[OpenWrt-Devel] [PATCH] ipkg-build: suppress timestamps in gzip headers
When creating control.tar.gz, data.tar.gz and $package.ipk
tar compresses them with default gzip options.
This includes build timestamps in their gzip headers.
By setting the GZIP env variable to -n, gzip no longer embeds
them, which is a step towards reproducibility.
See also [1] for more detailed motivations.
[1]: https://wiki.debian.org/ReproducibleBuilds/About
Signed-off-by: Reiner Herrmann
---
scripts/ipkg-build | 1 +
1 file changed, 1 insertion(+)
diff --git a/scripts/ipkg-build b/scripts/ipkg-build
index c466f28..6787ed4 100755
--- a/scripts/ipkg-build
+++ b/scripts/ipkg-build
@@ -13,6 +13,7 @@ version=1.0
FIND="$(which find)"
FIND="${FIND:-$(which gfind)}"
TAR="${TAR:-$(which tar)}"
+export GZIP="-n"
ipkg_extract_value() {
sed -e "s/^[^:]*:[[:space:]]*//"
--
2.1.4
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 1/2] ipkg-build: use deterministic timestamps in ipk tarballs
As a follow-up to r46026, this commit sets the modification
times of files inside the tarballs to deterministic values.
It uses the date of the last git or svn commit and falls
back to the old behavior if those are not available.
Signed-off-by: Reiner Herrmann
---
scripts/ipkg-build | 17 ++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/scripts/ipkg-build b/scripts/ipkg-build
index 6787ed4..2d41076 100755
--- a/scripts/ipkg-build
+++ b/scripts/ipkg-build
@@ -13,8 +13,19 @@ version=1.0
FIND="$(which find)"
FIND="${FIND:-$(which gfind)}"
TAR="${TAR:-$(which tar)}"
+SVN="$(which svn)"
+GIT="$(which git)"
export GZIP="-n"
+# look up date of last commit
+if [ -d "$TOPDIR/.git" ]; then
+ TIMESTAMP=$($GIT log -1 -s --format=%ci)
+elif [ -d "$TOPDIR/.svn" ]; then
+ TIMESTAMP=$($SVN info "$TOPDIR" | sed -n "s/^Last Changed Date:
\(.*\)/\1/p")
+else
+ TIMESTAMP=$(date)
+fi
+
ipkg_extract_value() {
sed -e "s/^[^:]*:[[:space:]]*//"
}
@@ -128,20 +139,20 @@ mkdir $tmp_dir
echo $CONTROL > $tmp_dir/tarX
# Preserve permissions (-p) when creating data.tar.gz as non-root user
-( cd $pkg_dir && $TAR $ogargs -X $tmp_dir/tarX --format=gnu -czpf
$tmp_dir/data.tar.gz . )
+( cd $pkg_dir && $TAR $ogargs -X $tmp_dir/tarX --format=gnu -czpf
$tmp_dir/data.tar.gz --mtime="$TIMESTAMP" . )
installed_size=`stat -c "%s" $tmp_dir/data.tar.gz`
sed -i -e "s/^Installed-Size: .*/Installed-Size: $installed_size/" \
$pkg_dir/$CONTROL/control
-( cd $pkg_dir/$CONTROL && $TAR $ogargs --format=gnu -czf
$tmp_dir/control.tar.gz . )
+( cd $pkg_dir/$CONTROL && $TAR $ogargs --format=gnu -czf
$tmp_dir/control.tar.gz --mtime="$TIMESTAMP" . )
rm $tmp_dir/tarX
echo "2.0" > $tmp_dir/debian-binary
pkg_file=$dest_dir/${pkg}_${version}_${arch}.ipk
rm -f $pkg_file
-( cd $tmp_dir && $TAR --format=gnu -zcf $pkg_file ./debian-binary
./data.tar.gz ./control.tar.gz )
+( cd $tmp_dir && $TAR --format=gnu -zcf $pkg_file --mtime="$TIMESTAMP"
./debian-binary ./data.tar.gz ./control.tar.gz )
rm $tmp_dir/debian-binary $tmp_dir/data.tar.gz $tmp_dir/control.tar.gz
rmdir $tmp_dir
--
2.1.4
