RE: [PATCH 1/2] mvebu: backport linkstation-poweroff upstream driver
Hi, > -Original Message- > From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org] > On Behalf Of Daniel González Cabanelas > Sent: Donnerstag, 27. August 2020 22:21 > To: openwrt-devel@lists.openwrt.org > Subject: [PATCH 1/2] mvebu: backport linkstation-poweroff upstream driver > > Backport the Linkstation poweroff driver from the kernel upstream (commit > a7f79f99541ef) > > This driver is required by the Buffalo LinkStation LS421DE for a correct power > off operation. It also allows to use the WoL feature. > > Signed-off-by: Daniel González Cabanelas > --- > package/kernel/linux/modules/other.mk | 21 +++ > .../030-linkstation-poweroff.patch| 177 ++ > 2 files changed, 198 insertions(+) > create mode 100644 target/linux/mvebu/patches-5.4/030-linkstation- > poweroff.patch > > diff --git a/package/kernel/linux/modules/other.mk > b/package/kernel/linux/modules/other.mk > index 6eb9404837..683d539be4 100644 > --- a/package/kernel/linux/modules/other.mk > +++ b/package/kernel/linux/modules/other.mk > @@ -329,6 +329,27 @@ endef > > $(eval $(call KernelPackage,gpio-amd-fch)) > > +define KernelPackage/linkstation-poweroff > + SUBMENU:=$(OTHER_MENU) > + DEPENDS:=@TARGET_mvebu > + TITLE:=Buffalo LinkStation power off driver > + KCONFIG:= \ > + CONFIG_POWER_RESET=y \ > + CONFIG_POWER_RESET_LINKSTATION \ > + CONFIG_POWER_RESET_QNAP=n Since this is specific to mvebu and even refers to symbols only defined in the target, I'd have expected it in target/linux/mvebu/modules.mk? Best Adrian > + > + FILES:=$(LINUX_DIR)/drivers/power/reset/linkstation-poweroff.ko > + AUTOLOAD:=$(call AutoLoad,31,linkstation-poweroff,1) > +endef > + > +define KernelPackage/linkstation-poweroff/description > + This driver supports turning off some Buffalo LinkStations by > + setting an output pin at the ethernet PHY to the correct state. > + It also makes the device compatible with the WoL function. > + Say Y here if you have a Buffalo LinkStation LS421D/E. > +endef > + > +$(eval $(call KernelPackage,linkstation-poweroff)) > > define KernelPackage/ppdev >SUBMENU:=$(OTHER_MENU) > diff --git a/target/linux/mvebu/patches-5.4/030-linkstation-poweroff.patch > b/target/linux/mvebu/patches-5.4/030-linkstation-poweroff.patch > new file mode 100644 > index 00..983b1de918 > --- /dev/null > +++ b/target/linux/mvebu/patches-5.4/030-linkstation-poweroff.patch > @@ -0,0 +1,177 @@ > +--- a/drivers/power/reset/Kconfig > b/drivers/power/reset/Kconfig > +@@ -99,6 +99,17 @@ > + help > + Reboot support for Hisilicon boards. > + > ++config POWER_RESET_LINKSTATION > ++tristate "Buffalo LinkStation power-off driver" > ++depends on ARCH_MVEBU || COMPILE_TEST > ++depends on OF_MDIO && PHYLIB > ++help > ++ This driver supports turning off some Buffalo LinkStations by > ++ setting an output pin at the ethernet PHY to the correct state. > ++ It also makes the device compatible with the WoL function. > ++ > ++ Say Y here if you have a Buffalo LinkStation LS421D/E. > ++ > + config POWER_RESET_MSM > + bool "Qualcomm MSM power-off driver" > + depends on ARCH_QCOM > +--- a/drivers/power/reset/Makefile > b/drivers/power/reset/Makefile > +@@ -10,6 +10,7 @@ > + obj-$(CONFIG_POWER_RESET_GPIO) += gpio-poweroff.o > + obj-$(CONFIG_POWER_RESET_GPIO_RESTART) += gpio-restart.o > + obj-$(CONFIG_POWER_RESET_HISI) += hisi-reboot.o > ++obj-${CONFIG_POWER_RESET_LINKSTATION} += linkstation-poweroff.o > + obj-$(CONFIG_POWER_RESET_MSM) += msm-poweroff.o > + obj-$(CONFIG_POWER_RESET_QCOM_PON) += qcom-pon.o > + obj-$(CONFIG_POWER_RESET_OCELOT_RESET) += ocelot-reset.o > +--- a/dev/null > b/drivers/power/reset/linkstation-poweroff.c > +@@ -0,0 +1,144 @@ > ++// SPDX-License-Identifier: GPL-2.0 > ++/* > ++ * LinkStation power off restart driver > ++ * Copyright (C) 2020 Daniel González Cabanelas > ++*/ > ++ > ++#include > ++#include > ++#include > ++#include > ++#include > ++#include > ++#include > ++ > ++/* Defines from the eth phy Marvell driver */ > ++#define MII_MARVELL_COPPER_PAGE 0 > ++#define MII_MARVELL_LED_PAGE3 > ++#define MII_MARVELL_WOL_PAGE17 > ++#define MII_MARVELL_PHY_PAGE22 > ++ > ++#define MII_PHY_LED_CTRL16 > ++#define MII_88E1318S_PHY_LED_TCR18 > ++#define MII_88E1318S_PHY_WOL_CTRL 16 > ++#define MII_M1011_IEVENT19 > ++ > ++#define MII_88E1318S_PHY_LED_TCR_INTn_ENABLEBIT(7) > ++#define MII_88E1318S_PHY_LED_TCR_FORCE_INT BIT(15) > ++#define MII_88E1318S_PHY_WOL_CTRL_CLEAR_WOL_STATUS BIT(12) > ++#define LED2_FORCE_ON (0x8 << 8) > ++#define LEDMASK > GENMASK(11,8) > ++ > ++static struct phy_device *phydev; > ++ > ++static void mvphy_reg_intn(u16 data) > ++{ > ++int rc = 0, saved_page; > ++ > ++saved_page = phy_select_page(phydev,
