[OpenWrt-Devel] [PATCH] wireguard-tools: bump to 1.0.20200319
* netlink: initialize mostly unused field * curve25519: squelch warnings on clang Code quality improvements. * man: fix grammar in wg(8) and wg-quick(8) * man: backlink wg-quick(8) in wg(8) * man: add a warning to the SaveConfig description Man page improvements. We hope to rewrite our man pages in mdocml at some point soon. Signed-off-by: Jason A. Donenfeld --- package/network/utils/wireguard-tools/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/network/utils/wireguard-tools/Makefile b/package/network/utils/wireguard-tools/Makefile index b2b71ce..5493295 100644 --- a/package/network/utils/wireguard-tools/Makefile +++ b/package/network/utils/wireguard-tools/Makefile @@ -11,12 +11,12 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=wireguard-tools -PKG_VERSION:=1.0.20200206 +PKG_VERSION:=1.0.20200319 PKG_RELEASE:=1 PKG_SOURCE:=wireguard-tools-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://git.zx2c4.com/wireguard-tools/snapshot/ -PKG_HASH:=f5207248c6a3c3e3bfc9ab30b91c1897b00802ed861e1f9faaed873366078c64 +PKG_HASH:=757ed31d4d48d5fd7853bfd9bfa6a3a1b53c24a94fe617439948784a2c0ed987 PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING -- 2.25.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] wireguard: bump to 0.0.20200318
WireGuard had a brief professional security audit. The auditors didn't find any vulnerabilities, but they did suggest one defense-in-depth suggestion to protect against potential API misuse down the road, mentioned below. This compat snapshot corresponds with the patches I just pushed to Dave for 5.6-rc7. * curve25519-x86_64: avoid use of r12 This buys us 100 extra cycles, which isn't much, but it winds up being even faster on PaX kernels, which use r12 as a RAP register. * wireguard: queueing: account for skb->protocol==0 This is the defense-in-depth change. We deal with skb->protocol==0 just fine, but the advice to deal explicitly with it seems like a good idea. * receive: remove dead code from default packet type case A default case of a particular switch statement should never be hit, so instead of printing a pretty debug message there, we full-on WARN(), so that we get bug reports. * noise: error out precomputed DH during handshake rather than config All peer keys will now be addable, even if they're low order. However, no handshake messages will be produced successfully. This is a more consistent behavior with other low order keys, where the handshake just won't complete if they're being used anywhere. * send: use normaler alignment formula from upstream We're trying to keep a minimal delta with upstream for the compat backport. Signed-off-by: Jason A. Donenfeld --- package/network/services/wireguard/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/network/services/wireguard/Makefile b/package/network/services/wireguard/Makefile index 231f1f4..4007fa5 100644 --- a/package/network/services/wireguard/Makefile +++ b/package/network/services/wireguard/Makefile @@ -11,12 +11,12 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=wireguard -PKG_VERSION:=0.0.20200215 +PKG_VERSION:=0.0.20200318 PKG_RELEASE:=1 PKG_SOURCE:=wireguard-linux-compat-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://git.zx2c4.com/wireguard-linux-compat/snapshot/ -PKG_HASH:=0def6f3608ec06f6dfc454aa5281a7c38b06ff27096cb341448d20602da4e923 +PKG_HASH:=fa74a8627f731754fbf4ea7d6ae8f571a2cfe8cd4b744a5f165065619cb836a1 PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING -- 2.25.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] busybox: fix build with musl 1.2.0
The SYS_settimeofday is no longer present. That is, it's replaced with the time32 variant. There is no time64 variant. Note that 5a7c064bdbb71bfbcded073c7c0a8723be306009 switched the patch to use the syscall instead of the function as the function expects the timezone argument to be non-null. Signed-off-by: Rosen Penev --- interestingly enough, musl returns clock_settime in the settimeofday function. There's a clock_settime64 syscall. package/utils/busybox/Makefile | 2 +- package/utils/busybox/patches/250-date-k-flag.patch | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefile index 01441d1e87..baf375eb13 100644 --- a/package/utils/busybox/Makefile +++ b/package/utils/busybox/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=busybox PKG_VERSION:=1.31.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_FLAGS:=essential PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 diff --git a/package/utils/busybox/patches/250-date-k-flag.patch b/package/utils/busybox/patches/250-date-k-flag.patch index 5aadbb233c..b80d402387 100644 --- a/package/utils/busybox/patches/250-date-k-flag.patch +++ b/package/utils/busybox/patches/250-date-k-flag.patch @@ -69,7 +69,7 @@ + + /* workaround warp_clock() on first invocation */ + memset(, 0, sizeof(tz)); -+ syscall(SYS_settimeofday, NULL, ); ++ syscall(SYS_settimeofday_time32, NULL, ); + + memset(, 0, sizeof(tz)); +#ifdef __USE_MISC @@ -78,7 +78,7 @@ + tz.tz_minuteswest = -(tm_time.__tm_gmtoff / 60); +#endif + -+ if (syscall(SYS_settimeofday, NULL, )) ++ if (syscall(SYS_settimeofday_time32, NULL, )) + { + bb_perror_msg("can't set kernel time zone"); + return EXIT_FAILURE; -- 2.24.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] netifd: use the 64-bit version of clock_gettime
Fixes compilation with musl 1.2.0 which removes this syscall. Signed-off-by: Rosen Penev --- system-linux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system-linux.c b/system-linux.c index d533be8..902ab50 100644 --- a/system-linux.c +++ b/system-linux.c @@ -2421,7 +2421,7 @@ time_t system_get_rtime(void) struct timespec ts; struct timeval tv; - if (syscall(__NR_clock_gettime, CLOCK_MONOTONIC, ) == 0) + if (syscall(__NR_clock_gettime64, CLOCK_MONOTONIC, ) == 0) return ts.tv_sec; if (gettimeofday(, NULL) == 0) -- 2.24.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] procd/rcS: cast format string to int64_t