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 2/2] Prevent more gzip timestamps
To improve reproducibility, prevent the inclusion of timestamps in the gzip header. Signed-off-by: Reiner Herrmann --- docs/adding.tex| 2 +- include/image.mk | 2 +- package/Makefile | 2 +- target/imagebuilder/files/Makefile | 2 +- target/linux/adm5120/image/router_le.mk| 2 +- target/linux/adm8668/image/Makefile| 2 +- target/linux/ar71xx/image/Makefile | 6 +++--- target/linux/ath25/image/Makefile | 2 +- target/linux/brcm63xx/image/Makefile | 2 +- target/linux/generic/files/crypto/ocf/Makefile | 2 +- target/linux/ipq806x/image/Makefile| 2 +- target/linux/malta/image/Makefile | 2 +- target/linux/x86/image/Makefile| 4 ++-- target/linux/xburst/image/Makefile | 2 +- 14 files changed, 17 insertions(+), 17 deletions(-) diff --git a/docs/adding.tex b/docs/adding.tex index 97547ac..7b80c0d 100644 --- a/docs/adding.tex +++ b/docs/adding.tex @@ -556,7 +556,7 @@ include $(INCLUDE_DIR)/image.mk define Image/BuildKernel cp $(KDIR)/vmlinux.elf $(BIN_DIR)/openwrt-$(BOARD)-vmlinux.elf -gzip -9 -c $(KDIR)/vmlinux > $(KDIR)/vmlinux.bin.gz +gzip -9n -c $(KDIR)/vmlinux > $(KDIR)/vmlinux.bin.gz $(STAGING_DIR_HOST)/bin/lzma e $(KDIR)/vmlinux $(KDIR)/vmlinux.bin.l7 dd if=$(KDIR)/vmlinux.bin.l7 of=$(BIN_DIR)/openwrt-$(BOARD)-vmlinux.lzma bs=65536 conv=sync dd if=$(KDIR)/vmlinux.bin.gz of=$(BIN_DIR)/openwrt-$(BOARD)-vmlinux.gz bs=65536 conv=sync diff --git a/include/image.mk b/include/image.mk index 814e7dc..6767e76 100644 --- a/include/image.mk +++ b/include/image.mk @@ -224,7 +224,7 @@ ifneq ($(CONFIG_TARGET_ROOTFS_UBIFS),) endif define Image/mkfs/cpiogz - ( cd $(TARGET_DIR); find . | cpio -o -H newc | gzip -9 >$(BIN_DIR)/$(IMG_PREFIX)-rootfs.cpio.gz ) + ( cd $(TARGET_DIR); find . | cpio -o -H newc | gzip -9n >$(BIN_DIR)/$(IMG_PREFIX)-rootfs.cpio.gz ) endef define Image/mkfs/targz diff --git a/package/Makefile b/package/Makefile index 3ef34b1..cc691b5 100644 --- a/package/Makefile +++ b/package/Makefile @@ -149,7 +149,7 @@ $(curdir)/index: FORCE mkdir -p $(PACKAGE_DIR)/$$d; \ cd $(PACKAGE_DIR)/$$d || continue; \ $(SCRIPT_DIR)/ipkg-make-index.sh . 2>&1 > Packages && \ - gzip -9c Packages > Packages.gz; \ + gzip -9nc Packages > Packages.gz; \ ); done ifdef CONFIG_SIGNED_PACKAGES @echo Signing package index... diff --git a/target/imagebuilder/files/Makefile b/target/imagebuilder/files/Makefile index e28660f..8f25c4a 100644 --- a/target/imagebuilder/files/Makefile +++ b/target/imagebuilder/files/Makefile @@ -121,7 +121,7 @@ package_index: FORCE @echo Building package index... @mkdir -p $(TMP_DIR) $(TARGET_DIR)/tmp (cd $(PACKAGE_DIR); $(SCRIPT_DIR)/ipkg-make-index.sh . > Packages && \ - gzip -9c Packages > Packages.gz \ + gzip -9nc Packages > Packages.gz \ ) >/dev/null 2>/dev/null $(OPKG) update || true diff --git a/target/linux/adm5120/image/router_le.mk b/target/linux/adm5120/image/router_le.mk index 6df6dcd..1e3d7f7 100644 --- a/target/linux/adm5120/image/router_le.mk +++ b/target/linux/adm5120/image/router_le.mk @@ -72,7 +72,7 @@ define Image/Build/Cellvision $(call