Sysupgrade process shouldn't continue if the firmware image couldn't be
downloaded.
Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020940.html
Reported-by: Petr Novák <petrn@me.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit cf3da66d2ce11a30ae2993b56276ade10c9bddb9)
The factory uboot of the Turris Omnia boots with "root=b301", and we
instruct new users to sysupgrade from there (e.g. method 1, step 7).
Currently, this will fail with "Unable to determine upgrade device".
Add a new case to export_bootdevice, which parses the hex argument.
Ref: https://github.com/openwrt/openwrt/pull/2340#issuecomment-561317688
Fixes: 2e5a0b81ec ("mvebu: sysupgrade: sdcard: keep user added partitons")
Reviewed-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 3a4f587c465a0531b820ca1a3e90eb05c4927b68)
netifd does not handle network.@device[x].name properly if it
contains multiple ifaces separated by spaces. Due to this, board.d
lan_mac setup does not work if multiple ifaces are set to LAN by
ucidef_set_interface_lan.
To fix this, create a device node for each member iface when
running config_generate instead. Those are named based on the
member ifname:
ucidef_set_interface_lan "eth0 eth1.1"
ucidef_set_interface_macaddr "lan" "yy:yy:yy:yy:yy:01"
will return
config device 'lan_eth0_dev'
option name 'eth0'
option macaddr 'yy:yy:yy:yy:yy:01'
config device 'lan_eth1_1_dev'
option name 'eth1.1'
option macaddr 'yy:yy:yy:yy:yy:01'
ref: https://github.com/openwrt/openwrt/pull/2542
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[always use new scheme, extend description, change commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 298814e6be7640d89328de9e7c90d4349e30683f)
Discovered recent changes had broken sysupgrade for ar71xx mikrotik
rb-493g, traced the problem to missing /usr/share/libubox/jshn.sh after
switching to tmpfs.
Signed-off-by: Russell Senior <russell@personaltelco.net>
The actual retrieval of the MAC address in mtd_get_mac_binary_ubi()
is the same as in get_mac_binary(). Thus, use the latter function
in the former to reduce duplicate code.
This will also allow to benefit from the enhanced path check there
and bring mtd_get_mac_binary_ubi() more in line with the similar
mtd_get_mac_binary().
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 45600124fcbd14ece6e289cb59b318ea44c598fe)
Now that $UPGRADE_BACKUP is set conditionally there is no need to check
the $UPGRADE_OPT_SAVE_CONFIG anymore. All conditions can be simplified.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a858db313687ddfa6ed1ddba76bd74844a7b89dc)
This explicitly tells procd what backup file should be used during
sysupgrade (if any). It's much more generic this way compared to the
magic /tmp/sysupgrade.tgz file that had to be created before a call.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c5223b26a40ae61fc7750bf865464048af328ab1)
This allows platform code to check if firmware image can be used with
preserving a backup. It may be used e.g. when installing vendor
firmwares that won't restore appended backup archive.
Suggested-by: Luis Araneda <luaraneda@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1c510fe2980cd787602786e82f44602549d607d4)
It's a variable set by procd that should replace hardcoded
/tmp/sysupgrade.tgz.
This change requires the most recent procd with the commit 0f3c136
("sysupgrade: set UPGRADE_BACKUP env variable").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 641f6b6c26cb9ab5e1198810015e5f4b2b5b34ad)
1) Add BACKUP_FILE and use it when copying an archive to be restored
after sysupgrade (on the next preinit).
2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit bf390478727ac5f4f9d6fb684de48b8150bcec67)
This makes sysupgrade work with the most recent procd that validates
firmware before proceeding.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b71962da16c2e2b93d633d7bde1436b3da2bf740)
So far firmware validation result was binary limited: it was either
successful or not. That meant various limitations, e.g.:
1) Lack of proper feedback on validation problems
2) No way of marking firmware as totally broken (impossible to install)
This change introduces JSON for storing detailed validation info. It
provides a list of performed validation tests and their results. It
allows marking firmware as non-forceable (broken image that can't be
even forced to install).
