da9746a libopkg: clean up handling of unresolved dependencies
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
The previous fix of a fix caused yet another problem leading to
`opkg show-upgradable` ending up in an infinite loop.
Fix that.
Fixes: 4a2b1ff7fb ("opkg: fix dependency resolution")
Reported-by: Huangbin Zhan <zhanhb88@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The previous commit broke opkg in a way that it would no longer
include dependencies when installing a package, effectively leading
to broken images and unusable systems.
Fix that by making sure dependencies are still going to be checked.
Also reduce size of struct abstract_pkg as suggested by @jow- while at
it.
Fixes: 1445d333aa ("opkg: bump to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
I've forget to update PKG_MIRROR_HASH in my previous package version
bump.
Fixes: 095cc2b745 ("uci: update to version 2020-10-06")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
52bbc99f69ea Replace malloc() + memset() with calloc()
3fbd6c923434 ucimap: Check return of malloc()
eae126f66663 file: Check buffer size after strtok()
7f574273180a file: use size_t for position and pointer
19770b6949b9 file: use dynamic memory allocation for tempfile name
aa46546794ac file: uci_file_commit: fix memory leak
671c7554bfde uci: silence UBSAN error by using offsetof macro from compiler
ea5bbd57d0e1 tests: cram: add uci import testing on fuzzer corpus
31f78bfbf75f cmake: add uci-san cli built with clang sanitizers
a3e650911f5e file: uci_parse_package: fix heap use after free
9bd361ca3236 tests: add libFuzzer based fuzzing
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Unify capability handling to only use OCI spec parsers even for ujail
slim containers which previously supposedly used their own format.
80c9516 cgroups: restrict allowed keys in 'unified' section
5ade567 cgroups: memory controller fixes
3121467 early: run ubusd non-root as user ubus, group ubus
12a5b97 jail: adapt to new ubus socket path
788d144 instance: actually wire up capabilities filename
ebc5a7f jail: nuke old capabilities code in favour of reusing OCI code
6c5233a jail: capabilities: apply in two phases
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Move /var/run/ubus.sock to /var/run/ubus/ubus.sock in preparation for
having ubusd run as non-root user.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
8e0f29a mount: remove support for legacy overlayfs before v2.3
0f8a443 mount: fix log format string and indentation
46a56d3 overlay: use precompiler macros for reoccuring path names
f25ab8a mount: apply SELinux labels before overlayfs mount
Total ipk size change (ipq40xx): +120b
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Directly set path via MAKE vars instead of defning TESTTOOLS. This way
setfiles, which is required by the ImageBuilder, ends up in /host/bin
while checkpolicy can stay in hostpkg/bin.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The required BusyBox applets are enabled by default, so we can rely on them
being present in the system. This way, we make sure there are no conflicts
with less featured variants of these same applets which might also be
present in the system.
Fixes: 0bd7dfa3ed ("zram-swap: enable swap discard")
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[wrap commit description]
Signed-off-by: David Bauer <mail@david-bauer.net>
On devices with small amounts of RAM, zram-swap fails to initialise due to the
default compression algorithm (lzo-rle). Startup example on an AirGrid M2, with
32 MiB of RAM:
root@airgrid:/etc/config# /etc/init.d/zram start
zram_start: activating '/dev/zram0' for swapping (13 MegaBytes)
zram_reset: enforcing defaults via /sys/block/zram0/reset
sh: write error: Out of memory
mkswap: image is too small
swapon: /dev/zram0: Invalid argument
root@airgrid:/etc/config#
Fix this by defaulting to traditional lzo, which works fine and is always
available.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
The key folder is used by `opkg` and `usign` to store and retrieve
trusted public keys. Using `opkg-key` outside a running device is
unfeasible as the key folder is hard coded to `/etc/opkg/keys`.
This commit adds a variable OPKG_KEYS which defaults to `/etc/opkg/keys`
if unset, however allows set arbitrary key folder locations.
Arbitrary key folder locations are useful to add signature verification
to the ImageBuilders.
Signed-off-by: Paul Spooren <mail@aparcar.org>
4318ab1 opkg: allow to configure the path to the signature verification script
cf44c2f libopkg: fix compiler warning
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 2.20200229, adjust Makefile, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
This target has been mostly replaced by ath79 and won't be included
in the upcoming release anymore. Finally put it to rest.