Image/Build/Loader,$(2),bin,0x8050,0x6D8,y,$(3)) mkdir -p $(BIN_DIR)/tmp cp $(KDIR)/loader-$(2).bin $(BIN_DIR)/tmp/vmlinux.bin - gzip -9 $(BIN_DIR)/tmp/vmlinux.bin + gzip -9n $(BIN_DIR)/tmp/vmlinux.bin dd if=$(BIN_DIR)/tmp/vmlinux.bin.gz of=$(call imgname,$(1),$(2))-xmodem.bin bs=64k conv=sync rm -rf $(BIN_DIR)/tmp $(call Image/Build/TRXNoloader,$(call imgname,$(1),$(2)).trx,$(1)) diff --git a/target/linux/adm8668/image/Makefile b/target/linux/adm8668/image/Makefile index 9e25224..597b8f7 100644 --- a/target/linux/adm8668/image/Makefile +++ b/target/linux/adm8668/image/Makefile @@ -16,7 +16,7 @@ endef define CompressGzip - gzip -9 -c $(1) > $(2) + gzip -9n -c $(1) > $(2) endef define MkImage diff --git a/target/linux/ar71xx/image/Makefile b/target/linux/ar71xx/image/Makefile index 0351310..c8cf301 100644 --- a/target/linux/ar71xx/image/Makefile +++ b/target/linux/ar71xx/image/Makefile @@ -985,7 +985,7 @@ endef define PatchKernelGzip cp $(KDIR)/vmlinux$(3) $(KDIR_TMP)/vmlinux$(3)-$(1) $(STAGING_DIR_HOST)/bin/patch-cmdline $(KDIR_TMP)/vmlinux$(3)-$(1) "$(strip $(2))" - gzip -9 -c $(KDIR_TMP)/vmlinux$(3)-$(1) > $(KDIR_TMP)/vmlinux$(3)-$(1).bin.gz + gzip -9n -c $(KDIR_TMP)/vmlinux$(3)-$(1) > $(KDIR_TMP)/vmlinux$(3)-$(1).bin.gz endef ifneq ($(SUBTARGET),mikrotik) @@ -2224,10 +2224,10 @@ defi
Re: [OpenWrt-Devel] [PATCH 2/2] Prevent more gzip timestamps
On Sun, Jul 12, 2015 at 12:06:01PM -0700, Florian Fainelli wrote: > 2015-07-12 9:41 GMT-07:00 Reiner Herrmann : > > To improve reproducibility, prevent the inclusion of timestamps > > in the gzip header. > > This looks fine to me, this also unveils a lot of repetition in how we > invoke gzip and its parameters, would you mind factoring this in a > variable such that we control how gzip options are set globally? > Eventually someone will want to be able to turn back on timestamps and > original names in how gzip generates compressed files, and we might as > well have a single location to fix this. The commands that are currently available in variables are named just in uppercase (FIND, TAR, etc.). But gzip also interprets the variable GZIP to parse additional options, so naming the variable for the command also GZIP will probably cause problems. Or would it be better to just globally export GZIP with the default parameters (which would then differ from the currents semantics of having the command inside the variable)? signature.asc Description: Digital signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] uci: invalid reads/writes found by valgrind
Hi,
valgrind found some invalid reads/writes when updating sections (see below).
The problem seems to be in list.c, where sections are updated:
} else if (ptr->s && ptr->section) { /* update section */
char *s = uci_strdup(ctx, ptr->value);
if (ptr->s->type == uci_dataptr(ptr->s)) {
ptr->last = NULL;
ptr->last = uci_realloc(ctx, ptr->s,
sizeof(struct uci_section));
ptr->s = uci_to_section(ptr->last);
uci_list_fixup(&ptr->s->e.list);
} else {
free(ptr->s->type);
}
ptr->s->type = s;
}
I don't completely understand what is happening in the if block.