Example:
{
"tests": {
"fwtool_signature": true,
"fwtool_device_match": true
},
"valid": true,
"forceable": true
}
Implementation is based on *internal* check_image bash script that:
1) Uses existing validation functions
2) Provides helpers for setting extra validation info
This allows e.g. platform_check_image() to call notify_check_broken()
when needed & prevent user from bricking a device.
Right now the new JSON info is used by /sbin/sysupgrade only. It still
doesn't make use of "forceable" as that is planned for later
development.
Further plans for this feature are:
1) Expose firmware validation using some new ubus method
2) Move validation step from /sbin/sysupgrade into "sysupgrade" ubus
method so:
a) It's possible to safely sysupgrade using ubus only
b) /sbin/sysupgrade can be more like just a CLI
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f522047958f99ab7b506ec550f796c0460af1a85)
This explicitly lets stage2 know if partitions should be preserved. No
more "touch /tmp/sysupgrade.always.overwrite.bootdisk.partmap" hack.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b6f4cd57e19a8cfcd9ff52582b65164ce6213c3d)
This explicitly lets stage2 know if config should be preserved.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b534ba96110012d2697d19d71b7dcd60bd4cd375)
Those are not used by any image check function anymore.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 3f4c785a6bbde87296e362c315f10b55c98843e3)
do_upgrade_stage2() isn't really any common code. It isn't used anywhere
except for /sbin/sysupgrade that passes it to the stage2.
Moving its code to separated file also simplifies COMMAND variable.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f7edd94a6588aa6a3e2e7a72410a34392a9fbe78)
With bcm53xx switched to the new procedure there is no more need for
keeping that backward compatibility code.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ea4e1dac71dfa015c0da10e68149478fa25878f9)
Its last usage was dropped back in 2013 in the commit b95bdc8ab5
("kernel/base-files: clean up old code related to refreshing mtd
partitions, it is no longer used anywhere").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f58ca6ee57b77350c69639defdceacb2e77e2249)
Restart is in default implemented so it calls stop and start. This is
pretty unsafe to call on umount service. This service should not do
anything on restart the same way as on start. Only use of this service
is on stop.
Signed-off-by: Karel Kočí <cynerd@email.cz>
(cherry picked from commit 537b801c5490a85a3ef36456b12f064fc6c665a2)
This patch is in a series to allow additional STOP indexes after umount,
so that other block devices may stop cleanly.
boot is now STOP=90
umount is now STOP=90
After this patch series, the resulting STOP indexes in the 80s & 90s
will be:
STOP=85 odhcpd.init
STOP=89 conntrackd.init
STOP=89 log.init
STOP=89 rssileds.init
STOP=90 boot
STOP=90 kdump.init
STOP=90 network
STOP=90 sysfixtime
STOP=90 umount
STOP=98 mdadm.init (note: will be addressed in a separate patch)
Signed-off-by: Joseph Tingiris <joseph.tingiris@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[PKG_RELEASE is now 200]
(cherry picked from commit 04811007e53c5a5bdddbd0a00b330e12a5dbd045)
This is mainly for kmod-br-netfilter. To turn off
bridge-netfilter-call-xxx immediately after installation
While at it
- Define filelist="/usr/lib/opkg/info/${pkgname}.list"
- Reuse "[ -z "$root" ]"
- Grep with "-m1"
Fixes FS#2300
Reported-by: Marco Sartorius <tidbits@ormoorgmen.info>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 3dc4f59eabaed5135cd4eed8d1846248d5f1b37c)
So it's possible to install or remove it as needed.
Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 27bfde9c9f789dbfabebf13047e8b042c27cdeef)
Logic was inverted when changing from string check to file check.
Fix it.
Fixes: 8592602d0a88 ("base-files: Really check path in get_mac_binary")
Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 6ed3349308b24a6bac753643970a1f9f56ff6070)
Currently, path argument is only checked for being not empty.