musl 1.2.0 turns time_t into a 64-bit value, even on 32-bit. This makes it compatible. Signed-off-by: Rosen Penev --- rcS.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rcS.c b/rcS.c index c2e1abb..aaf7314 100644 --- a/rcS.c +++ b/rcS.c @@ -118,7 +118,7 @@ static void q_initd_complete(struct runqueue *q, struct runqueue_task *p) ts_res.tv_nsec += 10; } - DEBUG(2, "stop %s %s - took %lu.%09lus\n", s->file, s->param, ts_res.tv_sec, ts_res.tv_nsec); + DEBUG(2, "stop %s %s - took %lld.%09llds\n", s->file, s->param, (int64_t)ts_res.tv_sec, (int64_t)ts_res.tv_nsec); ustream_free(>fd.stream); close(s->fd.fd.fd); free(s); -- 2.24.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] tools: squashfskit4: fix build with GCC10
Hi, wan't squashfskit4 created as a workaround for an inactive upstream maintainer? Wouldn't it make sense to move back to upstream now that it is more up to date than our fork? Best, Paul On Thu Mar 19, 2020 at 2:22 AM PST, Robert Marko wrote: > From: Robert Marko > > In order to build squashfskit with GCC10, this backport from upstream is > needed. > > Signed-off-by: Robert Marko > --- > ...002-fix-build-failure-against-gcc-10.patch | 43 +++ > 1 file changed, 43 insertions(+) > create mode 100644 > tools/squashfskit4/patches/0002-fix-build-failure-against-gcc-10.patch > > diff --git > a/tools/squashfskit4/patches/0002-fix-build-failure-against-gcc-10.patch > b/tools/squashfskit4/patches/0002-fix-build-failure-against-gcc-10.patch > new file mode 100644 > index 00..46c6a5ea0f > --- /dev/null > +++ > b/tools/squashfskit4/patches/0002-fix-build-failure-against-gcc-10.patch > @@ -0,0 +1,43 @@ > +From fe2f5da4b0f8994169c53e84b7cb8a0feefc97b5 Mon Sep 17 00:00:00 2001 > +From: Sergei Trofimovich > +Date: Sun, 26 Jan 2020 18:35:13 + > +Subject: [PATCH] squashfs-tools: fix build failure against gcc-10 > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +On gcc-10 (and gcc-9 -fno-common) build fails as: > + > +``` > +cc ... -o mksquashfs > +ld: read_fs.o:(.bss+0x0): > + multiple definition of `fwriter_buffer'; mksquashfs.o:(.bss+0x400c90): > first defined here > +ld: read_fs.o:(.bss+0x8): > + multiple definition of `bwriter_buffer'; mksquashfs.o:(.bss+0x400c98): > first defined here > +``` > + > +gcc-10 will change the default from -fcommon to fno-common: > +https://gcc.gnu.org/PR85678. > + > +The error also happens if CFLAGS=-fno-common passed explicitly. > + > +Reported-by: Toralf Förster > +Bug: https://bugs.gentoo.org/706456 > +Signed-off-by: Sergei Trofimovich > +--- > + squashfs-tools/mksquashfs.h | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/squashfs-tools/mksquashfs.h b/squashfs-tools/mksquashfs.h > +index 1beefef7..b6503063 100644 > +--- a/squashfs-tools/mksquashfs.h > b/squashfs-tools/mksquashfs.h > +@@ -143,7 +143,7 @@ struct append_file { > + #endif > + > + extern struct cache *reader_buffer, *fragment_buffer, *reserve_cache; > +-struct cache *bwriter_buffer, *fwriter_buffer; > ++extern struct cache *bwriter_buffer, *fwriter_buffer; > + extern struct queue *to_reader, *to_deflate, *to_writer, *from_writer, > + *to_frag, *locked_fragment, *to_process_frag; > + extern struct append_file **file_mapping; > -- > 2.26.0.rc2 > > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH 1/1] netifd: add pre-up/down post-up/down callback handling
What is the reason that creating a script in /etc/hotplug.d/iface/ that checks $ACTION and $DEVICENAME doesn't solve for this use case? https://openwrt.org/docs/guide-user/base-system/hotplug On Fri, Mar 20, 2020, 11:02 AM Felix Fietkau wrote: > On 2020-03-20 15:21, Florian Eckert wrote: > > network > >>> With this change we can decide if this is a user interaction with > >>> CLI/LuCI, > >>> because with the new callback mechanism I can set/delete a uci config > >>> flag so > >>> that the connection should really disconnected. And so does not > >>> restart on a > >>> failed connetion tracking again because the uci config flag is not > >>> set. > >>> > >>> Signed-off-by: Florian Eckert > >> netifd already tracks for every interface if the user requested it to > >> be > >> enabled or not via the 'autostart' flag, which you can query via ubus. > > > > I know this is done wit the uci option auto for this interface. > > But if I disable this flag, then on the next boot this interface does > > not start > > on boot anymore. I have to start this manual. So I think this is not an > > option. > No, I'm talking about the internal per-interface 'autostart' variable, > which gets set to false if the user does a manual ifdown of an interface > (but not if it just failed to start up). > It's not backed by configuration and you can query it via ubus. > (e.g. ifstatus wan) > > - Felix > > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel > ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH/RFC procd 3/3] jail: add support for (ram-)overlayfs
Add support for running service with a read/write filesystem overlay. This can either be a user-defined directory for persistency or reside on a tmpfs with fixed size in the RAM. Signed-off-by: Daniel Golle --- jail/jail.c| 95 +++--- service/instance.c | 36 +- service/instance.h | 2 + 3 files changed, 126 insertions(+), 7 deletions(-) diff --git a/jail/jail.c b/jail/jail.c index 78f0c6b..ec106d2 100644 --- a/jail/jail.c +++ b/jail/jail.c @@ -40,7 +40,7 @@ #include #define STACK_SIZE (1024 * 1024) -#define OPT_ARGS "S:C:n:h:r:w:d:psulocU:G:NR:fF" +#define OPT_ARGS "S:C:n:h:r:w:d:psulocU:G:NR:fFO:T:" static struct { char *name; @@ -51,6 +51,8 @@ static struct { char *user; char *group; char *extroot; + char *overlaydir; + char *tmpoverlaysize; int no_new_privs; int namespace; int procfs; @@ -147,9 +149,46 @@ int mount_bind(const char *root, const char *path, int readonly, int error) { return _mount_bind(root, path, NULL, readonly, 0, error); } +static int mount_overlay(char *jail_root, char *overlaydir) { + char *upperdir, *workdir, *optsstr; + const char mountoptsformat[] = "lowerdir=%s,upperdir=%s,workdir=%s"; + int ret = -1; + + if (asprintf(, "%s%s", overlaydir, "/upper") < 0) + goto out; + + if (asprintf(, "%s%s", overlaydir, "/work") < 0) + goto upper_printf; + + if (asprintf(, mountoptsformat, jail_root, upperdir, workdir) < 0) + goto work_printf; + + if (mkdir_p(upperdir, 0755) || mkdir_p(workdir, 0755)) + goto opts_printf; + + DEBUG("mount -t overlay %s %s (%s)\n", jail_root, jail_root, optsstr); + + if (mount(jail_root, jail_root, "overlay", MS_NOATIME, optsstr)) + goto