[PATCH 1/3] build: add libustream and certs to default pkgs
To allow HTTPS usage on a router it requires both certificates (ca-bundle) and a fitting libustream library (libustream-wolfssl) By adding both, uclient-fetch and wget can connect to encrypted HTTP. This allows opkg to update package lists in a more secure fashion. Suggested-by: Petr Štetiar Suggested-by: Baptiste Jonglez Signed-off-by: Paul Spooren --- include/target.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/target.mk b/include/target.mk index 6ed6565bda..b0c563a0ef 100644 --- a/include/target.mk +++ b/include/target.mk @@ -13,7 +13,7 @@ __target_inc=1 DEVICE_TYPE?=router # Default packages - the really basic set -DEFAULT_PACKAGES:=base-files libc libgcc busybox dropbear mtd uci opkg netifd fstools uclient-fetch logd urandom-seed urngd +DEFAULT_PACKAGES:=base-files busybox ca-bundle dropbear fstools libc libgcc logd libustream-wolfssl mtd netifd opkg uci uclient-fetch urandom-seed urngd # For the basic set DEFAULT_PACKAGES.basic:= # For nas targets -- 2.25.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 3/3] build: switch VERSION_REPO to HTTPS
The variable VERSION_REPO is used by opkg to download package(list)s. Now that the default installation support encrypted HTTP opkg should make use of it. Suggested-by: Petr Štetiar Suggested-by: Baptiste Jonglez Signed-off-by: Paul Spooren --- include/version.mk | 2 +- package/base-files/image-config.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/version.mk b/include/version.mk index 7d3c1ad640..b7f42e13bb 100644 --- a/include/version.mk +++ b/include/version.mk @@ -32,7 +32,7 @@ VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE)) VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),$(REVISION)) VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO)) -VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),http://downloads.openwrt.org/snapshots) +VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/snapshots) VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST)) VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt) diff --git a/package/base-files/image-config.in b/package/base-files/image-config.in index 4bace77db0..bfa3055cc8 100644 --- a/package/base-files/image-config.in +++ b/package/base-files/image-config.in @@ -183,7 +183,7 @@ if VERSIONOPT config VERSION_REPO string prompt "Release repository" - default "http://downloads.openwrt.org/snapshots; + default "https://downloads.openwrt.org/snapshots; help This is the repository address embedded in the image, it defaults to the trunk snapshot repo; the url may contain the following placeholders: -- 2.25.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 2/3] build: sort default packages and split by newlines
The line of default packages became very long and it is easier to read one package per line, therefore split it by newlines and sort it alphabetically. Signed-off-by: Paul Spooren --- include/target.mk | 35 --- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/include/target.mk b/include/target.mk index b0c563a0ef..03550c6ca6 100644 --- a/include/target.mk +++ b/include/target.mk @@ -13,13 +13,42 @@ __target_inc=1 DEVICE_TYPE?=router # Default packages - the really basic set -DEFAULT_PACKAGES:=base-files busybox ca-bundle dropbear fstools libc libgcc logd libustream-wolfssl mtd netifd opkg uci uclient-fetch urandom-seed urngd +DEFAULT_PACKAGES:=\ + base-files \ + busybox \ + ca-bundle \ + dropbear \ + fstools \ + libc \ + libgcc \ + libustream-wolfssl \ + logd \ + mtd \ + netifd \ + opkg \ + uci \ + uclient-fetch \ + urandom-seed \ + urngd # For the basic set DEFAULT_PACKAGES.basic:= # For nas targets -DEFAULT_PACKAGES.nas:=block-mount fdisk lsblk mdadm +DEFAULT_PACKAGES.nas:=\ + block-mount \ + fdisk \ + lsblk \ + mdadm # For router targets -DEFAULT_PACKAGES.router:=dnsmasq iptables ip6tables ppp ppp-mod-pppoe firewall odhcpd-ipv6only odhcp6c kmod-ipt-offload +DEFAULT_PACKAGES.router:=\ + dnsmasq \ + firewall \ + ip6tables \ + iptables \ + kmod-ipt-offload \ + odhcp6c \ + odhcpd-ipv6only \ + ppp \ + ppp-mod-pppoe ifneq ($(DUMP),) all: dumpinfo -- 2.25.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 1/2] mvebu: backport linkstation-poweroff upstream driver
