| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Message-Id: <20210709074508.1301617-1-m.tretter@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Copy the following files from busybox 1.33:
* examples/udhcp/simple.script
* examples/udhcp/udhcpd.conf
This teaches the DHCP client to use iproute2 tools instead of the
outdated iputils.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210620173954.5608-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Copy the following files from the ISC DHCP tree:
* client/dhclient.conf.example
* server/dhcpd.conf.example
and comment out all lines, so they serve as examples only and don't
configure any strange things on the target.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210620171046.25968-4-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
systemd service/socket files are now part of rpcbind.
Remote call functionality is now configurable and disabled. Most people
won't use that. It also stops rpcbind from opening up random UDP ports.
See [1].
[1] https://git.linux-nfs.org/?p=steved/rpcbind.git;a=commitdiff;h=2e9c289246c647e25649914bdb0d9400c66f486e
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20210611125538.12935-1-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
| |
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Message-Id: <20210609215336.22744-1-rhi@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
| |
ifupdown can usually be started quite early. There might be some additional
dependencies (e.g. on devices or kernel modules) but these are not formalized
with the default dependencies either. So in this case you have to overwrite
the service for your device anyhow.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Message-Id: <20210315132728.22554-1-u.kleine-koenig@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
When system state is switched using systemctl isolate ssh sessions
usually shouldn't be killed. Make this the default.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Message-Id: <20210305170435.4466-1-u.kleine-koenig@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
| |
It's 2021!
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Message-Id: <20210226092643.165523-1-u.kleine-koenig@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New configure options in 8.2012.0 has been disabled,
except 2 new options:
- atomic-operations is always enabled.
- libsystemd support is {en,dis}abled with RSYSLOG_SYSTEMD.
Removed options are no longer available in configure.
lmstrmsrv does not exist any longer.
According to changelog the gcc 10 compile issues was
fixed in 8.2010.0 and included in this version.
Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
Message-Id: <20210128124111.5290-1-bruno.thomsen@gmail.com>
[mol: add local systemd service. It was removed upstream]
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The parameter is no longer needed.
Avoid this message during boot:
systemd[1]: /usr/lib/systemd/system/tpm2-abrmd.service:12:
Standard output type syslog is obsolete, automatically updating
to journal. Please update your unit file, and consider removing
the setting altogether.
Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
Message-Id: <20210111133724.4644-1-bruno.thomsen@gmail.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
| |
If not set /etc/machine-id will be installed from projectroot (default: empty file).
Signed-off-by: Artur Wiebe <artur@4wiebe.de>
Message-Id: <20201204093024.1785079-1-artur@4wiebe.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
| |
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20201021144149.27886-3-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
The nfs-utils tools are installed into /usr/sbin since the /usr merge.
Fixes: e5068a95a ("nfsutils: /usr merge")
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20201021144149.27886-1-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
| |
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20200924165621.24177-2-bst@pengutronix.de>
[mol: use menuconfig instead of config]
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
| |
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20200924165621.24177-1-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nvmetcli is a program used for viewing, editing, saving, and starting a
Linux kernel NVMe Target, used for an NVMe-over-Fabrics network
configuration. It allows an administrator to export a storage resource
(such as NVMe devices, files, and volumes) to a local block device and
expose them to remote systems based on the NVMe-over-Fabrics
specification from http://www.nvmexpress.org.
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Message-Id: <20200921083057.4074995-2-l.stach@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
| |
instead
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
...instead of relying on a hardcoded list of keytypes.
Some cleanup was performed as well:
* merge key gathering functions
* absence of sshd_config was tested but properly progagated and
therefore not properly handled.
Tested with sed implementations of busybox-1.31.1, toybox-0.8.3 and GNU.
Signed-off-by: Christian Hermann <christian.hermann@hytera.de>
Message-Id: <20200821112902.17281-2-christian.hermann@hytera.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
| |
The variable $_type does not exist, so $prettykeytype is always empty.
And 'tr' may not be available. It's just the debug output, so use the
lowercase key type to avoid any problem.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a (very) minor optimisation. There is no semantical change as
the fixed list of possible filenames doesn't contain anything that has a
different meaning when interpreted as a regex, still I consider it
better style to interpret the filename as a fixed string to match.