opts_printf; + + ret = 0; + +opts_printf: + free(optsstr); +work_printf: + free(workdir); +upper_printf: + free(upperdir); +out: + return ret; +} + static int build_jail_fs(void) { char jail_root[] = "/tmp/ujail-XX"; + char tmpovdir[] = "/tmp/ujail-overlay-XX"; + char *overlaydir = NULL; + if (mkdtemp(jail_root) == NULL) { ERROR("mkdtemp(%s) failed: %m\n", jail_root); return -1; @@ -173,6 +212,29 @@ static int build_jail_fs(void) } } + if (opts.tmpoverlaysize) { + char mountoptsstr[] = "mode=0755,size="; + + snprintf(mountoptsstr, sizeof(mountoptsstr), +"mode=0755,size=%s", opts.tmpoverlaysize); + if (mkdtemp(tmpovdir) == NULL) { + ERROR("mkdtemp(%s) failed: %m\n", jail_root); + return -1; + } + if (mount("tmpfs", tmpovdir, "tmpfs", MS_NOATIME, + mountoptsstr)) { + ERROR("failed to mount tmpfs for overlay (size=%s)\n", opts.tmpoverlaysize); + return -1; + } + overlaydir = tmpovdir; + } + + if (opts.overlaydir) + overlaydir = opts.overlaydir; + + if (overlaydir) + mount_overlay(jail_root, overlaydir); + if (chdir(jail_root)) { ERROR("chdir(%s) (jail_root) failed: %m\n", jail_root); return -1; @@ -209,7 +271,15 @@ static int build_jail_fs(void) } snprintf(dirbuf, sizeof(dirbuf), "/old%s", jail_root); + umount2(dirbuf, MNT_DETACH); rmdir(dirbuf); + if (opts.tmpoverlaysize) { + char tmpdirbuf[sizeof(tmpovdir) + 4]; + snprintf(tmpdirbuf, sizeof(tmpdirbuf), "/old%s", tmpovdir); + umount2(tmpdirbuf, MNT_DETACH); + rmdir(tmpdirbuf); + } + umount2("/old", MNT_DETACH); rmdir("/old"); @@ -361,6 +431,8 @@ static void usage(void) fprintf(stderr, "namespace jail options:\n"); fprintf(stderr, " -h \tchange the hostname of the jail\n"); fprintf(stderr, " -N\t\tjail has network namespace\n"); + fprintf(stderr, " -f\t\tjail has user namespace\n"); + fprintf(stderr, " -F\t\tjail has cgroups namespace\n"); fprintf(stderr, " -r \treadonly files that should be staged\n"); fprintf(stderr, " -w \twriteable files that should be staged\n"); fprintf(stderr, " -p\t\tjail has /proc\n"); @@ -371,6 +443,8 @@ static void usage(void) fprintf(stderr, " -G \tgroup to run jailed process\n"); fprintf(stderr, " -o\t\tremont jail root (/) read only\n"); fprintf(stderr, " -R \texternal jail rootfs (system container)\n"); + fprintf(stderr, " -O \tdirectory for r/w overlayfs\n"); + fprintf(stderr, " -T \tuse tmpfs r/w overlayfs with \n"); fprintf(stderr, "\nWarning: by default root inside the
[OpenWrt-Devel] [PATCH/RFC procd 2/3] jail: add support for userns and cgroupsns
Add options to have jailed process inside new user namespace and cgroups namespace. Currently only the root user inside the container is mapped. Also, mounting /proc currently still fails in the new user namespace with permission denied for unknown reasons. Signed-off-by: Daniel Golle --- jail/jail.c| 291 ++--- service/instance.c | 43 +-- service/instance.h | 4 +- 3 files changed, 255 insertions(+), 83 deletions(-) diff --git a/jail/jail.c b/jail/jail.c index df1bda7..78f0c6b 100644 --- a/jail/jail.c +++ b/jail/jail.c @@ -40,15 +40,7 @@ #include #define STACK_SIZE (1024 * 1024) -#define OPT_ARGS "S:C:n:h:r:w:d:psulocU:G:NR:" - -#define NAMESPACE_MOUNT(1U << 0) -#define NAMESPACE_IPC (1U << 1) -#define NAMESPACE_NET (1U << 2) -#define NAMESPACE_PID (1U << 3) -#define NAMESPACE_USER (1U << 4) -#define NAMESPACE_UTS (1U << 5) -#define NAMESPACE_CGROUP (1U << 6) +#define OPT_ARGS "S:C:n:h:r:w:d:psulocU:G:NR:fF" static struct { char *name; @@ -64,8 +56,12 @@ static struct { int procfs; int ronly; int sysfs; + int pw_uid; + int pw_gid; + int gr_gid; } opts; + extern int pivot_root(const char *new_root, const char *put_old); int debug = 0; @@ -166,7 +162,7 @@ static int build_jail_fs(void) } if (opts.extroot) { - if (mount(opts.extroot, jail_root, NULL, MS_BIND | MS_REC, NULL)) { + if (mount(opts.extroot, jail_root, NULL, MS_BIND, NULL)) { ERROR("extroot mount failed %m\n"); return -1; } @@ -187,7 +183,7 @@ static int build_jail_fs(void) return -1; } - if (opts.namespace & NAMESPACE_NET) { + if (opts.namespace & CLONE_NEWNET) { char hostdir[PATH_MAX], jailetc[PATH_MAX], jaillink[PATH_MAX]; snprintf(hostdir, PATH_MAX, "/tmp/resolv.conf-%s.d", opts.name); @@ -231,6 +227,99 @@ static int build_jail_fs(void) return 0; } +static int write_uid_gid_map(pid_t child_pid, bool gidmap, int id) +{ + int map_file; + char map_path[64]; + const char *map_format = "%d %d %d\n"; + if (snprintf(map_path, sizeof(map_path), "/proc/%d/%s", + child_pid, gidmap?"gid_map":"uid_map") < 0) + return -1; + + if ((map_file = open(map_path, O_WRONLY)) == -1) + return -1; + + if (dprintf(map_file, map_format, 0, id, 1) == -1) { + close(map_file); + return -1; + } + + close(map_file); + return 0; +} + +static int write_setgroups(pid_t child_pid, bool allow) +{ + int setgroups_file; + char setgroups_path[64]; + + if (snprintf(setgroups_path, sizeof(setgroups_path), "/proc/%d/setgroups", + child_pid) < 0) { + return -1; + } + + if ((setgroups_file = open(setgroups_path, O_WRONLY)) == -1) { + return -1; + } + + if (dprintf(setgroups_file, allow?"allow":"deny") == -1) { + close(setgroups_file); + return -1; + } + + close(setgroups_file); + return 0; +} + +static void get_jail_user(int *user, int *user_gid, int *gr_gid) +{ + struct passwd *p = NULL; + struct group *g = NULL; + + if (opts.user) { + p = getpwnam(opts.user); + if (!p) { + ERROR("failed to get uid/gid for user %s: %d (%s)\n", + opts.user, errno, strerror(errno)); + exit(EXIT_FAILURE); + } + *user = p->pw_uid; + *user_gid = p->pw_gid; + } else { + *user = -1; + *user_gid = -1; + } + + if (opts.group) { + g = getgrnam(opts.group); + if (!g) { + ERROR("failed to get gid for group %s: %m\n", opts.group); + exit(EXIT_FAILURE); + } + *gr_gid = g->gr_gid; + } else { + *gr_gid = -1; + } +}; + +static void set_jail_user(int pw_uid, int user_gid, int gr_gid) +{ + if ((user_gid != -1) && initgroups(opts.user, user_gid)) { + ERROR("failed to initgroups() for user %s: %m\n", opts.user); + exit(EXIT_FAILURE); + } + + if ((gr_gid != -1) && setregid(gr_gid, gr_gid)) { + ERROR("failed to set group id %d: %m\n", gr_gid); + exit(EXIT_FAILURE); + } + + if ((pw_uid != -1) && setreuid(pw_uid, pw_uid)) { + ERROR("failed to set user id %d: %m\n", pw_uid); + exit(EXIT_FAILURE); + } +} + #define MAX_ENVP 8 static char** build_envp(const char *seccomp) { @@ -253,8 +342,7 @@ static char** build_envp(const char