Backport the Linkstation poweroff driver from the kernel upstream (commit a7f79f99541ef) This driver is required by the Buffalo LinkStation LS421DE for a correct power off operation. It also allows to use the WoL feature. Signed-off-by: Daniel González Cabanelas --- package/kernel/linux/modules/other.mk | 21 +++ .../030-linkstation-poweroff.patch| 177 ++ 2 files changed, 198 insertions(+) create mode 100644 target/linux/mvebu/patches-5.4/030-linkstation-poweroff.patch diff --git a/package/kernel/linux/modules/other.mk b/package/kernel/linux/modules/other.mk index 6eb9404837..683d539be4 100644 --- a/package/kernel/linux/modules/other.mk +++ b/package/kernel/linux/modules/other.mk @@ -329,6 +329,27 @@ endef $(eval $(call KernelPackage,gpio-amd-fch)) +define KernelPackage/linkstation-poweroff + SUBMENU:=$(OTHER_MENU) + DEPENDS:=@TARGET_mvebu + TITLE:=Buffalo LinkStation power off driver + KCONFIG:= \ + CONFIG_POWER_RESET=y \ + CONFIG_POWER_RESET_LINKSTATION \ + CONFIG_POWER_RESET_QNAP=n + + FILES:=$(LINUX_DIR)/drivers/power/reset/linkstation-poweroff.ko + AUTOLOAD:=$(call AutoLoad,31,linkstation-poweroff,1) +endef + +define KernelPackage/linkstation-poweroff/description + This driver supports turning off some Buffalo LinkStations by + setting an output pin at the ethernet PHY to the correct state. + It also makes the device compatible with the WoL function. + Say Y here if you have a Buffalo LinkStation LS421D/E. +endef + +$(eval $(call KernelPackage,linkstation-poweroff)) define KernelPackage/ppdev SUBMENU:=$(OTHER_MENU) diff --git a/target/linux/mvebu/patches-5.4/030-linkstation-poweroff.patch b/target/linux/mvebu/patches-5.4/030-linkstation-poweroff.patch new file mode 100644 index 00..983b1de918 --- /dev/null +++ b/target/linux/mvebu/patches-5.4/030-linkstation-poweroff.patch @@ -0,0 +1,177 @@ +--- a/drivers/power/reset/Kconfig b/drivers/power/reset/Kconfig +@@ -99,6 +99,17 @@ + help + Reboot support for Hisilicon boards. + ++config POWER_RESET_LINKSTATION ++ tristate "Buffalo LinkStation power-off driver" ++ depends on ARCH_MVEBU || COMPILE_TEST ++ depends on OF_MDIO && PHYLIB ++ help ++This driver supports turning off some Buffalo LinkStations by ++setting an output pin at the ethernet PHY to the correct state. ++It also makes the device compatible with the WoL function. ++ ++Say Y here if you have a Buffalo LinkStation LS421D/E. ++ + config POWER_RESET_MSM + bool "Qualcomm MSM power-off driver" + depends on ARCH_QCOM +--- a/drivers/power/reset/Makefile b/drivers/power/reset/Makefile +@@ -10,6 +10,7 @@ + obj-$(CONFIG_POWER_RESET_GPIO) += gpio-poweroff.o + obj-$(CONFIG_POWER_RESET_GPIO_RESTART) += gpio-restart.o + obj-$(CONFIG_POWER_RESET_HISI) += hisi-reboot.o ++obj-${CONFIG_POWER_RESET_LINKSTATION} += linkstation-poweroff.o + obj-$(CONFIG_POWER_RESET_MSM) += msm-poweroff.o + obj-$(CONFIG_POWER_RESET_QCOM_PON) += qcom-pon.o + obj-$(CONFIG_POWER_RESET_OCELOT_RESET) += ocelot-reset.o +--- a/dev/null b/drivers/power/reset/linkstation-poweroff.c +@@ -0,0 +1,144 @@ ++// SPDX-License-Identifier: GPL-2.0 ++/* ++ * LinkStation power off restart driver ++ * Copyright (C) 2020 Daniel González Cabanelas ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++/* Defines from the eth phy Marvell driver */ ++#define MII_MARVELL_COPPER_PAGE 0 ++#define MII_MARVELL_LED_PAGE 3 ++#define MII_MARVELL_WOL_PAGE 17 ++#define MII_MARVELL_PHY_PAGE 22 ++ ++#define MII_PHY_LED_CTRL 16 ++#define MII_88E1318S_PHY_LED_TCR 18 ++#define MII_88E1318S_PHY_WOL_CTRL 16 ++#define MII_M1011_IEVENT 19 ++ ++#define MII_88E1318S_PHY_LED_TCR_INTn_ENABLE BIT(7) ++#define MII_88E1318S_PHY_LED_TCR_FORCE_INTBIT(15) ++#define MII_88E1318S_PHY_WOL_CTRL_CLEAR_WOL_STATUSBIT(12) ++#define LED2_FORCE_ON (0x8 << 8) ++#define LEDMASK GENMASK(11,8) ++ ++static struct phy_device *phydev; ++ ++static void mvphy_reg_intn(u16 data) ++{ ++ int rc = 0, saved_page; ++ ++ saved_page = phy_select_page(phydev, MII_MARVELL_LED_PAGE); ++ if (saved_page < 0) ++ goto err; ++ ++ /* Force manual LED2 control to let INTn work */ ++ __phy_modify(phydev, MII_PHY_LED_CTRL, LEDMASK, LED2_FORCE_ON); ++ ++ /* Set the LED[2]/INTn pin to the required state */ ++ __phy_modify(phydev, MII_88E1318S_PHY_LED_TCR, ++ MII_88E1318S_PHY_LED_TCR_FORCE_INT, ++ MII_88E1318S_PHY_LED_TCR_INTn_ENABLE | data); ++ ++ if (!data) { ++ /* Clear interrupts to ensure INTn won't be holded in high state */ ++ __phy_write(phydev, MII_MARVELL_PHY_PAGE, MII_MARVELL_COPPER_PAGE); ++