Both busybox and the "big" grep support -F unconditionally so there is
no problem in using -F.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Message-Id: <20200808083456.26483-2-u.kleine-koenig@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
The create_keys() function passed the key type three times. Now it's
only passed once.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Message-Id: <20200808083456.26483-1-u.kleine-koenig@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have seen that, if the first boot runs under a testsuite that powers
the board off after rc-once is finished, data hasn't found its way to
the medium. This has been observed to result in an empty ssh key.
Adding a sync helps.
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
Message-Id: <20200810101713.247725-1-r.schwebel@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
| |
License checksum changed as '(c)' was removed from text, no
changes otherwise.
Also remove vanished options and modify systemd service files
to expect gpsd socket in /run.
Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
Message-Id: <20200807153000.GA2625913@lenoch>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By using DefaultDependencies=no the system can accept ssh connections
earlier. This makes it possible to debug problems during startup.
This means that tmpfiles.d cannot be used to create the privilege
separation directory. So create it as RuntimeDirectory instead.
As a side effect, this 'fixes' problems with nfsroot: tmpfiles.d refuses to
create /run/sshd if / is not owned by root. This is not checked for
RuntimeDirectory= so creating /run/sshd works here.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
gpsdctl@.service is supposed to call gpsdctl which is not installed
at all. Also fix gpsctl vs gpsdctl confusion.
Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
Message-Id: <20200803142935.GA2907440@lenoch>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
| |
Added chrony user id (UID) to /etc/passwd and
chrony group id (GID) to /etc/group using next
available numbers.
Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
Message-Id: <20200731161141.6155-4-bruno.thomsen@gmail.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
HAProxy consists of a GPL core and GPL modules while exportable include
files are licensed under LGPL.
Some options (e.g. lua, pcre) are not yet configurable, this can be
extended if someone needs them.
A minimalistic config is provided to be able to test it, for everything
else an adjusted config must be installed. As HAProxy's config examples
expect some custom files in /etc/haproxy install_alternative_tree is
used to install custom configuration files and more easily.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20200610120307.28245-1-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the keys provided by the currently active key provider via PKCS#11
instead of key files placed in the platform config directory. In order
to make sure the new mechanics are used after a BSP update the rauc.key
file is no longer allowed to exist in the platformconfig directory.
Note: requires genimage v13 or later and ptx-code-signing-dev 0.4 or
later
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Message-Id: <20200515142641.812-14-bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update and move out of staging. The new version adds compatiblity with
OpenSSL 1.1.x and switches to Python 3.
The AMQP and MongoDB destinations are removed, they were never buildable
without additional packages not available in plain PTXdist. Various
other modules are disabled explicitly to avoid the build
nondeterministically picking up undeclared dependencies.
A simple replacement for the old systemd unit is added, as the new version
only provides an instanced unit which cannot be linked as syslog.service
(which is necessary to use syslog-ng as the default system logger by
enabling ForwardToSyslog in journald.conf).
Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Message-Id: <20200408123232.12718-1-matthias.schiffer@ew.tq-group.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
As projectroot's dnsmasq.conf is copied from example config of
dnsmasq package, let's remove it from projectroot.
Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
Message-Id: <20200316191624.GD16217@lenoch>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
| |
metacopy=on is supported on Linux 4.19+ only. As metacopy is unlikely to
have a significant effect on the /var overlay anyways, simply remove the
option.
Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Message-Id: <20200214103854.2448-1-matthias.schiffer@ew.tq-group.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
| |
Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For devices with no or defective HW RNG, it takes quite long until
the kernel random device is seeded, up to several 10 seconds.
See kernel "random: crng init done" message for this.
As a consequence, anything using /dev/random will block accordingly.
This is even true for "ssh-keygen -l" invocations, which should just
show the fingerprint of a pubkey. Which can be used e.g. to check for
valid keys to be present.
One way to expedite this is to run haveged, of course at the cost of
reduced quality of the random numbers.
But this start has to happen rather early in the boot process.
By default (based upon this (old) haveged package), haveged is started
late as user service in multi-user.target.
So move the start of haveged from multi-user.target to sysinit.target.
Also add a service dependency on after systemd-random-seed.service
(responsible to seed from a stored random pool, if enabled) and
systemd-tmpfiles-setup-dev.service (responsible to setup the dev files).