This also removes all references in packages, tools, etc. as well as
the uboot-ar71xx and vsc73x5-ucode packages.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This commit adds a `selinux` variant to `procd` allowing to load an
SELinux policy at boot.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Bump PKG_RELEASE for the affected packages as replacing "which" by
"command -v" represents a content change.
Fixes: 1fdf6b745c ("treewide: replace `which` with `command -v`")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Fix shellcheck SC2230
> which is non-standard. Use builtin 'command -v' instead.
Using `command -v` is POSIX compliant while `which` is not. Also to
mention, `command -v` is a shell builtin whereas `which` is a separate
busybox applet.
Once applied to everything concerning OpenWrt we can disable the busybox
feature `which` and save 3.8kB.
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Paul Spooren <mail@aparcar.org>
[also replace cases in zram-swap]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This commit adds a patch to procd to support loading the SELinux
policy early at boot time, and adjusts the procd package to use this
SELinux support when libselinux is enabled.
The procd patch has been submitted separately [1]: obviously the
intent is to have it merged in the procd Git repository rather than
have it in OpenWrt itself.
[1] http://lists.infradead.org/pipermail/openwrt-devel/2019-November/025791.html
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, add commit message]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
[split commit into openwrt.git and procd.git]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
47a9f0d service: add method to query available container features
afbaba9 initd: attempt to mount cgroup2
ead60fe jail: use pidns semantics also for timens
759e9f8 jail: make use of BLOBMSG_CAST_INT64 for OCI rlimits
83053b6 instance: add instances into unified cgroup hierarchy
16159bb jail: parse OCI cgroups resources
282ff0c jail: only free cgroups if they were allocated
ab55357 jail: fix freeing cgroups avl
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
47a9f0d service: add method to query available container features
afbaba9 initd: attempt to mount cgroup2
ead60fe jail: use pidns semantics also for timens
759e9f8 jail: make use of BLOBMSG_CAST_INT64 for OCI rlimits
83053b6 instance: add instances into unified cgroup hierarchy
16159bb jail: parse OCI cgroups resources
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
28be011 instance: make sure values are not inherited from previous runs
2ae5cbc uxc: remove debugging left-over
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
c3ca99f jail: serialize hook execution
8ff8970 jail: add some remaining OCI features
9d5fa0a uxc: behave more like a compliant OCI run-time
1274033 uxc: fix create operation
2d811a4 jail: add 'kill' method to container.%s object
08133b8 uxc: use new container.%s kill ubus API
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
48777de rcS: cast format string to int64_t
a4df90f jail: fix wrong format for 32-bit
c482c5d jail: add support for referencing existing namespaces
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Further complete OCI container support in ujail:
f5f305e jail: move /tmp/resolv.conf.d to /dev/resolv.conf.d
6f078ae jail: add support for defining devices
686cf7a jail: actually apply filesystem-specific mount options
f91009a jail: refactor default mounts into new structure
66ae2d9 jail: re-implement /proc/sys/net read-write in netns hack
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
9eddf0f jail: fix hooks
1b1286b jail: parse and apply OCI sysctl values
c049047 jail: implement OCI user additionalGIDs
0e1920c jail: read and apply umask from OCI if defined
1c46cc3 jail: parse and apply POSIX rlimits
76adac5 jail: /proc/$pid/oom_score_adj to OCI defined oomScoreAdj
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
8d5208f jail: fix false return in case of nofail mount
b41f76b procd: fix compile if procd-ujail is not selected
86a5105 jail: fs: fix build on uClibc-ng
bfce7d1 jail: fix some more mount options
268126a jail: add support for maskedPaths and readonlyPaths
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
In the package guidelines, PKG_VERSION is supposed to be used as
"The upstream version number that we're downloading", while
PKG_RELEASE is referred to as "The version of this package Makefile".
Thus, the variables in a strict interpretation provide a clear
distinction between "their" (upstream) version in PKG_VERSION and
"our" (local OpenWrt trunk) version in PKG_RELEASE.
For local (OpenWrt-only) packages, this implies that those will only
need PKG_RELEASE defined, while PKG_VERSION does not apply following
a strict interpretation. While the majority of "our" packages actually
follow that scheme, there are also some that mix both variables or
have one of them defined but keep them at "1".
This is misleading and confusing, which can be observed by the fact
that there typically either one of the variables is never bumped or
the choice of the variable to increase depends on the person doing the
change.