[PATCH 2/2] mvebu: LS421DE: add linkstation poweroff driver
Compile the Linkstation poweroff module for the Buffalo LS421DE. Without this driver the device remains forever halted if a power off command is executed. The driver will also allow to use the WoL feature, which wasn't availabe in the stock firmware. Signed-off-by: Daniel González Cabanelas --- .../arm/boot/dts/armada-370-buffalo-ls421de.dts | 13 - target/linux/mvebu/image/cortexa9.mk| 4 ++-- 2 files changed, 2 insertions(+), 15 deletions(-) diff --git a/target/linux/mvebu/files/arch/arm/boot/dts/armada-370-buffalo-ls421de.dts b/target/linux/mvebu/files/arch/arm/boot/dts/armada-370-buffalo-ls421de.dts index ea392f9e41..e0c0cb55a0 100644 --- a/target/linux/mvebu/files/arch/arm/boot/dts/armada-370-buffalo-ls421de.dts +++ b/target/linux/mvebu/files/arch/arm/boot/dts/armada-370-buffalo-ls421de.dts @@ -209,12 +209,6 @@ gpio = < 9 GPIO_ACTIVE_HIGH>; }; }; - - /* FIXME: this driver needs to be aware of the LED2 eth phy use, - which must be set to off state before shutting down the machine */ - restart_poweroff { - compatible = "restart-poweroff"; - }; }; { @@ -243,13 +237,6 @@ ethphy0: ethernet-phy@0 { /* Marvell 88E1518 */ reg = <0>; - /* -* LED2 is used to inform, at restart time, if the power -* switch was slided to the "off" position. -* Page 0x3, Register 0x10, bits 8-11: -* 0x800: LED2 off, power off the machine -* 0x900: LED2 on, boot the machine -*/ marvell,reg-init = <0x3 0x10 0x1 0x1991>, /* LED function */ <0x3 0x11 0x1 0x4401>, /* LED polarity */ <0x3 0x12 0x1 0x4905>; /* LED timer */ diff --git a/target/linux/mvebu/image/cortexa9.mk b/target/linux/mvebu/image/cortexa9.mk index 7c2069ed2f..824f142a8b 100644 --- a/target/linux/mvebu/image/cortexa9.mk +++ b/target/linux/mvebu/image/cortexa9.mk @@ -24,8 +24,8 @@ define Device/buffalo_ls421de DEVICE_DTS := armada-370-buffalo-ls421de DEVICE_PACKAGES := \ kmod-rtc-rs5c372a kmod-hwmon-gpiofan kmod-hwmon-drivetemp kmod-usb3 \ -kmod-md-raid0 kmod-md-raid1 kmod-md-mod kmod-fs-xfs mkf2fs e2fsprogs \ -partx-utils +kmod-linkstation-poweroff kmod-md-raid0 kmod-md-raid1 kmod-md-mod \ +kmod-fs-xfs mkf2fs e2fsprogs partx-utils endef TARGET_DEVICES += buffalo_ls421de -- 2.28.0 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH V3 rpc] rc: new ubus object for handling /etc/init.d/ scripts
From: Rafał Miłecki This commit adds "rc" ubus object with methods "list" and "exec" for listing and calling init.d script appropriately. It's useful for all kind of UIs (e.g. LuCI) and custom apps. Example: root@OpenWrt:~# ubus call rc list { "blockd": { "enabled": true, "running": true }, "dnsmasq": { "enabled": true, "running": true } } root@OpenWrt:~# ubus call rc init '{ "name": "blockd", "action": "disable" }' root@OpenWrt:~# ubus call rc init '{ "name": "dnsmasq", "action": "stop" }' root@OpenWrt:~# ubus call rc list { "blockd": { "enabled": false, "running": true }, "dnsmasq": { "enabled": true, "running": false } } Signed-off-by: Rafał Miłecki --- V2: Use ubus_defer_request() and uloop_process_add() when callinig init.d scripts. It's required as rpcd is single thread so waitpid() could stop it from processing requests initiaited by init.d scripts. Add timer to kill hanging init.d calls. V3: Add uloop_end() close(fd) only for fd > 2 --- CMakeLists.txt| 2 +- include/rpcd/rc.h | 7 + main.c| 6 +- rc.c | 342 ++ 4 files changed, 354 insertions(+), 3 deletions(-) create mode 100644 include/rpcd/rc.h create mode 100644 rc.c diff --git a/CMakeLists.txt b/CMakeLists.txt index 3bfc286..26e011e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -38,7 +38,7 @@ INCLUDE_DIRECTORIES(${ubus_include_dir}) FIND_PATH(ubox_include_dir libubox/blobmsg_json.h) INCLUDE_DIRECTORIES(${ubox_include_dir}) -ADD_EXECUTABLE(rpcd main.c exec.c session.c uci.c plugin.c) +ADD_EXECUTABLE(rpcd main.c exec.c session.c uci.c rc.c plugin.c) TARGET_LINK_LIBRARIES(rpcd ${ubox} ${ubus} ${uci} ${blobmsg_json} ${json} ${crypt} dl) SET(PLUGINS "") diff --git a/include/rpcd/rc.h b/include/rpcd/rc.h new file mode 100644 index 000..ca00f56 --- /dev/null +++ b/include/rpcd/rc.h @@ -0,0 +1,7 @@ +// SPDX-License-Identifier: ISC OR MIT +#ifndef __RPCD_RC_H +#define __RPCD_RC_H + +int rpc_rc_api_init(struct ubus_context *ctx); + +#endif diff --git a/main.c b/main.c index 9a177cf..d77a814 100644 --- a/main.c +++ b/main.c @@ -25,10 +25,11 @@ #include #include +#include +#include +#include #include #include -#include -#include static struct ubus_context *ctx; static bool respawn = false; @@ -113,6 +114,7 @@ int main(int argc, char **argv) rpc_session_api_init(ctx); rpc_uci_api_init(ctx); + rpc_rc_api_init(ctx); rpc_plugin_api_init(ctx); hangup = getenv("RPC_HANGUP"); diff --git a/rc.c b/rc.c new file mode 100644 index 000..3666e70 --- /dev/null +++ b/rc.c @@ -0,0 +1,342 @@ +// SPDX-License-Identifier: ISC OR MIT +/* + * rpcd - UBUS RPC server + * + * Copyright (C) 2020 Rafał Miłecki + */ + +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include + +#define RC_LIST_EXEC_TIMEOUT_MS3000 + +enum { + RC_INIT_NAME, + RC_INIT_ACTION, + __RC_INIT_MAX +}; + +static const struct blobmsg_policy rc_init_policy[] = { + [RC_INIT_NAME] = { "name", BLOBMSG_TYPE_STRING }, + [RC_INIT_ACTION] = { "action", BLOBMSG_TYPE_STRING }, +}; + +struct rc_list_context { + struct uloop_process process; + struct uloop_timeout timeout; + struct ubus_context *ctx; + struct ubus_request_data req; + struct blob_buf *buf; + DIR *dir; + + /* Info about currently processed init.d entry */ + struct { + char path[PATH_MAX]; + const char *d_name; + bool enabled; + bool running; + } entry; +}; + +static void rc_list_readdir(struct rc_list_context *c); + +/** + * rc_check_script - check if script is safe to execute as root + * + * Check if it's owned by root and if only root can modify it. + */ +static int rc_check_script(const char *path) +{ + struct stat s; + + if (stat(path, )) + return UBUS_STATUS_NOT_FOUND; + + if (s.st_uid != 0 || s.st_gid != 0 || !(s.st_mode & S_IXUSR) || (s.st_mode & S_IWOTH)) + return UBUS_STATUS_PERMISSION_DENIED; + + return UBUS_STATUS_OK; +} + +static void rc_list_add_table(struct rc_list_context *c) +{ + void *e; + + e = blobmsg_open_table(c->buf, c->entry.d_name); + + blobmsg_add_u8(c->buf, "enabled", c->entry.enabled); + blobmsg_add_u8(c->buf, "running", c->entry.running); + + blobmsg_close_table(c->buf, e); +} + +static void rpc_list_exec_timeout_cb(struct uloop_timeout *t) +{ + struct rc_list_context *c = container_of(t, struct rc_list_context, timeout); + + ULOG_WARN("Timeout waiting for %s\n", c->entry.path); + + uloop_process_delete(>process); +
Re: [PATCH v3] treewide: switch to HTTPS by default
On 25-08-20, Paul Spooren wrote: > From: Petr Štetiar > > As there is now wolfSSL included by default due to SAE/WPA3 we can > finally switch to TLS/SSL in other parts as well. The commit message needs improvement, especially "treewide: switch to HTTPS by default". What is switched to HTTPS exactly? It could be source download URL, package download URL on the device, package download URL on the imagebuilder... What parts of OpenWrt are expected to be impacted by this? Other comments below: > --- a/include/target.mk > +++ b/include/target.mk > @@ -13,13 +13,41 @@ __target_inc=1 > DEVICE_TYPE?=router > > # Default packages - the really basic set > -DEFAULT_PACKAGES:=base-files libc libgcc busybox dropbear mtd uci opkg > netifd fstools uclient-fetch logd urandom-seed urngd > +DEFAULT_PACKAGES:=\ > + base-files \ > + busybox \ > + ca-bundle \ > + dropbear \ > + fstools \ > + libc \ > + libgcc \ > + logd \ > + mtd \ > + netifd \ > + opkg \ > + uci \ > + uclient-fetch \ > + urandom-seed \ > + urngd This is hard to read, please drop the cosmetic changes or move them to a separate commit. Also, it seems it's missing the actual change, i.e. libustream-wolfssl? > --- a/include/version.mk > +++ b/include/version.mk > @@ -32,7 +32,7 @@ VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE)) > VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),$(REVISION)) > > VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO)) > -VERSION_REPO:=$(if > $(VERSION_REPO),$(VERSION_REPO),http://downloads.openwrt.org/snapshots) > +VERSION_REPO:=$(if > $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/snapshots) > > VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST)) > VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt) VERSION_REPO needs to be updated as well in package/base-files/image-config.in It's not used by default (because it's guarded by IMAGEOPT and VERSIONOPT) but it can be used to customize the download URL. So it's more logical if it starts with the same value as the default download URL. Also, several scripts will need adaptation: - makebranch.sh in maintainer-tools - maketag.sh in maintainer-tools. This one should be adapted carefully so that it still works for 19.07.X. Baptiste signature.asc Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH v2] wolfssl: Update to version 4.5.0
