Now that we know that the password is in /etc/shadow and not in
/etc/passwd, we can properly fix the logic for the empty password check.
Only 'root::' is an empty password, 'root❌' and 'root:!:' allow no
password login at all.
This fixes the empty password warning still showing after the root password
has been locked using 'passwd -l root' (e.g. to allow public-key auth
only).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Local variable declarations outside of functions are illegal since the Busybox
update to v1.25.0, therfore remove them from the appropriate places.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
oneshot trigger configurations for LEDs are created, but the on/off
timing configurations are ignored. generate_config is correctly creating
oneshot configs, but the later led script doesn't recognise the trigger
details.
Fixes: c0c3f2d4c9 leds: support oneshot as well as timer triggers
Signed-off-by: Karl Palsson <karlp@etactica.com>
Instead of board_detect generating the config as a side effect, let
config_generate call board_detect as needed.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
The pi_* variables and the fs_failsafe_wait_timeout variable are set by
the CONFIG_TARGET_PREINIT_* config options. No need to maintain the same
values twice.
All other fs_ variables were never used.
Signed-off-by: Mathias Kresin <dev@kresin.me>
/etc/init.d/boot tried to create /dev/root based on the kernel's
cmdline which won't work on any recent targets. Remove that code now
that fstools can detect the mounted rootfs based on
/proc/self/mountinfo and /dev/root was long gone anyway.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Network drivers typically allocate memory in atomic context. For that to
be reliable, there needs to be enough free memory. Set the value
heuristically based on the total amount of system RAM.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Previous implementation was blocking the init and
breaking halt/reboot/sysupgrade (reported by Daniel Golle)
v2: use procd logging, use set -e + trap for error handling
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Tested-by: Daniel Golle <daniel@makrotopia.org>
This commit:
1) seed /dev/urandom with the saved seeds as early as possible
(see /lib/preinit/81_urandom_seed)
2) save a seed at /etc/urandom.seed if it doesn't exists
3) save a new seed each boot at "system.@system[0].urandom_seed"
(see /etc/init.d/urandom_seed)
We use getrandom() so we are sure /dev/urandom pool is initialized
Seed size is 512 bytes (ie /proc/sys/kernel/random/poolsize / 8)
it's the same size as in ubuntu 14.04 and all systemd systems
Seeding /dev/urandom doesn't change entropy estimation, so we still have
"random: ubus urandom read with 4 bits of entropy available"
messages in the logs, but we can now ignore them if
after "urandom-seed: Seeding with ..." message
Saving a new seed on each boot is disabled by default to avoid too much
writes without user consent
v2: log preinit messages to /dev/kmsg
v3: use non generic function name for logging, as /lib/preinit/ files
are all sourced together in /etc/preinit
v4: after a lot of discussion on the ML, use a uci config param
v5: config param is now the path of the seed
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
dnsmasq's dnssec time checking method now uses a ntp hotplug mechanism,
therefore dnsmasq.time is redudant and no longer needs to be explicitly
excluded from sysfixtime.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
/etc/os-release is the standard distribution release information
file, therefore add it (and image configuration options for
fields not previously present in LEDE). Once it is deemed
reasonable the non-standard openwrt_release, openwrt_version,
and device_info files could be removed (that is with this patch
we consider them deprecated in favour of the standard file).
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
Record the state of any hardware LED configured through UCI and use that
information to revert the state when applying updated settings while
maintaining default behaviour of system LEDs.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The board_detect framework is now able to create the entire system config from
scratch so we can finally drop the copy shipped by base-files.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Attempt to reset all LED states before applying the UCI configuration to
avoid leaving disabled LEDs behind in lingering glowing state, e.g. when
changing the sysfs entry in the config from one hardware LED to another.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Centralize setting all version information in include/version.mk
* Set RELEASE env variable in include/version.mk instead of toplevel.mk.
Stop exporting the variable.
* Remove hardcoded release name from /etc/banner
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Typo, missing space before ] in previous commit caused shell syntax
failure and incorrect restoration of time.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
dnsmasq maintains dnsmasq.time across reboots and uses it as a means of
determining if current time is good enough to validate dnssec time
stamps. By including /etc/dnsmasq.time as a time source for sysfixtime,
the mechanism was effectively defeated because time was set to the
last time that dnsmasq considered current even though that time is in
the past. Since that time is out of date, dns(sec) resolution would
fail thus defeating any ntp based mechanisms for setting the clock
correctly.