Isn't ptr->s->type always uci_dataptr(ptr->s)?
Using uci_free_section + uci_alloc_section instead of an uci_realloc
seems to prevent the invalid accesses, but this of course has other
problems (options from the section are also freed).
Can someone explain what this block is supposed to do (e.g. why is a
fixup required)?
$ valgrind uci set system.ntp=timeserver
==4113== Memcheck, a memory error detector
[...]
==4113== Invalid read of size 8
==4113==at 0x4E38565: uci_free_section (list.c:210)
==4113==by 0x4E386AA: uci_free_package (list.c:243)
==4113==by 0x4E38CE0: uci_free_context (libuci.c:84)
==4113==by 0x4016C4: main (cli.c:774)
==4113== Address 0x55ee7b0 is 32 bytes inside a block of size 83 free'd
==4113==at 0x4C2BDDF: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113==by 0x4E3B58B: uci_realloc (util.c:49)
==4113==by 0x4E39DE5: uci_set (list.c:708)
==4113==by 0x4022A8: uci_do_section_cmd (cli.c:514)
==4113==by 0x4022A8: uci_cmd (cli.c:669)
==4113==by 0x401694: main (cli.c:767)
==4113== Block was alloc'd at
==4113==at 0x4C29C0F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113==by 0x4E3B555: uci_malloc (util.c:39)
==4113==by 0x4E382AB: uci_alloc_generic (list.c:47)
==4113==by 0x4E383B7: uci_alloc_section (list.c:191)
==4113==by 0x4E39D33: uci_set (list.c:694)
==4113==by 0x4E3AECA: uci_parse_config (file.c:451)
==4113==by 0x4E3AECA: uci_parse_line (file.c:521)
==4113==by 0x4E3AECA: uci_import (file.c:683)
==4113==by 0x4E3B4C1: uci_file_load (file.c:910)
==4113==by 0x4E390C7: uci_load (libuci.c:216)
==4113==by 0x4E391EC: uci_lookup_ptr (list.c:391)
==4113==by 0x40220B: uci_do_section_cmd (cli.c:477)
==4113==by 0x40220B: uci_cmd (cli.c:669)
==4113==by 0x401694: main (cli.c:767)
==4113==
==4113== Invalid read of size 4
==4113==at 0x4E38506: uci_free_option (list.c:97)
==4113==by 0x4E38571: uci_free_section (list.c:211)
==4113==by 0x4E386AA: uci_free_package (list.c:243)
==4113==by 0x4E38CE0: uci_free_context (libuci.c:84)
==4113==by 0x4016C4: main (cli.c:774)
==4113== Address 0x55ee7d8 is 72 bytes inside a block of size 83 free'd
==4113==at 0x4C2BDDF: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113==by 0x4E3B58B: uci_realloc (util.c:49)
==4113==by 0x4E39DE5: uci_set (list.c:708)
==4113==by 0x4022A8: uci_do_section_cmd (cli.c:514)
==4113==by 0x4022A8: uci_cmd (cli.c:669)
==4113==by 0x401694: main (cli.c:767)
==4113== Block was alloc'd at
==4113==at 0x4C29C0F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113==by 0x4E3B555: uci_malloc (util.c:39)
==4113==by 0x4E382AB: uci_alloc_generic (list.c:47)
==4113==by 0x4E383B7: uci_alloc_section (list.c:191)
==4113==by 0x4E39D33: uci_set (list.c:694)
==4113==by 0x4E3AECA: uci_parse_config (file.c:451)
==4113==by 0x4E3AECA: uci_parse_line (file.c:521)
==4113==by 0x4E3AECA: uci_import (file.c:683)
==4113==by 0x4E3B4C1: uci_file_load (file.c:910)
==4113==by 0x4E390C7: uci_load (libuci.c:216)
==4113==by 0x4E391EC: uci_lookup_ptr (list.c:391)
==4113==by 0x40220B: uci_do_section_cmd (cli.c:477)
==4113==by 0x40220B: uci_cmd (cli.c:669)
==4113==by 0x401694: main (cli.c:767)
==4113==
==4113== Invalid read of size 8
==4113==at 0x4E384DD: uci_free_element (list.c:69)
==4113==by 0x4E38571: uci_free_section (list.c:211)
==4113==by 0x4E386AA: uci_free_package (list.c:243)
==4113==by 0x4E38CE0: uci_free_context (libuci.c:84)
==4113==by 0x4016C4: main (cli.c:774)
==4113== Address 0x55ee7c8 is 56 bytes inside a block of size 83 free'd
==4113==at 0x4C2BDDF: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113==by 0x4E3B58B: uci_realloc (util.c:49)
==4113==by 0x4E39DE5: uci_set (list.c:708)
==4113==by 0x4022A8: uci_do_section_cmd (cli.c:514)
==4113==by 0x4022A8: uci_cmd (cli.c:669)
==4113==by 0x401694: main (cli.c:767)
==4113== Block was alloc'd at
==4113==at 0x4C29C0F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113==
[OpenWrt-Devel] [PATCH] fix remote logging
in r41439 a flag for enabling remote logging was added,
but the actual check was done on a different variable.
