Move /var/run/ubus.sock to /var/run/ubus/ubus.sock in preparation for
having ubusd run as non-root user.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Unify capability handling to only use OCI spec parsers even for ujail
slim containers which previously supposedly used their own format.
80c9516 cgroups: restrict allowed keys in 'unified' section
5ade567 cgroups: memory controller fixes
3121467 early: run ubusd non-root as user ubus, group ubus
12a5b97 jail: adapt to new ubus socket path
788d144 instance: actually wire up capabilities filename
ebc5a7f jail: nuke old capabilities code in favour of reusing OCI code
6c5233a jail: capabilities: apply in two phases
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ntpd in packages feed had already a user 'ntp' with UID 123 declared.
Rename the username of busybox-ntpd to be 'ntp' instead of 'ntpd' so
it doesn't clash.
Reported-by: Etienne Champetier <champetier.etienne@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Define wildcard patterns for filtering in target/linux/generic/config-filter
Preparation for supporting newer kernels
Signed-off-by: Felix Fietkau <nbd@nbd.name>
MikroTik recently changed again the way they store wlan calibration data
on devices. Prior to this change, ERD calibration data for all available
radios was stored within a single identifier node ("tag" in RouterBoot
parlance).
Recent devices have been seen with calibration (and BDF) data stored in
separate identifiers within LZOR packing for each radio: this patch
addresses this by:
1) ensuring that both variants are properly supported,
2) preserving backward compatibility with existing data consumers,
3) allowing for more than 2 calibration blobs to be exposed via sysfs.
Specifically, before this patch, the driver would provide a single sysfs
file named /sys/firmware/mikrotik/hard_config/wlan_data that contained
whatever calibration data found on the device's flash. After this patch,
when executed on a device that uses the old style storage, this behavior
is unchanged, but when executed on a device that uses new style storage
(for either traditional "ERD" packing or "LZOR" packing), the driver
replaces that single file with a folder containing one or more files
each containing the data encoded within individual identifiers.
As far as OpenWRT is concerned, this means that for devices which are
known to exist with both styles of data storage, a suitable hotplug stub
could look like this for e.g. the second radio:
wdata="/sys/firmware/mikrotik/hard_config/wlan_data"
( [ -f "$wdata" ] && caldata_sysfsload_from_file "$wdata" 0x8000 0x2f20 ) || \
( [ -d "$wdata" ] && caldata_sysfsload_from_file "$wdata/data_2" 0x0 0x2f20 )
This patch has been tested with LZOR old and new style packing on ipq4019,
and with old style on ath79.
Tested-by: John Thomson <git@johnthomson.fastmail.com.au>
Tested-by: Шебанов Алексей <admin@ublaze.ru>
Tested-by: Alen Opačić <subixonfire@gmail.com>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Tested-by: Robert Marko <robimarko@gmail.com>
Backport upstream commits that sync the local kernel header
copies in this library, with up to date copies. These updated
headers ensure that libnetfilter-log users can use current
kernel functionality such as requesting that conntrack
information be appended to nflog events sent to userspace via
the NFULNL_CFG_F_CONNTRACK flag. This functionality has been
available since kernel version 4.4
Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
Running the updated checkpatch version with spelling.txt show that
spelling mistakes happen to everyone.
> /target/linux$ fd .*.patch | xargs ../../scripts/checkpatch.pl | rg spell
WARNING: 'usefull' may be misspelled - perhaps 'useful'?
WARNING: 'afecting' may be misspelled - perhaps 'affecting'?
WARNING: 'usefull' may be misspelled - perhaps 'useful'?
WARNING: 'afecting' may be misspelled - perhaps 'affecting'?
WARNING: 'begining' may be misspelled - perhaps 'beginning'?
WARNING: 'superflous' may be misspelled - perhaps 'superfluous'?
WARNING: 'multipe' may be misspelled - perhaps 'multiple'?
WARNING: 'recieves' may be misspelled - perhaps 'receives'?
WARNING: 'retreive' may be misspelled - perhaps 'retrieve'?
WARNING: 'tranfer' may be misspelled - perhaps 'transfer'?
WARNING: 'additonal' may be misspelled - perhaps 'additional'?
WARNING: 'accomodate' may be misspelled - perhaps 'accommodate'?
[...]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Remove checks for device tree documentation as the OpenWrt tree comes
withouth the ./Documentation folder.
Signed-off-by: Paul Spooren <mail@aparcar.org>
CONFIG_EFI_VARS has been disabled in
64bit x86 target in 2018 by the following commit
b0a51dab8c
the same reasons apply to Generic target, so
now it's disabled here too.
Leaving it enabled is also blocking compile as
a new symbol was added
EFI_CUSTOM_SSDT_OVERLAYS
that depends from CONFIG_EFI_VARS
and the build system stops and waits for
user input on what to do about it.