[OpenWrt-Devel] [PATCH/RFC procd 1/3] jail: add support for launching extroot containers
Add option to ujail to use an existing rootfs when launching a containerized service. Later on this option will also be used to launch full-system containers. Signed-off-by: Daniel Golle --- jail/jail.c| 45 ++--- service/instance.c | 15 +++ service/instance.h | 1 + 3 files changed, 50 insertions(+), 11 deletions(-) diff --git a/jail/jail.c b/jail/jail.c index 5414519..df1bda7 100644 --- a/jail/jail.c +++ b/jail/jail.c @@ -40,7 +40,7 @@ #include #define STACK_SIZE (1024 * 1024) -#define OPT_ARGS "S:C:n:h:r:w:d:psulocU:G:N" +#define OPT_ARGS "S:C:n:h:r:w:d:psulocU:G:NR:" #define NAMESPACE_MOUNT(1U << 0) #define NAMESPACE_IPC (1U << 1) @@ -58,6 +58,7 @@ static struct { char *capabilities; char *user; char *group; + char *extroot; int no_new_privs; int namespace; int procfs; @@ -164,9 +165,16 @@ static int build_jail_fs(void) return -1; } - if (mount("tmpfs", jail_root, "tmpfs", MS_NOATIME, "mode=0755")) { - ERROR("tmpfs mount failed %m\n"); - return -1; + if (opts.extroot) { + if (mount(opts.extroot, jail_root, NULL, MS_BIND | MS_REC, NULL)) { + ERROR("extroot mount failed %m\n"); + return -1; + } + } else { + if (mount("tmpfs", jail_root, "tmpfs", MS_NOATIME, "mode=0755")) { + ERROR("tmpfs mount failed %m\n"); + return -1; + } } if (chdir(jail_root)) { @@ -230,6 +238,7 @@ static char** build_envp(const char *seccomp) static char preload_var[PATH_MAX]; static char seccomp_var[PATH_MAX]; static char debug_var[] = "LD_DEBUG=all"; + static char container_var[] = "container=ujail"; const char *preload_lib = find_lib("libpreload-seccomp.so"); int count = 0; @@ -243,6 +252,10 @@ static char** build_envp(const char *seccomp) snprintf(preload_var, sizeof(preload_var), "LD_PRELOAD=%s", preload_lib); envp[count++] = preload_var; } + + if (is_extroot) + envp[count++] = container_var; + if (debug > 1) envp[count++] = debug_var; @@ -269,6 +282,7 @@ static void usage(void) fprintf(stderr, " -U \tuser to run jailed process\n"); fprintf(stderr, " -G \tgroup to run jailed process\n"); fprintf(stderr, " -o\t\tremont jail root (/) read only\n"); + fprintf(stderr, " -R \texternal jail rootfs (system container)\n"); fprintf(stderr, "\nWarning: by default root inside the jail is the same\n\ and he has the same powers as root outside the jail,\n\ thus he can escape the jail and/or break stuff.\n\ @@ -437,6 +451,10 @@ int main(int argc, char **argv) opts.namespace |= NAMESPACE_MOUNT; opts.ronly = 1; break; + case 'R': + opts.namespace |= NAMESPACE_MOUNT | NAMESPACE_UTS; + opts.extroot = optarg; + break; case 's': opts.namespace |= NAMESPACE_MOUNT; opts.sysfs = 1; @@ -502,14 +520,16 @@ int main(int argc, char **argv) opts.jail_argv = [optind]; - if (opts.namespace && add_path_and_deps(*opts.jail_argv, 1, -1, 0)) { - ERROR("failed to load dependencies\n"); - return -1; - } + if (!opts.extroot) { + if (opts.namespace && add_path_and_deps(*opts.jail_argv, 1, -1, 0)) { + ERROR("failed to load dependencies\n"); + return -1; + } - if (opts.namespace && opts.seccomp && add_path_and_deps("libpreload-seccomp.so", 1, -1, 1)) { - ERROR("failed to load libpreload-seccomp.so\n"); - return -1; + if (opts.namespace && opts.seccomp && add_path_and_deps("libpreload-seccomp.so", 1, -1, 1)) { + ERROR("failed to load libpreload-seccomp.so\n"); + return -1; + } } if (opts.name) @@ -537,8 +557,11 @@ int main(int argc, char **argv) flags |= CLONE_NEWNS; add_mount("/dev/full", 0, -1); add_mount("/dev/null", 0, -1); + add_mount("/dev/random", 0, -1); add_mount("/dev/urandom", 0, -1); + add_mount("/dev/tty", 0, -1); add_mount("/dev/zero", 0, -1); + add_mount("/dev/console", 0, -1); if (opts.user || opts.group) { add_mount("/etc/passwd", 0, -1); diff --git a/service/instance.c
[OpenWrt-Devel] [PATCH 19.07] libpcap: Update shared-lib patch from Debian to fix linking problems
This updates the shared-lib patch to the recent version from debian found here: https://salsa.debian.org/rfrancoise/libpcap/-/blob/debian/1.9.1-2/debian/patches/shared-lib.diff This patch makes it include missing/strlcpy.o to the shared library which is needed for OpenWrt glibc builds, otherwise there is an undefined symbol and tcpdump and other builds are failing. Fixes: 44f11353de04 ("libpcap: update to 1.9.1") Signed-off-by: Hauke Mehrtens --- package/libs/libpcap/Makefile | 4 +- .../patches/100-debian_shared_lib.patch | 194 ++ .../102-makefile_disable_manpages.patch | 6 +- .../103-makefile_flex_workaround.patch| 2 +- 4 files changed, 157 insertions(+), 49 deletions(-) diff --git a/package/libs/libpcap/Makefile b/package/libs/libpcap/Makefile index fae955a54d..9a78216e3a 100644 --- a/package/libs/libpcap/Makefile +++ b/package/libs/libpcap/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libpcap PKG_VERSION:=1.9.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.us.tcpdump.org/release/ \ @@ -32,7 +32,7 @@ define Package/libpcap TITLE:=Low-level packet capture library URL:=http://www.tcpdump.org/ MENU:=1 - ABI_VERSION:=1 + ABI_VERSION:=2 endef define Package/libpcap/description diff --git a/package/libs/libpcap/patches/100-debian_shared_lib.patch b/package/libs/libpcap/patches/100-debian_shared_lib.patch index 454490fbfa..ab70417de7 100644 --- a/package/libs/libpcap/patches/100-debian_shared_lib.patch +++ b/package/libs/libpcap/patches/100-debian_shared_lib.patch @@ -3,12 +3,13 @@ build a shared library. --- a/Makefile.in +++ b/Makefile.in -@@ -40,6 +40,13 @@ mandir = @mandir@ +@@ -40,6 +40,14 @@ mandir = @mandir@ srcdir = @srcdir@ VPATH = @srcdir@ +# some defines for shared library compilation -+LIBVERSION=1 ++MAJ=0.8 ++LIBVERSION=$(shell head -1 debian/changelog | perl -nle 'm/\S+\s+\((\S+)-\S+\)/ and print $$1') +LIBNAME=pcap +LIBRARY=lib$(LIBNAME).a +SOLIBRARY=lib$(LIBNAME).so @@ -17,38 +18,38 @@ build a shared library. # # You shouldn't need to edit anything below. # -@@ -69,7 +76,8 @@ INSTALL_RPCAPD=@INSTALL_RPCAPD@ +@@ -69,7 +77,8 @@ INSTALL_RPCAPD=@INSTALL_RPCAPD@ EXTRA_NETWORK_LIBS=@EXTRA_NETWORK_LIBS@ # Standard CFLAGS for building members of a shared library -FULL_CFLAGS = $(CCOPT) @V_LIB_CCOPT_FAT@ $(SHLIB_CCOPT) $(INCLS) $(DEFS) $(CFLAGS) +FULL_CFLAGS = $(CCOPT) @V_LIB_CCOPT_FAT@ $(SHLIB_CCOPT) $(INCLS) $(DEFS) $(CFLAGS) $(CPPFLAGS) -+CFLAGS_SHARED = -shared -Wl,-soname,$(SHAREDLIB) ++CFLAGS_SHARED = -shared -Wl,-soname,$(SOLIBRARY).