This changes behavior to actually check whether path exists.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Just stumbled across this LEDE legacy, without finding any real reason
to keep it. There is a single LEDE_DEVICE_MANUFACTURER_URL dependency
in the luci feed repo which needs to be syncronized.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
[re-added missing commit message]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8a34a54b6aa6e9a5e2983d554fd5b97bec97e891)
This patch adds a missing type property which prevented
the creation of oneshot and timer led triggers when they
are specified in the /etc/board.d/01_leds files.
i.e.:
ucidef_set_led_timer "system" "system" "zhuotk:green:system" "1000" "1000"
Fixes: b06a286a48 ("base-files: cleanup led functions in uci-defaults.sh")
Signed-off-by: Robinson Wu <wurobinson@qq.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.
Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
Commit "generic: ar8216: add mib_poll_interval switch attribute" has
added mib_poll_interval global config option and commit "generic:
ar8216: group MIB counters and use two basic ones only by default" has
added mib_type config option.
So this patch adds ucidef_set_ar8xxx_switch_mib helper function which
would allow configuration of the above mentioned new switch config
options.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Recently, upgrade device autodetection has been added to the mvebu target.
This exposes some shortcomings of the generic export_bootdevice function,
e.g. on the Turris Omnia: export_bootdevice silently reports the root
partition to be the boot device. This makes the sysupgrade process fail at
several places.
Fix this by clearly distinguishing between /proc/cmdline arguments which
specify the boot disk, and those which specify the root partition. Only in
the latter case, strip off the partition, and do it consistently.
root=PARTUUID=<pseudo PARTUUID for MBR> (any partition) and root=/dev/*
(any partition) are accepted.
The root of the problem is that the *existing* export_bootdevice in
/lib/upgrade/common.sh behaves differently, if the kernel is booted with
root=/dev/..., or if it is booted with root=PARTUUID=...
In the former case, it reports back major/minor of the root partition,
in the latter case it reports back major/minor of the complete boot disk.
Targets, which boot with root=/dev/... *and* use export_bootdevice /
export_partdevice, have added workarounds to this behaviour, by specifying
*negative* increments to the export_partdevice function.
Consequently, those targets have to be adapted to use positive increments,
otherwise they are broken by the change to export_bootdevice.
Fixes: 4e8345ff68 ("mvebu: base-files: autodetect upgrade device")
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Purpose of these changes is to introduce a hook for post service
shutdown in a similar fashion to the existing hook service_started. I
found it to be useful to specify a hook that is called once the service
has been stopped and not before the service is stopped like the
stop_service hook does.
The concrete use case I have for this is that I'm running a binary that
takes over the hardware watchdog timer. Said binary unfortunately can
not use ubus directly to tell procd to hand over the watchdog timer so
this has to be done in the service file for the binary in question. In
order to support a clean handover of the watchdog timer back to procd,
the service init script has to dispatch the ubus invocation once the
binary in question has been stopped.
Signed-off-by: Arthur Skowronek <ags@digineo.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[added commit message, use the same form as other hooks]
Currently leds migration scripts in ar71xx and lantiq share a lot of
logic and introducing leds migration to another target would mean
copying this code, again. Therefore add common logic to library in
base-files package.
Suggested-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Commit 124ab1dc0a and 5523ee3459 introduced the assignment of the
group "tty" to /dev/tty* devices in order to support unprivileged
user access to serial devices.
However, due to an improperly rebased commit this feature broke.
This patch restores the lost hunk in hotplug.json file to
re-introduce this feature and also renames the existing "tty" group
to "dialout" as this is the more typical name for such a group
on desktop systems.
Fixes: 5209cfa534 ("procd: fix hotplug.json syntax")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>
ucert needs to check the firmware part with metadata, but without the signature.
Use the new fwtool mode to extract that without altering the firmware image inside
the check
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When config_get is called as "config_get section option" the option
is unexpectedly globbed by the shell which differs from the way options
are read to a variable with "config_get variable section option".
Add another layer of double quotes to fix it.
Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
Add support for passing additional parameters to mtd called during
sysupgrade. It will be required to toggle the "recovery moe" flag
supported by recent tp-link boards.
Signed-off-by: David Bauer <mail@david-bauer.net>
[split code from board support patch; add commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
This may be useful if you don't entirely trust your flash and want to be able
to check for corruptions.