Comparable is done within Fedora and SuSE.
Signed-off-by: Andreas Pretzsch <apr@cn-eng.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
| |
Signed-off-by: Andreas Pretzsch <apr@cn-eng.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
| |
Signed-off-by: Guillermo Rodriguez <guille.rodriguez@gmail.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
| |
Fix the PTXdist dummy quirk, libinput expects both a match and a quirk
property.
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since iptables-1.8.x the tool complains at run-time if a second instance
holds the shared lock:
Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
If IPv4 and IPv6 is enabled, this concurrent situation can happen and at
the end one of both setups isn't done (first instance wins).
By serializing both service units this concurrent situation cannot occur
and both setups are done as expected.
Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
| |
When systemd-timesyncd is used, there should be an entry in ntp-units.d.
Otherwise, timedatectl set-ntp sometimes fails with "NTP not supported".
Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
| |
Incorporate upstream changes of exit codes that prevent a restart loop
introduced by 036504e ("tabrmd-init: Give meaning to return values from tabrmd-init.")
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add an option LIBINPUT_QUIRKS to install the input device quirks data.
It is only useful for systems that allow connecting external input
devices, or for systems that are contained in the quirks database.
The size of the quirks database is a bit over 100 KiB.
If the input device quirk database is not installed, install a dummy
quirk file instead, to silence the libinput error message warning about
the missing quirk database.
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
[mol: use menuconfig]
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
| |
Update the dependencies according to the specification in
systemd.offline-updates(7).
Run systemctl in non-blocking mode. Otherwice rc-once will remain active
until the transition is complete.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The explict dependency would be nice because it allows systemd to find any
dependency loops.
However, we want to unmount /run/varoverlayfs at the end and the causes
problems if it is part of local-fs.target. With the latest systemd booting
just stops.
So mount /run/varoverlayfs manually. Also add 'set -e' to abort early
in case mounting fails.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
| |
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of using only one single config file, a drop-in directory is more
useful to support various users of 'logrotate'.
This change still expects the BSP to provide the '/etc/logrotate.d'
directory and the required config files in there.
Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
Reviewed-by: Alexander Dahl <ada@thorsis.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
| |
Allow administrative access to device using sudo.
Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
| |
Allow the mosquitto broker to drop priviledges.
Signed-off-by: Alexander Dahl <ada@thorsis.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
| |
Signed-off-by: Guillermo Rodriguez <guille.rodriguez@gmail.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Having a read-only root filesystem is always a source of pain and trouble.
Many applications and tools expect to be able to store their state or
caching data or at least their logs somewhere in the filesystem.
The '/var' directory tree has a well known structure according to the
"File System Hierarchy Standard" and is used by all carefully designed
programs. Thus, this change provides a way to have this '/var' directory
tree writable, even if the main root filesystem is mounted read-only. It
uses an overlay filesystem and by default a RAM disk to store changed and
added data to this directory tree in a non persistent manner.
Due to the nature of the overlay filesystem the underlaying files from the
main root filesystem can still be accessed.
This approach requires the overlay filesystem support from the Linux
kernel. In order to use it, the feature CONFIG_OVERLAY_FS must be enabled.
The ugly details to establish the required overlaying filesystem are hidden
behind a "mount helper" for a dummy filesystem (here called 'varoverlayfs').
Thus, a BSP can change the overlaying filesystem by providing its own
'run-varoverlay.mount' in order to restrict the default RAM disk
differently or to switch to a different local storage.
The '/etc/fstab' file gets touched in this change, to enable some already
used RAM disks on demand, to gain backward compatibility if no overlay
approach is used.
Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The directory tree in '/var/lib' might not be persistent and thus,
not in sync with the root filesystem. In this case it's required
to store the opkg database at a location which has a fixed
relation to the root filesystem's content it describes.
This change moves the opkg's database to a read-only location in
'/usr/share/opkg', which is then always in sync with the root
filesystem's content.
This changed opkg configuration works since commit
a691341deb33077b9d5ede5fe349ee6b3fb99be1
"ptxd_make_image_extract_xpkg_files: use ptxd_get_alternative to find opkg.conf"
Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|
|
|
|
|
| |
Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
|