[LEDE-DEV] [PATCH] urandom-seed: add initial implementation

now ignore them Once tested on enough configuration (jffs2/ext4/ubifs/...) this package should be added to DEFAULT_PACKAGES We could also add an urandom.seed at build time to improve first boot Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com> --- package/utils/urand

Re: [LEDE-DEV] [PATCH ubox] getrandom: add helper for getrandom() syscall

Hi, Everything is fine except your computer clock ;) ubox commit: authorEtienne CHAMPETIER <champetier.etie...@gmail.com> Thu, 9 Jun 2016 16:03:00 +0300 (13:03 +) committerJohn Crispin <j...@phrozen.org> Wed, 8 Jun 2016 01:19:24 +0300 (00:19 +0200) staging co

[LEDE-DEV] [PATCH v3] base-files: seed /dev/urandom

/preinit Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com> --- package/base-files/files/etc/init.d/urandom_seed | 22 ++ .../base-files/files/lib/preinit/81_urandom_seed | 19 +++ 2 files changed, 41 insertions(+) create mode 100755 package/b

[LEDE-DEV] [PATCH v2] base-files: seed /dev/urandom

now ignore them if after "urandom-seed: Seeding with ..." message We could also add an urandom.seed at build time to improve first boot v2: log preinit messages to /dev/kmsg Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com> --- package/base-files/files/etc/

Re: [LEDE-DEV] [PATCH] base-files: seed /dev/urandom

Hi Felix, 2016-06-12 12:45 GMT+02:00 Felix Fietkau <n...@nbd.name>: > On 2016-06-11 08:37, Etienne CHAMPETIER wrote: >> This commit: >> 1) seed /dev/urandom with a saved seed as early as possible >>(using /lib/preinit/81_urandom_seed) >> 2) save a new seed

Re: [LEDE-DEV] [PATCH] urandom-seed: add initial implementation

Hi John, 2016-06-03 11:00 GMT+02:00 John Crispin <j...@phrozen.org>: > Hi Etienne, > > comment inline ... > > On 02/06/2016 23:21, Etienne CHAMPETIER wrote: >> This package: >> 1) seed /dev/urandom with a saved seed as early as possible >> (using /lib/pr

Re: [LEDE-DEV] git.openwrt.org site half broken

2016-06-03 11:13 GMT+02:00 John Crispin <j...@phrozen.org>: > > > On 02/06/2016 13:20, Etienne Champetier wrote: >> Hi, >> >> someone messed with git.openwrt.org nginx config, i can't get the js and css. >> >> see https://git.openwrt.org/project/

Re: [LEDE-DEV] [PATCH] base-files: seed /dev/urandom

2016-06-14 9:08 GMT+02:00 Felix Fietkau <n...@nbd.name>: > On 2016-06-13 22:10, Etienne Champetier wrote: >> Hi John, Felix, >> >> 2016-06-13 13:55 GMT+02:00 John Crispin <j...@phrozen.org>: >>> >>> >>> On 13/06/2016 00:56, Etienne Champe

Re: [LEDE-DEV] [PATCH procd 7/7] jail: don't CLONE_NEWUTS if we don't change hostname

rove it a bit: no -h => no CLONE_NEWUTS -h => CLONE_NEWUTS -h => CLONE_NEWUTS + sethostname() CLONE_NEWUTS is not a security feature, sethostname() require CAP_SYS_ADMIN which allow you to escape jail (mknod + mount for exemple) Etienne > > John > > > On 30/05/2016 0

[LEDE-DEV] git.openwrt.org site half broken

Hi, someone messed with git.openwrt.org nginx config, i can't get the js and css. see https://git.openwrt.org/project/static/gitweb.css (doesn't look like a css :) ) Cheers Etienne ___ Lede-dev mailing list Lede-dev@lists.infradead.org

[LEDE-DEV] urandom seed & /etc mount time

Hi, i'm thinking about adding a urandom seed like any distro do, just need to know when /etc is first monted (inside procd or via init scripts?) Regards Etienne ___ Lede-dev mailing list Lede-dev@lists.infradead.org

[LEDE-DEV] [PATCH procd 7/7] jail: don't CLONE_NEWUTS if we don't change hostname

Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com> --- jail/jail.c | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/jail/jail.c b/jail/jail.c index e425254..926e42c 100644 --- a/jail/jail.c +++ b/jail/jail.c @@ -386,9 +386,10 @@ int main(int argc

[LEDE-DEV] [PATCH procd 5/7] jail: improve some logs

Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com> --- jail/fs.c | 4 ++-- jail/jail.c | 14 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/jail/fs.c b/jail/fs.c index f390180..c4cdcc9 100644 --- a/jail/fs.c +++ b/jail/fs.c @@ -86,7 +86,7 @@

[LEDE-DEV] [PATCH procd 3/7] jail: call build_envp() just before execve()

Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com> --- jail/jail.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/jail/jail.c b/jail/jail.c index 95d6237..e86ee14 100644 --- a/jail/jail.c +++ b/jail/jail.c @@ -230,10 +230,6 @@ and will onl

[LEDE-DEV] [PATCH] make /var/{run, lock, state} not world writable (0755)

since commit be950c5e56b86509e1e237931d0ac8203372be82 (09/03/2013) /var/{run,lock,state} are world writable (0777) which is a security issue before that they were created by /etc/init.d/boot with normal permissions (0755), so revert to that state Signed-off-by: Etienne CHAMPETIER <champetier.e

[LEDE-DEV] [PATCH v4] base-files: seed /dev/urandom

to /dev/kmsg v3: use non generic function name for logging, as /lib/preinit/ files are all sourced together in /etc/preinit v4: after a lot of discussion on the ML, use a config param Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com> --- package/base-files/files/bin/

Re: [LEDE-DEV] [PATCH v4] base-files: seed /dev/urandom

Hi Daniel, 2016-06-23 17:19 GMT+02:00 Daniel Gimpelevich <dan...@gimpelevich.san-francisco.ca.us>: > On Thu, 2016-06-16 at 09:38 +, Etienne CHAMPETIER wrote: >> +SEED=/etc/urandom.seed >> + >> +error_exit() { >> +logger -t urandom_seed "

Re: [LEDE-DEV] [PATCH v4] base-files: seed /dev/urandom

2016-06-23 17:05 GMT+02:00 Jo-Philipp Wich : > Hi. > >> why put multiple possibly unrelated functions under one option? > > To have a global "write to flash is okay" option instead of needing to > change different options with different semantics in different places. if it's

[LEDE-DEV] ujail bug/feature with file replacement with mv

Hi, Just a heads up, ujail uses "bind mount" to include file and directories into the jail, so if you include a file named aaa (procd_add_jail_mount(_rw) aaa), and then replace it outside of the jail using "mv bbb aaa", in the jail you will still have file aaa. Workaround is to use a directory

Re: [LEDE-DEV] [PATCH v5] base-files: seed /dev/urandom

nf if the > contents should be kept on upgrades. > We can keep /etc/urandom.seed on upgrade, be we shouldn't include it in config backup > >>> On 06/27/2016 05:53 PM, Etienne CHAMPETIER wrote: >>>> >>>> This commit: >>>> 1) seed /dev/urandom

Re: [LEDE-DEV] running stuff as !root

Hi, 2016-05-18 9:25 GMT+02:00 John Crispin : > > > On 18/05/2016 09:21, Radu Anghel wrote: >> /* sending again because i hit 'reply' instead of 'reply all' :) */ >> >> On Wed, May 18, 2016 at 8:29 AM, John Crispin wrote: >>> >>> ok, there had been some

Re: [LEDE-DEV] [PATCH v5] base-files: seed /dev/urandom

2016-07-19 7:09 GMT+02:00 Jo-Philipp Wich : > Hi Daniel, > > interesting failure mode ;( > > To me it seems the easiest fix is changing the getrandom syscall wrapper > utility to use the GRND_NONBLOCK flag in order to be interruptible by > signals. > > Thoughts? According to the man

Re: [LEDE-DEV] [PATCH v5] base-files: seed /dev/urandom

2016-07-19 7:40 GMT+02:00 Etienne Champetier <champetier.etie...@gmail.com>: > 2016-07-19 7:09 GMT+02:00 Jo-Philipp Wich <j...@mein.io>: >> Hi Daniel, >> >> interesting failure mode ;( >> >> To me it seems the easiest fix is changing th