In theory the process is defeated by any files in /etc that are newer
than /etc/dnsmasq.time however dnsmasq now updates the file's timestamp
on process TERM so hopefully /etc/dnsmasq.time is the latest file
timestamp in /etc as part of LEDE shutdown/reboot.
Either way, including /etc/dnsmasq.time as a time source for
sysfixtime is not helpful.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
dnsmasq maintains dnsmasq.time across reboots and uses it as a means of
determining if current time is good enough to validate dnssec time
stamps. By including /etc/dnsmasq.time as a time source for sysfixtime,
the mechanism was effectively defeated because time was set to the
last time that dnsmasq considered current even though that time is in
the past. Since that time is out of date, dns(sec) resolution would
fail thus defeating any ntp based mechanisms for setting the clock
correctly.
In theory the process is defeated by any files in /etc that are newer
than /etc/dnsmasq.time however dnsmasq now updates the file's timestamp
on process TERM so hopefully /etc/dnsmasq.time is the latest file
timestamp in /etc as part of LEDE shutdown/reboot.
Either way, including /etc/dnsmasq.time as a time source for
sysfixtime is not helpful.
- Update the terminal window title with the current directory and hostname, if using an xterm-compatible terminal emulator.
- Add ll, an useful alias to ls.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
Remove the public unatteded buildkey from the opkg package to avoid
having hardcoded keys in tree. Use the external keyring package instead
which can be easily updated by users.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This patch adds extra parameter to switch LED trigger initialization
functions. New functionality maintains backward compatibility, so
calling functions without setting new speed_mask parameter works
as expected.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
SVN-Revision: 48776
On systems that have an RTC prefer it to the file-based time fixup (i.e.
use hwclock when there is a permanent clock instead of the faked up time
logic that is needed when there is not RTC).
We can't rely on hctosys kernel feature either as we're usually using
RTC as kernel modules which are usually being loaded after hctosys was
run, leading in the following error:
hctosys: unable to open rtc device (rtc0)
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
SVN-Revision: 48661
LEDs which are controlled by a PWM need to use the supplied
max_brightness instead. Otherwise they might appear to be
very dim / broken.
Signed-off-by: Chris R Blake <chrisrblake93@gmail.com>
SVN-Revision: 47854
since r45833 and r45848 the overlayfs is automatically mounted read-only
(and blocks remounts as r/w) when JFFS2 is full. see ticket #19564
because of this normal file deletion is not possible anymore.
if a user logins interactively (e.g. SSH) show a hint for this,
that files must be removed in /overlay/upper/...
v2: fix subject line
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 47623
FHS mandates presence of /var/tmp on compliant systems.
The lack of /var/tmp was discovered when using MIT Kerberos libraries
which default to that location for storing credentials cache.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
SVN-Revision: 47219
This URL can be embedded e.g. within UPnP announcements where a link
to the manufacturer's homepage is desired.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 47135
OpenWrt should support an optional /etc/profile.d directory like
most other Linux distributions. This allows packages to install
their own scripts into /etc/profile.d/ directory.
The file suffix should make clear, that these scripts
are (sourced) shell-snippets. If the user needs e.g. php or lua,
one must make sure that the interpreter is called.
The reverse failsafe test makes sure, that the effective returncode is 0.
A typcal usecase is the inclusion of private helpers,
special variables or aliases, which at the moment needs
patching the sourcecode and is not well maintainable.
Now the builder can simply add there files.
v1 initial work of Hendrik Lüth <hendrik@linux-nerds.de>
v2 changes regarding RFC (e.g. thomas.langer@lantiq.com)
v3 changes regarding RFC (e.g. mschiffer@universe-factory.net)
v4 keep it simple and mimic OpenWrt style
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 46965
Move the pattern setting from netifd's service script to
/etc/sysctl.conf. Put the timestamp component '%t' just after
executable name '%e' for more natural order from output of ls command.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 46867
With this change we let user know 5 seconds have passed and reset button
can be released (to trigger factory reset)
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 46650
We need a+x rights on the path to the root of the jails
so we can use users other than root (like nobody)
This partly fixes jailed dnsmasq
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
SVN-Revision: 46466
Internal GPIO pins are used for PoE passthrough setups in multi-port
routers. This patch implemnets control over this hardware feature for
Ubiquiti Nanostations and TP-Link CPE510.