On 8/27/20 9:25 AM, Andre Heider wrote: > Hi, > > On 26/08/2020 00:19, Hauke Mehrtens wrote: >> This fixes the following security problems: >> * In earlier versions of wolfSSL there exists a potential man in the >> middle attack on TLS 1.3 clients. >> * Denial of service attack on TLS 1.3 servers from repetitively sending >> ChangeCipherSpecs messages. (CVE-2020-12457) >> * Potential cache timing attacks on public key operations in builds that >> are not using SP (single precision). (CVE-2020-15309) >> * When using SGX with EC scalar multiplication the possibility of side- >> channel attacks are present. >> * Leak of private key in the case that PEM format private keys are >> bundled in with PEM certificates into a single file. >> * During the handshake, clear application_data messages in epoch 0 are >> processed and returned to the application. >> >> Full changelog: >> https://www.wolfssl.com/docs/wolfssl-changelog/ >> >> Add a patch which fixes a build problem on big endian systems, see >> https://github.com/wolfSSL/wolfssl/issues/3240 for details. >> >> Signed-off-by: Hauke Mehrtens > > I think due to this hostapd (CONFIG_PACKAGE_wpad-wolfssl=y) now fails to > compile: > ../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject': > ../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first > use in this function); did you mean 'ENAVAIL'? > type = GEN_EMAIL; > ^ > ENAVAIL > ../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is > reported only once for each function it appears in > ../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first > use in this function) > type = GEN_DNS; > ^~~ > ../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first > use in this function) > type = GEN_URI; > ^~~ > ../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event': > ../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first > use in this function); did you mean 'ENAVAIL'? > if (gen->type != GEN_EMAIL && > ^ > ENAVAIL > ../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first > use in this function) > gen->type != GEN_DNS && > ^~~ > ../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first > use in this function) > gen->type != GEN_URI) > ^~~ > make[3]: *** [Makefile:1302: ../src/crypto/tls_wolfssl.o] Error 1 > > The attached patch fixes it me. > Thank you for spotting this, it only happened when we compile one of the hostapd version with enterprise WPA support. The build bots also found this. It is It is fixed in master now. Hauke signature.asc Description: OpenPGP digital signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] imagebuilder: fix sstrip
Without an absolute path to staging_dir/host/bin/sstrip the Makefile tries to run a host installed version of sstrip, which is likely not available. Signed-off-by: Paul Spooren --- target/imagebuilder/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/imagebuilder/Makefile b/target/imagebuilder/Makefile index 175c30282e..6140a83e70 100644 --- a/target/imagebuilder/Makefile +++ b/target/imagebuilder/Makefile @@ -87,7 +87,7 @@ endif $(CP) $(STAGING_DIR_HOST)/bin/* $(IB_BUILD_DIR)/staging_dir/host/bin/ (cd $(IB_BUILD_DIR); find staging_dir/host/bin/ $(IB_LDIR)/scripts/dtc/ -type f | \ $(XARGS) $(SCRIPT_DIR)/bundle-libraries.sh $(IB_BUILD_DIR)/staging_dir/host) - STRIP=sstrip $(SCRIPT_DIR)/rstrip.sh $(IB_BUILD_DIR)/staging_dir/host/bin/ + STRIP=$(STAGING_DIR_HOST)/bin/sstrip $(SCRIPT_DIR)/rstrip.sh $(IB_BUILD_DIR)/staging_dir/host/bin/ (cd $(BUILD_DIR); \ tar -I '$(STAGING_DIR_HOST)/bin/xz -7e -T$(if $(filter 1,$(NPROC)),2,0)' -cf $@ $(IB_NAME) \ --mtime="$(shell date --date=@$(SOURCE_DATE_EPOCH))"; \ -- 2.25.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 2/2] imagebuilder: improve reproducibility
The SOURCE_DATE_EPOCH is used to unify the mtime within created images, make it the same as the build system used during creation of the IB. The LINUX_VERMAGIC is used to create a reproducible IMG_PART_SIGNATURE, therefore make it available to the IB as well. Signed-off-by: Paul Spooren --- target/imagebuilder/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/target/imagebuilder/Makefile b/target/imagebuilder/Makefile index 873e1b44e0..175c30282e 100644 --- a/target/imagebuilder/Makefile +++ b/target/imagebuilder/Makefile @@ -77,6 +77,8 @@ endif $(CP) -L $(LINUX_DIR)/arch/$(LINUX_KARCH)/boot/dts/* $(IB_DTSDIR); \ fi $(SED) 's,^# REVISION:=.*,REVISION:=$(REVISION),g' $(IB_BUILD_DIR)/include/version.mk + $(SED) 's,^# SOURCE_DATE_EPOCH:=.*,SOURCE_DATE_EPOCH:=$(SOURCE_DATE_EPOCH),g' $(IB_BUILD_DIR)/include/version.mk + $(SED) '/LINUX_VERMAGIC:=/ { s,unknown,$(LINUX_VERMAGIC),g }' $(IB_BUILD_DIR)/include/kernel.mk find $(IB_BUILD_DIR) -name CVS -o -name .git -o -name .svn \ | $(XARGS) rm -rf $(INSTALL_DIR) $(IB_IDIR) -- 2.25.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 1/2] imagebuilder: rename PKG_BUILD_DIR to IB_BUILD_DIR