Signed-off-by: Reiner Herrmann
---
package/system/ubox/files/log.init | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/system/ubox/files/log.init
b/package/system/ubox/files/log.init
index a4d57e2..be38297 100644
--- a/package/system/ubox/files/log.init
+++ b/package/system/ubox/files/log.init
@@ -71,7 +71,7 @@ start_service_remote()
echo "validation failed"
return 1
}
- [ "${log_enable}" -ne 0 ] || return
+ [ "${log_remote}" -ne 0 ] || return
[ -z "${log_ip}" ] && return
procd_open_instance
--
2.0.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] hostapd: read missing parameter for dynamic VLANs
In r41872 Dynamic VLAN support was reintroduced, but the vlan_naming
parameter is not read while setting up the config, so it always
defaults to 1.
Signed-off-by: Reiner Herrmann
---
package/network/services/hostapd/files/netifd.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/network/services/hostapd/files/netifd.sh
b/package/network/services/hostapd/files/netifd.sh
index 30d12e9..7e909a7 100644
--- a/package/network/services/hostapd/files/netifd.sh
+++ b/package/network/services/hostapd/files/netifd.sh
@@ -219,7 +219,7 @@ hostapd_set_bss_options() {
dae_client dae_secret dae_port \
nasid iapp_interface ownip \
eap_reauth_period dynamic_vlan \
- vlan_tagged_interface
+ vlan_naming vlan_tagged_interface
# legacy compatibility
[ -n "$auth_server" ] || json_get_var auth_server server
--
2.1.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] [packages] dropbear: update to 2013.62
support ecdsa and refresh patches
Signed-off-by: Reiner Herrmann
---
package/network/services/dropbear/Makefile | 8 +---
.../network/services/dropbear/files/dropbear.init | 11 +++
.../services/dropbear/patches/100-pubkey_path.patch | 4 ++--
.../services/dropbear/patches/110-change_user.patch | 2 +-
.../dropbear/patches/120-openwrt_options.patch | 21 ++---
.../dropbear/patches/140-disable_assert.patch | 2 +-
.../dropbear/patches/150-dbconvert_standalone.patch | 6 +++---
.../dropbear/patches/200-lcrypt_bsdfix.patch| 8
.../dropbear/patches/500-set-default-path.patch | 2 +-
9 files changed, 30 insertions(+), 34 deletions(-)
diff --git a/package/network/services/dropbear/Makefile
b/package/network/services/dropbear/Makefile
index 02be761..04dd8b9 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -8,14 +8,14 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dropbear
-PKG_VERSION:=2013.59
+PKG_VERSION:=2013.62
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:= \
http://matt.ucc.asn.au/dropbear/releases/ \
https://dropbear.nl/mirror/releases/
-PKG_MD5SUM:=6c1e6c2c297f4034488ffc95e8b7e6e9
+PKG_MD5SUM:=ca2c7932a1399cf361f795aaa3843998
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
@@ -41,7 +41,8 @@ endef
define Package/dropbear/conffiles
/etc/dropbear/dropbear_rsa_host_key
-/etc/dropbear/dropbear_dss_host_key
+/etc/dropbear/dropbear_dss_host_key
+/etc/dropbear/dropbear_ecdsa_host_key
/etc/config/dropbear
endef
@@ -98,6 +99,7 @@ define Package/dropbear/install
$(INSTALL_DIR) $(1)/etc/dropbear
touch $(1)/etc/dropbear/dropbear_rsa_host_key
touch $(1)/etc/dropbear/dropbear_dss_host_key
+ touch $(1)/etc/dropbear/dropbear_ecdsa_host_key
endef
define Package/dropbearconvert/install
diff --git a/package/network/services/dropbear/files/dropbear.init
b/package/network/services/dropbear/files/dropbear.init
index ebef526..a2fedcd 100755
--- a/package/network/services/dropbear/files/dropbear.init
+++ b/package/network/services/dropbear/files/dropbear.init
@@ -43,6 +43,7 @@ validate_section_dropbear()
'RootLogin:bool:1' \
'rsakeyfile:file' \
'dsskeyfile:file' \
+ 'ecdsakeyfile:file' \
'BannerFile:file' \
'Port:list(port):22'
return $?