Signed-off-by: Lars Kruse <lists@sumpfralle.de>
SVN-Revision: 46271
This changes makes it possible to store custom settings
in individual files inside the directory /etc/sysctl.d/.
Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>
SVN-Revision: 46239
Depending on configuration, disable the LED before writing the trigger
and enable it after writing it. Fixes LEDs where the value defaults to 1
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 45463
Use xattr to store the filesystem initialization state of the overlay.
As long as the filesystem is not marked as initialized yet (happens in
/etc/init.d/done), all overlay data (except for sysupgrade.tgz) will be
discarded before the system is allowed to boot
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 44942
[base-files] failsafe-mode: print short help on commandline
Like mentioned in ticket https://dev.openwrt.org/ticket/11911
this should make the IRC much quieter. Failsafe is somehow
special and even experienced users are helpless, because they
are not used to this seldom situation. Also: likely you have
no internet access in this mode, so you cannot use the wiki.
a failsafe-session now looks like this:
first we see from 'package/base-files/files/bin/login.sh' the hint:
=== IMPORTANT ============================
Use 'passwd' to set your login password
this will disable telnet and enable SSH
------------------------------------------
after this the /etc/banner ("OpenWrt - wireless freedom")
and then the new text:
================= FAILSAFE MODE active ================
special commands:
* firstboot reset settings to factory defaults
* mount_root mount root-partition with config files
after mount_root:
* passwd change root's password
* /etc/config directory with config files
for more help see:
http://wiki.openwrt.org/doc/howto/generic.failsafe
=======================================================
this supersedes the old patches:
http://patchwork.openwrt.org/patch/3337/http://patchwork.openwrt.org/patch/3553/
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 42985
This allows IPv6 to set up without IPv4 being up thus
IPv6-only or IPv6+DS-Lite working with the default config.
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42848
During boot, a not found message is displayed for systems which do
not have uci 'network.globals.ula_prefix' defined in
/etc/config/network. The error message itself is not used and can
be ignored.
Signed-off-by: Michel Stam <m.stam@fugro.nl>
SVN-Revision: 42755
somebody started to set a function returncode in the validation
stuff and everybody copies it, e.g.
myfunction()
{
fire_command
return $?
}
a function automatically returns with the last returncode,
so we can safely remove the command 'return $?'. reference:
http://tldp.org/LDP/abs/html/exit-status.html
"The last command executed in the function or script determines the exit status."
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 42278
this allows targets to use the new uci-default helper which will generate
a file called /etc/board.json. a tool called /bin/config_generate can then
be used to generate the default uci settings.
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 42185
Make sure they don't break the sed command, and also make device_info
and openwrt_release more robust for parsing by scripts
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 41885
Creates /etc/device_info which will be used to fill in information for
WPS and other protocols that need manufacturer/device information
This helps with creating OpenWrt firmware for OEM or rebranded devices.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 41884
Seems like the reverse order relies on GNU specific getopt hackery which
musl does not replicate
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 41045
Since svn rev [38557] we support power buttons, for example
the ACPI power button on x86 machines.
Add a simple shutdown script to /etc/rc.button, to gracefully shutdown
the machine after the power button is pressed.
Tested on x86 and x86_64 in a kvm virtual machine.
Signed-off-by: Stefan Hellermann <stefan@the2masters.de>
SVN-Revision: 40909
Before this patch, doing `/e/c/network restart' will emit the folloing
error by `ubus network.wireless down "{}"' because netifd already quit
by that time.
Command failed: not found
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 40906
It was introduced in commit 2f966e8, "base-files: add a post start hook
for procd managed services".
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 40576
Simply scan for the most recent file in /etc and set
system time to this file modification time if it's in the future
It allow some time dependent program to work immediatly
without waiting for ntpd to sync
v1: v2: bad approach
v3: simply scan /etc, thanks to Bastian Bittorf for the idea
v4: use sort -n, thanks to Catalin Patulea
v5: use [] instead of [[]], thanks to Andreas Mohr
v6: use openwrt style, thanks to Bastian Bittorf
Signed-off-by: Etienne CHAMPETIER <etienne.champetier@free.fr>
SVN-Revision: 39422