$(MAJ) -Wl,--version-script=libpcap-symbols.lds INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ -@@ -84,7 +92,11 @@ YACC = @YACC@ +@@ -84,7 +93,11 @@ YACC = @YACC@ # problem if you don't own the file but can write to the directory. .c.o: @rm -f $@ - $(CC) $(FULL_CFLAGS) -c $(srcdir)/$*.c + $(CC) $(FULL_CFLAGS) -c -o $@ $(srcdir)/$*.c + -+%_pic.o: %.c %.o ++%_pic.o: %.c + @rm -f $@ + $(CC) -fPIC $(FULL_CFLAGS) -c -o $@ $(srcdir)/$*.c PSRC =pcap-@V_PCAP@.c @USB_SRC@ @BT_SRC@ @BT_MONITOR_SRC@ @NETFILTER_SRC@ @DBUS_SRC@ @NETMAP_SRC@ @RDMA_SRC@ FSRC = @V_FINDALLDEVS@ -@@ -101,6 +113,7 @@ SRC = $(PSRC) $(FSRC) $(CSRC) $(SSRC) $( +@@ -101,6 +114,7 @@ SRC = $(PSRC) $(FSRC) $(CSRC) $(SSRC) $( # We would like to say "OBJ = $(SRC:.c=.o)" but Ultrix's make cannot # hack the extra indirection OBJ = $(PSRC:.c=.o) $(FSRC:.c=.o) $(CSRC:.c=.o) $(SSRC:.c=.o) $(GENSRC:.c=.o) $(LIBOBJS) -+OBJ_PIC = $(PSRC:.c=_pic.o) $(FSRC:.c=_pic.o) $(CSRC:.c=_pic.o) $(SSRC:.c=_pic.o) $(GENSRC:.c=_pic.o) ++OBJ_PIC = $(PSRC:.c=_pic.o) $(FSRC:.c=_pic.o) $(CSRC:.c=_pic.o) $(SSRC:.c=_pic.o) $(GENSRC:.c=_pic.o) $(LIBOBJS:.o=_pic.o) PUBHDR = \ pcap.h \ pcap-bpf.h \ -@@ -155,7 +168,7 @@ TAGFILES = \ +@@ -155,7 +169,7 @@ TAGFILES = \ CLEANFILES = $(OBJ) libpcap.a libpcap.so.`cat $(srcdir)/VERSION` \ $(PROG)-`cat $(srcdir)/VERSION`.tar.gz $(GENSRC) $(GENHDR) \ @@ -57,7 +58,7 @@ build a shared library. MAN1 = pcap-config.1 -@@ -392,7 +405,7 @@ libpcap.a: $(OBJ) +@@ -392,7 +406,7 @@ libpcap.a: $(OBJ) $(AR) rc $@ $(OBJ) $(ADDLARCHIVEOBJS) $(RANLIB) $@ @@ -66,20 +67,21 @@ build a shared library. libpcap.so: $(OBJ) @rm -f $@ -@@ -468,6 +481,12 @@ libpcap.shareda: $(OBJ) +@@ -468,6 +482,13 @@ libpcap.shareda: $(OBJ) # libpcap.none: +$(SHAREDLIB): $(OBJ_PIC) + -@rm -f $@ -+ -@rm -f $(SOLIBRARY) ++ -@rm -f $(SOLIBRARY) $(SOLIBRARY).$(MAJ) + $(CC) $(CFLAGS_SHARED) $(LDFLAGS) -o $(SHAREDLIB) $(OBJ_PIC) -lc $(LIBS) -+ ln -s $(SHAREDLIB) $(SOLIBRARY) ++ ln -s $(SHAREDLIB) $(SOLIBRARY).$(MAJ) ++ ln -s $(SOLIBRARY).$(MAJ) $(SOLIBRARY) + scanner.c: $(srcdir)/scanner.l $(LEX) -P pcap_ --header-file=scanner.h --nounput -o
Re: [OpenWrt-Devel] [PATCH 1/1] netifd: add pre-up/down post-up/down callback handling
On 2020-03-20 15:21, Florian Eckert wrote: > network >>> With this change we can decide if this is a user interaction with >>> CLI/LuCI, >>> because with the new callback mechanism I can set/delete a uci config >>> flag so >>> that the connection should really disconnected. And so does not >>> restart on a >>> failed connetion tracking again because the uci config flag is not >>> set. >>> >>> Signed-off-by: Florian Eckert >> netifd already tracks for every interface if the user requested it to >> be >> enabled or not via the 'autostart' flag, which you can query via ubus. > > I know this is done wit the uci option auto for this interface. > But if I disable this flag, then on the next boot this interface does > not start > on boot anymore. I have to start this manual. So I think this is not an > option. No, I'm talking about the internal per-interface 'autostart' variable, which gets set to false if the user does a manual ifdown of an interface (but not if it just failed to start up). It's not backed by configuration and you can query it via ubus. (e.g. ifstatus wan) - Felix ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH 1/1] netifd: add pre-up/down post-up/down callback handling
network With this change we can decide if this is a user interaction with CLI/LuCI, because with the new callback mechanism I can set/delete a uci config flag so that the connection should really disconnected. And so does not restart on a failed connetion tracking again because the uci config flag is not set. Signed-off-by: Florian Eckert netifd already tracks for every interface if the user requested it to be enabled or not via the 'autostart' flag, which you can query via ubus. I know this is done wit the uci option auto for this interface. But if I disable this flag, then on the next boot this interface does not start on boot anymore. I have to start this manual. So I think this is not an option. Is it enough for your use case to track that flag? As far as I can tell at this point, it's not an option to use this flag. If not, please go into more detail, because I don't think hacking In the LuCI and in the CLI the command ifup/ifdown is used, if the user wants to start/stop this interface explicitly manual. The auto option is not touched. The ifup/ifdown script executes an ubus call to set the interface up/down [1]. After the execution is preformed by netifd (proto) then the hotplug scripts are execute with different ACTION (up/down/ifup-failed. If I want to know if the Command is execute by an user interaction by the CLI (ifup/ifdown) or LuCI [2][3] the only possibility I have is to hook into the ifup/ifdown command. I would also like to point out that debian also has this possibility [4] in the network configuration. - Florian [1] https://github.com/openwrt/openwrt/blob/master/package/network/config/netifd/files/sbin/ifup#L9 [2] https://github.com/openwrt/luci/blob/6c167ea880bd29c69730d802c48ebc2c0253b905/modules/luci-mod-network/htdocs/luci-static/resources/view/network/interfaces.js#L991 [3] https://github.com/openwrt/luci/blob/6c167ea880bd29c69730d802c48ebc2c0253b905/modules/luci-mod-network/htdocs/luci-static/resources/view/network/interfaces.js#L997 [4] https://wiki.debian.org/NetworkConfiguration ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] Testing Kernel 5.4.24 on Lantiq XRX200 SoC - BT Home Hub 5a
Hi, Just to report I did a build of trunk and flashed it on my BT home hub 5a today. Seems to work fine except when there is a USB stick inserted at boot. In that case I do not get an IP address at all although the device boots and WiFi AP comes up. Greatly appreciate the good work! ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] readline: Need host depend on ncurses to build.