@@ -52,7 +53,7 @@ dropbear_instance()
{
local PasswordAuth enable Interface GatewayPorts \
RootPasswordAuth RootLogin rsakeyfile \
- dsskeyfile BannerFile Port
+ dsskeyfile ecdsakeyfile BannerFile Port
validate_section_dropbear "${1}" || {
echo "validation failed"
@@ -70,7 +71,8 @@ dropbear_instance()
[ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g
[ "${RootLogin}" -eq 0 ] && procd_append_param command -w
[ -n "${rsakeyfile}" ] && procd_append_param command -r "${rsakeyfile}"
- [ -n "${dsskeyfile}" ] && procd_append_param command -d "${dsskeyfile}"
+ [ -n "${dsskeyfile}" ] && procd_append_param command -r "${dsskeyfile}"
+ [ -n "${ecdsakeyfile}" ] && procd_append_param command -r
"${ecdsakeyfile}"
[ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}"
[ -n "${interface}" ] && network_get_device interface "${interface}"
append_ports "${interface}" "${Port}"
@@ -79,7 +81,7 @@ dropbear_instance()
keygen()
{
- for keytype in rsa dss; do
+ for keytype in rsa dss ecdsa; do
# check for keys
key=dropbear/dropbear_${keytype}_host_key
[ -f /tmp/$key -o -s /etc/$key ] || {
@@ -103,7 +105,8 @@ keygen()
start_service()
{
[ -s /etc/dropbear/dropbear_rsa_host_key -a \
- -s /etc/dropbear/dropbear_dss_host_key ] || keygen
+ -s /etc/dropbear/dropbear_dss_host_key -a \
+ -s /etc/dropbear/dropbear_ecdsa_host_key ] || keygen
. /lib/functions.sh
. /lib/functions/network.sh
diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch
b/package/network/services/dropbear/patches/100-pubkey_path.patch
index c1802f5..456874b 100644
--- a/package/network/services/dropbear/patches/100-pubkey_path.patch
+++ b/package/network/services/dropbear/patches/100-pubkey_path.patch
@@ -1,6 +1,6 @@
--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
-@@ -209,17 +209,21 @@ static int checkpubkey(unsigned char* al
+@@ -208,17 +208,21 @@ static int checkpubkey(
Re: [OpenWrt-Devel] [PATCH] [packages] dropbear: update to 2013.62
On Fri, Jan 31, 2014 at 01:22:32PM +0100, Jo-Philipp Wich wrote: > whats the size increase of the dropbear package? 2013.59: 80789 bytes 2013.62: 98661 bytes So the increase is about 18 kB. signature.asc Description: Digital signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 2/2] ubox: allow limiting of logs to specified priority
Syslogd from busybox allows logging of only the messages that have a
higher severity (i.e. lower value) than a specified limit.
This patch adds the same functionality to logread.
As -l is already used by logread, I chose -n.
