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-11-01 00:56:51 +01:00
Daniel Golle
b2aca61360
base-files, metadata: support additional group membership
Some packages may require additional group membership for the system
user added by that package. Allow defining additional groups as third
member of the ':'-separated tuple, allowing to specify multiple
','-separated groups with optional GID.

Example:
USERID:=foouser=1000:foogroup=1000:addg1=1001,addg2=1002,addg3

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-10-28 16:27:21 +01:00