We must ensure that host ncurses is build before host readline. Signed-off-by: Jan Kardell --- package/libs/readline/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/package/libs/readline/Makefile b/package/libs/readline/Makefile index ddf05986a5..e0204104c5 100644 --- a/package/libs/readline/Makefile +++ b/package/libs/readline/Makefile @@ -25,6 +25,8 @@ PKG_INSTALL:=1 include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/host-build.mk +HOST_BUILD_DEPENDS:=ncurses/host + define Package/libreadline SECTION:=libs CATEGORY:=Libraries -- 2.16.4 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH 1/1] netifd: add pre-up/down post-up/down callback handling
On 2020-03-19 13:03, Florian Eckert wrote: > In some situations it is useful to execute callback scripts when > manually triggering an ifdown/ifup event via the CLI/LuCI. > > In my case I have a monitoring for a cellular connection. > If this fails the command `ubus call network.interface up` is execute to > restart the connection if a config option in uci of the interface > (keep_connected) flag is set. > > But for me to disconnect correctly I need to know about a user > interaction with performed with CLI/LuCI. > > With this change we can decide if this is a user interaction with CLI/LuCI, > because with the new callback mechanism I can set/delete a uci config flag so > that the connection should really disconnected. And so does not restart on a > failed connetion tracking again because the uci config flag is not set. > > Signed-off-by: Florian Eckert netifd already tracks for every interface if the user requested it to be enabled or not via the 'autostart' flag, which you can query via ubus. Is it enough for your use case to track that flag? If not, please go into more detail, because I don't think hacking hotplug-call invocations into the ifup script is a good solution. - Felix ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 6/6] scripts: fixup qemustart for new x86 image names
qemustart allows easy testing of created images via `qemu`. The script automatically selects created images and can setup e.g. networks. As the x86 target now uses the generic image.mk the profile appears also in the image name, this is *generic*. Add the profile name to the qemustart script so it still finds the file. Signed-off-by: Paul Spooren --- scripts/qemustart | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/qemustart b/scripts/qemustart index dbb8deddaf..9ce03901aa 100755 --- a/scripts/qemustart +++ b/scripts/qemustart @@ -255,7 +255,7 @@ start_qemu_x86() { local mach="${o_mach:-pc}" [ -n "$rootfs" ] || { - rootfs="$o_bindir/openwrt-$o_target-${o_subtarget%-*}-combined-ext4.img" + rootfs="$o_bindir/openwrt-$o_target-${o_subtarget%-*}-generic-ext4-combined.img" if [ ! -f "$rootfs" -a -s "$rootfs.gz" ]; then gunzip "$rootfs.gz" fi -- 2.25.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 3/6] x86: remove obsolete legacy profiles
Rely on device profiles instead for packages selection. Signed-off-by: Tomasz Maciej Nowak [rebase, adjusted commit title] Signed-off-by: Paul Spooren --- target/linux/x86/64/profiles/000-Generic.mk | 15 -- .../linux/x86/generic/profiles/000-Generic.mk | 19 -- .../linux/x86/geode/profiles/000-Generic.mk | 20 --- target/linux/x86/geode/profiles/100-Geos.mk | 19 -- .../linux/x86/legacy/profiles/000-Generic.mk | 18 - 5 files changed, 91 deletions(-) delete mode 100644 target/linux/x86/64/profiles/000-Generic.mk delete mode 100644 target/linux/x86/generic/profiles/000-Generic.mk delete mode 100644 target/linux/x86/geode/profiles/000-Generic.mk delete mode 100644 target/linux/x86/geode/profiles/100-Geos.mk delete mode 100644 target/linux/x86/legacy/profiles/000-Generic.mk diff --git a/target/linux/x86/64/profiles/000-Generic.mk b/target/linux/x86/64/profiles/000-Generic.mk deleted file mode 100644 index b5b10c4ade..00 --- a/target/linux/x86/64/profiles/000-Generic.mk +++ /dev/null @@ -1,15 +0,0 @@ -# -# Copyright (C) 2006-2019 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -define Profile/Generic - NAME:=Generic x86/64 -endef - -define Profile/Generic/Description - Generic Profile for x86/64 architecture -endef -$(eval $(call Profile,Generic)) diff --git a/target/linux/x86/generic/profiles/000-Generic.mk b/target/linux/x86/generic/profiles/000-Generic.mk deleted file mode 100644 index 7717131be0..00 --- a/target/linux/x86/generic/profiles/000-Generic.mk +++ /dev/null @@ -1,19 +0,0 @@ -# -# Copyright (C) 2006-2019 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -define Profile/Generic - NAME:=Generic x86 - PACKAGES:=kmod-e1000e kmod-igb kmod-bnx2 \ - kmod-3c59x kmod-e100 kmod-e1000 kmod-natsemi kmod-ne2k-pci \ - kmod-pcnet32 kmod-8139too kmod-r8169 kmod-sis900 kmod-tg3 \ - kmod-via-rhine kmod-via-velocity -endef - -define Profile/Generic/Description - Generic Profile for x86 architecture -endef -$(eval $(call Profile,Generic)) diff --git a/target/linux/x86/geode/profiles/000-Generic.mk b/target/linux/x86/geode/profiles/000-Generic.mk deleted file mode 100644 index be11b33e97..00 --- a/target/linux/x86/geode/profiles/000-Generic.mk +++ /dev/null @@ -1,20 +0,0 @@ -# -# Copyright (C) 2006-2019 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -define Profile/Generic - NAME:=Generic x86/Geode - PACKAGES:= \ - soloscli linux-atm br2684ctl ppp-mod-pppoa pppdump pppstats \ - hwclock flashrom tc kmod-pppoa kmod-8139cp kmod-mppe \ - kmod-usb-ohci-pci kmod-hwmon-lm90 \ - kmod-via-rhine -endef - -define Profile/Generic/Description - Generic Profile for all Geode boards. -endef -$(eval $(call Profile,Generic)) diff --git a/target/linux/x86/geode/profiles/100-Geos.mk b/target/linux/x86/geode/profiles/100-Geos.mk deleted file mode 100644 index f51e892cbf..00 --- a/target/linux/x86/geode/profiles/100-Geos.mk +++ /dev/null @@ -1,19 +0,0 @@ -# -# Copyright (C) 2006-2019 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -define Profile/Geos - NAME:=Geos - PACKAGES:= \ - soloscli linux-atm br2684ctl ppp-mod-pppoa pppdump pppstats \ - hwclock flashrom tc kmod-pppoa kmod-8139cp kmod-mppe \ - kmod-usb-ohci-pci kmod-hwmon-lm90 -endef - -define Profile/Geos/Description - Traverse Technologies Geos ADSL router -endef -$(eval $(call Profile,Geos)) diff --git a/target/linux/x86/legacy/profiles/000-Generic.mk b/target/linux/x86/legacy/profiles/000-Generic.mk deleted file mode 100644 index 566a66c1be..00 --- a/target/linux/x86/legacy/profiles/000-Generic.mk +++ /dev/null @@ -1,18 +0,0 @@ -# -# Copyright (C) 2006-2019 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -define Profile/Generic - NAME:=Generic x86/legacy - PACKAGES:=kmod-3c59x kmod-e100 kmod-e1000 kmod-natsemi kmod-ne2k-pci \ - kmod-pcnet32 kmod-8139too kmod-r8169 kmod-sis900 kmod-tg3 \ - kmod-via-rhine kmod-via-velocity -endef - -define Profile/Generic/Description - Generic Profile for x86 legacy architecutre -endef -$(eval $(call Profile,Generic)) -- 2.25.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 4/6] x86: use qemu-image command from image-commands.mk