Signed-off-by: Reiner Herrmann
---
log/logread.c | 23 +++
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/log/logread.c b/log/logread.c
index f677b44..6b14e1c 100644
--- a/log/logread.c
+++ b/log/logread.c
@@ -59,7 +59,7 @@ static struct uloop_timeout retry;
static struct uloop_fd sender;
static const char *log_file, *log_ip, *log_port, *log_prefix, *pid_file,
*hostname;
static int log_type = LOG_STDOUT;
-static int log_size, log_udp;
+static int log_size, log_udp, log_level=8;
static const char* getcodetext(int value, CODE *codetable) {
CODE *i;
@@ -134,11 +134,16 @@ static int log_notify(struct ubus_context *ctx, struct
ubus_object *obj,
}
}
+ p = blobmsg_get_u32(tb[LOG_PRIO]);
+ if (LOG_PRI(p) >= log_level)
+ return 0;
+
t = blobmsg_get_u64(tb[LOG_TIME]) / 1000;
c = ctime(&t);
- p = blobmsg_get_u32(tb[LOG_PRIO]);
c[strlen(c) - 1] = '\0';
str = blobmsg_format_json(msg, true);
+
+
if (log_type == LOG_NET) {
int err;
@@ -266,8 +271,11 @@ static void read_cb(struct ubus_request *req, int type,
struct blob_attr *msg)
if (!tb[LOG_MSG] || !tb[LOG_ID] || !tb[LOG_PRIO] ||
!tb[LOG_SOURCE] || !tb[LOG_TIME])
continue;
- t = blobmsg_get_u64(tb[LOG_TIME]);
p = blobmsg_get_u32(tb[LOG_PRIO]);
+ if (LOG_PRI(p) >= log_level)
+ continue;
+
+ t = blobmsg_get_u64(tb[LOG_TIME]);
c = ctime(&t);
c[strlen(c) - 1] = '\0';
@@ -292,6 +300,7 @@ static int usage(const char *prog)
"-P Prefix custom text to streamed
messages\n"
"-f Follow log messages\n"
"-u Use UDP as the protocol\n"
+ "-n Read only messages more urgent than
'level' (1-8)\n"
"\n", prog);
return 1;
}
@@ -305,7 +314,7 @@ int main(int argc, char **argv)
static struct blob_buf b;
int retry = 5;
- while ((ch = getopt(argc, argv, "ufs:l:r:F:p:S:P:h:")) != -1) {
+ while ((ch = getopt(argc, argv, "ufs:l:r:F:p:S:P:h:n:")) != -1) {
switch (ch) {
case 'u':
log_udp = 1;
@@ -341,6 +350,12 @@ int main(int argc, char **argv)
case 'h':
hostname = optarg;
break;
+ case 'n':
+ log_level = atoi(optarg);
+ if (log_level < 1 || log_level > 8)
+ log_level = 8;
+
+ break;
default:
return usage(*argv);
}
--
1.9.0.rc3
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 1/2] ubox: remove unused logread parameter
Signed-off-by: Reiner Herrmann
---
log/logread.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/log/logread.c b/log/logread.c
index 8c9fda8..f677b44 100644
--- a/log/logread.c
+++ b/log/logread.c
@@ -305,7 +305,7 @@ int main(int argc, char **argv)
static struct blob_buf b;
int retry = 5;
- while ((ch = getopt(argc, argv, "ufcs:l:r:F:p:S:P:h:")) != -1) {
+ while ((ch = getopt(argc, argv, "ufs:l:r:F:p:S:P:h:")) != -1) {
switch (ch) {
case 'u':
log_udp = 1;
--
1.9.0.rc3
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] dropbear: make missing variables local
Signed-off-by: Reiner Herrmann
---
package/network/services/dropbear/files/dropbear.init | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/network/services/dropbear/files/dropbear.init
b/package/network/services/dropbear/files/dropbear.init
index 19aab36..5206426 100755
--- a/package/network/services/dropbear/files/dropbear.init
+++ b/package/network/services/dropbear/files/dropbear.init
@@ -54,7 +54,7 @@ dropbear_instance()
{
local PasswordAuth enable Interface GatewayPorts \
RootPasswordAuth RootLogin rsakeyfile \
- dsskeyfile BannerFile Port
+ dsskeyfile BannerFile Port SSHKeepAlive IdleTimeout
validate_section_dropbear "${1}" || {
echo "validation failed"
--
2.0.0.rc0
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] reset ht_capab for each device
... or else "option htmode" is added multiple times to
the second and following device sections.