This follow the SDK naming schema is and is more clear as no package is build. Signed-off-by: Paul Spooren --- target/imagebuilder/Makefile | 66 ++-- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/target/imagebuilder/Makefile b/target/imagebuilder/Makefile index ad19ab2b53..873e1b44e0 100644 --- a/target/imagebuilder/Makefile +++ b/target/imagebuilder/Makefile @@ -13,19 +13,19 @@ include $(INCLUDE_DIR)/feeds.mk override MAKEFLAGS= IB_NAME:=$(VERSION_DIST_SANITIZED)-imagebuilder-$(if $(CONFIG_VERSION_FILENAMES),$(VERSION_NUMBER)-)$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET)).$(HOST_OS)-$(HOST_ARCH) -PKG_BUILD_DIR:=$(BUILD_DIR)/$(IB_NAME) -IB_KDIR:=$(patsubst $(TOPDIR)/%,$(PKG_BUILD_DIR)/%,$(KERNEL_BUILD_DIR)) -IB_LDIR:=$(patsubst $(TOPDIR)/%,$(PKG_BUILD_DIR)/%,$(LINUX_DIR)) -IB_DTSDIR:=$(patsubst $(TOPDIR)/%,$(PKG_BUILD_DIR)/%,$(LINUX_DIR))/arch/$(LINUX_KARCH)/boot/dts/ -IB_IDIR:=$(patsubst $(TOPDIR)/%,$(PKG_BUILD_DIR)/%,$(STAGING_DIR_IMAGE)) +IB_BUILD_DIR:=$(BUILD_DIR)/$(IB_NAME) +IB_KDIR:=$(patsubst $(TOPDIR)/%,$(IB_BUILD_DIR)/%,$(KERNEL_BUILD_DIR)) +IB_LDIR:=$(patsubst $(TOPDIR)/%,$(IB_BUILD_DIR)/%,$(LINUX_DIR)) +IB_DTSDIR:=$(patsubst $(TOPDIR)/%,$(IB_BUILD_DIR)/%,$(LINUX_DIR))/arch/$(LINUX_KARCH)/boot/dts/ +IB_IDIR:=$(patsubst $(TOPDIR)/%,$(IB_BUILD_DIR)/%,$(STAGING_DIR_IMAGE)) all: compile $(BIN_DIR)/$(IB_NAME).tar.xz: clean - rm -rf $(PKG_BUILD_DIR) - mkdir -p $(IB_KDIR) $(IB_LDIR) $(PKG_BUILD_DIR)/staging_dir/host/lib \ - $(PKG_BUILD_DIR)/target $(PKG_BUILD_DIR)/scripts $(IB_DTSDIR) - -cp $(TOPDIR)/.config $(PKG_BUILD_DIR)/.config + rm -rf $(IB_BUILD_DIR) + mkdir -p $(IB_KDIR) $(IB_LDIR) $(IB_BUILD_DIR)/staging_dir/host/lib \ + $(IB_BUILD_DIR)/target $(IB_BUILD_DIR)/scripts $(IB_DTSDIR) + -cp $(TOPDIR)/.config $(IB_BUILD_DIR)/.config $(CP) -L \ $(INCLUDE_DIR) $(SCRIPT_DIR) \ $(TOPDIR)/rules.mk \ @@ -33,38 +33,38 @@ $(BIN_DIR)/$(IB_NAME).tar.xz: clean ./files/repositories.conf \ $(TMP_DIR)/.targetinfo \ $(TMP_DIR)/.packageinfo \ - $(PKG_BUILD_DIR)/ + $(IB_BUILD_DIR)/ ifeq ($(CONFIG_IB_STANDALONE),) - echo '## Remote package repositories' >> $(PKG_BUILD_DIR)/repositories.conf - $(call FeedSourcesAppend,$(PKG_BUILD_DIR)/repositories.conf) + echo '## Remote package repositories' >> $(IB_BUILD_DIR)/repositories.conf + $(call FeedSourcesAppend,$(IB_BUILD_DIR)/repositories.conf) endif - echo ''>> $(PKG_BUILD_DIR)/repositories.conf - echo '## This is the local package repository, do not remove!' >> $(PKG_BUILD_DIR)/repositories.conf - echo 'src imagebuilder file:packages' >> $(PKG_BUILD_DIR)/repositories.conf + echo ''>> $(IB_BUILD_DIR)/repositories.conf + echo '## This is the local package repository, do not remove!' >> $(IB_BUILD_DIR)/repositories.conf + echo 'src imagebuilder file:packages' >> $(IB_BUILD_DIR)/repositories.conf - $(VERSION_SED_SCRIPT) $(PKG_BUILD_DIR)/repositories.conf + $(VERSION_SED_SCRIPT) $(IB_BUILD_DIR)/repositories.conf ifeq ($(CONFIG_IB_STANDALONE),) (cd $(call FeedPackageDir,libc); $(FIND) -type f -name 'libc_*.ipk' -or -name 'kernel_*.ipk' -or -name 'kmod-*.ipk') | \ while read path; do \ - mkdir -p "$(PKG_BUILD_DIR)/packages/$${path%/*}"; \ - cp "$(call FeedPackageDir,libc)/$$path" "$(PKG_BUILD_DIR)/packages/$$path"; \ + mkdir -p "$(IB_BUILD_DIR)/packages/$${path%/*}"; \ + cp "$(call FeedPackageDir,libc)/$$path" "$(IB_BUILD_DIR)/packages/$$path"; \ done else - $(INSTALL_DIR) $(PKG_BUILD_DIR)/packages - find $(wildcard $(PACKAGE_SUBDIRS)) -type f -name '*.ipk' -exec $(CP) {} $(PKG_BUILD_DIR)/packages/ \; + $(INSTALL_DIR) $(IB_BUILD_DIR)/packages + find $(wildcard $(PACKAGE_SUBDIRS)) -type f -name '*.ipk' -exec $(CP) {} $(IB_BUILD_DIR)/packages/ \; endif - $(CP) $(TOPDIR)/target/linux $(PKG_BUILD_DIR)/target/ + $(CP) $(TOPDIR)/target/linux $(IB_BUILD_DIR)/target/ if [ -d $(TOPDIR)/staging_dir/host/lib/grub ]; then \ - $(CP) $(TOPDIR)/staging_dir/host/lib/grub/ $(PKG_BUILD_DIR)/staging_dir/host/lib; \ + $(CP) $(TOPDIR)/staging_dir/host/lib/grub/ $(IB_BUILD_DIR)/staging_dir/host/lib; \ fi rm -rf \ - $(PKG_BUILD_DIR)/target/linux/*/files{,-*} \ - $(PKG_BUILD_DIR)/target/linux/*/patches{,-*} \ - $(PKG_BUILD_DIR)/target/linux/generic/{pending,backport,hack}{,-*} + $(IB_BUILD_DIR)/target/linux/*/files{,-*} \ +