Consequently, this patch aims at clarifying the situation by
consistently using only PKG_RELEASE for "our" packages. To achieve
that, PKG_VERSION is removed there, bumping PKG_RELEASE where
necessary to ensure the resulting package version string is bigger
than before.
During adjustment, one has to make sure that the new resulting composite
package version will not be considered "older" than the previous one.
A useful tool for evaluating that is 'opkg compare-versions'. In
principle, there are the following cases:
1. Sole PKG_VERSION replaced by sole PKG_RELEASE:
In this case, the resulting version string does not change, it's
just the value of the variable put in the file. Consequently, we
do not bump the number in these cases so nobody is tempted to
install the same package again.
2. PKG_VERSION and PKG_RELEASE replaced by sole PKG_RELEASE:
In this case, the resulting version string has been "version-release",
e.g. 1-3 or 1.0-3. For this case, the new PKG_RELEASE will just
need to be higher than the previous PKG_VERSION.
For the cases where PKG_VERSION has always sticked to "1", and
PKG_RELEASE has been incremented, we take the most recent value of
PKG_RELEASE.
Apart from that, a few packages appear to have developed their own
complex versioning scheme, e.g. using x.y.z number for PKG_VERSION
_and_ a PKG_RELEASE (qos-scripts) or using dates for PKG_VERSION
(adb-enablemodem, wwan). I didn't touch these few in this patch.
Cc: Hans Dedecker <dedeckeh@gmail.com>
Cc: Felix Fietkau <nbd@nbd.name>
Cc: Andre Valentin <avalentin@marcant.net>
Cc: Matthias Schiffer <mschiffer@universe-factory.net>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Steven Barth <steven@midlink.org>
Cc: Daniel Golle <dgolle@allnet.de>
Cc: John Crispin <john@phrozen.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Optional instance watchdog timeout and watchdog mode can be set by
adding: procd_set_param $mode $timeout
$mode is an integer [0-1] representing instance watchdog mode of
operation:
0 = disabled
1 = passive mode, client must periodically poke watchdog via ubus
$timeout is an integer representing how often, in seconds, the watchdog must be poked.
Signed-off-by: Daniel Bailey <danielb@meshplusplus.com>
aed7fb3 procd: fix compilation with uClibc-ng
9d0f831 jail: fix segfault with len(uidmap/gidmap) > 1
42a6217 jail: consider PATH for argv in OCI container
83f4b72 jail: actually chdir into OCI defined CWD
fc9f614 jail: parse and run OCI hooks
02eec92 jail: memory allocation fixes
71e75f4 jail: refactor mount support to cover OCI spec
b586e7d jail: don't make mount source read-only
dacab12 uxc: fix 'stop' command
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The block-mount swapon implementation doesn't support discard, so make zram-swap
depend only on the default BusyBox implementation or, when unavailable, on the
one present in the swap-utils package.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
3034eaf jail: use linux/capability.h instead of sys/capability.h
Fixes: b6e440a0f5 ("procd: update to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This replaces deprecated backticks by more versatile $(...) syntax.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[add commit description]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
- update SPDX license identifier
- use https in URL
- use default PKG_BUILD_DIR
Suggested-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Tested-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
00b921d80ac0 Do not print line number in debug messages
96c42c5ed320 Fix length checks in cert_load()
fe06b4b836b3 usign-exec: improve usign -F output handling
19f9e1917e1b usign-exec: return code fixes
077feb5b5824 usign-exec: close writing end of pipe early in parent process
7ec4bb764e1e usign-exec: remove redundant return statements
5a738e549d31 usign-exec: change usign_f_* fingerprint argument to char[17]
112488bbbccc usign-exec: do not close stdin and stderr before exec
38dcb1a6f121 usign-exec: fix exec error handling
a9be4fb17df2 usign-exec: simplify usign execv calls
854d93e2326a Introduce read_file() helper, improve error reporting
afc86f352bf7 Fix return code of write_file()
fdff10852326 stdout/stderr improvements
dddb2aa8124d ci: fix unit test failures by enabling full ucert build
5f206bcfe5c2 ci: enable unit testing
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2e73848 jail: SIGSEGV must not be forwarded to the child process
7e150f6 jail: unnamed jails can not have netns (fix segfault)
1ab539b jail: add option to provide /dev/console to containers
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Program received signal SIGSEGV, Segmentation fault.