The Legacy and Geode targets never
had any EFI_xxx configs enabled so they
don't have this issue
Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
Checkpatch grown in functionallity and we should make use of that. If
OpenWrt patches should be upstream material they should also be checked
based on upstream checkpatch.pl instead of 2013.
Signed-off-by: Paul Spooren <mail@aparcar.org>
this patch fixes/improves follows:
- PATTERN_LEN is defined as a macro but unused
- redundant logic in count-up for "ptn"
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
On some systems I see the issue that crond dies after a few days.
Simply letting procd respawn the process is a simple safety-net.
Signed-off-by: Bruno Randolf <br1@einfach.org>
5c36293f06 resolv: Serialize processing in resolv/tst-resolv-txnid-collision
2dfa659a66 resolv: Handle transaction ID collisions in parallel queries (bug 26600)
05c025abca support: Provide a way to clear the RA bit in DNS server responses
f688bcd83d support: Provide a way to reorder responses within the DNS test server
eba0ce6058 Remove __warndecl
5337b2af4b Remove __warn_memset_zero_len [BZ #25399]
c6e794640c aarch64: Add unwind information to _start (bug 26853)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* noise: take lock when removing handshake entry from table
This is a defense in depth patch backported from upstream to account for any
future issues with list node lifecycles.
* netns: check that route_me_harder packets use the right sk
A test for an issue that goes back to before Linux's git history began. I've
fixed this upstream, but it doesn't look possible to put it into the compat
layer, as it's a core networking problem. But we still test for it in the
netns test and warn on broken kernels.
* qemu: drop build support for rhel 8.2
We now test 8.3+.
* compat: SYM_FUNC_{START,END} were backported to 5.4
* qemu: bump default testing version
The real motivation for this version bump: 5.4.76 made a change that broke our
compat layer.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
The original patch from QCA over rode the nf_conntrack_un/register_notifier API, which
will break other modules relying on the API. Reworked the notification APIs to play nice
with others.
Allow configuring ipsets with dedicated config sections:
config ipset
list name 'ss_rules_dst_forward'
list name 'ss_rules6_dst_forward'
list domain 't.me'
list domain 'telegram.org'
instead of current, rather inconvenient syntax:
config dnsmasq
...
list ipset '/t.me/telegram.org/ss_rules_dst_forward,ss_rules6_dst_forward'
Current syntax will still continue to work though.
With this change, a LuCI GUI for DNS ipsets should be easy to implement.
Signed-off-by: Aleksandr Mezin <mezin.alexander@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
Due to the use of LD_LIBRARY_PATH, the programs running in the fakeroot
environment may end up loading bundled SDK libraries using the system
ld.so.
Rework the relocatability patch to avoid meddling with LD_LIBRARY_PATH
and construct the paths to faked and libfakeroot.so directly.
Fixes: f93cb5c2c8 ("fakeroot: make fakeroot script relocatable")
Reviewed-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This adds a variant of refpolicy that builds the modular form of the
policy. While this requires more memory on the target device, along with
some tricks to deal with OpenWrt's volatile /var directory, it is useful
for experiementing with SELinux policy.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Without an absolute path to staging_dir/host/bin/sstrip the Makefile
tries to run a host installed version of sstrip, which is likely not
available.
Signed-off-by: Paul Spooren <mail@aparcar.org>
mkhash currently returns the hash of an empty input when trying to hash
a folder. This can be missleading in caseswhere e.g. an env variable is
undefined which should contain a filename. `mkhash ./path/to/$FILE`
would exit with code 0 and return a legit looking checksum.
A better behaviour would be to fail with exit code 1, which imitates the
behaviour of `md5sum` and `sha256sum`.
To avoid hashing of folders the `stat()` is checked.
Hashing empty inputs result in the following checksums:
md5: d41d8cd98f00b204e9800998ecf8427e
sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Signed-off-by: Paul Spooren <mail@aparcar.org>
If hashing a file fails mkhash shouldn't just silently fail. Now check
after each call of `hash_file()` the return and exit early in case of
errors. The return value which was previously ignored and would always
return 0.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The -n option prints the filename of hashed files next to the calculated
checksum. Reflect that in the usage message.
user@dawn:~/src/openwrt/openwrt$ ./a.out md5 -n .config
eb06db36e7b6751cb18801945e46bf5d .config
Signed-off-by: Paul Spooren <mail@aparcar.org>
The D-Link DIR-645 currently uses an incorrect logic level for its
buttons.
Correct them in order to prevent unintentional activation of failsafe
mode.
Reported-by: Perry Melange <isprotejesvalkata@gmail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 929e8f0f55)
The order of function and color in the labels in inverted for the
LAN LEDs. Fix it.
Fixes: 915966d861 ("ath79: Port PowerCloud Systems CAP324 support")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 96023cd4ba)