Re: [PATCH v2] wolfssl: Update to version 4.5.0
Hi, On 26/08/2020 00:19, Hauke Mehrtens wrote: This fixes the following security problems: * In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. * Denial of service attack on TLS 1.3 servers from repetitively sending ChangeCipherSpecs messages. (CVE-2020-12457) * Potential cache timing attacks on public key operations in builds that are not using SP (single precision). (CVE-2020-15309) * When using SGX with EC scalar multiplication the possibility of side- channel attacks are present. * Leak of private key in the case that PEM format private keys are bundled in with PEM certificates into a single file. * During the handshake, clear application_data messages in epoch 0 are processed and returned to the application. Full changelog: https://www.wolfssl.com/docs/wolfssl-changelog/ Add a patch which fixes a build problem on big endian systems, see https://github.com/wolfSSL/wolfssl/issues/3240 for details. Signed-off-by: Hauke Mehrtens I think due to this hostapd (CONFIG_PACKAGE_wpad-wolfssl=y) now fails to compile: ../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject': ../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'? type = GEN_EMAIL; ^ ENAVAIL ../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is reported only once for each function it appears in ../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first use in this function) type = GEN_DNS; ^~~ ../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first use in this function) type = GEN_URI; ^~~ ../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event': ../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'? if (gen->type != GEN_EMAIL && ^ ENAVAIL ../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first use in this function) gen->type != GEN_DNS && ^~~ ../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first use in this function) gen->type != GEN_URI) ^~~ make[3]: *** [Makefile:1302: ../src/crypto/tls_wolfssl.o] Error 1 The attached patch fixes it me. --- package/libs/wolfssl/Makefile | 6 +++--- .../patches/100-disable-hardening-check.patch | 2 +- .../patches/110-fix-build-on-big-endian.patch | 20 +++ 3 files changed, 24 insertions(+), 4 deletions(-) create mode 100644 package/libs/wolfssl/patches/110-fix-build-on-big-endian.patch diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index 159cfbc53f74..eb77caee3392 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl -PKG_VERSION:=4.4.0-stable -PKG_RELEASE:=2 +PKG_VERSION:=4.5.0-stable +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) -PKG_HASH:=7f854804c8ae0ca49cc77809e38e9a3b5a8c91ba7855ea928e6d6651b0d35f18 +PKG_HASH:=7de62300ce14daa0051bfefc7c4d6302f96cabc768b6ae49eda77523b118250c PKG_FIXUP:=libtool PKG_INSTALL:=1 diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch index 5d83eca770ea..43337ba97024 100644 --- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch +++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch @@ -1,6 +1,6 @@ --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h -@@ -1930,7 +1930,7 @@ extern void uITRON4_free(void *p) ; +@@ -2128,7 +2128,7 @@ extern void uITRON4_free(void *p) ; #endif /* warning for not using harden build options (default with ./configure) */ diff --git a/package/libs/wolfssl/patches/110-fix-build-on-big-endian.patch b/package/libs/wolfssl/patches/110-fix-build-on-big-endian.patch new file mode 100644 index ..820501d2bb5d --- /dev/null +++ b/package/libs/wolfssl/patches/110-fix-build-on-big-endian.patch @@ -0,0 +1,20 @@ +See https://github.com/wolfSSL/wolfssl/issues/3240 for details + +--- a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c +@@ -120,7 +120,6 @@ WC_STATIC WC_INLINE word32 ByteReverseWo + return rotlFixed(value, 16U); + #endif + } +-#if defined(LITTLE_ENDIAN_ORDER) + /* This routine performs a byte swap of words array of a given count. */ + WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in, + word32 byteCount) +@@ -131,7 +130,6 @@ WC_STATIC WC_INLINE void ByteReverseWord + out[i] = ByteReverseWord32(in[i]); + + } +-#endif /* LITTLE_ENDIAN_ORDER */ + + #if