main_autofs (argv=<optimized out>, argc=<optimized out>)
at fstools-2020-05-06-eec16e2f/block.c:1193
1193: if (!m->autofs && (mp = find_mount_point(pr->dev))) {
Fixes: c3a43753b9 ("fstools: update to the latest version")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
e2ed964 jail: don't fail unless requirejail is set
17e7ae7 jail: don't load libpreload-seccomp.so if it doesn't exist
Fixesopenwrt/packages#11913
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
84965b92f635 blockd: print symlink error code and string message
62c578c22f9d blockd: report "target" path as "mount" for autofs available mounts
d1f1f2b38fa1 block: remove mount target file if it's a link
830441d790d6 blockd: remove symlink linkpath file if it's a dir or link
c80f7002114f libfstools/mtd: attempt to read from OOB data if empty space is found
Signed-off-by: Felix Fietkau <nbd@nbd.name>
32c717e jail: only mess with rootfs if CLONE_NEWNS was set
b275a62 instance: harmonize instance API
511fd97 jail: make /proc more secure
4953b7c jail: mount /sys read-only
a4d6442 jail: replace /etc/resolv.conf with symlink in extroot+overlay
a4cc165 jail: always mount /dev as additional tmpfs
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2188d81 jail: add support for launching extroot containers
6f3dbd2 jail: add support for userns and cgroupsns
28a06e5 jail: add support for (ram-)overlayfs
Add handling for extroot, overlaydir and tmpoverlaysize as well as
jail flags for userns and cgroupsns to OpenWrt's shell script to
allow their use in init scripts.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Commit 432ec292cc ("rpcd: add respawn param") has introduced infinite
restarting of the service which could be reached over network. This is
not recommended security practice as it might give potential adversary
infinite number of tries in case there might be some issue in the rpcd
or its surrounding stack.
So lets remove the currently bogus `respawn_retry` variable (it wasn't
possible to override it anyway), reverting to the previous default max.
of 5 service restarts which could be now overriden via system's UCI
settings if desired.
Cc: Jo-Philip Wich <jow@mein.io>
Cc: Florian Eckert <fe@dev.tdt.de>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Fixes: 432ec292cc ("rpcd: add respawn param")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
When support for network namespaces was added to procd, adding the
corresponding jail flag in procd.sh was ommitted. Add it now.
Fixes: 97a03a4760 ("procd: update to latest git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
> Avoid reuse of PKG_NAME in call, define and eval lines for consistency and
> readability. Write the full name instead.
Ref: https://openwrt.org/docs/guide-developer/packages
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
> Avoid reuse of PKG_NAME in call, define and eval lines for consistency and
> readability. Write the full name instead.
Ref: https://openwrt.org/docs/guide-developer/packages
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
This change makes the names of Broadcom targets consistent by using
the common notation based on SoC/CPU ID (which is used internally
anyway), bcmXXXX instead of brcmXXXX.
This is even used for target TITLE in make menuconfig already,
only the short target name used brcm so far.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This change makes the names of Broadcom targets consistent by using
the common notation based on SoC/CPU ID (which is used internally
anyway), bcmXXXX instead of brcmXXXX.
This is even used for target TITLE in make menuconfig already,
only the short target name used brcm so far.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Bump procd package to reduce log spam related to missing jail binaries
in a non-jail capable system.
bcb8655 instance: add 'requirejail' attribute
An additional jail attribute 'requirejail' can now be used to indicate
mandatory use of a jailed environment and hence prevent process startup
in the event that the jail subsystem is unavailable.
Procd will now only log errors if jail is unavailable and 1) is a mandatory
requirement or 2) a procd debug level of at least 2 is in use.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
58c12f7 jail: add basic support for network namespaces
ba69639 jail: create resolv.conf symlink for netns jails
81b88b1 jail: more strict mount options for /tmp/resolv.conf.d/
Add new 'netns' flag for procd_add_jail to make ujail setup a new
network namespace for the jailed service.
See previous netifd commit for example configuration for netns jailed
service.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
If zram-backed swap is added after an existing swap, it gets a lower
priority. Assiming that usually all other swaps are slower, there should
be a way to assign a higher priority to zram swap.
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
This activates PIE ASLR support by default when the regular option is
selected.
Size increase on x86/64:
procd Installed-Size: 44931 -> 47362
Signed-off-by: Petr Štetiar <ynezz@true.cz>