Signed-off-by: Reiner Herrmann
---
package/kernel/mac80211/files/lib/wifi/mac80211.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/kernel/mac80211/files/lib/wifi/mac80211.sh
b/package/kernel/mac80211/files/lib/wifi/mac80211.sh
index 03f2d2c..706b0ee 100644
--- a/package/kernel/mac80211/files/lib/wifi/mac80211.sh
+++ b/package/kernel/mac80211/files/lib/wifi/mac80211.sh
@@ -69,6 +69,7 @@ detect_mac80211() {
mode_band="g"
channel="11"
htmode=""
+ ht_capab=""
iw phy "$dev" info | grep -q 'Capabilities:' && htmode=HT20
iw phy "$dev" info | grep -q '2412 MHz' || { mode_band="a";
channel="36"; }
--
2.0.0.rc0
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] hostapd: replace undefined $bridge with $network_bridge
Signed-off-by: Reiner Herrmann
---
package/network/services/hostapd/files/netifd.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/network/services/hostapd/files/netifd.sh
b/package/network/services/hostapd/files/netifd.sh
index 1cc5713..a36a069 100644
--- a/package/network/services/hostapd/files/netifd.sh
+++ b/package/network/services/hostapd/files/netifd.sh
@@ -276,7 +276,7 @@ hostapd_set_bss_options() {
wps_state=2
[ -n "$wps_configured" ] && wps_state=1
- [ "$ext_registrar" -gt 0 -a -n "$bridge" ] && append bss_conf
"upnp_iface=$bridge" "$N"
+ [ "$ext_registrar" -gt 0 -a -n "$network_bridge" ] && append
bss_conf "upnp_iface=$network_bridge" "$N"
append bss_conf "eap_server=1" "$N"
append bss_conf "ap_pin=$wps_pin" "$N"
@@ -297,10 +297,10 @@ hostapd_set_bss_options() {
}
if [ "$wpa" -ge "2" ]; then
- if [ -n "$bridge" -a "$rsn_preauth" = 1 ]; then
+ if [ -n "$network_bridge" -a "$rsn_preauth" = 1 ]; then
set_default auth_cache 1
append bss_conf "rsn_preauth=1" "$N"
- append bss_conf "rsn_preauth_interfaces=$bridge" "$N"
+ append bss_conf
"rsn_preauth_interfaces=$network_bridge" "$N"
else
set_default auth_cache 0
fi
--
2.0.0
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] hostapd: move reading of rsn_preauth out of auth_type=eap context
rsn_preauth is used outside of "case $auth_type", so if it is set
for an EAP-enabled SSID, it would also be set for the following
non-EAP-enabled SSIDs, because it would not be read again.
Signed-off-by: Reiner Herrmann
---
package/network/services/hostapd/files/netifd.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/network/services/hostapd/files/netifd.sh
b/package/network/services/hostapd/files/netifd.sh
index a36a069..8b5e731 100644
--- a/package/network/services/hostapd/files/netifd.sh
+++ b/package/network/services/hostapd/files/netifd.sh
@@ -152,7 +152,7 @@ hostapd_set_bss_options() {
maxassoc max_inactivity disassoc_low_ack isolate auth_cache \
wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 \
wps_device_type wps_device_name wps_manufacturer wps_pin \
- macfilter ssid wmm hidden short_preamble
+ macfilter ssid wmm hidden short_preamble rsn_preauth
set_default isolate 0
set_default maxassoc 0
@@ -208,8 +208,8 @@ hostapd_set_bss_options() {
auth_server auth_secret auth_port \
acct_server acct_secret acct_port \
dae_client dae_secret dae_port \
- nasid rsn_preauth iapp_interface \
- ownip eap_reauth_period
+ nasid iapp_interface ownip \
+ eap_reauth_period
# legacy compatibility
[ -n "$auth_server" ] || json_get_var auth_server server
--
2.0.0
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