[LEDE-DEV] [PATCH] base-files: use procd init for urandom_seed

Previous implementation was blocking the init and breaking halt/reboot/sysupgrade (reported by Daniel Golle) Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com> --- package/base-files/files/etc/init.d/urandom_seed | 29 package/base-files/file

[LEDE-DEV] [PATCH v2] base-files: use procd init for urandom_seed

Previous implementation was blocking the init and breaking halt/reboot/sysupgrade (reported by Daniel Golle) v2: use procd logging, use set -e + trap for error handling Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com> --- package/base-files/files/etc/init.d/urandom_see

Re: [LEDE-DEV] [PATCH ubox] cmake: Check for getrandom system call

Ack Thanks Florian 2017-02-04 18:41 GMT-08:00 Florian Fainelli : > In case we are building against a kernel that is too old and does not > support SYS_getrandom, error out with a message indicating so. > > Signed-off-by: Florian Fainelli > --- >

Re: [LEDE-DEV] Release Candidate Test Plan - first draft

Hi All, 2017-02-07 1:27 GMT-08:00 Bastian Bittorf : > * Giuseppe Lippolis [07.02.2017 10:00]: >> My proposal for the anonymous datacollection is to send >> 1) an UDP telegram with sysupgraded.$boardname at the end of the sysupgrade >> 2) an UDP telegram with

Re: [LEDE-DEV] anonymous stats / was: Release Candidate Test Plan - first draft

2017-02-07 7:40 GMT-08:00 Bastian Bittorf <b...@npl.de>: > * Etienne Champetier <champetier.etie...@gmail.com> [07.02.2017 16:27]: >> not a fan of leaking revision number on public network by default (if >> you are connected to public wifi or ...) > > This is a va

Re: [LEDE-DEV] LEDE re-saving entropy in /etc/urandom.seed only seconds after each boot?

Hi Kostas, In general you should always add lede-dev so that more people can answer and/or benefit from the answer 2017-02-18 13:38 GMT-08:00 Kostas Papadopoulos : > > > Etienne/John, I'd like to say that I very much appreciate your contributions > to OpenWrt/LEDE on

Re: [LEDE-DEV] LEDE re-saving entropy in /etc/urandom.seed only seconds after each boot?

pen after many program startup. The only thing that change in all you list is time (you often get the same IP via DHCP), so not much entropy. Saving a seed each time is simple and safe, and I personally (and i hope many others) have multiple month uptime on my routers, so I'm not overusing the flash

Re: [LEDE-DEV] [PATCH ubox] getrandom: Define SYS_getrandom if no definition exists

Hi Florian, 2016-09-18 21:36 GMT+02:00 Florian Fainelli <f.faine...@gmail.com>: > > Le 18/09/2016 à 12:06, Etienne Champetier a écrit : > > (Answering from my phone with gmail so this email is in HTML and will > > get bounced by the ML) > > > > Le 18

Re: [LEDE-DEV] [PATCH v2] procd: update procd.sh to support both: signal-names and signal-numbers

Hi Bastian, 2017-01-13 9:28 GMT-08:00 Bastian Bittorf : > It is automatically detected if the input is an integer. If not, > the name is converted to the corresonding number. In general it's > good style to use names (readability) and it's more portable: signal > numbers can be

Re: [LEDE-DEV] [PATCH v2] procd: update procd.sh to support both: signal-names and signal-numbers

2017-01-13 10:12 GMT-08:00 Bastian Bittorf <b...@npl.de>: > * Etienne Champetier <champetier.etie...@gmail.com> [13.01.2017 19:07]: >> > A real world example is signal 10, which is BUS on ramips and USR1 on PPC. >> >> If we know supporting signal num

Re: [LEDE-DEV] [source] procd: update to the latest version, fixes killing jailed processes

nless it's configured. I would also change the debug message to a warning or error so this end up in system log for easier debugging Regards Etienne > > - Felix > > On 2016-12-02 15:25, Etienne Champetier wrote: > > Hi Felix, > > > > Just had a look at