The `qemu-image` command converts images to the specified type and reduces redundant code. Adaption from Alexander Couzens work[0]. [0]: https://git.openwrt.org/?p=openwrt/staging/lynxis.git;a=blob;f=target/linux/x86/image/Makefile;h=83b8140b7aefbe708fd09c9c61827e7e39bda8b4;hb=416cccf398e9589e3de386e05b61b1c46cace20d#l51 Signed-off-by: Paul Spooren --- include/image-commands.mk | 7 +++ target/linux/x86/image/Makefile | 14 ++ 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/include/image-commands.mk b/include/image-commands.mk index 37cb083bbf..2ec1922044 100644 --- a/include/image-commands.mk +++ b/include/image-commands.mk @@ -414,3 +414,10 @@ define Build/kernel2minor kernel2minor -k $@ -r $@.new $(1) mv $@.new $@ endef + +# Convert a raw image into a $1 type image. +# E.g. | qemu-image vdi +define Build/qemu-image + qemu-img convert -f raw -O $1 $@ $@.new + @mv $@.new $@ +endef diff --git a/target/linux/x86/image/Makefile b/target/linux/x86/image/Makefile index 494a190b86..dfa1742d5a 100644 --- a/target/linux/x86/image/Makefile +++ b/target/linux/x86/image/Makefile @@ -92,23 +92,13 @@ define Build/iso -o $@ $@.boot $(TARGET_DIR) endef -define Build/vdi - qemu-img convert -f raw -O vdi $@ $@.new - @mv $@.new $@ -endef - -define Build/vmdk - qemu-img convert -f raw -O vmdk $@ $@.new - @mv $@.new $@ -endef - DEVICE_VARS += GRUB2_VARIANT define Device/Default ARTIFACT/image.iso := grub-config iso | iso IMAGES := combined.img.gz IMAGE/combined.img.gz := append-rootfs | pad-extra 128k | grub-config pc | combined | grub-install | gzip - IMAGE/combined.vdi := append-rootfs | pad-extra 128k | grub-config pc | combined | grub-install | vdi - IMAGE/combined.vmdk := append-rootfs | pad-extra 128k | grub-config pc | combined | grub-install | vmdk + IMAGE/combined.vdi := append-rootfs | pad-extra 128k | grub-config pc | combined | grub-install | qemu-image vdi + IMAGE/combined.vmdk := append-rootfs | pad-extra 128k | grub-config pc | combined | grub-install | qemu-image vmdk KERNEL := kernel-bin KERNEL_INSTALL := 1 KERNEL_NAME := bzImage -- 2.25.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 5/6] x86: allow non gzipped images
The previous image generation code would always gzipped images. This patch changes the behaviour and only compresses images when selected in menuconfig. Signed-off-by: Paul Spooren --- target/linux/x86/image/Makefile | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/target/linux/x86/image/Makefile b/target/linux/x86/image/Makefile index dfa1742d5a..c01065f8e6 100644 --- a/target/linux/x86/image/Makefile +++ b/target/linux/x86/image/Makefile @@ -95,10 +95,15 @@ endef DEVICE_VARS += GRUB2_VARIANT define Device/Default ARTIFACT/image.iso := grub-config iso | iso - IMAGES := combined.img.gz + IMAGE/combined.img := append-rootfs | pad-extra 128k | grub-config pc | combined | grub-install IMAGE/combined.img.gz := append-rootfs | pad-extra 128k | grub-config pc | combined | grub-install | gzip IMAGE/combined.vdi := append-rootfs | pad-extra 128k | grub-config pc | combined | grub-install | qemu-image vdi IMAGE/combined.vmdk := append-rootfs | pad-extra 128k | grub-config pc | combined | grub-install | qemu-image vmdk + ifeq ($(CONFIG_TARGET_IMAGES_GZIP),y) +IMAGES := combined.img.gz + else +IMAGES := combined.img + endif KERNEL := kernel-bin KERNEL_INSTALL := 1 KERNEL_NAME := bzImage -- 2.25.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 2/6] x86: switch image generation to new code
This commit introduces few related changes which need to be done in single commit to keep images buildable between git revisions. In result it retains all previous image creation possibilities with slight name change of generated images. Brief summary of the commit: * Split up image generation recipe to smaller chunks to make it more generic and reusable. * Make iso images x86 specific and drop their definition as root filesystem. * Convert image creation process to generic code specified in image.mk. * Make geode subtarget inherit features from the main target instead of redefining them. * For subtargets create device definitions with basic packages set. Signed-off-by: Tomasz Maciej Nowak [rebased] Signed-off-by: Paul Spooren --- config/Config-images.in | 18 +- include/image.mk | 1 - target/linux/x86/Makefile | 4 +- target/linux/x86/geode/target.mk | 2 +- target/linux/x86/image/64.mk | 5 + target/linux/x86/image/Makefile | 179 -- target/linux/x86/image/generic.mk | 8 + target/linux/x86/image/geode.mk | 16 ++ target/linux/x86/image/grub-iso.cfg | 2 +- .../linux/x86/image/{grub.cfg => grub-pc.cfg} | 4 +- target/linux/x86/image/legacy.mk | 8 + 11 files changed, 126 insertions(+), 121 deletions(-) create mode 100644 target/linux/x86/image/64.mk create mode 100644 target/linux/x86/image/generic.mk create mode 100644 target/linux/x86/image/geode.mk rename target/linux/x86/image/{grub.cfg => grub-pc.cfg} (57%) create mode 100644 target/linux/x86/image/legacy.mk diff --git a/config/Config-images.in b/config/Config-images.in index a32de19826..e4db0482ce 100644 --- a/config/Config-images.in +++ b/config/Config-images.in @@ -120,13 +120,6 @@ menu "Target Images" help Create an ext4 filesystem with a journal. - config TARGET_ROOTFS_ISO - bool "iso" - default n - depends on TARGET_x86_generic - help - Create a bootable ISO image. - config TARGET_ROOTFS_JFFS2 bool "jffs2" depends on USES_JFFS2 @@ -191,7 +184,7 @@ menu "Target Images" config GRUB_IMAGES bool "Build GRUB images (Linux x86 or x86_64 host only)" depends on TARGET_x86 - depends on TARGET_ROOTFS_EXT4FS || TARGET_ROOTFS_ISO || TARGET_ROOTFS_JFFS2 || TARGET_ROOTFS_SQUASHFS + depends on TARGET_ROOTFS_EXT4FS || TARGET_ROOTFS_JFFS2 || TARGET_ROOTFS_SQUASHFS select PACKAGE_grub2 default y @@ -237,6 +230,11 @@ menu "Target Images" This is the title of the GRUB menu entry. If unspecified, it defaults to OpenWrt. + config ISO_IMAGES + bool "Build LiveCD image (ISO)" + depends on TARGET_x86 + select GRUB_IMAGES + config VDI_IMAGES bool "Build VirtualBox image files (VDI)" depends on TARGET_x86 @@ -260,14 +258,14 @@ menu "Target Images" config TARGET_KERNEL_PARTSIZE int "Kernel partition size (in MB)" - depends on GRUB_IMAGES || USES_BOOT_PART + depends on USES_BOOT_PART default 8 if TARGET_apm821xx_sata default 64 if TARGET_bcm27xx default 16 config TARGET_ROOTFS_PARTSIZE int "Root filesystem partition size (in MB)" - depends on GRUB_IMAGES || USES_ROOTFS_PART || TARGET_ROOTFS_EXT4FS || TARGET_omap || TARGET_rb532 || TARGET_sunxi || TARGET_uml + depends on USES_ROOTFS_PART || TARGET_ROOTFS_EXT4FS || TARGET_omap || TARGET_rb532 || TARGET_sunxi || TARGET_uml default 104 help Select the root filesystem partition size. diff --git a/include/image.mk b/include/image.mk index d1c63bba29..c72b8506f2 100644 --- a/include/image.mk +++ b/include/image.mk @@ -93,7 +93,6 @@ fs-types-$(CONFIG_TARGET_ROOTFS_SQUASHFS) += squashfs fs-types-$(CONFIG_TARGET_ROOTFS_JFFS2) += $(addprefix jffs2-,$(JFFS2_BLOCKSIZE)) fs-types-$(CONFIG_TARGET_ROOTFS_JFFS2_NAND) += $(addprefix jffs2-nand-,$(NAND_BLOCKSIZE)) fs-types-$(CONFIG_TARGET_ROOTFS_EXT4FS) += ext4 -fs-types-$(CONFIG_TARGET_ROOTFS_ISO) += iso fs-types-$(CONFIG_TARGET_ROOTFS_UBIFS) += ubifs fs-subtypes-$(CONFIG_TARGET_ROOTFS_JFFS2) += $(addsuffix -raw,$(addprefix jffs2-,$(JFFS2_BLOCKSIZE))) diff --git a/target/linux/x86/Makefile b/target/linux/x86/Makefile index a646e6e8a7..045d043e4d 100644 --- a/target/linux/x86/Makefile +++ b/target/linux/x86/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk ARCH:=i386 BOARD:=x86 BOARDNAME:=x86 -FEATURES:=squashfs ext4 vdi vmdk pcmcia targz fpu +FEATURES:=squashfs
[OpenWrt-Devel] [PATCH 0/6] x86: switch to generic image generation code
This patch is a rebased and improved version of Tomasz Maciej Nowak patch[0]. Tomasz code left untouched and only changed where needed for the rebase. Additionally some small improvements from Alexander Couzens where added in patch 4 (use qemu-image command from image-commands.mk) The last two patches are added to keep consistency with current behaviour. [0]: https://patchwork.ozlabs.org/cover/1024165/ Paul Spooren (6): x86/grub2: move grub2 image creation to package x86: switch image generation to new code x86: remove obsolete legacy profiles x86: use qemu-image command from image-commands.mk x86: allow non gzipped images scripts: fixup qemustart for new x86 image names config/Config-images.in | 18 +- include/image-commands.mk | 7 + include/image.mk | 1 - package/boot/grub2/Makefile | 31 +++ .../boot/grub2/files}/grub-early.cfg | 0 scripts/qemustart | 2 +- target/linux/x86/64/profiles/000-Generic.mk | 15 -- target/linux/x86/Makefile | 4 +- .../linux/x86/generic/profiles/000-Generic.mk | 19 -- .../linux/x86/geode/profiles/000-Generic.mk | 20 -- target/linux/x86/geode/profiles/100-Geos.mk | 19 -- target/linux/x86/geode/target.mk | 2 +- target/linux/x86/image/64.mk | 5 + target/linux/x86/image/Makefile | 202 +++--- target/linux/x86/image/generic.mk | 8 + target/linux/x86/image/geode.mk | 16 ++ target/linux/x86/image/grub-iso.cfg | 2 +- .../linux/x86/image/{grub.cfg => grub-pc.cfg} | 4 +- target/linux/x86/image/legacy.mk | 8 + .../linux/x86/legacy/profiles/000-Generic.mk | 18 -- 20 files changed, 167 insertions(+), 234 deletions(-) rename {target/linux/x86/image => package/boot/grub2/files}/grub-early.cfg (100%) delete mode 100644 target/linux/x86/64/profiles/000-Generic.mk delete mode 100644 target/linux/x86/generic/profiles/000-Generic.mk delete mode 100644 target/linux/x86/geode/profiles/000-Generic.mk delete mode 100644 target/linux/x86/geode/profiles/100-Geos.mk create mode 100644 target/linux/x86/image/64.mk create mode 100644 target/linux/x86/image/generic.mk create mode 100644 target/linux/x86/image/geode.mk rename target/linux/x86/image/{grub.cfg => grub-pc.cfg} (57%) create mode 100644 target/linux/x86/image/legacy.mk delete mode 100644 target/linux/x86/legacy/profiles/000-Generic.mk -- 2.25.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 1/6] x86/grub2: move grub2 image creation to package
Let the grub2 package take care of creating installable grub2 images, this will allow creating grub2 images without first calling x86 image generation recipe. Also as side effect, since those images are now shared, it'll reduce the number of calling grub-mkimage. Signed-off-by: Tomasz Maciej Nowak [rebase, adjusted commit title] Signed-off-by: Paul Spooren --- package/boot/grub2/Makefile | 31 +++ .../boot/grub2/files}/grub-early.cfg | 0 target/linux/x86/image/Makefile | 30 +- 3 files changed, 39 insertions(+), 22 deletions(-) rename {target/linux/x86/image => package/boot/grub2/files}/grub-early.cfg (100%) diff --git a/package/boot/grub2/Makefile b/package/boot/grub2/Makefile index b26ef64ca4..980a6e372a 100644 --- a/package/boot/grub2/Makefile +++ b/package/boot/grub2/Makefile @@ -82,6 +82,37 @@ define Host/Configure $(Host/Configure/Default) endef +define Host/Install + $(call Host/Install/Default) + + $(INSTALL_DIR) $(STAGING_DIR_HOST)/lib/grub/grub2-generic + $(STAGING_DIR_HOST)/bin/grub-mkimage \ + -d $(STAGING_DIR_HOST)/lib/grub/i386-pc \ + -p /boot/grub \ + -O i386-pc \ + -c ./files/grub-early.cfg \ + -o $(STAGING_DIR_HOST)/lib/grub/grub2-generic/core.img \ + at_keyboard biosdisk boot chain configfile ext2 linux ls part_msdos reboot serial vga + + $(INSTALL_DIR) $(STAGING_DIR_HOST)/lib/grub/grub2-iso + $(STAGING_DIR_HOST)/bin/grub-mkimage \ + -d $(STAGING_DIR_HOST)/lib/grub/i386-pc \ + -p /boot/grub \ + -O i386-pc \ + -c ./files/grub-early.cfg \ + -o $(STAGING_DIR_HOST)/lib/grub/grub2-iso/eltorito.img \ + at_keyboard biosdisk boot chain configfile iso9660 linux ls part_msdos reboot serial vga + + $(INSTALL_DIR) $(STAGING_DIR_HOST)/lib/grub/grub2-legacy + $(STAGING_DIR_HOST)/bin/grub-mkimage \ + -d $(STAGING_DIR_HOST)/lib/grub/i386-pc \ + -p /boot/grub \ + -O i386-pc \ + -c ./files/grub-early.cfg \ + -o $(STAGING_DIR_HOST)/lib/grub/grub2-legacy/core.img \ + biosdisk boot chain configfile ext2 linux ls part_msdos reboot serial vga +endef + define Package/grub2/install $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_BUILD_DIR)/grub-bios-setup $(1)/usr/sbin/ diff --git a/target/linux/x86/image/grub-early.cfg b/package/boot/grub2/files/grub-early.cfg similarity index 100% rename from target/linux/x86/image/grub-early.cfg rename to package/boot/grub2/files/grub-early.cfg diff --git a/target/linux/x86/image/Makefile b/target/linux/x86/image/Makefile index 373f2396b7..4e090bcf07 100644 --- a/target/linux/x86/image/Makefile +++ b/target/linux/x86/image/Makefile @@ -9,8 +9,7 @@ include $(INCLUDE_DIR)/image.mk export PATH=$(TARGET_PATH):/sbin -GRUB2_MODULES = biosdisk boot chain configfile ext2 linux ls part_msdos reboot serial test vga -GRUB2_MODULES_ISO = biosdisk boot chain configfile iso9660 linux ls part_msdos reboot serial test vga +GRUB2_VARIANT = GRUB_TERMINALS = GRUB_SERIAL_CONFIG = GRUB_TERMINAL_CONFIG = @@ -19,8 +18,9 @@ GRUB_CONSOLE_CMDLINE = USE_ATKBD = generic 64 ifneq ($(strip $(foreach subtarget,$(USE_ATKBD),$(CONFIG_TARGET_x86_$(subtarget,) - GRUB2_MODULES += at_keyboard - GRUB2_MODULES_ISO += at_keyboard + GRUB2_VARIANT := generic +else + GRUB2_VARIANT := legacy endif ifneq ($(CONFIG_GRUB_CONSOLE),) @@ -63,14 +63,9 @@ ifneq ($(CONFIG_GRUB_IMAGES),) rm -fR $(KDIR)/root.grub $(KDIR)/grub2 $(INSTALL_DIR) $(KDIR)/root.grub/boot/grub $(KDIR)/grub2 $(CP) $(KDIR)/bzImage $(KDIR)/root.grub/boot/vmlinuz - grub-mkimage \ - -p /boot/grub \ - -d $(STAGING_DIR_HOST)/lib/grub/i386-pc \ - -o $(KDIR)/root.grub/boot/grub/core.img \ - -O i386-pc \ - -c ./grub-early.cfg \ - $(GRUB2_MODULES) - $(CP) $(STAGING_DIR_HOST)/lib/grub/i386-pc/*.img $(KDIR)/root.grub/boot/grub/ + $(CP) $(STAGING_DIR_HOST)/lib/grub/i386-pc/*.img \ + $(STAGING_DIR_HOST)/lib/grub/grub2-$(strip $(GRUB2_VARIANT))/core.img \ + $(KDIR)/grub2/ echo '(hd0) $(BIN_DIR)/$(IMG_COMBINED)-$(1).img' > $(KDIR)/grub2/device.map sed \ -e 's#@SERIAL_CONFIG@#$(strip $(GRUB_SERIAL_CONFIG))#g' \ @@ -98,16 +93,7 @@ define Image/Build/iso rm -fR $(KDIR)/root.grub $(KDIR)/grub2 $(INSTALL_DIR) $(KDIR)/root.grub/boot/grub $(KDIR)/grub2 $(CP) $(KDIR)/bzImage $(KDIR)/root.grub/boot/vmlinuz - grub-mkimage \ - -p /boot/grub \ - -d $(STAGING_DIR_HOST)/lib/grub/i386-pc \ - -o $(KDIR)/grub2/eltorito.img \ - -O i386-pc \ - -c ./grub-early.cfg \ -