Signed-off-by: Michal Hrusecky <Michal@Hrusecky.net>
This adds a wrapper (uci_load_validate) for uci_validate_section() that
allows callers (through a callback function) to access the values set by
uci_validate_section(), without having to manually declare a
(potentially long) list of local variables.
The callback function receives two arguments when called, the config
section name and the return value of uci_validate_section().
If no callback function is given, then the wrapper exits with the value
returned by uci_validate_section().
This also updates several init scripts to use the new wrapper function.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This commit allows to use non-standard UBI volume name as the rootfs
volume in sysupgrade.
ex.:
The U-Boot on Buffalo WXR-2533DHP checks existence and checksum of
"ubi_rootfs" volume when booting, so this name is required.
OpenWrt currently provides several patches:
490-ubi-auto-attach-mtd-device-named-ubi-or-data-on-boot.patch
491-ubi-auto-create-ubiblock-device-for-rootfs.patch
492-try-auto-mounting-ubi0-rootfs-in-init-do_mounts.c.patch
to facilitate ubi rootfs automount. However the upstream kernel
also supports the means of booting from a fully custom ubi
partition name and ubi volume name via bootargs/kernel's cmdline
parameters:
ubi.mtd=mtd_partition_name
ubi.block=rootfs_volume_name
root=/dev/ubiblock$X_$Y
For more information and examples visit the wiki over at linux-mtd:
<http://www.linux-mtd.infradead.org/faq/ubifs.html>
<http://www.linux-mtd.infradead.org/doc/ubi.html>
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [reworded commit]
This file is needed to properly use the tc ematch modules present in
kmod-sched-core and kmod-sched. It is a read-only index file of ematch
methods used only by tc.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
In the upstream netdev led trigger the one mode file was replaced by 3
files named rx, tx and link. Fix the netdev trigger configuration code
to use the modified API.
Fixes: aa3b6a08c5 ("kernel: Replace ledtrig-netdev with upstream backport")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
When '-k' is used, sysupgrade inserts into backup a new file
/etc/backup/installed_packages.txt which contains pkgname and origin (rom,
overlay, unknown) without touching rootfs.
It's mainly used to reinstall all extra packages:
# opkg update
# grep "\toverlay" /etc/backup/installed_packages.txt | cut -f1 | xargs -r opkg install
# rm /etc/backup/installed_packages.txt
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Add sysupgrade '-o' option in order to include all overlay files in
backup, except for those that are from packages but including files
listed in conffiles, sysupgrade.conf or /lib/upgrade/keep.d.
With '-u' option, it will skip files equals to /rom and conffiles that
were not changed.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
With '-u', for a file /aaa/bbb/ccc enlisted for backup,
it will only get into backup if /rom/aaa/bbb/ccc does not
exist or /aaa/bbb/ccc is different from /rom/aaa/bbb/ccc.
It also works with '-c', but only effective for files touched
but not modified.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Renamed add_uci_conffiles to add_conffiles as it includes
any conffiles listed, not only UCI ones.
Make do_save_conffiles arg mandatory
Allow other options after -l (like -c)
Do not use stdout for error messages (fixes backup to stdout)
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
I wanted to add status LEDs support to my imx6 based board and have
found out, that I could use diag.sh script found in ramips platform,
which seems to be also shared in a few other platforms:
4801276bc2078c5bcf03003c831e3b0a target/linux/ramips/base-files/etc/diag.sh
4801276bc2078c5bcf03003c831e3b0a target/linux/ipq40xx/base-files/etc/diag.sh
4801276bc2078c5bcf03003c831e3b0a target/linux/ath79/base-files/etc/diag.sh
So I've extended the base diag.sh in a way, that if it detects any of
the DTS LED aliases, then it would use the generic DTS set_led_state
code.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This reverts commit 41770add03.
The fwtool_check_image() procedure is used by `sysupgrade --test` which must
not alter the image under test in any way.
Currently, when the LuCI ui or any other sysupgrade wrapper first invokes
sysupgrade --test to verify the compatibility of the image and then calculates
the sha256sum over it, the resulting checksum will differ from the original
image since the test invocation will implicitely strip the metadata trailer.
To properly fix the underlying issue, the combined image checksumming code
must be modified to skip the metadata trailer.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>