Re: [LEDE-DEV] sqm-scripts change GitHub link to https:// instead of git://

(forgot to send in plain text, sending again for the ML) Hi Nick, 2017-01-02 17:02 GMT-08:00 Nick Kamenyitzky : > > Is there any reason that the sqm-scripts makefile has a git:// link > instead of a https:// link? At my office git:// doesn't work but > https:// does. >

Re: [LEDE-DEV] [PATCH][opkg-lede] opkg: add --force-ssl argument

Hi Alexandru, 2017-05-11 7:59 GMT-07:00 Alexandru Ardelean : > For cases when artifacts are stored on https:// accessible > location and you don't want to install ca-certificates > (for various reasons). > > I'll admit, using SSL like this is not recommended, > but since

Re: [LEDE-DEV] mwan3 not working

Hi Mauro, 2017-05-13 4:51 GMT-07:00 Mauro Mozzarelli : > Thanks Yousong, Merci Etienne, > > > I updated and rebuilt with the fix r4117 and I already communicated to > Etienne that this fixes MWAN Interface Systemlog (this now shows), but both > my interfaces remain marked as

Re: [LEDE-DEV] Enable DCO check on Github OpenWrt organisation

Hi All, 2018-01-18 13:59 GMT-08:00 Etienne Champetier <champetier.etie...@gmail.com>: > Hi All, > > Could someone enable this https://github.com/integration/dco on the > whole OpenWrt github org? (or at least on the packages repo) Friendly ping (I'm only a "member

Re: [LEDE-DEV] [PATCH v2] build: log time taken by each packages/steps

Hi John, 2018-05-01 2:47 GMT-07:00 John Crispin <j...@phrozen.org>: > > > On 30/04/18 21:55, Etienne Champetier wrote: >> >> The idea is to easily get the list of packages taking the most time to >> build, >> and see if we can improve them >> >&

Re: [LEDE-DEV] [openwrt/openwrt] ar71xx: Ubiquiti Airmax M: add relocate-kernel to invalidate cache

2018-04-26 13:10 GMT-07:00 Matthias Schiffer <mschif...@universe-factory.net>: > On 04/26/2018 09:22 PM, Etienne Champetier wrote: >> Hi Matthias, >> >> 2018-04-26 11:43 GMT-07:00 LEDE Commits <lede-comm...@lists.infradead.org>: >>> neoraider pushed a

Re: [LEDE-DEV] Ubnt Bullet M2 flashing ?

il 18, 2018 5:20:10 PM > Subject: Re: [LEDE-DEV] Ubnt Bullet M2 flashing ? > > I have not been able to figure out a way to do it. > > > On 04/18/2018 02:14 PM, Etienne Champetier wrote: >> Hi All, >> >> Is it still possible to flash latest ubnt bullet m2

Re: [LEDE-DEV] [PATCH] build: log time taken by each packages/steps

Hi Florian, 2018-04-04 9:44 GMT-07:00 Florian Fainelli <f.faine...@gmail.com>: > Hi Etienne, > > On 03/30/2018 09:22 PM, Etienne Champetier wrote: >> The idea is to easily get the list of packages taking the most time to build, >> and see if we can improve them > &g

Re: [LEDE-DEV] [PATCH] build: log time taken by each packages/steps

Hi John, 2018-04-29 23:41 GMT-07:00 John Crispin <j...@phrozen.org>: > > > On 31/03/18 06:22, Etienne Champetier wrote: >> >> The idea is to easily get the list of packages taking the most time to >> build, >> and see if we can improve them >> &

[LEDE-DEV] [PATCH v2] build: log time taken by each packages/steps

The idea is to easily get the list of packages taking the most time to build, and see if we can improve them v1: Use SetupHostCommand as recommended by John v2: add space after 'time:', remove useless /usr/bin/time from SetupHostCommand Signed-off-by: Etienne Champetier <champetier.e

Re: [LEDE-DEV] [PATCH] bcm53xx: use iflag=skip_bytes for dd command during sysupgrade

Hi Rafal, 2017-12-23 14:14 GMT-08:00 Rafał Miłecki : > From: Rafał Miłecki > > Since BusyBox 1.25.0 dd command supports iflag=skip_bytes which allows > skipping requested amount of bytes without reducing blocksize. Thanks to > this we can leave default

Re: [LEDE-DEV] [PATCH] bcm53xx: use iflag=skip_bytes for dd command during sysupgrade

Hi Rafal, 2017-12-25 5:18 GMT-08:00 Rafał Miłecki <ra...@milecki.pl>: > On 2017-12-24 00:26, Etienne Champetier wrote: >> >> 2017-12-23 14:14 GMT-08:00 Rafał Miłecki <zaj...@gmail.com>: >>> >>> From: Rafał Miłecki <ra...@milecki.pl> >

[LEDE-DEV] Enable DCO check on Github OpenWrt organisation

Hi All, Could someone enable this https://github.com/integration/dco on the whole OpenWrt github org? (or at least on the packages repo) Thanks Etienne ___ Lede-dev mailing list Lede-dev@lists.infradead.org

Re: [LEDE-DEV] [OpenWrt-Devel] patchwork

Hi All, 2018-01-18 1:30 GMT-08:00 Piotr Dymacz : > Hi, > > On 18.01.2018 09:44, Jo-Philipp Wich wrote: >> >> Hi John, Alex, >> >> I have no problem with closing / autorejecting open tickets in patchwork >> as long as they somehow remain available for future reference. > > > ACK.

Re: [LEDE-DEV] AuthSAE for mesh authentication

Hi Bill, https://github.com/openwrt/openwrt/commit/8061c62f5d598fcbc7e08a8cc8728be55d236eab 2018-02-26 11:46 GMT-08:00 Bill Moffitt : > I have downloaded a few recent nightly builds, and AuthSAE seems to be > missing from the packages. > > What happened? How can we get it

Re: [LEDE-DEV] [PATCH] [RFC] build: log time taken by each packages/steps

Hi John, agreed, I was pretty sure there was/is a better way ;) i'll not have any time until next week, so if you or anyone want to implement it please do Regards Etienne 2018-01-22 9:23 GMT+01:00 John Crispin <j...@phrozen.org>: > > > On 21/01/18 00:01, Etienne Champetier wrote:

Re: [LEDE-DEV] Revamping ipcalc.sh

Hi Philippe, 2018-04-05 16:31 GMT-03:00 Philip Prindeville : > Hi all, > > What do people think of (a) rewriting ipcalc.sh to be in C instead, and (b) > allowing it to perform multiple operations either with flags or perhaps with > symlinks and examining

Re: [LEDE-DEV] [PATCH] build: log time taken by each packages/steps

Hi Florian, 2018-04-04 13:44 GMT-03:00 Florian Fainelli <f.faine...@gmail.com>: > Hi Etienne, > > On 03/30/2018 09:22 PM, Etienne Champetier wrote: >> The idea is to easily get the list of packages taking the most time to build, >> and see if we can improve them > &g

[LEDE-DEV] Ubnt Bullet M2 flashing ?

Hi All, Is it still possible to flash latest ubnt bullet m2 with OpenWRT? (AirOS 6.X) Is it possible to downgrade to 5.5.10 from the 6.X versions ? is it still required ? The wiki is not really up to date: https://openwrt.org/toh/ubiquiti/bullet And I've tried to ask on the forum but no luck :(

[LEDE-DEV] [PATCH] build: log time taken by each packages/steps

The idea is to easily get the list of packages taking the most time to build, and see if we can improve them Use SetupHostCommand as recommended by John Signed-off-by: Etienne Champetier <champetier.etie...@gmail.com> --- include/prereq-build.mk | 5 + include/subdir.mk | 1 + 2

Re: [LEDE-DEV] [openwrt/openwrt] ar71xx: Ubiquiti Airmax M: add relocate-kernel to invalidate cache

Hi Matthias, 2018-04-26 11:43 GMT-07:00 LEDE Commits : > neoraider pushed a commit to openwrt/openwrt.git, branch lede-17.01: > https://git.lede-project.org/eed9d40133fe6468cc253d0345c7d7332d2aaa7c > > commit eed9d40133fe6468cc253d0345c7d7332d2aaa7c > Author: