From bcbf7c6c9fc7d8a96b1d5c4cc9247b85fe3da2ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=81LI=20G=C3=A1bor=20J=C3=A1nos?= Date: Sun, 10 Apr 2022 18:17:21 +0200 Subject: Move towards custom packages. Change the build image process in a way that custom-built packages can be utilized. This means a simpler `Makefile` since every modification is implemented on the level of packages. Include the sources for every customized package. --- aports/base-layout/APKBUILD | 195 ++ aports/base-layout/aliases.conf | 57 + aports/base-layout/crontab | 8 + aports/base-layout/group | 48 + aports/base-layout/inittab | 6 + aports/base-layout/locale.sh | 3 + aports/base-layout/passwd | 27 + aports/base-layout/profile | 45 + ...ault-to-sbin-nologin-as-shell-for-system-.patch | 23 + ...-ash-add-built-in-BB_ASH_VERSION-variable.patch | 83 + ...dd-support-for-ignore-devno-like-GNU-cpio.patch | 88 + ...ddr2str-ensure-only-printable-characters-.patch | 40 + ...ck-ELF-header-before-calling-finit_module.patch | 152 + ...nstall-applet-to-sbin-instead-of-usr-sbin.patch | 27 + ...support-for-matching-against-UID-and-RUID.patch | 138 + .../0001-properly-fix-wget-https-support.patch | 69 + ...1-rev-correct-output-for-long-input-lines.patch | 91 + ...support-for-renumber-inodes-like-GNU-cpio.patch | 129 + ...sck-resolve-LABEL-.-UUID-.-spec-to-device.patch | 56 + ...nitize-all-printed-strings-with-printable.patch | 68 + aports/busybox/0003-ash-exec-busybox.static.patch | 22 + .../0004-app-location-for-cpio-vi-and-lspci.patch | 51 + ...-udhcpc-set-default-discover-retries-to-5.patch | 55 + ...ng-make-ping-work-without-root-privileges.patch | 206 ++ .../0007-fbsplash-support-console-switching.patch | 179 ++ ...pport-image-and-bar-alignment-and-positio.patch | 176 ++ ...upport-generating-kmod-binary-index-files.patch | 507 ++++ ...for-not-following-symlinks-when-recursing.patch | 56 + ...012-udhcpc-Don-t-background-if-n-is-given.patch | 96 + aports/busybox/APKBUILD | 210 ++ aports/busybox/acpid.initd | 14 + aports/busybox/acpid.logrotate | 8 + aports/busybox/config | 1210 ++++++++ aports/busybox/crond.confd | 2 + aports/busybox/crond.initd | 11 + aports/busybox/default.script | 177 ++ aports/busybox/mdev.conf | 134 + aports/busybox/mdev.initd | 39 + aports/busybox/persistent-storage | 68 + aports/busybox/syslog.confd | 1 + aports/busybox/syslog.initd | 14 + aports/busybox/udhcpd.initd | 11 + aports/ifupdown-ng/APKBUILD | 42 + aports/ifupdown-ng/interfaces | 9 + aports/ifupdown-ng/no-examples.patch | 10 + aports/iptables/APKBUILD | 68 + aports/iptables/ip6tables.confd | 14 + aports/iptables/iptables.confd | 4 + aports/iptables/iptables.initd | 135 + aports/iptables/iptables.rules-save | 14 + aports/linux-lts/APKBUILD | 115 + aports/linux-lts/config-lts.x86_64 | 3022 ++++++++++++++++++++ ...in-mkmntdirs-in-localmount-OpenRC-service.patch | 25 + .../0002-fsck-don-t-add-C0-to-busybox-fsck.patch | 35 + ...sysinit-and-boot-as-stacked-levels-when-n.patch | 70 + ...efont-service-compatible-with-busyboxs-se.patch | 70 + ...rly-loading-of-keymap-if-kbd-is-installed.patch | 31 + ...-for-starting-services-in-a-specified-VRF.patch | 101 + ...aticroute-config-remove-irrelevant-parts-.patch | 47 + ...-switch-wipe_tmp-setting-to-no-by-default.patch | 44 + aports/openrc/APKBUILD | 124 + aports/openrc/firstboot.initd | 34 + aports/openrc/hostname.initd | 18 + aports/openrc/hwdrivers.initd | 32 + aports/openrc/machine-id.initd | 17 + aports/openrc/modloop.confd | 6 + aports/openrc/modloop.initd | 153 + aports/openrc/modules.initd | 80 + aports/openrc/networking.initd | 88 + aports/openrc/openrc.logrotate | 4 + aports/openrc/seedrng.patch | 640 +++++ aports/openrc/sysctl.initd | 87 + aports/openrc/sysfsconf.initd | 66 + aports/openrc/test-networking.sh | 65 + aports/socat/APKBUILD | 64 + aports/socat/netdb-internal.patch | 13 + aports/socat/no-extras.patch | 50 + aports/socat/use-linux-headers.patch | 11 + aports/wpa_passthru/APKBUILD | 23 + aports/wpa_passthru/wpa_passthru | 101 + aports/wpa_passthru/wpa_passthru.initd | 12 + aports/wpa_supplicant/APKBUILD | 91 + aports/wpa_supplicant/CVE-2019-16275.patch | 73 + aports/wpa_supplicant/CVE-2021-0326.patch | 37 + aports/wpa_supplicant/CVE-2021-27803.patch | 50 + aports/wpa_supplicant/config | 628 ++++ aports/wpa_supplicant/eloop.patch | 16 + aports/wpa_supplicant/no-tools.patch | 54 + aports/wpa_supplicant/wpa_supplicant.confd | 3 + aports/wpa_supplicant/wpa_supplicant.initd | 79 + 90 files changed, 11175 insertions(+) create mode 100644 aports/base-layout/APKBUILD create mode 100644 aports/base-layout/aliases.conf create mode 100644 aports/base-layout/crontab create mode 100644 aports/base-layout/group create mode 100644 aports/base-layout/inittab create mode 100644 aports/base-layout/locale.sh create mode 100644 aports/base-layout/passwd create mode 100644 aports/base-layout/profile create mode 100644 aports/busybox/0001-adduser-default-to-sbin-nologin-as-shell-for-system-.patch create mode 100644 aports/busybox/0001-ash-add-built-in-BB_ASH_VERSION-variable.patch create mode 100644 aports/busybox/0001-cpio-add-support-for-ignore-devno-like-GNU-cpio.patch create mode 100644 aports/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch create mode 100644 aports/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch create mode 100644 aports/busybox/0001-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch create mode 100644 aports/busybox/0001-pgrep-add-support-for-matching-against-UID-and-RUID.patch create mode 100644 aports/busybox/0001-properly-fix-wget-https-support.patch create mode 100644 aports/busybox/0001-rev-correct-output-for-long-input-lines.patch create mode 100644 aports/busybox/0002-cpio-add-support-for-renumber-inodes-like-GNU-cpio.patch create mode 100644 aports/busybox/0002-fsck-resolve-LABEL-.-UUID-.-spec-to-device.patch create mode 100644 aports/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch create mode 100644 aports/busybox/0003-ash-exec-busybox.static.patch create mode 100644 aports/busybox/0004-app-location-for-cpio-vi-and-lspci.patch create mode 100644 aports/busybox/0005-udhcpc-set-default-discover-retries-to-5.patch create mode 100644 aports/busybox/0006-ping-make-ping-work-without-root-privileges.patch create mode 100644 aports/busybox/0007-fbsplash-support-console-switching.patch create mode 100644 aports/busybox/0008-fbsplash-support-image-and-bar-alignment-and-positio.patch create mode 100644 aports/busybox/0009-depmod-support-generating-kmod-binary-index-files.patch create mode 100644 aports/busybox/0010-Add-flag-for-not-following-symlinks-when-recursing.patch create mode 100644 aports/busybox/0012-udhcpc-Don-t-background-if-n-is-given.patch create mode 100644 aports/busybox/APKBUILD create mode 100644 aports/busybox/acpid.initd create mode 100644 aports/busybox/acpid.logrotate create mode 100644 aports/busybox/config create mode 100644 aports/busybox/crond.confd create mode 100644 aports/busybox/crond.initd create mode 100644 aports/busybox/default.script create mode 100644 aports/busybox/mdev.conf create mode 100644 aports/busybox/mdev.initd create mode 100644 aports/busybox/persistent-storage create mode 100644 aports/busybox/syslog.confd create mode 100644 aports/busybox/syslog.initd create mode 100644 aports/busybox/udhcpd.initd create mode 100644 aports/ifupdown-ng/APKBUILD create mode 100644 aports/ifupdown-ng/interfaces create mode 100644 aports/ifupdown-ng/no-examples.patch create mode 100644 aports/iptables/APKBUILD create mode 100644 aports/iptables/ip6tables.confd create mode 100644 aports/iptables/iptables.confd create mode 100644 aports/iptables/iptables.initd create mode 100644 aports/iptables/iptables.rules-save create mode 100644 aports/linux-lts/APKBUILD create mode 100644 aports/linux-lts/config-lts.x86_64 create mode 100644 aports/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch create mode 100644 aports/openrc/0002-fsck-don-t-add-C0-to-busybox-fsck.patch create mode 100644 aports/openrc/0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch create mode 100644 aports/openrc/0004-make-consolefont-service-compatible-with-busyboxs-se.patch create mode 100644 aports/openrc/0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch create mode 100644 aports/openrc/0006-Add-support-for-starting-services-in-a-specified-VRF.patch create mode 100644 aports/openrc/0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch create mode 100644 aports/openrc/0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch create mode 100644 aports/openrc/APKBUILD create mode 100644 aports/openrc/firstboot.initd create mode 100644 aports/openrc/hostname.initd create mode 100644 aports/openrc/hwdrivers.initd create mode 100644 aports/openrc/machine-id.initd create mode 100644 aports/openrc/modloop.confd create mode 100755 aports/openrc/modloop.initd create mode 100644 aports/openrc/modules.initd create mode 100644 aports/openrc/networking.initd create mode 100644 aports/openrc/openrc.logrotate create mode 100644 aports/openrc/seedrng.patch create mode 100644 aports/openrc/sysctl.initd create mode 100644 aports/openrc/sysfsconf.initd create mode 100644 aports/openrc/test-networking.sh create mode 100644 aports/socat/APKBUILD create mode 100644 aports/socat/netdb-internal.patch create mode 100644 aports/socat/no-extras.patch create mode 100644 aports/socat/use-linux-headers.patch create mode 100644 aports/wpa_passthru/APKBUILD create mode 100644 aports/wpa_passthru/wpa_passthru create mode 100644 aports/wpa_passthru/wpa_passthru.initd create mode 100644 aports/wpa_supplicant/APKBUILD create mode 100644 aports/wpa_supplicant/CVE-2019-16275.patch create mode 100644 aports/wpa_supplicant/CVE-2021-0326.patch create mode 100644 aports/wpa_supplicant/CVE-2021-27803.patch create mode 100644 aports/wpa_supplicant/config create mode 100644 aports/wpa_supplicant/eloop.patch create mode 100644 aports/wpa_supplicant/no-tools.patch create mode 100644 aports/wpa_supplicant/wpa_supplicant.confd create mode 100644 aports/wpa_supplicant/wpa_supplicant.initd (limited to 'aports') diff --git a/aports/base-layout/APKBUILD b/aports/base-layout/APKBUILD new file mode 100644 index 0000000..616cfc5 --- /dev/null +++ b/aports/base-layout/APKBUILD @@ -0,0 +1,195 @@ +# Maintainer: Gabor Pali + +pkgname=baselayout +pkgver=3.2.0 +pkgrel=18 +pkgdesc="Base dir structure and init scripts (Alpine Linux)" +url="https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout" +arch="all" +license="GPL-2.0-only" +pkggroups="shadow" +options="!fhs !check" +install= +_nbver=6.2 +source="crontab + locale.sh + + group + inittab + passwd + profile + protocols-$_nbver::https://salsa.debian.org/md/netbase/-/raw/v$_nbver/etc/protocols + services-$_nbver::https://salsa.debian.org/md/netbase/-/raw/v$_nbver/etc/services + " +builddir="$srcdir/build" + +prepare() { + default_prepare + mkdir -p "$builddir" + mv "$srcdir"/protocols-$_nbver "$srcdir"/protocols + mv "$srcdir"/services-$_nbver "$srcdir"/services +} + +build() { + # generate shadow + awk -F: '{ + pw = ":!:" + if ($1 == "root") { pw = "::" } + print($1 pw ":0:::::") + }' "$srcdir"/passwd > shadow +} + +package() { + mkdir -p "$pkgdir" + cd "$pkgdir" + install -m 0755 -d \ + dev \ + dev/pts \ + dev/shm \ + etc \ + etc/conf.d \ + etc/crontabs \ + etc/init.d \ + etc/modprobe.d \ + etc/modules-load.d \ + etc/network/if-down.d \ + etc/network/if-post-down.d \ + etc/network/if-pre-up.d \ + etc/network/if-up.d \ + etc/periodic/15min \ + etc/periodic/daily \ + etc/periodic/hourly \ + etc/periodic/monthly \ + etc/periodic/weekly \ + etc/profile.d \ + etc/sysctl.d \ + lib/firmware \ + lib/mdev \ + lib/modules-load.d \ + lib/sysctl.d \ + media/etc \ + media/wpa \ + proc \ + run \ + sbin \ + sys \ + usr/bin \ + usr/lib/modules-load.d \ + usr/local/bin \ + usr/local/lib \ + usr/local/share \ + usr/sbin \ + usr/share \ + usr/share/man \ + usr/share/misc \ + var/cache \ + var/cache/misc \ + var/lib \ + var/lib/misc \ + var/local \ + var/lock/subsys \ + var/log \ + var/opt \ + var/spool \ + var/spool/cron \ + var/mail + + ln -s /run var/run + install -d -m 0555 var/empty + install -d -m 0700 "$pkgdir"/root + install -d -m 1777 "$pkgdir"/tmp "$pkgdir"/var/tmp + + install -m600 "$srcdir"/crontab "$pkgdir"/etc/crontabs/root + install -m644 \ + "$srcdir"/locale.sh \ + "$pkgdir"/etc/profile.d/ + + echo "wifibox" > "$pkgdir"/etc/hostname + cat > "$pkgdir"/etc/hosts <<-EOF + 127.0.0.1 localhost localhost.localdomain + ::1 localhost localhost.localdomain + EOF + cat > "$pkgdir"/etc/modules <<-EOF + af_packet + ipv6 + EOF + cat > "$pkgdir"/etc/shells <<-EOF + /bin/sh + /bin/ash + EOF + cat > "$pkgdir"/etc/sysctl.conf <<-EOF + net.ipv4.ip_forward=1 + EOF + cat > "$pkgdir"/lib/sysctl.d/00-alpine.conf <<-EOF + # Prevents SYN DOS attacks. Applies to ipv6 as well, despite name. + net.ipv4.tcp_syncookies = 1 + + # Prevents ip spoofing. + net.ipv4.conf.default.rp_filter = 1 + net.ipv4.conf.all.rp_filter = 1 + + # Only groups within this id range can use ping. + net.ipv4.ping_group_range=999 59999 + + # Redirects can potentially be used to maliciously alter hosts + # routing tables. + net.ipv4.conf.all.accept_redirects = 0 + net.ipv4.conf.all.secure_redirects = 1 + net.ipv6.conf.all.accept_redirects = 0 + + # The source routing feature includes some known vulnerabilities. + net.ipv4.conf.all.accept_source_route = 0 + net.ipv6.conf.all.accept_source_route = 0 + + # See RFC 1337 + net.ipv4.tcp_rfc1337 = 1 + + ## Enable IPv6 Privacy Extensions (see RFC4941 and RFC3041) + net.ipv6.conf.default.use_tempaddr = 2 + net.ipv6.conf.all.use_tempaddr = 2 + + # Restarts computer after 120 seconds after kernel panic + kernel.panic = 120 + + # Users should not be able to create soft or hard links to files + # which they do not own. This mitigates several privilege + # escalation vulnerabilities. + fs.protected_hardlinks = 1 + fs.protected_symlinks = 1 + EOF + cat > "$pkgdir"/etc/fstab <<-EOF + tmpfs /tmp tmpfs size=128K 0 0 + config /media/etc 9p trans=virtio,ro,noatime,nodiratime,norelatime 0 0 + wpa_config /media/wpa 9p trans=virtio,rw 0 0 + var /var 9p trans=virtio,rw 0 0 + EOF + + install -m644 \ + "$srcdir"/group \ + "$srcdir"/passwd \ + "$srcdir"/inittab \ + "$srcdir"/profile \ + "$srcdir"/protocols \ + "$srcdir"/services \ + "$pkgdir"/etc/ + + install -m640 -g shadow "$builddir"/shadow \ + "$pkgdir"/etc/ + + # symlinks + ln -s /dev/null "$pkgdir"/root/.ash_history + ln -s /etc/crontabs "$pkgdir"/var/spool/cron/crontabs + ln -s /proc/mounts "$pkgdir"/etc/mtab + ln -s /var/mail "$pkgdir"/var/spool/mail +} + +sha512sums=" +6e169c0975a1ad1ad871a863e8ee83f053de9ad0b58d94952efa4c28a8c221445d9e9732ad8b52832a50919c2f39aa965a929b3d5b3f9e62f169e2b2e0813d82 crontab +b2fc9b72846a43a45ba9a8749e581cef34d1915836833b51b7919dfbf4e275b7d55fec4dea7b23df3796380910971a41331e53e8cf0d304834e3da02cc135e5a locale.sh +806b8f23f823a9471846d12fa6b55690b95eedb4c613b82aefaba7ffef23f83e17552befd891a487864f72ef24e395d8611738933f684a85eb4c336cb20994f8 group +7cc3c23062c730ec7a1d7850423d9901047005520da5b347b7b24e5f33a9c9a9129b430557f7f41e565f143624b7f3c47e3f6e4a6a446e75f0ea245c03d70880 inittab +06d12a7b9ca14fe17e412d0f24814620b67d035ae859be7906cbf4782dd69e359a6a555dafb98060b7fb7e4714aaa676c88d9017cded36e6d8398e23369bb290 passwd +b14920eae431d1f15b066e264a94f804540c5dcbf91caef034019d95456c975c0c054672e53369082682dd9454a034f26bd45b312adfc0ab68a0311d97b037ac profile +eadc83e47fcc354ab83fd109bee452bda170886fb684e67faf615930c11480919505f4af60c685b124efc54af0ded9522663132f911eac6622144f8b4c8be695 protocols-6.2 +adfae0d2f569c2a2f413b7e27683a007fc8ca689b8c3349672fe0dcb6208c192ede4402eff09c604b7e7b4fd9d8df93b875efa5bdaa6c14ff1d8022a7caad5cd services-6.2 +" diff --git a/aports/base-layout/aliases.conf b/aports/base-layout/aliases.conf new file mode 100644 index 0000000..b179017 --- /dev/null +++ b/aports/base-layout/aliases.conf @@ -0,0 +1,57 @@ +# Aliases to tell insmod/modprobe which modules to use + +# Uncomment the network protocols you don't want loaded: +# alias net-pf-1 off # Unix +# alias net-pf-2 off # IPv4 +# alias net-pf-3 off # Amateur Radio AX.25 +# alias net-pf-4 off # IPX +# alias net-pf-5 off # DDP / appletalk +# alias net-pf-6 off # Amateur Radio NET/ROM +# alias net-pf-9 off # X.25 +# alias net-pf-10 off # IPv6 +# alias net-pf-11 off # ROSE / Amateur Radio X.25 PLP +# alias net-pf-19 off # Acorn Econet + +alias char-major-10-175 agpgart +alias char-major-10-200 tun +alias char-major-81 bttv +alias char-major-108 ppp_generic +alias /dev/ppp ppp_generic +alias tty-ldisc-3 ppp_async +alias tty-ldisc-14 ppp_synctty +alias ppp-compress-21 bsd_comp +alias ppp-compress-24 ppp_deflate +alias ppp-compress-26 ppp_deflate + +# Crypto modules (see http://www.kerneli.org/) +alias loop-xfer-gen-0 loop_gen +alias loop-xfer-3 loop_fish2 +alias loop-xfer-gen-10 loop_gen +alias cipher-2 des +alias cipher-3 fish2 +alias cipher-4 blowfish +alias cipher-6 idea +alias cipher-7 serp6f +alias cipher-8 mars6 +alias cipher-11 rc62 +alias cipher-15 dfc2 +alias cipher-16 rijndael +alias cipher-17 rc5 + +# Support for i2c and lm_sensors +alias char-major-89 i2c-dev + +# xfrm +alias xfrm-type-2-4 xfrm4_tunnel +alias xfrm-type-2-50 esp4 +alias xfrm-type-2-51 ah4 +alias xfrm-type-2-108 ipcomp +alias xfrm-type-10-41 xfrm6_tunnel +alias xfrm-type-10-50 esp6 +alias xfrm-type-10-51 ah6 +alias xfrm-type-10-108 ipcomp6 + +alias sha1 sha1-generic +# change to aes-i586 to boost performance +alias aes aes-generic + diff --git a/aports/base-layout/crontab b/aports/base-layout/crontab new file mode 100644 index 0000000..fd8acd8 --- /dev/null +++ b/aports/base-layout/crontab @@ -0,0 +1,8 @@ +# do daily/weekly/monthly maintenance +# min hour day month weekday command +*/15 * * * * run-parts /etc/periodic/15min +0 * * * * run-parts /etc/periodic/hourly +0 2 * * * run-parts /etc/periodic/daily +0 3 * * 6 run-parts /etc/periodic/weekly +0 5 1 * * run-parts /etc/periodic/monthly + diff --git a/aports/base-layout/group b/aports/base-layout/group new file mode 100644 index 0000000..23b124b --- /dev/null +++ b/aports/base-layout/group @@ -0,0 +1,48 @@ +root:x:0:root +bin:x:1:root,bin,daemon +daemon:x:2:root,bin,daemon +sys:x:3:root,bin,adm +adm:x:4:root,adm,daemon +tty:x:5: +disk:x:6:root,adm +lp:x:7:lp +mem:x:8: +kmem:x:9: +wheel:x:10:root +floppy:x:11:root +mail:x:12:mail +news:x:13:news +uucp:x:14:uucp +man:x:15:man +cron:x:16:cron +console:x:17: +audio:x:18: +cdrom:x:19: +dialout:x:20:root +ftp:x:21: +sshd:x:22: +input:x:23: +at:x:25:at +tape:x:26:root +video:x:27:root +netdev:x:28: +readproc:x:30: +squid:x:31:squid +xfs:x:33:xfs +kvm:x:34:kvm +games:x:35: +shadow:x:42: +cdrw:x:80: +www-data:x:82: +usb:x:85: +vpopmail:x:89: +users:x:100:games +ntp:x:123: +nofiles:x:200: +smmsp:x:209:smmsp +locate:x:245: +abuild:x:300: +utmp:x:406: +ping:x:999: +nogroup:x:65533: +nobody:x:65534: diff --git a/aports/base-layout/inittab b/aports/base-layout/inittab new file mode 100644 index 0000000..d4dbd79 --- /dev/null +++ b/aports/base-layout/inittab @@ -0,0 +1,6 @@ +::sysinit:/sbin/openrc sysinit +::sysinit:/sbin/openrc boot +::wait:/sbin/openrc default +::restart:/sbin/init +ttyS0::respawn:/sbin/getty -L ttyS0 115200 vt100 +::shutdown:/sbin/openrc shutdown diff --git a/aports/base-layout/locale.sh b/aports/base-layout/locale.sh new file mode 100644 index 0000000..bf75c08 --- /dev/null +++ b/aports/base-layout/locale.sh @@ -0,0 +1,3 @@ +export CHARSET=UTF-8 +export LANG=C.UTF-8 +export LC_COLLATE=C diff --git a/aports/base-layout/passwd b/aports/base-layout/passwd new file mode 100644 index 0000000..cc124a9 --- /dev/null +++ b/aports/base-layout/passwd @@ -0,0 +1,27 @@ +root:x:0:0:root:/root:/bin/ash +bin:x:1:1:bin:/bin:/sbin/nologin +daemon:x:2:2:daemon:/sbin:/sbin/nologin +adm:x:3:4:adm:/var/adm:/sbin/nologin +lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin +sync:x:5:0:sync:/sbin:/bin/sync +shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown +halt:x:7:0:halt:/sbin:/sbin/halt +mail:x:8:12:mail:/var/mail:/sbin/nologin +news:x:9:13:news:/usr/lib/news:/sbin/nologin +uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin +operator:x:11:0:operator:/root:/sbin/nologin +man:x:13:15:man:/usr/man:/sbin/nologin +postmaster:x:14:12:postmaster:/var/mail:/sbin/nologin +cron:x:16:16:cron:/var/spool/cron:/sbin/nologin +ftp:x:21:21::/var/lib/ftp:/sbin/nologin +sshd:x:22:22:sshd:/dev/null:/sbin/nologin +at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin +squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin +xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin +games:x:35:35:games:/usr/games:/sbin/nologin +cyrus:x:85:12::/usr/cyrus:/sbin/nologin +vpopmail:x:89:89::/var/vpopmail:/sbin/nologin +ntp:x:123:123:NTP:/var/empty:/sbin/nologin +smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin +guest:x:405:100:guest:/dev/null:/sbin/nologin +nobody:x:65534:65534:nobody:/:/sbin/nologin diff --git a/aports/base-layout/profile b/aports/base-layout/profile new file mode 100644 index 0000000..fd7506b --- /dev/null +++ b/aports/base-layout/profile @@ -0,0 +1,45 @@ +# Append "$1" to $PATH when not already in. +# Copied from Arch Linux, see #12803 for details. +append_path () { + case ":$PATH:" in + *:"$1":*) + ;; + *) + PATH="${PATH:+$PATH:}$1" + ;; + esac +} + +append_path "/usr/local/sbin" +append_path "/usr/local/bin" +append_path "/usr/sbin" +append_path "/usr/bin" +append_path "/sbin" +append_path "/bin" +unset -f append_path + +export PATH +export PAGER=less +umask 022 + +# set up fallback default PS1 +: "${HOSTNAME:=$(hostname)}" +PS1='${HOSTNAME%%.*}:$PWD' +[ "$(id -u)" = "0" ] && PS1="${PS1}# " +[ "$(id -u)" = "0" ] || PS1="${PS1}\$ " + +# use nicer PS1 for bash and busybox ash +[ -n "$BASH_VERSION" -o "$BB_ASH_VERSION" ] && PS1='\h:\w\$ ' + +# use nicer PS1 for zsh +[ -n "$ZSH_VERSION" ] && PS1='%m:%~%# ' + +# export PS1 as before +export PS1 + +for script in /etc/profile.d/*.sh ; do + if [ -r "$script" ] ; then + . "$script" + fi +done +unset script diff --git a/aports/busybox/0001-adduser-default-to-sbin-nologin-as-shell-for-system-.patch b/aports/busybox/0001-adduser-default-to-sbin-nologin-as-shell-for-system-.patch new file mode 100644 index 0000000..47f9f9a --- /dev/null +++ b/aports/busybox/0001-adduser-default-to-sbin-nologin-as-shell-for-system-.patch @@ -0,0 +1,23 @@ +From eceebc4fbf064ca04d0f0a639c8a7c600190170f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= +Date: Sun, 13 Jan 2019 19:07:16 +0100 +Subject: [PATCH] adduser: default to /sbin/nologin as shell for system + accounts + +--- + loginutils/adduser.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/loginutils/adduser.c b/loginutils/adduser.c +index b2b5be5b3..9326a9795 100644 +--- a/loginutils/adduser.c ++++ b/loginutils/adduser.c +@@ -235,7 +235,7 @@ int adduser_main(int argc UNUSED_PARAM, char **argv) + usegroup = "nogroup"; + } + if (!(opts & OPT_SHELL)) { +- pw.pw_shell = (char *) "/bin/false"; ++ pw.pw_shell = (char *) "/sbin/nologin"; + } + } + pw.pw_gid = usegroup ? xgroup2gid(usegroup) : -1; /* exits on failure */ diff --git a/aports/busybox/0001-ash-add-built-in-BB_ASH_VERSION-variable.patch b/aports/busybox/0001-ash-add-built-in-BB_ASH_VERSION-variable.patch new file mode 100644 index 0000000..f7f901f --- /dev/null +++ b/aports/busybox/0001-ash-add-built-in-BB_ASH_VERSION-variable.patch @@ -0,0 +1,83 @@ +From cf95fcc20717e4c0906109b13565fdd06d874ee0 Mon Sep 17 00:00:00 2001 +From: Ariadne Conill +Date: Wed, 10 Mar 2021 23:38:57 -0700 +Subject: [PATCH] ash: add built-in $BB_ASH_VERSION variable + +This is helpful for detecting if the shell is busybox ash or not, +which is necessary for enabling ash-specific features in /etc/profile +and Alpine's default $ENV. + +https://gitlab.alpinelinux.org/alpine/aports/-/issues/12398 outlines +the rationale for detecting what shell is running in /etc/profile and +similar. + +function old new delta +.rodata 77899 77925 +26 +varinit_data 360 384 +24 +------------------------------------------------------------------------------ +(add/remove: 0/0 grow/shrink: 2/0 up/down: 50/0) Total: 50 bytes + +Signed-off-by: Ariadne Conill +--- + shell/ash.c | 26 +++++++++++++++++++------- + 1 file changed, 19 insertions(+), 7 deletions(-) + +diff --git a/shell/ash.c b/shell/ash.c +index 6a16833b1..b8525dd57 100644 +--- a/shell/ash.c ++++ b/shell/ash.c +@@ -153,6 +153,14 @@ + //config: you to run the specified command or builtin, + //config: even when there is a function with the same name. + //config: ++//config:config ASH_VERSION_VAR ++//config: bool "declare $BB_ASH_VERSION variable" ++//config: default y ++//config: depends on SHELL_ASH ++//config: help ++//config: Enable support for declaring the $BB_ASH_VERSION variable, ++//config: which is set as the busybox version. ++//config: + //config:endif # ash options + + //applet:IF_ASH(APPLET(ash, BB_DIR_BIN, BB_SUID_DROP)) +@@ -2109,6 +2117,9 @@ static const struct { + { VSTRFIXED|VTEXTFIXED , "PS1=$ " , NULL }, + { VSTRFIXED|VTEXTFIXED , "PS2=> " , NULL }, + { VSTRFIXED|VTEXTFIXED , "PS4=+ " , NULL }, ++#if ENABLE_ASH_VERSION_VAR ++ { VSTRFIXED|VTEXTFIXED , "BB_ASH_VERSION=" BB_VER, NULL }, ++#endif + #if ENABLE_ASH_GETOPTS + { VSTRFIXED|VTEXTFIXED , defoptindvar, getoptsreset }, + #endif +@@ -2159,18 +2170,19 @@ extern struct globals_var *BB_GLOBAL_CONST ash_ptr_to_globals_var; + #define vps1 varinit[VAR_OFFSET1 + 2] + #define vps2 varinit[VAR_OFFSET1 + 3] + #define vps4 varinit[VAR_OFFSET1 + 4] ++#define VAR_OFFSET2 (VAR_OFFSET1 + ENABLE_ASH_VERSION_VAR) + #if ENABLE_ASH_GETOPTS +-# define voptind varinit[VAR_OFFSET1 + 5] ++# define voptind varinit[VAR_OFFSET2 + 5] + #endif +-#define VAR_OFFSET2 (VAR_OFFSET1 + ENABLE_ASH_GETOPTS) +-#define vlineno varinit[VAR_OFFSET2 + 5] ++#define VAR_OFFSET3 (VAR_OFFSET2 + ENABLE_ASH_GETOPTS) ++#define vlineno varinit[VAR_OFFSET3 + 5] + #if ENABLE_ASH_RANDOM_SUPPORT +-# define vrandom varinit[VAR_OFFSET2 + 6] ++# define vrandom varinit[VAR_OFFSET3 + 6] + #endif +-#define VAR_OFFSET3 (VAR_OFFSET2 + ENABLE_ASH_RANDOM_SUPPORT) ++#define VAR_OFFSET4 (VAR_OFFSET2 + ENABLE_ASH_RANDOM_SUPPORT) + #if BASH_EPOCH_VARS +-# define vepochs varinit[VAR_OFFSET3 + 6] +-# define vepochr varinit[VAR_OFFSET3 + 7] ++# define vepochs varinit[VAR_OFFSET4 + 6] ++# define vepochr varinit[VAR_OFFSET4 + 7] + #endif + #define INIT_G_var() do { \ + unsigned i; \ +-- +2.30.2 + diff --git a/aports/busybox/0001-cpio-add-support-for-ignore-devno-like-GNU-cpio.patch b/aports/busybox/0001-cpio-add-support-for-ignore-devno-like-GNU-cpio.patch new file mode 100644 index 0000000..a9b0b8f --- /dev/null +++ b/aports/busybox/0001-cpio-add-support-for-ignore-devno-like-GNU-cpio.patch @@ -0,0 +1,88 @@ +From 808d176a4da607ed3187d58605d089b373694ba2 Mon Sep 17 00:00:00 2001 +From: Ariadne Conill +Date: Mon, 28 Jun 2021 07:09:25 -0600 +Subject: [PATCH 1/2] cpio: add support for --ignore-devno like GNU cpio + +The --ignore-devno option is used to set device numbers to (0, 0). +This can be useful in verifying whether a CPIO archive is reproducible. + +function old new delta +cpio_o 922 961 +39 +.rodata 78407 78422 +15 +bbconfig_config_bz2 6161 6167 +6 +packed_usage 25770 25764 -6 +------------------------------------------------------------------------------ +(add/remove: 0/0 grow/shrink: 3/1 up/down: 60/-6) Total: 54 bytes + +Signed-off-by: Ariadne Conill +--- + archival/cpio.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/archival/cpio.c b/archival/cpio.c +index d84f6937d..4d386d38d 100644 +--- a/archival/cpio.c ++++ b/archival/cpio.c +@@ -38,6 +38,13 @@ + //config: depends on FEATURE_CPIO_O + //config: help + //config: Passthrough mode. Rarely used. ++//config: ++//config:config FEATURE_CPIO_IGNORE_DEVNO ++//config: bool "Support --ignore-devno like GNU cpio" ++//config: default y ++//config: depends on FEATURE_CPIO_O && LONG_OPTS ++//config: help ++//config: Optionally ignore device numbers when creating archives. + + //applet:IF_CPIO(APPLET(cpio, BB_DIR_BIN, BB_SUID_DROP)) + +@@ -75,6 +82,9 @@ + //usage: "\n -R USER[:GRP] Set owner of created files" + //usage: "\n -L Dereference symlinks" + //usage: "\n -0 Input is separated by NULs" ++//usage: IF_FEATURE_CPIO_IGNORE_DEVNO( ++//usage: "\n --ignore-devno" ++//usage: ) + + /* GNU cpio 2.9 --help (abridged): + +@@ -162,11 +172,13 @@ enum { + IF_FEATURE_CPIO_P(OPTBIT_PASSTHROUGH,) + IF_LONG_OPTS( OPTBIT_QUIET ,) + IF_LONG_OPTS( OPTBIT_2STDOUT ,) ++ IF_FEATURE_CPIO_IGNORE_DEVNO(OPTBIT_IGNORE_DEVNO,) + OPT_CREATE = IF_FEATURE_CPIO_O((1 << OPTBIT_CREATE )) + 0, + OPT_FORMAT = IF_FEATURE_CPIO_O((1 << OPTBIT_FORMAT )) + 0, + OPT_PASSTHROUGH = IF_FEATURE_CPIO_P((1 << OPTBIT_PASSTHROUGH)) + 0, + OPT_QUIET = IF_LONG_OPTS( (1 << OPTBIT_QUIET )) + 0, + OPT_2STDOUT = IF_LONG_OPTS( (1 << OPTBIT_2STDOUT )) + 0, ++ OPT_IGNORE_DEVNO = IF_FEATURE_CPIO_IGNORE_DEVNO((1 << OPTBIT_IGNORE_DEVNO)) + 0, + }; + + #define OPTION_STR "it0uvdmLF:R:" +@@ -304,6 +316,11 @@ static NOINLINE int cpio_o(void) + } + } + ++#if ENABLE_FEATURE_CPIO_IGNORE_DEVNO ++ if (option_mask32 & OPT_IGNORE_DEVNO) ++ st.st_dev = st.st_rdev = 0; ++#endif ++ + bytes += printf("070701" + "%08X%08X%08X%08X%08X%08X%08X" + "%08X%08X%08X%08X" /* GNU cpio uses uppercase hex */ +@@ -379,6 +396,9 @@ int cpio_main(int argc UNUSED_PARAM, char **argv) + "null\0" No_argument "0" + "quiet\0" No_argument "\xff" + "to-stdout\0" No_argument "\xfe" ++#if ENABLE_FEATURE_CPIO_IGNORE_DEVNO ++ "ignore-devno\0" No_argument "\xfd" ++#endif + ; + #endif + +-- +2.32.0 + diff --git a/aports/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch b/aports/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch new file mode 100644 index 0000000..1d1716e --- /dev/null +++ b/aports/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch @@ -0,0 +1,40 @@ +From 0c8da1bead8ffaf270b4b723ead2c517371405d7 Mon Sep 17 00:00:00 2001 +From: Ariadne Conill +Date: Sun, 3 Apr 2022 12:14:33 +0000 +Subject: [PATCH 1/2] libbb: sockaddr2str: ensure only printable characters are + returned for the hostname part + +CVE: Pending +Upstream-Status: Pending +Signed-off-by: Ariadne Conill +--- + libbb/xconnect.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libbb/xconnect.c b/libbb/xconnect.c +index 0e0b247b8..02c061e67 100644 +--- a/libbb/xconnect.c ++++ b/libbb/xconnect.c +@@ -497,8 +497,9 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags) + ); + if (rc) + return NULL; ++ /* ensure host contains only printable characters */ + if (flags & IGNORE_PORT) +- return xstrdup(host); ++ return xstrdup(printable_string(host)); + #if ENABLE_FEATURE_IPV6 + if (sa->sa_family == AF_INET6) { + if (strchr(host, ':')) /* heh, it's not a resolved hostname */ +@@ -509,7 +510,7 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags) + #endif + /* For now we don't support anything else, so it has to be INET */ + /*if (sa->sa_family == AF_INET)*/ +- return xasprintf("%s:%s", host, serv); ++ return xasprintf("%s:%s", printable_string(host), serv); + /*return xstrdup(host);*/ + } + +-- +2.35.1 + diff --git a/aports/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch b/aports/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch new file mode 100644 index 0000000..813010e --- /dev/null +++ b/aports/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch @@ -0,0 +1,152 @@ +Patch-Source: http://lists.busybox.net/pipermail/busybox/2021-January/088398.html +Patch-Source: http://lists.busybox.net/pipermail/busybox/2021-January/088399.html +See-Also: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13427 + +The purpose of this patch is to remove confusing error messages +"Module has invalid ELF structures" produced by kernel when loading gzip +compressed kernel modules using busybox modprobe. +-- +From: Qu Wenruo +Date: Sun, 03 Jan 2021 04:10:52 +0000 +Subject: [PATCH v2] modutils: check ELF header before calling finit_module() + +finit_module() and init_module() system calls have clear specification +to only accept valid ELF image. + +Although we try finit_module() on compressed modules to let the kernel +determine if it's an ELF image, but it's not ideal, especially when +newer kernel will complain when some invalid files/memory is passed in. + +Treat the kernel better by just doing a very basic ELF header check +before calling finit_module(). + +Signed-off-by: Qu Wenruo + +diff --git a/modutils/modutils.c b/modutils/modutils.c +index f7ad5e8058fe..037d609e42df 100644 +--- a/modutils/modutils.c ++++ b/modutils/modutils.c +@@ -7,6 +7,7 @@ + */ + #include "modutils.h" + ++#include + #include + + #define init_module(mod, len, opts) syscall(__NR_init_module, mod, len, opts) +@@ -186,6 +187,33 @@ void* FAST_FUNC try_to_mmap_module(const char *filename, size_t *image_size_p) + } + #endif + ++#ifdef __NR_finit_module ++/* ++ * Return: ++ * 0 on success, ++ * <0 for error. ++ * ++ * finit_module()/init_module() only accepts ELF format. ++ * Do basic ELF check to avoid calling finit_module() with compressed module. ++ */ ++static int check_elf_header(int fd) ++{ ++ unsigned char buf[EI_NIDENT]; ++ int ret; ++ ++ ret = pread(fd, buf, sizeof(buf), 0); ++ if (ret < sizeof(buf)) ++ return -EIO; ++ if (buf[EI_MAG0] != ELFMAG0 || ++ buf[EI_MAG1] != ELFMAG1 || ++ buf[EI_MAG2] != ELFMAG2 || ++ buf[EI_MAG3] != ELFMAG3) ++ return -EINVAL; ++ /* Other more comprehensive check will be done inside kernel */ ++ return 0; ++} ++#endif ++ + /* Return: + * 0 on success, + * -errno on open/read error, +@@ -212,12 +240,19 @@ int FAST_FUNC bb_init_module(const char *filename, const char *options) + * to only allow loading of modules off of secure storage (like a read- + * only rootfs) which needs the finit_module call. If it fails, we fall + * back to normal module loading to support compressed modules. ++ * ++ * Note that finit_module()/init_module() only accept ELF image, do ++ * basic check before calling finit_module() to avoid kernel ++ * complaining. + */ + # ifdef __NR_finit_module + { + int fd = open(filename, O_RDONLY | O_CLOEXEC); + if (fd >= 0) { +- rc = finit_module(fd, options, 0) != 0; ++ if (!check_elf_header(fd)) ++ rc = finit_module(fd, options, 0) != 0; ++ else ++ rc = 1; + close(fd); + if (rc == 0) + return rc; + +diff --git a/modutils/modprobe-small.c b/modutils/modprobe-small.c +index db44a2ed0ab5..d2cd6a64c1d0 100644 +--- a/modutils/modprobe-small.c ++++ b/modutils/modprobe-small.c +@@ -24,6 +24,7 @@ + //kbuild:lib-$(CONFIG_MODPROBE_SMALL) += modprobe-small.o + + #include "libbb.h" ++#include /* for ELF header magic */ + /* After libbb.h, since it needs sys/types.h on some systems */ + #include /* uname() */ + #include +@@ -249,6 +250,33 @@ static const char *moderror(int err) + } + } + ++#ifdef __NR_finit_module ++/* ++ * Return: ++ * 0 on success, ++ * <0 for error. ++ * ++ * finit_module()/init_module() only accepts ELF format. ++ * Do basic ELF check to avoid calling finit_module() with compressed module. ++ */ ++static int check_elf_header(int fd) ++{ ++ unsigned char buf[EI_NIDENT]; ++ int ret; ++ ++ ret = pread(fd, buf, sizeof(buf), 0); ++ if (ret < sizeof(buf)) ++ return -EIO; ++ if (buf[EI_MAG0] != ELFMAG0 || ++ buf[EI_MAG1] != ELFMAG1 || ++ buf[EI_MAG2] != ELFMAG2 || ++ buf[EI_MAG3] != ELFMAG3) ++ return -EINVAL; ++ /* Other more comprehensive check will be done inside kernel */ ++ return 0; ++} ++#endif ++ + static int load_module(const char *fname, const char *options) + { + #if 1 +@@ -272,7 +300,10 @@ static int load_module(const char *fname, const char *options) + { + int fd = open(fname, O_RDONLY | O_CLOEXEC); + if (fd >= 0) { +- r = finit_module(fd, options, 0) != 0; ++ if (!check_elf_header(fd)) ++ r = finit_module(fd, options, 0) != 0; ++ else ++ r = 1; + close(fd); + } + } +-- +2.29.2 diff --git a/aports/busybox/0001-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch b/aports/busybox/0001-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch new file mode 100644 index 0000000..0cc4db9 --- /dev/null +++ b/aports/busybox/0001-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch @@ -0,0 +1,27 @@ +From fa5c4b2e60a98944863097b448960d0744916b1f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= +Date: Wed, 13 Feb 2019 22:32:44 +0100 +Subject: [PATCH] nologin: Install applet to /sbin instead of /usr/sbin + +This is required to retain compatibility with our old custom nologin +applet written in C which was also installed to /sbin. + +Compatibility with the old path is required because login shell paths +are hardcoded in /etc/passwd. +--- + util-linux/nologin.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util-linux/nologin.c b/util-linux/nologin.c +index 5e5e42305..b03470ac6 100644 +--- a/util-linux/nologin.c ++++ b/util-linux/nologin.c +@@ -19,7 +19,7 @@ + //config: If you know these will be available externally you can + //config: disable this option. + +-//applet:IF_NOLOGIN(APPLET_SCRIPTED(nologin, scripted, BB_DIR_USR_SBIN, BB_SUID_DROP, nologin)) ++//applet:IF_NOLOGIN(APPLET_SCRIPTED(nologin, scripted, BB_DIR_SBIN, BB_SUID_DROP, nologin)) + + //usage:#define nologin_trivial_usage + //usage: "" diff --git a/aports/busybox/0001-pgrep-add-support-for-matching-against-UID-and-RUID.patch b/aports/busybox/0001-pgrep-add-support-for-matching-against-UID-and-RUID.patch new file mode 100644 index 0000000..7abfb09 --- /dev/null +++ b/aports/busybox/0001-pgrep-add-support-for-matching-against-UID-and-RUID.patch @@ -0,0 +1,138 @@ +From 648255c510f9a3f668651842b58798f07ad4c64a Mon Sep 17 00:00:00 2001 +From: Ariadne Conill +Date: Mon, 22 Nov 2021 18:33:02 -0600 +Subject: [PATCH] pgrep: add support for matching against UID and RUID + +This is standard functionality on every other pgrep implementation I +found, namely the ones in Illumos, FreeBSD, Linux procps, and macOS. + +Additionally, real world scripts like pipewire-session are dependent +on it being present. + +function old new delta +pgrep_main 818 1007 +189 +packed_usage 26001 26032 +31 +.rodata 78544 78548 +4 +------------------------------------------------------------------------------ +(add/remove: 0/0 grow/shrink: 3/0 up/down: 224/0) Total: 224 bytes + +Signed-off-by: Ariadne Conill +--- + procps/pgrep.c | 37 +++++++++++++++++++++++++++++++++---- + 1 file changed, 33 insertions(+), 4 deletions(-) + +diff --git a/procps/pgrep.c b/procps/pgrep.c +index 6d25c247e..6a12ac23b 100644 +--- a/procps/pgrep.c ++++ b/procps/pgrep.c +@@ -42,6 +42,8 @@ + //usage: "\n -x Match whole name (not substring)" + //usage: "\n -s Match session ID (0 for current)" + //usage: "\n -P Match parent process ID" ++//usage: "\n -u EUID Match against effective UID" ++//usage: "\n -U UID Match against UID" + //usage: + //usage:#define pkill_trivial_usage + //usage: "[-l|-SIGNAL] [-xfvno] [-s SID|-P PPID|PATTERN]" +@@ -55,6 +57,8 @@ + //usage: "\n -v Negate the match" + //usage: "\n -n Signal the newest process only" + //usage: "\n -o Signal the oldest process only" ++//usage: "\n -u EUID Match against effective UID" ++//usage: "\n -U UID Match against UID" + + #include "libbb.h" + #include "xregex.h" +@@ -64,7 +68,7 @@ + #define pkill (ENABLE_PKILL && (!ENABLE_PGREP || applet_name[1] == 'k')) + + enum { +- /* "vlafxons:+P:+" */ ++ /* "vlafxonu:U:s:+P:+" */ + OPTBIT_V = 0, /* must be first, we need OPT_INVERT = 0/1 */ + OPTBIT_L, + OPTBIT_A, +@@ -72,6 +76,8 @@ enum { + OPTBIT_X, + OPTBIT_O, + OPTBIT_N, ++ OPTBIT_U, ++ OPTBIT_UL, + OPTBIT_S, + OPTBIT_P, + }; +@@ -85,6 +91,8 @@ enum { + #define OPT_LAST (opt & (1 << OPTBIT_N)) + #define OPT_SID (opt & (1 << OPTBIT_S)) + #define OPT_PPID (opt & (1 << OPTBIT_P)) ++#define OPT_EUID (opt & (1 << OPTBIT_UL)) ++#define OPT_RUID (opt & (1 << OPTBIT_U)) + + static void act(unsigned pid, char *cmd, int signo) + { +@@ -105,7 +113,8 @@ int pgrep_main(int argc UNUSED_PARAM, char **argv) + unsigned opt; + int scan_mask; + int matched_pid; +- int sid2match, ppid2match; ++ int sid2match, ppid2match, uid2match, euid2match; ++ char *uid_arg = NULL, *euid_arg = NULL; + char *cmd_last; + procps_status_t *proc; + /* These are initialized to 0 */ +@@ -131,7 +140,9 @@ int pgrep_main(int argc UNUSED_PARAM, char **argv) + /* Parse remaining options */ + ppid2match = -1; + sid2match = -1; +- opt = getopt32(argv, "vlafxons:+P:+", &sid2match, &ppid2match); ++ uid2match = -1; ++ euid2match = -1; ++ opt = getopt32(argv, "vlafxonu:U:s:+P:+", &euid_arg, &uid_arg, &sid2match, &ppid2match); + argv += optind; + + if (pkill && OPT_LIST) { /* -l: print the whole signal list */ +@@ -147,8 +158,18 @@ int pgrep_main(int argc UNUSED_PARAM, char **argv) + if (OPT_FULL) + scan_mask |= PSSCAN_ARGVN; + ++ if (euid_arg) { ++ scan_mask |= PSSCAN_UIDGID; ++ euid2match = get_ug_id(euid_arg, xuname2uid); ++ } ++ ++ if (uid_arg) { ++ scan_mask |= PSSCAN_RUIDGID; ++ uid2match = get_ug_id(uid_arg, xuname2uid); ++ } ++ + /* One pattern is required, if no -s and no -P */ +- if ((sid2match & ppid2match) < 0 && (!argv[0] || argv[1])) ++ if ((sid2match & ppid2match) < 0 && uid2match < 0 && euid2match < 0 && (!argv[0] || argv[1])) + bb_show_usage(); + + if (argv[0]) +@@ -170,6 +191,10 @@ int pgrep_main(int argc UNUSED_PARAM, char **argv) + continue; + if (sid2match >= 0 && sid2match != proc->sid) + continue; ++ if (euid2match >= 0 && euid2match != proc->uid) ++ continue; ++ if (uid2match >= 0 && uid2match != proc->ruid) ++ continue; + } + + cmdlen = -1; +@@ -202,6 +227,10 @@ int pgrep_main(int argc UNUSED_PARAM, char **argv) + goto got_it; + if (sid2match >= 0 && sid2match != proc->sid) + goto got_it; ++ if (euid2match >= 0 && euid2match != proc->uid) ++ goto got_it; ++ if (uid2match >= 0 && uid2match != proc->ruid) ++ goto got_it; + } + + match = !argv[0]; /* if no PATTERN, then it's a match, else... */ +-- +2.34.0 + diff --git a/aports/busybox/0001-properly-fix-wget-https-support.patch b/aports/busybox/0001-properly-fix-wget-https-support.patch new file mode 100644 index 0000000..7e59be7 --- /dev/null +++ b/aports/busybox/0001-properly-fix-wget-https-support.patch @@ -0,0 +1,69 @@ +From ad8843a3df89aabfa6ebae841de32f22a48c2166 Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Wed, 30 May 2018 09:52:20 +0000 +Subject: [PATCH] properly fix wget https support + +See: https://git.alpinelinux.org/cgit/aports/commit/?id=1d0560a9b6b5597b191e5aff69a31c2fe0aba273 +--- + networking/wget.c | 21 ++++++++++++--------- + 1 file changed, 12 insertions(+), 9 deletions(-) + +diff --git a/networking/wget.c b/networking/wget.c +index 6a9604421..96dd4c403 100644 +--- a/networking/wget.c ++++ b/networking/wget.c +@@ -57,7 +57,6 @@ + //config: bool "Support HTTPS using internal TLS code" + //config: default y + //config: depends on WGET +-//config: select TLS + //config: help + //config: wget will use internal TLS code to connect to https:// URLs. + //config: It also enables FTPS support, but it's not well tested yet. +@@ -760,10 +759,8 @@ static void spawn_ssl_client(const char *host, int network_fd, int flags) + int pid; + char *servername, *p; + +- if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT)) { +- option_mask32 |= WGET_OPT_NO_CHECK_CERT; +- bb_simple_error_msg("note: TLS certificate validation not implemented"); +- } ++ if (ENABLE_SSL_CLIENT && !(option_mask32 & WGET_OPT_NO_CHECK_CERT)) ++ bb_simple_error_msg_and_die("note: TLS certificate validation not implemented"); + + servername = xstrdup(host); + p = strrchr(servername, ':'); +@@ -780,14 +777,14 @@ static void spawn_ssl_client(const char *host, int network_fd, int flags) + close(sp[0]); + xmove_fd(sp[1], 0); + xdup2(0, 1); +- if (BB_MMU) { ++ if (BB_MMU && ENABLE_TLS && (option_mask32 & WGET_OPT_NO_CHECK_CERT)) { + tls_state_t *tls = new_tls_state(); + tls->ifd = tls->ofd = network_fd; + tls_handshake(tls, servername); + tls_run_copy_loop(tls, flags); + exit(0); + } else { +- char *argv[6]; ++ char *argv[7], **a; + + xmove_fd(network_fd, 3); + argv[0] = (char*)"ssl_client"; +@@ -795,8 +792,14 @@ static void spawn_ssl_client(const char *host, int network_fd, int flags) + //TODO: if (!is_ip_address(servername))... + argv[2] = (char*)"-n"; + argv[3] = servername; +- argv[4] = (flags & TLSLOOP_EXIT_ON_LOCAL_EOF ? (char*)"-e" : NULL); +- argv[5] = NULL; ++ ++ a = &argv[4]; ++ if (flags & TLSLOOP_EXIT_ON_LOCAL_EOF) ++ *a++ = (char*)"-e"; ++ if (!ENABLE_SSL_CLIENT && (option_mask32 & WGET_OPT_NO_CHECK_CERT)) ++ *a++= (char*)"-I"; ++ *a = NULL; ++ + BB_EXECVP(argv[0], argv); + bb_perror_msg_and_die("can't execute '%s'", argv[0]); + } diff --git a/aports/busybox/0001-rev-correct-output-for-long-input-lines.patch b/aports/busybox/0001-rev-correct-output-for-long-input-lines.patch new file mode 100644 index 0000000..ba40a2f --- /dev/null +++ b/aports/busybox/0001-rev-correct-output-for-long-input-lines.patch @@ -0,0 +1,91 @@ +From 4357569fdc7bc482dea0ef0bff57a70e7f06523c Mon Sep 17 00:00:00 2001 +From: Ron Yorston +Date: Sat, 21 Aug 2021 09:36:27 +0100 +Subject: rev: correct output for long input lines + +The input buffer is initialised to a reasonable size and extended +if necessary. When this happened the offset into the buffer wasn't +reset to zero so subsequent lines were appended to the long line. + +Fix this and add some tests. + +function old new delta +rev_main 377 368 -9 +------------------------------------------------------------------------------ +(add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-9) Total: -9 bytes + +Signed-off-by: Ron Yorston +Signed-off-by: Denys Vlasenko +--- + testsuite/rev.tests | 46 ++++++++++++++++++++++++++++++++++++++++++++++ + util-linux/rev.c | 1 + + 2 files changed, 47 insertions(+) + create mode 100755 testsuite/rev.tests + +diff --git a/testsuite/rev.tests b/testsuite/rev.tests +new file mode 100755 +index 000000000..dd65dcd3b +--- /dev/null ++++ b/testsuite/rev.tests +@@ -0,0 +1,46 @@ ++#!/bin/sh ++# Copyright 2021 by Ron Yorston ++# Licensed under GPLv2, see file LICENSE in this source tree. ++ ++. ./testing.sh ++ ++# testing "test name" "commands" "expected result" "file input" "stdin" ++ ++testing "rev works" \ ++ "rev input" \ ++"\ ++1 enil ++ ++3 enil ++" \ ++ "line 1\n\nline 3\n" \ ++ "" ++ ++testing "rev file with missing newline" \ ++ "rev input" \ ++"\ ++1 enil ++ ++3 enil" \ ++ "line 1\n\nline 3" \ ++ "" ++ ++testing "rev file with NUL character" \ ++ "rev input" \ ++"\ ++nil ++3 enil ++" \ ++ "lin\000e 1\n\nline 3\n" \ ++ "" ++ ++testing "rev file with long line" \ ++ "rev input" \ ++"\ +++--------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+--------------- ++cba ++" \ ++ "---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+--------------+\nabc\n" \ ++ "" ++ ++exit $FAILCOUNT +diff --git a/util-linux/rev.c b/util-linux/rev.c +index d439b4da8..63b005c67 100644 +--- a/util-linux/rev.c ++++ b/util-linux/rev.c +@@ -109,6 +109,7 @@ int rev_main(int argc UNUSED_PARAM, char **argv) + strrev(buf, strlen(buf)); + #endif + fputs_stdout(buf); ++ pos = 0; + } + fclose(fp); + } while (*argv); +-- +cgit v1.2.3 + diff --git a/aports/busybox/0002-cpio-add-support-for-renumber-inodes-like-GNU-cpio.patch b/aports/busybox/0002-cpio-add-support-for-renumber-inodes-like-GNU-cpio.patch new file mode 100644 index 0000000..9febb66 --- /dev/null +++ b/aports/busybox/0002-cpio-add-support-for-renumber-inodes-like-GNU-cpio.patch @@ -0,0 +1,129 @@ +From 67240ede641cdda29ef74a373bc9f5aa8a18f4e8 Mon Sep 17 00:00:00 2001 +From: Ariadne Conill +Date: Mon, 28 Jun 2021 08:23:09 -0600 +Subject: [PATCH 2/2] cpio: add support for --renumber-inodes like GNU cpio + +The --renumber-inodes option renumbers the inodes starting from 1, +so that the sequence of inodes is always stable. This helps with +reproducibility. + +function old new delta +cpio_o 961 1045 +84 +.rodata 78422 78440 +18 +bbconfig_config_bz2 6168 6164 -4 +packed_usage 25764 25756 -8 +------------------------------------------------------------------------------ +(add/remove: 0/0 grow/shrink: 2/2 up/down: 102/-12) Total: 90 bytes + +Signed-off-by: Ariadne Conill +--- + archival/cpio.c | 32 ++++++++++++++++++++++++++++++++ + 1 file changed, 32 insertions(+) + +diff --git a/archival/cpio.c b/archival/cpio.c +index 4d386d38d..14f0b5b84 100644 +--- a/archival/cpio.c ++++ b/archival/cpio.c +@@ -45,6 +45,13 @@ + //config: depends on FEATURE_CPIO_O && LONG_OPTS + //config: help + //config: Optionally ignore device numbers when creating archives. ++//config: ++//config:config FEATURE_CPIO_RENUMBER_INODES ++//config: bool "Support --renumber-inodes like GNU cpio" ++//config: default y ++//config: depends on FEATURE_CPIO_O && LONG_OPTS ++//config: help ++//config: Optionally renumber inodes when creating archives. + + //applet:IF_CPIO(APPLET(cpio, BB_DIR_BIN, BB_SUID_DROP)) + +@@ -85,6 +92,9 @@ + //usage: IF_FEATURE_CPIO_IGNORE_DEVNO( + //usage: "\n --ignore-devno" + //usage: ) ++//usage: IF_FEATURE_CPIO_RENUMBER_INODES( ++//usage: "\n --renumber-inodes" ++//usage: ) + + /* GNU cpio 2.9 --help (abridged): + +@@ -173,18 +183,21 @@ enum { + IF_LONG_OPTS( OPTBIT_QUIET ,) + IF_LONG_OPTS( OPTBIT_2STDOUT ,) + IF_FEATURE_CPIO_IGNORE_DEVNO(OPTBIT_IGNORE_DEVNO,) ++ IF_FEATURE_CPIO_RENUMBER_INODES(OPTBIT_RENUMBER_INODES,) + OPT_CREATE = IF_FEATURE_CPIO_O((1 << OPTBIT_CREATE )) + 0, + OPT_FORMAT = IF_FEATURE_CPIO_O((1 << OPTBIT_FORMAT )) + 0, + OPT_PASSTHROUGH = IF_FEATURE_CPIO_P((1 << OPTBIT_PASSTHROUGH)) + 0, + OPT_QUIET = IF_LONG_OPTS( (1 << OPTBIT_QUIET )) + 0, + OPT_2STDOUT = IF_LONG_OPTS( (1 << OPTBIT_2STDOUT )) + 0, + OPT_IGNORE_DEVNO = IF_FEATURE_CPIO_IGNORE_DEVNO((1 << OPTBIT_IGNORE_DEVNO)) + 0, ++ OPT_RENUMBER_INODES = IF_FEATURE_CPIO_RENUMBER_INODES((1 << OPTBIT_RENUMBER_INODES)) + 0, + }; + + #define OPTION_STR "it0uvdmLF:R:" + + struct globals { + struct bb_uidgid_t owner_ugid; ++ ino_t next_inode; + } FIX_ALIASING; + #define G (*(struct globals*)bb_common_bufsiz1) + void BUG_cpio_globals_too_big(void); +@@ -218,6 +231,9 @@ static NOINLINE int cpio_o(void) + struct inodes_s *next; + struct name_s *names; + struct stat st; ++#if ENABLE_FEATURE_CPIO_RENUMBER_INODES ++ ino_t mapped_inode; ++#endif + }; + + struct inodes_s *links = NULL; +@@ -272,6 +288,10 @@ static NOINLINE int cpio_o(void) + l = xzalloc(sizeof(*l)); + l->st = st; + l->next = links; ++#if ENABLE_FEATURE_CPIO_RENUMBER_INODES ++ if (option_mask32 & OPT_RENUMBER_INODES) ++ l->mapped_inode = ++G.next_inode; ++#endif + links = l; + break; + } +@@ -290,6 +310,11 @@ static NOINLINE int cpio_o(void) + free(line); + continue; + } ++#if ENABLE_FEATURE_CPIO_RENUMBER_INODES ++ else if (option_mask32 & OPT_RENUMBER_INODES) { ++ st.st_ino = ++G.next_inode; ++ } ++#endif + } else { /* line == NULL: EOF */ + next_link: + if (links) { +@@ -297,6 +322,10 @@ static NOINLINE int cpio_o(void) + st = links->st; + name = links->names->name; + links->names = links->names->next; ++#if ENABLE_FEATURE_CPIO_RENUMBER_INODES ++ if (links->mapped_inode) ++ st.st_ino = links->mapped_inode; ++#endif + /* GNU cpio is reported to emit file data + * only for the last instance. Mimic that. */ + if (links->names == NULL) +@@ -398,6 +427,9 @@ int cpio_main(int argc UNUSED_PARAM, char **argv) + "to-stdout\0" No_argument "\xfe" + #if ENABLE_FEATURE_CPIO_IGNORE_DEVNO + "ignore-devno\0" No_argument "\xfd" ++#endif ++#if ENABLE_FEATURE_CPIO_RENUMBER_INODES ++ "renumber-inodes\0" No_argument "\xfc" + #endif + ; + #endif +-- +2.32.0 + diff --git a/aports/busybox/0002-fsck-resolve-LABEL-.-UUID-.-spec-to-device.patch b/aports/busybox/0002-fsck-resolve-LABEL-.-UUID-.-spec-to-device.patch new file mode 100644 index 0000000..fd2503e --- /dev/null +++ b/aports/busybox/0002-fsck-resolve-LABEL-.-UUID-.-spec-to-device.patch @@ -0,0 +1,56 @@ +From 2e673aac06d661038001286fd389d1b45c511c66 Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Tue, 28 Nov 2017 13:23:17 +0100 +Subject: [PATCH] fsck: resolve LABEL=.../UUID=... spec to device + +--- + e2fsprogs/fsck.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/e2fsprogs/fsck.c b/e2fsprogs/fsck.c +index f5aa3dbe4..e2edc9747 100644 +--- a/e2fsprogs/fsck.c ++++ b/e2fsprogs/fsck.c +@@ -60,6 +60,7 @@ + //usage: "\n -t TYPE List of filesystem types to check" + + #include "libbb.h" ++#include "volume_id.h" + #include "common_bufsiz.h" + + /* "progress indicator" code is somewhat buggy and ext[23] specific. +@@ -524,12 +525,13 @@ static int wait_many(int flags) + * Execute a particular fsck program, and link it into the list of + * child processes we are waiting for. + */ +-static void execute(const char *type, const char *device, ++static void execute(const char *type, const char *spec, + const char *mntpt /*, int interactive */) + { + int i; + struct fsck_instance *inst; + pid_t pid; ++ char *device = (char *)spec; + + G.args[0] = xasprintf("fsck.%s", type); + +@@ -544,7 +546,8 @@ static void execute(const char *type, const char *device, + } + #endif + +- G.args[G.num_args - 2] = (char*)device; ++ resolve_mount_spec(&device); ++ G.args[G.num_args - 2] = device; + /* G.args[G.num_args - 1] = NULL; - already is */ + + if (G.verbose || G.noexecute) { +@@ -973,9 +976,6 @@ int fsck_main(int argc UNUSED_PARAM, char **argv) + + /* "/dev/blk" or "/path" or "UUID=xxx" or "LABEL=xxx" */ + if ((arg[0] == '/' && !opts_for_fsck) || strchr(arg, '=')) { +-// FIXME: must check that arg is a blkdev, or resolve +-// "/path", "UUID=xxx" or "LABEL=xxx" into block device name +-// ("UUID=xxx"/"LABEL=xxx" can probably shifted to fsck.auto duties) + devices = xrealloc_vector(devices, 2, num_devices); + devices[num_devices++] = arg; + continue; diff --git a/aports/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch b/aports/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch new file mode 100644 index 0000000..01c45c9 --- /dev/null +++ b/aports/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch @@ -0,0 +1,68 @@ +From 812b407e545b70b16cf32aade135b5c32eaf674f Mon Sep 17 00:00:00 2001 +From: Ariadne Conill +Date: Sun, 3 Apr 2022 12:16:45 +0000 +Subject: [PATCH 2/2] nslookup: sanitize all printed strings with + printable_string + +Otherwise, terminal sequences can be injected, which enables various terminal injection +attacks from DNS results. + +CVE: Pending +Upstream-Status: Pending +Signed-off-by: Ariadne Conill +--- + networking/nslookup.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/networking/nslookup.c b/networking/nslookup.c +index 6da97baf4..4bdcde1b8 100644 +--- a/networking/nslookup.c ++++ b/networking/nslookup.c +@@ -407,7 +407,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len) + //printf("Unable to uncompress domain: %s\n", strerror(errno)); + return -1; + } +- printf(format, ns_rr_name(rr), dname); ++ printf(format, ns_rr_name(rr), printable_string(dname)); + break; + + case ns_t_mx: +@@ -422,7 +422,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len) + //printf("Cannot uncompress MX domain: %s\n", strerror(errno)); + return -1; + } +- printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, dname); ++ printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, printable_string(dname)); + break; + + case ns_t_txt: +@@ -434,7 +434,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len) + if (n > 0) { + memset(dname, 0, sizeof(dname)); + memcpy(dname, ns_rr_rdata(rr) + 1, n); +- printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), dname); ++ printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), printable_string(dname)); + } + break; + +@@ -454,7 +454,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len) + } + + printf("%s\tservice = %u %u %u %s\n", ns_rr_name(rr), +- ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), dname); ++ ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), printable_string(dname)); + break; + + case ns_t_soa: +@@ -483,7 +483,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len) + return -1; + } + +- printf("\tmail addr = %s\n", dname); ++ printf("\tmail addr = %s\n", printable_string(dname)); + cp += n; + + printf("\tserial = %lu\n", ns_get32(cp)); +-- +2.35.1 + diff --git a/aports/busybox/0003-ash-exec-busybox.static.patch b/aports/busybox/0003-ash-exec-busybox.static.patch new file mode 100644 index 0000000..8247e35 --- /dev/null +++ b/aports/busybox/0003-ash-exec-busybox.static.patch @@ -0,0 +1,22 @@ +From d06a13f4cd81aeda9b02d4da90ef2b941899d6c5 Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Thu, 4 Aug 2016 11:03:07 +0200 +Subject: [PATCH] ash: exec busybox.static + +--- + shell/ash.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/shell/ash.c b/shell/ash.c +index 051cc671f..73470eab2 100644 +--- a/shell/ash.c ++++ b/shell/ash.c +@@ -7991,6 +7991,8 @@ tryexec(IF_FEATURE_SH_STANDALONE(int applet_no,) const char *cmd, char **argv, c + } + /* re-exec ourselves with the new arguments */ + execve(bb_busybox_exec_path, argv, envp); ++ execve("/bin/busybox.static",argv,envp); ++ execve("/bin/busybox",argv,envp); + /* If they called chroot or otherwise made the binary no longer + * executable, fall through */ + } diff --git a/aports/busybox/0004-app-location-for-cpio-vi-and-lspci.patch b/aports/busybox/0004-app-location-for-cpio-vi-and-lspci.patch new file mode 100644 index 0000000..964db5df --- /dev/null +++ b/aports/busybox/0004-app-location-for-cpio-vi-and-lspci.patch @@ -0,0 +1,51 @@ +From 3f44fe588d0d68ff5897928b65c0749505937d8d Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Tue, 27 Dec 2016 20:46:59 +0100 +Subject: [PATCH] app location for cpio, vi and lspci + +Adjust location to where alpine linux installs them +--- + archival/cpio.c | 2 +- + editors/vi.c | 2 +- + util-linux/lspci.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/archival/cpio.c b/archival/cpio.c +index d84f6937d..29e7d396a 100644 +--- a/archival/cpio.c ++++ b/archival/cpio.c +@@ -39,7 +39,7 @@ + //config: help + //config: Passthrough mode. Rarely used. + +-//applet:IF_CPIO(APPLET(cpio, BB_DIR_BIN, BB_SUID_DROP)) ++//applet:IF_CPIO(APPLET(cpio, BB_DIR_USR_BIN, BB_SUID_DROP)) + + //kbuild:lib-$(CONFIG_CPIO) += cpio.o + +diff --git a/editors/vi.c b/editors/vi.c +index 3e1bd0820..774da291f 100644 +--- a/editors/vi.c ++++ b/editors/vi.c +@@ -176,7 +176,7 @@ + //config: Enable more verbose reporting of the results of yank, change, + //config: delete, undo and substitution commands. + +-//applet:IF_VI(APPLET(vi, BB_DIR_BIN, BB_SUID_DROP)) ++//applet:IF_VI(APPLET(vi, BB_DIR_USR_BIN, BB_SUID_DROP)) + + //kbuild:lib-$(CONFIG_VI) += vi.o + +diff --git a/util-linux/lspci.c b/util-linux/lspci.c +index c22cbcc1e..70a623650 100644 +--- a/util-linux/lspci.c ++++ b/util-linux/lspci.c +@@ -15,7 +15,7 @@ + //config: + //config: This version uses sysfs (/sys/bus/pci/devices) only. + +-//applet:IF_LSPCI(APPLET_NOEXEC(lspci, lspci, BB_DIR_USR_BIN, BB_SUID_DROP, lspci)) ++//applet:IF_LSPCI(APPLET_NOEXEC(lspci, lspci, BB_DIR_USR_SBIN, BB_SUID_DROP, lspci)) + + //kbuild:lib-$(CONFIG_LSPCI) += lspci.o + diff --git a/aports/busybox/0005-udhcpc-set-default-discover-retries-to-5.patch b/aports/busybox/0005-udhcpc-set-default-discover-retries-to-5.patch new file mode 100644 index 0000000..ea15834 --- /dev/null +++ b/aports/busybox/0005-udhcpc-set-default-discover-retries-to-5.patch @@ -0,0 +1,55 @@ +From 7f626404022bb69cd314e2eea33a721d75cc933d Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Thu, 4 Aug 2016 12:46:55 +0200 +Subject: [PATCH] udhcpc: set default discover retries to 5 + +Some slower nics needs more attempts to get a lease +--- + networking/udhcp/d6_dhcpc.c | 4 ++-- + networking/udhcp/dhcpc.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/networking/udhcp/d6_dhcpc.c b/networking/udhcp/d6_dhcpc.c +index 8d11a7539..794441953 100644 +--- a/networking/udhcp/d6_dhcpc.c ++++ b/networking/udhcp/d6_dhcpc.c +@@ -1135,7 +1135,7 @@ static void client_background(void) + //usage: "\n -s PROG Run PROG at DHCP events (default "CONFIG_UDHCPC_DEFAULT_SCRIPT")" + //usage: "\n -B Request broadcast replies" + //usage: "\n -t N Send up to N discover packets" +-//usage: "\n -T SEC Pause between packets (default 3)" ++//usage: "\n -T SEC Pause between packets (default 5)" + //usage: "\n -A SEC Wait if lease is not obtained (default 20)" + //usage: USE_FOR_MMU( + //usage: "\n -b Background if lease is not obtained" +@@ -1180,7 +1180,7 @@ int udhcpc6_main(int argc UNUSED_PARAM, char **argv) + llist_t *list_x = NULL; + int tryagain_timeout = 20; + int discover_timeout = 3; +- int discover_retries = 3; ++ int discover_retries = 5; + struct in6_addr srv6_buf; + struct in6_addr ipv6_buf; + struct in6_addr *requested_ipv6; +diff --git a/networking/udhcp/dhcpc.c b/networking/udhcp/dhcpc.c +index 331f13a8c..0c1b58d7c 100644 +--- a/networking/udhcp/dhcpc.c ++++ b/networking/udhcp/dhcpc.c +@@ -1173,7 +1173,7 @@ static void client_background(void) + //usage: "\n -p FILE Create pidfile" + //usage: "\n -B Request broadcast replies" + //usage: "\n -t N Send up to N discover packets (default 3)" +-//usage: "\n -T SEC Pause between packets (default 3)" ++//usage: "\n -T SEC Pause between packets (default 5)" + //usage: "\n -A SEC Wait if lease is not obtained (default 20)" + //usage: USE_FOR_MMU( + //usage: "\n -b Background if lease is not obtained" +@@ -1217,7 +1217,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) + llist_t *list_x = NULL; + int tryagain_timeout = 20; + int discover_timeout = 3; +- int discover_retries = 3; ++ int discover_retries = 5; + uint32_t server_id = server_id; /* for compiler */ + uint32_t requested_ip = 0; + int packet_num; diff --git a/aports/busybox/0006-ping-make-ping-work-without-root-privileges.patch b/aports/busybox/0006-ping-make-ping-work-without-root-privileges.patch new file mode 100644 index 0000000..ed35229 --- /dev/null +++ b/aports/busybox/0006-ping-make-ping-work-without-root-privileges.patch @@ -0,0 +1,206 @@ +From 278c73292f2cfc1ecef2dac71efdc7201c021211 Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Tue, 29 Mar 2016 18:59:22 +0200 +Subject: [PATCH] ping: make ping work without root privileges + +--- + networking/ping.c | 115 +++++++++++++++++++++++++++++++++++++--------- + 1 file changed, 94 insertions(+), 21 deletions(-) + +diff --git a/networking/ping.c b/networking/ping.c +index c4a15e06e..a2dccb57f 100644 +--- a/networking/ping.c ++++ b/networking/ping.c +@@ -170,6 +170,7 @@ enum { + pingsock = 0, + }; + ++static int using_dgram; + static void + #if ENABLE_PING6 + create_icmp_socket(len_and_sockaddr *lsa) +@@ -186,9 +187,23 @@ create_icmp_socket(void) + #endif + sock = socket(AF_INET, SOCK_RAW, 1); /* 1 == ICMP */ + if (sock < 0) { +- if (errno == EPERM) +- bb_simple_error_msg_and_die(bb_msg_perm_denied_are_you_root); +- bb_simple_perror_msg_and_die(bb_msg_can_not_create_raw_socket); ++ if (errno != EPERM) ++ bb_simple_perror_msg_and_die(bb_msg_can_not_create_raw_socket); ++#if defined(__linux__) || defined(__APPLE__) ++ /* We don't have root privileges. Try SOCK_DGRAM instead. ++ * Linux needs net.ipv4.ping_group_range for this to work. ++ * MacOSX allows ICMP_ECHO, ICMP_TSTAMP or ICMP_MASKREQ ++ */ ++#if ENABLE_PING6 ++ if (lsa->u.sa.sa_family == AF_INET6) ++ sock = socket(AF_INET6, SOCK_DGRAM, IPPROTO_ICMPV6); ++ else ++#endif ++ sock = socket(AF_INET, SOCK_DGRAM, 1); /* 1 == ICMP */ ++ if (sock < 0) ++#endif ++ bb_simple_error_msg_and_die(bb_msg_perm_denied_are_you_root); ++ using_dgram = 1; + } + + xmove_fd(sock, pingsock); +@@ -241,10 +256,12 @@ static void ping4(len_and_sockaddr *lsa) + bb_simple_perror_msg("recvfrom"); + continue; + } +- if (c >= 76) { /* ip + icmp */ +- struct iphdr *iphdr = (struct iphdr *) G.packet; ++ if (c >= 76 || using_dgram && (c == 64)) { /* ip + icmp */ ++ if(!using_dgram) { ++ struct iphdr *iphdr = (struct iphdr *) G.packet; + +- pkt = (struct icmp *) (G.packet + (iphdr->ihl << 2)); /* skip ip hdr */ ++ pkt = (struct icmp *) (G.packet + (iphdr->ihl << 2)); /* skip ip hdr */ ++ } else pkt = (struct icmp *) G.packet; + if (pkt->icmp_id != G.myid) + continue; /* not our ping */ + if (pkt->icmp_type == ICMP_ECHOREPLY) +@@ -653,19 +670,21 @@ static void unpack_tail(int sz, uint32_t *tp, + } + static int unpack4(char *buf, int sz, struct sockaddr_in *from) + { +- struct icmp *icmppkt; + struct iphdr *iphdr; ++ struct icmp *icmppkt; + int hlen; + + /* discard if too short */ + if (sz < (datalen + ICMP_MINLEN)) + return 0; ++ if(!using_dgram) { ++ /* check IP header */ ++ iphdr = (struct iphdr *) buf; ++ hlen = iphdr->ihl << 2; ++ sz -= hlen; ++ icmppkt = (struct icmp *) (buf + hlen); ++ } else icmppkt = (struct icmp *) buf; + +- /* check IP header */ +- iphdr = (struct iphdr *) buf; +- hlen = iphdr->ihl << 2; +- sz -= hlen; +- icmppkt = (struct icmp *) (buf + hlen); + if (icmppkt->icmp_id != myid) + return 0; /* not our ping */ + +@@ -677,7 +696,7 @@ static int unpack4(char *buf, int sz, struct sockaddr_in *from) + tp = (uint32_t *) icmppkt->icmp_data; + unpack_tail(sz, tp, + inet_ntoa(*(struct in_addr *) &from->sin_addr.s_addr), +- recv_seq, iphdr->ttl); ++ recv_seq, using_dgram ? 42 : iphdr->ttl); + return 1; + } + if (icmppkt->icmp_type != ICMP_ECHO) { +@@ -727,11 +746,31 @@ static void ping4(len_and_sockaddr *lsa) + int sockopt; + + pingaddr.sin = lsa->u.sin; +- if (source_lsa) { ++ if (source_lsa && !using_dgram) { + if (setsockopt(pingsock, IPPROTO_IP, IP_MULTICAST_IF, + &source_lsa->u.sa, source_lsa->len)) + bb_simple_error_msg_and_die("can't set multicast source interface"); + xbind(pingsock, &source_lsa->u.sa, source_lsa->len); ++ } else if(using_dgram) { ++ struct sockaddr_in sa; ++ socklen_t sl; ++ ++ sa.sin_family = AF_INET; ++ sa.sin_port = 0; ++ sa.sin_addr.s_addr = source_lsa ? ++ source_lsa->u.sin.sin_addr.s_addr : 0; ++ sl = sizeof(sa); ++ ++ if (bind(pingsock, (struct sockaddr *) &sa, sl) == -1) { ++ perror("bind"); ++ exit(2); ++ } ++ ++ if (getsockname(pingsock, (struct sockaddr *) &sa, &sl) == -1) { ++ perror("getsockname"); ++ exit(2); ++ } ++ myid = sa.sin_port; + } + + /* enable broadcast pings */ +@@ -748,6 +787,15 @@ static void ping4(len_and_sockaddr *lsa) + setsockopt_int(pingsock, IPPROTO_IP, IP_MULTICAST_TTL, opt_ttl); + } + ++ if(using_dgram) { ++ int hold = 65536; ++ if (setsockopt(pingsock, SOL_IP, IP_RECVTTL, (char *)&hold, sizeof(hold))) ++ perror("WARNING: setsockopt(IP_RECVTTL)"); ++ if (setsockopt(pingsock, SOL_IP, IP_RETOPTS, (char *)&hold, sizeof(hold))) ++ perror("WARNING: setsockopt(IP_RETOPTS)"); ++ ++ } ++ + signal(SIGINT, print_stats_and_exit); + + /* start the ping's going ... */ +@@ -785,10 +833,33 @@ static void ping6(len_and_sockaddr *lsa) + char control_buf[CMSG_SPACE(36)]; + + pingaddr.sin6 = lsa->u.sin6; +- if (source_lsa) ++ if (source_lsa && !using_dgram) + xbind(pingsock, &source_lsa->u.sa, source_lsa->len); ++ else if(using_dgram) { ++ struct sockaddr_in6 sa = {0}; ++ socklen_t sl; ++ ++ sa.sin6_family = AF_INET6; ++ sa.sin6_port = 0; ++ if(source_lsa) { ++ memcpy(&sa.sin6_addr, &source_lsa->u.sin6.sin6_addr, sizeof(struct in6_addr)); ++ } ++ sl = sizeof(sa); ++ ++ if (bind(pingsock, (struct sockaddr *) &sa, sl) == -1) { ++ perror("bind"); ++ exit(2); ++ } ++ ++ if (getsockname(pingsock, (struct sockaddr *) &sa, &sl) == -1) { ++ perror("getsockname"); ++ exit(2); ++ } ++ myid = sa.sin6_port; ++ } + + #ifdef ICMP6_FILTER ++ if(!using_dgram) + { + struct icmp6_filter filt; + if (!(option_mask32 & OPT_VERBOSE)) { +@@ -934,12 +1005,14 @@ static int common_ping_main(int opt, char **argv) + interval = INT_MAX/1000000; + G.interval_us = interval * 1000000; + +- myid = (uint16_t) getpid(); +- /* we can use native-endian ident, but other Unix ping/traceroute +- * utils use *big-endian pid*, and e.g. traceroute on our machine may be +- * *not* from busybox, idents may collide. Follow the convention: +- */ +- myid = htons(myid); ++ if (!using_dgram) { ++ myid = (uint16_t) getpid(); ++ /* we can use native-endian ident, but other Unix ping/traceroute ++ * utils use *big-endian pid*, and e.g. traceroute on our machine may be ++ * *not* from busybox, idents may collide. Follow the convention: ++ */ ++ myid = htons(myid); ++ } + hostname = argv[optind]; + #if ENABLE_PING6 + { diff --git a/aports/busybox/0007-fbsplash-support-console-switching.patch b/aports/busybox/0007-fbsplash-support-console-switching.patch new file mode 100644 index 0000000..8d19505 --- /dev/null +++ b/aports/busybox/0007-fbsplash-support-console-switching.patch @@ -0,0 +1,179 @@ +From 8fb815ec846d9ac64c89ac21cededc17f0b804c3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= +Date: Mon, 24 Sep 2012 07:58:29 +0300 +Subject: [PATCH] fbsplash: support console switching + +--- + miscutils/fbsplash.c | 82 ++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 75 insertions(+), 7 deletions(-) + +diff --git a/miscutils/fbsplash.c b/miscutils/fbsplash.c +index bc3c61055..1c206ef53 100644 +--- a/miscutils/fbsplash.c ++++ b/miscutils/fbsplash.c +@@ -47,7 +47,7 @@ + //kbuild:lib-$(CONFIG_FBSPLASH) += fbsplash.o + + //usage:#define fbsplash_trivial_usage +-//usage: "-s IMGFILE [-c] [-d DEV] [-i INIFILE] [-f CMD]" ++//usage: "-s IMGFILE [-c] [-d DEV] [-i INIFILE] [-f CMD] [-T tty]" + //usage:#define fbsplash_full_usage "\n\n" + //usage: " -s Image" + //usage: "\n -c Hide cursor" +@@ -57,11 +57,17 @@ + //usage: "\n BAR_R,BAR_G,BAR_B,IMG_LEFT,IMG_TOP" + //usage: "\n -f Control pipe (else exit after drawing image)" + //usage: "\n commands: 'NN' (% for progress bar) or 'exit'" ++//usage: "\n -T Switch to TTY to hide all console messages" + + #include "libbb.h" + #include "common_bufsiz.h" + #include + ++#include ++#include ++#include ++#include ++ + /* If you want logging messages on /tmp/fbsplash.log... */ + #define DEBUG 0 + +@@ -75,6 +81,8 @@ struct globals { + unsigned char *addr; // pointer to framebuffer memory + unsigned ns[9]; // n-parameters + const char *image_filename; ++ int silent_tty, fd_tty_s; ++ bool do_not_draw; + struct fb_var_screeninfo scr_var; + struct fb_fix_screeninfo scr_fix; + unsigned bytes_per_pixel; +@@ -488,6 +496,11 @@ static void init(const char *cfg_filename) + config_close(parser); + } + ++static void sighandler(int sig) ++{ ++ ioctl(G.fd_tty_s, VT_RELDISP, sig == SIGUSR1 ? 1 : 2); ++ G.do_not_draw = (sig != SIGUSR2); ++} + + int fbsplash_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; + int fbsplash_main(int argc UNUSED_PARAM, char **argv) +@@ -497,6 +510,9 @@ int fbsplash_main(int argc UNUSED_PARAM, char **argv) + char *num_buf; + unsigned num; + bool bCursorOff; ++ int fd_tty0, active_vt; ++ struct vt_stat vtstat; ++ struct vt_mode vt; + + INIT_G(); + +@@ -504,8 +520,9 @@ int fbsplash_main(int argc UNUSED_PARAM, char **argv) + fb_device = "/dev/fb0"; + cfg_filename = NULL; + fifo_filename = NULL; +- bCursorOff = 1 & getopt32(argv, "cs:d:i:f:", +- &G.image_filename, &fb_device, &cfg_filename, &fifo_filename); ++ bCursorOff = 1 & getopt32(argv, "cs:d:i:f:T:+", ++ &G.image_filename, &fb_device, &cfg_filename, &fifo_filename, ++ &G.silent_tty); + + // parse configuration file + if (cfg_filename) +@@ -515,11 +532,43 @@ int fbsplash_main(int argc UNUSED_PARAM, char **argv) + if (!G.image_filename) + bb_show_usage(); + ++ fd_tty0 = get_console_fd_or_die(); ++ if (G.silent_tty) { ++ char buf[16]; ++ ++ /* Initialize TTY */ ++ bb_signals((1LL << SIGUSR1) | (1LL << SIGUSR2), sighandler); ++ snprintf(buf, sizeof(buf), "/dev/tty%d", G.silent_tty); ++ G.fd_tty_s = xopen(buf, O_RDWR | O_NOCTTY); ++ ++ /* Activate TTY */ ++ xioctl(fd_tty0, VT_GETSTATE, &vtstat); ++ active_vt = vtstat.v_active; ++ console_make_active(fd_tty0, G.silent_tty); ++ ++ /* Get notifications on console changes */ ++ vt.mode = VT_PROCESS; ++ vt.waitv = 0; ++ vt.relsig = SIGUSR1; ++ vt.acqsig = SIGUSR2; ++ ioctl(G.fd_tty_s, VT_SETMODE, &vt); ++ ++ /* Redirect all kernel messages to tty1 so that they don't get ++ * printed over our silent splash image. And clear it. */ ++ buf[0] = TIOCL_SETKMSGREDIRECT; ++ buf[1] = 1; ++ ioctl(G.fd_tty_s, TIOCLINUX, buf); ++ full_write(G.fd_tty_s, "\e[H\e[2J" "\e[?17;0c", 7+8); ++ ioctl(G.fd_tty_s, KDSETMODE, KD_GRAPHICS); ++ } else { ++ G.fd_tty_s = STDOUT_FILENO; ++ } ++ + fb_open(fb_device); + + if (fifo_filename && bCursorOff) { + // hide cursor (BEFORE any fb ops) +- full_write(STDOUT_FILENO, ESC"[?25l", 6); ++ full_write(G.fd_tty_s, ESC"[?25l", 6); + } + + fb_drawimage(); +@@ -527,6 +576,7 @@ int fbsplash_main(int argc UNUSED_PARAM, char **argv) + if (!fifo_filename) + return EXIT_SUCCESS; + ++ sig_block(SIGUSR1); + fp = xfopen_stdin(fifo_filename); + if (fp != stdin) { + // For named pipes, we want to support this: +@@ -542,8 +592,9 @@ int fbsplash_main(int argc UNUSED_PARAM, char **argv) + // and become an additional writer :) + open(fifo_filename, O_WRONLY); // errors are ignored + } +- + fb_drawprogressbar(0); ++ sig_unblock(SIGUSR1); ++ + // Block on read, waiting for some input. + // Use of style I/O allows to correctly + // handle a case when we have many buffered lines +@@ -558,12 +609,29 @@ int fbsplash_main(int argc UNUSED_PARAM, char **argv) + #if DEBUG + DEBUG_MESSAGE(itoa(num)); + #endif +- fb_drawprogressbar(num); ++ sig_block(SIGUSR1); ++ if (!G.do_not_draw) ++ fb_drawprogressbar(num); ++ sig_unblock(SIGUSR1); + } + free(num_buf); + } + +- if (bCursorOff) // restore cursor ++ if (G.silent_tty) { ++ usleep(100*1000); ++ ++ ioctl(G.fd_tty_s, VT_RELDISP, 1); ++ ioctl(G.fd_tty_s, KDSETMODE, KD_TEXT); ++ vt.mode = VT_AUTO; ++ vt.waitv = 0; ++ ioctl(G.fd_tty_s, VT_SETMODE, &vt); ++ close(G.fd_tty_s); ++ ++ xioctl(fd_tty0, VT_GETSTATE, &vtstat); ++ if (vtstat.v_active == G.silent_tty) ++ console_make_active(fd_tty0, active_vt); ++ ioctl(fd_tty0, VT_DISALLOCATE, (void *)(ptrdiff_t)G.silent_tty); ++ } else if (bCursorOff) // restore cursor + full_write(STDOUT_FILENO, ESC"[?25h", 6); + + return EXIT_SUCCESS; diff --git a/aports/busybox/0008-fbsplash-support-image-and-bar-alignment-and-positio.patch b/aports/busybox/0008-fbsplash-support-image-and-bar-alignment-and-positio.patch new file mode 100644 index 0000000..ab3421e --- /dev/null +++ b/aports/busybox/0008-fbsplash-support-image-and-bar-alignment-and-positio.patch @@ -0,0 +1,176 @@ +From cc005e48ebd831199789d9dfb1a9307e743ecdaa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= +Date: Fri, 21 Nov 2014 16:06:34 +0200 +Subject: [PATCH] fbsplash: support image and bar alignment and positioning + +Needed to center a splash screen image in the initramfs. +--- + miscutils/fbsplash.c | 93 ++++++++++++++++++++++++++++++++------------ + 1 file changed, 69 insertions(+), 24 deletions(-) + +diff --git a/miscutils/fbsplash.c b/miscutils/fbsplash.c +index 1c206ef53..500e04fcc 100644 +--- a/miscutils/fbsplash.c ++++ b/miscutils/fbsplash.c +@@ -54,7 +54,7 @@ + //usage: "\n -d Framebuffer device (default /dev/fb0)" + //usage: "\n -i Config file (var=value):" + //usage: "\n BAR_LEFT,BAR_TOP,BAR_WIDTH,BAR_HEIGHT" +-//usage: "\n BAR_R,BAR_G,BAR_B,IMG_LEFT,IMG_TOP" ++//usage: "\n BAR_R,BAR_G,BAR_B,IMG_LEFT,IMG_TOP,IMG_ALIGN" + //usage: "\n -f Control pipe (else exit after drawing image)" + //usage: "\n commands: 'NN' (% for progress bar) or 'exit'" + //usage: "\n -T Switch to TTY to hide all console messages" +@@ -73,13 +73,39 @@ + + #define ESC "\033" + ++enum { ++ bar_width, ++ bar_height, ++ bar_posx, ++ bar_posy, ++ bar_colr, ++ bar_colg, ++ bar_colb, ++ nimg_posx, ++ nimg_posy, ++ nimg_align, ++ num_ns_opts, ++ debug = num_ns_opts, ++}; ++ ++#define nbar_width ns[bar_width] ++#define nbar_height ns[bar_height] ++#define nbar_posx ns[bar_posx] ++#define nbar_posy ns[bar_posy] ++#define nbar_colr ns[bar_colr] ++#define nbar_colg ns[bar_colg] ++#define nbar_colb ns[bar_colb] ++#define img_posx ns[nimg_posx] ++#define img_posy ns[nimg_posy] ++#define img_align ns[nimg_align] ++ + struct globals { + #if DEBUG + bool bdebug_messages; // enable/disable logging + FILE *logfile_fd; // log file + #endif + unsigned char *addr; // pointer to framebuffer memory +- unsigned ns[9]; // n-parameters ++ unsigned ns[num_ns_opts]; // n-parameters + const char *image_filename; + int silent_tty, fd_tty_s; + bool do_not_draw; +@@ -96,16 +122,6 @@ struct globals { + SET_PTR_TO_GLOBALS(xzalloc(sizeof(G))); \ + } while (0) + +-#define nbar_width ns[0] // progress bar width +-#define nbar_height ns[1] // progress bar height +-#define nbar_posx ns[2] // progress bar horizontal position +-#define nbar_posy ns[3] // progress bar vertical position +-#define nbar_colr ns[4] // progress bar color red component +-#define nbar_colg ns[5] // progress bar color green component +-#define nbar_colb ns[6] // progress bar color blue component +-#define img_posx ns[7] // image horizontal position +-#define img_posy ns[8] // image vertical position +- + #if DEBUG + #define DEBUG_MESSAGE(strMessage, args...) \ + if (G.bdebug_messages) { \ +@@ -386,7 +402,7 @@ static void fb_drawimage(void) + FILE *theme_file; + char *read_ptr; + unsigned char *pixline; +- unsigned i, j, width, height, line_size; ++ int i, j, width, height, line_size, xoffs, yoffs, xstart; + + if (LONE_DASH(G.image_filename)) { + theme_file = stdin; +@@ -436,18 +452,39 @@ static void fb_drawimage(void) + line_size = width*3; + pixline = xmalloc(line_size); + +- if ((width + G.img_posx) > G.scr_var.xres) +- width = G.scr_var.xres - G.img_posx; +- if ((height + G.img_posy) > G.scr_var.yres) +- height = G.scr_var.yres - G.img_posy; +- for (j = 0; j < height; j++) { ++ xoffs = G.img_posx; ++ switch (G.img_align % 3) { ++ case 1: xoffs += (G.scr_var.xres - width) / 2; break; ++ case 2: xoffs += G.scr_var.xres - width; break; ++ } ++ xstart = 0; ++ if (xoffs < 0) { ++ xstart = -xoffs; ++ xoffs = 0; ++ } ++ if ((width + xoffs) > G.scr_var.xres) ++ width = G.scr_var.xres - xoffs; ++ ++ yoffs = G.img_posy; ++ switch (G.img_align / 3) { ++ case 1: yoffs += (G.scr_var.yres - height) / 2; break; ++ case 2: yoffs += G.scr_var.yres - height; break; ++ } ++ if ((height + yoffs) > G.scr_var.yres) ++ height = G.scr_var.yres - yoffs; ++ ++ for (j = 0; j < height; j++, yoffs++) { + unsigned char *pixel; + unsigned char *src; + + if (fread(pixline, 1, line_size, theme_file) != line_size) + bb_error_msg_and_die("bad PPM file '%s'", G.image_filename); +- pixel = pixline; +- src = G.addr + (G.img_posy + j) * G.scr_fix.line_length + G.img_posx * G.bytes_per_pixel; ++ ++ if (yoffs < 0) ++ continue; ++ ++ pixel = pixline + xstart * 3; ++ src = G.addr + yoffs * G.scr_fix.line_length + xoffs * G.bytes_per_pixel; + for (i = 0; i < width; i++) { + unsigned thispix = fb_pixel_value(pixel[0], pixel[1], pixel[2]); + fb_write_pixel(src, thispix); +@@ -466,11 +503,15 @@ static void fb_drawimage(void) + */ + static void init(const char *cfg_filename) + { ++ static const char align_names[] ALIGN1 = ++ "LT\0" "CT\0" "RT\0" ++ "LM\0" "CM\0" "RM\0" ++ "LB\0" "CB\0" "RB\0"; + static const char param_names[] ALIGN1 = + "BAR_WIDTH\0" "BAR_HEIGHT\0" + "BAR_LEFT\0" "BAR_TOP\0" + "BAR_R\0" "BAR_G\0" "BAR_B\0" +- "IMG_LEFT\0" "IMG_TOP\0" ++ "IMG_LEFT\0" "IMG_TOP\0" "IMG_ALIGN\0" + #if DEBUG + "DEBUG\0" + #endif +@@ -479,14 +520,18 @@ static void init(const char *cfg_filename) + parser_t *parser = config_open2(cfg_filename, xfopen_stdin); + while (config_read(parser, token, 2, 2, "#=", + (PARSE_NORMAL | PARSE_MIN_DIE) & ~(PARSE_TRIM | PARSE_COLLAPSE))) { +- unsigned val = xatoi_positive(token[1]); ++ unsigned val; + int i = index_in_strings(param_names, token[0]); + if (i < 0) + bb_error_msg_and_die("syntax error: %s", token[0]); +- if (i >= 0 && i < 9) ++ if (i == nimg_align) ++ val = index_in_strings(align_names, token[1]); ++ else ++ val = xatoi_positive(token[1]); ++ if (i < num_ns_opts) + G.ns[i] = val; + #if DEBUG +- if (i == 9) { ++ if (i == debug) { + G.bdebug_messages = val; + if (G.bdebug_messages) + G.logfile_fd = xfopen_for_write("/tmp/fbsplash.log"); diff --git a/aports/busybox/0009-depmod-support-generating-kmod-binary-index-files.patch b/aports/busybox/0009-depmod-support-generating-kmod-binary-index-files.patch new file mode 100644 index 0000000..9f697a5 --- /dev/null +++ b/aports/busybox/0009-depmod-support-generating-kmod-binary-index-files.patch @@ -0,0 +1,507 @@ +From 8d76137506e9c65404280694e56d9a7629d58280 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= +Date: Sun, 25 Oct 2015 22:21:41 +0200 +Subject: [PATCH] depmod: support generating kmod binary index files + +This allows to use busybox depmod, and run daemons using libkmod (or +even kmod modprobe if needed). + +About +1500 bytes when enabled. This patch merges some depmod code +paths, so when this is disabled it shrinks the code size a little bit. +--- + modutils/Config.src | 9 ++ + modutils/depmod.c | 281 ++++++++++++++++++++++++++++++++++++-------- + modutils/modprobe.c | 15 --- + modutils/modutils.c | 31 +++++ + modutils/modutils.h | 16 +++ + 5 files changed, 286 insertions(+), 66 deletions(-) + +diff --git a/modutils/Config.src b/modutils/Config.src +index 188296814..7a4c037ad 100644 +--- a/modutils/Config.src ++++ b/modutils/Config.src +@@ -152,6 +152,15 @@ config FEATURE_MODUTILS_ALIAS + + Say Y if unsure. + ++config FEATURE_MODUTILS_BIN ++ bool "Support for the kmod .bin file format" ++ default n ++ depends on DEPMOD && !MODPROBE_SMALL ++ help ++ Generate kmod compatible binary index files for .dep, .alias, ++ .symbols and .builtin files. Allows mixing use of busybox ++ modutils and kmod (binaries and library). ++ + config FEATURE_MODUTILS_SYMBOLS + bool "Support module.symbols file" + default y +diff --git a/modutils/depmod.c b/modutils/depmod.c +index b5244fc60..26e223753 100644 +--- a/modutils/depmod.c ++++ b/modutils/depmod.c +@@ -2,7 +2,7 @@ + /* + * depmod - generate modules.dep + * Copyright (c) 2008 Bernhard Reutner-Fischer +- * Copyrihgt (c) 2008 Timo Teras ++ * Copyrihgt (c) 2008-2015 Timo Teras + * Copyright (c) 2008 Vladimir Dronnikov + * + * Licensed under GPLv2 or later, see file LICENSE in this source tree. +@@ -26,6 +26,24 @@ + #include "modutils.h" + #include /* uname() */ + ++#define INDEX_MINCHAR 32 ++#define INDEX_MAXCHAR 128 ++ ++typedef struct index_node { ++ char *prefix; ++ llist_t *values; ++ struct index_node *children[INDEX_MAXCHAR-INDEX_MINCHAR]; ++} index_node; ++ ++struct globals { ++ module_db db; ++ index_node *root_node; ++} FIX_ALIASING; ++#define G (*ptr_to_globals) ++#define INIT_G() do { \ ++ SET_PTR_TO_GLOBALS(xzalloc(sizeof(G))); \ ++} while (0) ++ + /* + * Theory of operation: + * - iterate over all modules and record their full path +@@ -53,18 +71,12 @@ static int FAST_FUNC parse_module(const char *fname, struct stat *sb UNUSED_PARA + + for (ptr = image; ptr < image + len - 10; ptr++) { + if (is_prefixed_with(ptr, "depends=")) { +- char *u; +- + ptr += 8; +- for (u = ptr; *u; u++) +- if (*u == '-') +- *u = '_'; +- ptr += string_to_llist(ptr, &e->deps, ","); ++ string_to_llist(replace_underscores(ptr), &e->deps, ","); + } else if (ENABLE_FEATURE_MODUTILS_ALIAS + && is_prefixed_with(ptr, "alias=") + ) { +- llist_add_to(&e->aliases, xstrdup(ptr + 6)); +- ptr += strlen(ptr); ++ llist_add_to(&e->aliases, replace_underscores(xstrdup(ptr + 6))); + } else if (ENABLE_FEATURE_MODUTILS_SYMBOLS + && is_prefixed_with(ptr, "__ksymtab_") + ) { +@@ -74,9 +86,10 @@ static int FAST_FUNC parse_module(const char *fname, struct stat *sb UNUSED_PARA + ) { + continue; + } +- llist_add_to(&e->symbols, xstrdup(ptr)); +- ptr += strlen(ptr); +- } ++ llist_add_to(&e->symbols, xasprintf("symbol:%s", ptr)); ++ } else ++ continue; ++ ptr += strlen(ptr); + } + free(image); + +@@ -108,12 +121,6 @@ static void order_dep_list(module_db *modules, module_entry *start, llist_t *add + } + } + +-static void xfreopen_write(const char *file, FILE *f) +-{ +- if (freopen(file, "w", f) == NULL) +- bb_perror_msg_and_die("can't open '%s'", file); +-} +- + //usage:#if !ENABLE_MODPROBE_SMALL + //usage:#define depmod_trivial_usage "[-n] [-b BASE] [VERSION] [MODFILES]..." + //usage:#define depmod_full_usage "\n\n" +@@ -167,6 +174,169 @@ enum { + OPT_C = (1 << 9), /* -C,--config etc_modules_conf: ignored */ + }; + ++/* Support for the mod binary index generation */ ++ ++static void index_init(const char *filename) ++{ ++ if (ENABLE_FEATURE_MODUTILS_BIN) { ++ index_node *n; ++ ++ n = xzalloc(sizeof(index_node)); ++ n->prefix = xstrdup(""); ++ G.root_node = n; ++ } ++ ++ if (filename && !(option_mask32 & OPT_n)) { ++ if (freopen(filename, "w", stdout) == NULL) ++ bb_perror_msg_and_die("can't open '%s'", filename); ++ } ++} ++ ++static void index_add(const char *key, char *value, const char *prefix) ++{ ++ if (prefix && *prefix) ++ printf("%s%s %s\n", prefix, key, value); ++ else if (prefix) ++ printf("%s\n", value); ++ ++ if (ENABLE_FEATURE_MODUTILS_BIN) { ++ index_node *cur = G.root_node, *n; ++ unsigned i = 0, j, ch; ++ ++ while (1) { ++ /* Ensure node->prefix is a prefix of &str[i]. ++ * If it is not already, then we must split node. */ ++ for (j = 0; cur->prefix[j]; j++) { ++ ch = cur->prefix[j]; ++ if (ch != key[i+j]) { ++ /* New child is copy of node with prefix[j+1..N] */ ++ n = xzalloc(sizeof(index_node)); ++ n->prefix = xstrdup(&cur->prefix[j+1]); ++ n->values = cur->values; ++ memcpy(n->children, cur->children, sizeof(n->children)); ++ ++ /* Parent has prefix[0..j], child at prefix[j] */ ++ cur->prefix[j] = '\0'; ++ cur->values = NULL; ++ memset(cur->children, 0, sizeof(cur->children)); ++ cur->children[ch-INDEX_MINCHAR] = n; ++ break; ++ } ++ } ++ i += j; ++ ++ ch = key[i]; ++ if (ch == 0) ++ break; ++ ++ if (ch < INDEX_MINCHAR || ch >= INDEX_MAXCHAR) ++ bb_simple_error_msg_and_die("bad module name"); ++ ++ ch -= INDEX_MINCHAR; ++ if (!cur->children[ch]) { ++ n = xzalloc(sizeof(index_node)); ++ cur->children[ch] = n; ++ n->prefix = xstrdup(&key[i+1]); ++ cur = n; ++ break; ++ } ++ ++ /* Descend into child node and continue */ ++ cur = cur->children[ch]; ++ i++; ++ } ++ ++ llist_add_to(&cur->values, value); ++ } ++} ++ ++static uint32_t index_write_node(FILE *out, index_node *n, void (*freeit)(void *data)) ++{ ++ uint32_t child_offs[INDEX_MAXCHAR-INDEX_MINCHAR]; ++ uint32_t offset; ++ uint8_t first = 255, last = 0; ++ unsigned i; ++ ++ for (i = 0; i < INDEX_MAXCHAR-INDEX_MINCHAR; i++) { ++ child_offs[i] = 0; ++ if (!n->children[i]) ++ continue; ++ child_offs[i] = index_write_node(out, n->children[i], freeit); ++ if (first > INDEX_MAXCHAR) ++ first = i; ++ last = i; ++ } ++ ++ offset = ftell(out); ++ ++ if (n->prefix[0]) { ++ fputs(n->prefix, out); ++ fputc('\0', out); ++ offset |= INDEX_NODE_PREFIX; ++ } ++ ++ if (first < INDEX_MAXCHAR) { ++ fputc(first + INDEX_MINCHAR, out); ++ fputc(last + INDEX_MINCHAR, out); ++ fwrite(child_offs + first, sizeof(uint32_t), last - first + 1, out); ++ offset |= INDEX_NODE_CHILDS; ++ } ++ ++ if (n->values) { ++ const llist_t *v; ++ unsigned int cnt; ++ uint32_t u; ++ ++ n->values = llist_rev(n->values); ++ for (v = n->values, cnt = 0; v != NULL; v = v->link, cnt++); ++ u = htonl(cnt); ++ fwrite(&u, sizeof(u), 1, out); ++ for (v = n->values, cnt = 0; v != NULL; v = v->link, cnt++) { ++ u = htonl(cnt); ++ fwrite(&u, sizeof(u), 1, out); ++ fputs(v->data, out); ++ fputc('\0', out); ++ } ++ offset |= INDEX_NODE_VALUES; ++ } ++ ++ llist_free(n->values, freeit); ++ free(n->prefix); ++ free(n); ++ ++ return htonl(offset); ++} ++ ++static void index_dump(const char *filename, int deps_file) ++{ ++ if (ENABLE_FEATURE_MODUTILS_BIN) { ++ FILE *out; ++ uint32_t header[3] = { ++ htonl(INDEX_MAGIC), ++ htonl(INDEX_VERSION), ++ }; ++ ++ if (option_mask32 & OPT_n) ++ filename = "/dev/null"; ++ else ++ filename = xasprintf("tmp.%s.bin", filename); ++ ++ out = xfopen_for_write(filename); ++ fwrite(header, sizeof(uint32_t), 3, out); ++ header[2] = index_write_node(out, G.root_node, deps_file ? free : 0); ++ rewind(out); ++ G.root_node = NULL; ++ fwrite(header, sizeof(uint32_t), 3, out); ++ if (fclose(out)) { ++ remove(filename); ++ bb_simple_error_msg_and_die(bb_msg_write_error); ++ } ++ /* .bin files are mmap'ed; not renaming it may crash ++ * long standing daemon using libkmod */ ++ rename_or_warn(filename, filename + 4); ++ } ++} ++ + int depmod_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; + int depmod_main(int argc UNUSED_PARAM, char **argv) + { +@@ -178,6 +348,8 @@ int depmod_main(int argc UNUSED_PARAM, char **argv) + unsigned i; + int tmp; + ++ INIT_G(); ++ + getopt32(argv, "aAb:eF:nruqC:", &moddir_base, NULL, NULL); + argv += optind; + +@@ -210,53 +382,60 @@ int depmod_main(int argc UNUSED_PARAM, char **argv) + } + + /* Generate dependency and alias files */ +- if (!(option_mask32 & OPT_n)) +- xfreopen_write(CONFIG_DEFAULT_DEPMOD_FILE, stdout); +- ++ index_init(CONFIG_DEFAULT_DEPMOD_FILE); + moddb_foreach_module(&modules, m, i) { +- printf("%s:", m->name); +- ++ char *buf = xasprintf("%s:", m->name); + order_dep_list(&modules, m, m->deps); ++ + while (m->dnext != m) { + dep = m->dnext; +- printf(" %s", dep->name); +- ++ buf = gather_options_str(buf, dep->name); + /* unlink current entry */ + dep->dnext->dprev = dep->dprev; + dep->dprev->dnext = dep->dnext; + dep->dnext = dep->dprev = dep; + } +- bb_putchar('\n'); ++ index_add(m->modname, buf, ""); + } +- +-#if ENABLE_FEATURE_MODUTILS_ALIAS +- if (!(option_mask32 & OPT_n)) +- xfreopen_write("modules.alias", stdout); +- moddb_foreach_module(&modules, m, i) { +- while (m->aliases) { +- /* +- * Last word used to be a basename +- * (filename with path and .ko.* stripped) +- * at the time of module-init-tools 3.4. +- * kmod v.12 uses module name, i.e., s/-/_/g. +- */ +- printf("alias %s %s\n", +- (char*)llist_pop(&m->aliases), +- m->modname); ++ index_dump(CONFIG_DEFAULT_DEPMOD_FILE, 1); ++ ++ if (ENABLE_FEATURE_MODUTILS_ALIAS) { ++ index_init("modules.alias"); ++ moddb_foreach_module(&modules, m, i) { ++ while (m->aliases) { ++ /* ++ * Last word used to be a basename ++ * (filename with path and .ko.* stripped) ++ * at the time of module-init-tools 3.4. ++ * kmod v.12 uses module name, i.e., s/-/_/g. ++ */ ++ index_add((char*)llist_pop(&m->aliases), m->modname, "alias "); ++ } + } ++ index_dump("modules.alias", 0); + } +-#endif +-#if ENABLE_FEATURE_MODUTILS_SYMBOLS +- if (!(option_mask32 & OPT_n)) +- xfreopen_write("modules.symbols", stdout); +- moddb_foreach_module(&modules, m, i) { +- while (m->symbols) { +- printf("alias symbol:%s %s\n", +- (char*)llist_pop(&m->symbols), +- m->modname); ++ if (ENABLE_FEATURE_MODUTILS_SYMBOLS) { ++ index_init("modules.symbols"); ++ moddb_foreach_module(&modules, m, i) { ++ while (m->symbols) { ++ index_add((char*)llist_pop(&m->symbols), m->modname, "alias "); ++ } ++ } ++ index_dump("modules.symbols", 0); ++ } ++ if (ENABLE_FEATURE_MODUTILS_BIN) { ++ char line[PATH_MAX], modname[MODULE_NAME_LEN]; ++ FILE *in; ++ ++ index_init(NULL); ++ in = xfopen_for_read("modules.builtin"); ++ while (fgets(line, sizeof(line), in) != NULL) { ++ filename2modname(line, modname); ++ index_add(modname, (char *) "", 0); + } ++ fclose(in); ++ index_dump("modules.builtin", 0); + } +-#endif + + if (ENABLE_FEATURE_CLEAN_UP) + moddb_free(&modules); +diff --git a/modutils/modprobe.c b/modutils/modprobe.c +index 0a372a049..20a60c1a6 100644 +--- a/modutils/modprobe.c ++++ b/modutils/modprobe.c +@@ -192,21 +192,6 @@ struct globals { + + static int read_config(const char *path); + +-static char *gather_options_str(char *opts, const char *append) +-{ +- /* Speed-optimized. We call gather_options_str many times. */ +- if (append) { +- if (opts == NULL) { +- opts = xstrdup(append); +- } else { +- int optlen = strlen(opts); +- opts = xrealloc(opts, optlen + strlen(append) + 2); +- sprintf(opts + optlen, " %s", append); +- } +- } +- return opts; +-} +- + static struct module_entry *get_or_add_modentry(const char *module) + { + return moddb_get_or_create(&G.db, module); +diff --git a/modutils/modutils.c b/modutils/modutils.c +index 6f7cd9721..257089af4 100644 +--- a/modutils/modutils.c ++++ b/modutils/modutils.c +@@ -66,6 +66,21 @@ void FAST_FUNC moddb_free(module_db *db) + } + } + ++char * FAST_FUNC gather_options_str(char *opts, const char *append) ++{ ++ /* Speed-optimized. We call gather_options_str many times. */ ++ if (append) { ++ if (opts == NULL) { ++ opts = xstrdup(append); ++ } else { ++ int optlen = strlen(opts); ++ opts = xrealloc(opts, optlen + strlen(append) + 2); ++ sprintf(opts + optlen, " %s", append); ++ } ++ } ++ return opts; ++} ++ + void FAST_FUNC replace(char *s, char what, char with) + { + while (*s) { +@@ -75,6 +90,22 @@ void FAST_FUNC replace(char *s, char what, char with) + } + } + ++char* FAST_FUNC replace_underscores(char *s) ++{ ++ int i; ++ for (i = 0; s[i]; i++) { ++ switch (s[i]) { ++ case '-': ++ s[i] = '_'; ++ break; ++ case '[': ++ i += strcspn(&s[i], "]"); ++ break; ++ } ++ } ++ return s; ++} ++ + int FAST_FUNC string_to_llist(char *string, llist_t **llist, const char *delim) + { + char *tok; +diff --git a/modutils/modutils.h b/modutils/modutils.h +index 4a702e97c..73e816028 100644 +--- a/modutils/modutils.h ++++ b/modutils/modutils.h +@@ -18,6 +18,20 @@ PUSH_AND_SET_FUNCTION_VISIBILITY_TO_HIDDEN + #define MODULE_NAME_LEN 256 + #define MODULE_HASH_SIZE 256 + ++/* .bin index format definitions */ ++#define INDEX_MAGIC 0xB007F457 ++#define INDEX_VERSION_MAJOR 0x0002 ++#define INDEX_VERSION_MINOR 0x0001 ++#define INDEX_VERSION ((INDEX_VERSION_MAJOR<<16)|INDEX_VERSION_MINOR) ++ ++enum node_offset { ++ INDEX_NODE_FLAGS = 0xF0000000, /* Flags in high nibble */ ++ INDEX_NODE_PREFIX = 0x80000000, ++ INDEX_NODE_VALUES = 0x40000000, ++ INDEX_NODE_CHILDS = 0x20000000, ++ INDEX_NODE_MASK = 0x0FFFFFFF, /* Offset value */ ++}; ++ + typedef struct module_entry { + struct module_entry *next; + char *name, *modname; +@@ -47,7 +61,9 @@ module_entry *moddb_get(module_db *db, const char *s) FAST_FUNC; + module_entry *moddb_get_or_create(module_db *db, const char *s) FAST_FUNC; + void moddb_free(module_db *db) FAST_FUNC; + ++char *gather_options_str(char *opts, const char *append) FAST_FUNC; + void replace(char *s, char what, char with) FAST_FUNC; ++char *replace_underscores(char *s) FAST_FUNC; + int string_to_llist(char *string, llist_t **llist, const char *delim) FAST_FUNC; + char *filename2modname(const char *filename, char *modname) FAST_FUNC; + #if ENABLE_FEATURE_CMDLINE_MODULE_OPTIONS diff --git a/aports/busybox/0010-Add-flag-for-not-following-symlinks-when-recursing.patch b/aports/busybox/0010-Add-flag-for-not-following-symlinks-when-recursing.patch new file mode 100644 index 0000000..e647d8d --- /dev/null +++ b/aports/busybox/0010-Add-flag-for-not-following-symlinks-when-recursing.patch @@ -0,0 +1,56 @@ +From 03293c16e509501ce7ec952900413138475f125d Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Fri, 25 Jul 2014 15:28:33 +0200 +Subject: [PATCH] Add flag for not following symlinks when recursing + +function old new delta +.rodata 7934 7967 +33 +diff_longopts 253 270 +17 +packed_usage 1704 1720 +16 +diff_main 1665 1662 -3 +------------------------------------------------------------------------------ +(add/remove: 0/0 grow/shrink: 3/1 up/down: 66/-3) Total: 63 bytes +--- + editors/diff.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/editors/diff.c b/editors/diff.c +index 280091756..42a36e2d4 100644 +--- a/editors/diff.c ++++ b/editors/diff.c +@@ -113,6 +113,9 @@ + //usage: "\n -N Treat absent files as empty" + //usage: "\n -q Output only whether files differ" + //usage: "\n -r Recurse" ++//usage: IF_LONG_OPTS( ++//usage: "\n --no-dereference Don't follow symlinks" ++//usage: ) + //usage: "\n -S Start with FILE when comparing directories" + //usage: "\n -T Make tabs line up by prefixing a tab when necessary" + //usage: "\n -s Report when two files are the same" +@@ -154,6 +157,7 @@ enum { /* Commandline flags */ + FLAG_p, /* not implemented */ + FLAG_B, + FLAG_E, /* not implemented */ ++ FLAG_no_deref, + }; + #define FLAG(x) (1 << FLAG_##x) + +@@ -867,7 +871,8 @@ static void diffdir(char *p[2], const char *s_start) + * Using list.len to specify its length, + * add_to_dirlist will remove it. */ + list[i].len = strlen(p[i]); +- recursive_action(p[i], ACTION_RECURSE | ACTION_FOLLOWLINKS, ++ recursive_action(p[i], ACTION_RECURSE | ++ ((option_mask32 & FLAG(no_deref)) ? 0 : ACTION_FOLLOWLINKS), + add_to_dirlist, skip_dir, &list[i]); + /* Sort dl alphabetically. + * GNU diff does this ignoring any number of trailing dots. +@@ -964,6 +969,7 @@ static const char diff_longopts[] ALIGN1 = + "report-identical-files\0" No_argument "s" + "starting-file\0" Required_argument "S" + "minimal\0" No_argument "d" ++ "no-dereference\0" No_argument "\xff" + ; + # define GETOPT32 getopt32long + # define LONGOPTS ,diff_longopts diff --git a/aports/busybox/0012-udhcpc-Don-t-background-if-n-is-given.patch b/aports/busybox/0012-udhcpc-Don-t-background-if-n-is-given.patch new file mode 100644 index 0000000..523768b --- /dev/null +++ b/aports/busybox/0012-udhcpc-Don-t-background-if-n-is-given.patch @@ -0,0 +1,96 @@ +From 0cd01228c1e4173683637c4e582448656b26c05f Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Thu, 6 Jul 2017 11:40:14 +0200 +Subject: [PATCH] udhcpc: Don't background if -n is given + +we need add -b to our udhcpc options to prevent boot forever if there are no +dhcp server. We also need a way for users to disable this behavior by making +it possible to set -n option at runtime. + +Since busybox 1.31.0 -b takes precedence over -n [0]. However, since we +enable -b instead of -n by default (through our busyboxconfig) this is +not desired, this commit therefore also reverts the upstream patch +introducing this change. + +See also: https://bugs.busybox.net/11691 + +[0]: https://git.busybox.net/busybox/commit/?id=87e216294af9eec39c0c1d553555f8a98c15db38 +--- + networking/udhcp/d6_dhcpc.c | 20 +++++++------------- + networking/udhcp/dhcpc.c | 20 +++++++------------- + 2 files changed, 14 insertions(+), 26 deletions(-) + +diff --git a/networking/udhcp/d6_dhcpc.c b/networking/udhcp/d6_dhcpc.c +index 8d11a7539..0284a0fd8 100644 +--- a/networking/udhcp/d6_dhcpc.c ++++ b/networking/udhcp/d6_dhcpc.c +@@ -1401,25 +1401,19 @@ int udhcpc6_main(int argc UNUSED_PARAM, char **argv) + leasefail: + change_listen_mode(LISTEN_NONE); + d6_run_script_no_option("leasefail"); ++ if (opt & OPT_n) { /* abort if no lease */ ++ bb_simple_info_msg("no lease, failing"); ++ retval = 1; ++ goto ret; ++ } + #if BB_MMU /* -b is not supported on NOMMU */ + if (opt & OPT_b) { /* background if no lease */ + bb_simple_info_msg("no lease, forking to background"); + client_background(); + /* do not background again! */ +- opt = ((opt & ~(OPT_b|OPT_n)) | OPT_f); +- /* ^^^ also disables -n (-b takes priority over -n): +- * ifup's default udhcpc options are -R -n, +- * and users want to be able to add -b +- * (in a config file) to make it background +- * _and not exit_. +- */ +- } else +-#endif +- if (opt & OPT_n) { /* abort if no lease */ +- bb_simple_info_msg("no lease, failing"); +- retval = 1; +- goto ret; ++ opt = ((opt & ~OPT_b) | OPT_f); + } ++#endif + /* Wait before trying again */ + timeout = tryagain_timeout; + packet_num = 0; +diff --git a/networking/udhcp/dhcpc.c b/networking/udhcp/dhcpc.c +index bbf95caca..8e034ac8a 100644 +--- a/networking/udhcp/dhcpc.c ++++ b/networking/udhcp/dhcpc.c +@@ -1456,25 +1456,19 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) + leasefail: + change_listen_mode(LISTEN_NONE); + d4_run_script(NULL, "leasefail"); ++ if (opt & OPT_n) { /* abort if no lease */ ++ bb_simple_info_msg("no lease, failing"); ++ retval = 1; ++ goto ret; ++ } + #if BB_MMU /* -b is not supported on NOMMU */ + if (opt & OPT_b) { /* background if no lease */ + bb_simple_info_msg("no lease, forking to background"); + client_background(); + /* do not background again! */ +- opt = ((opt & ~(OPT_b|OPT_n)) | OPT_f); +- /* ^^^ also disables -n (-b takes priority over -n): +- * ifup's default udhcpc options are -R -n, +- * and users want to be able to add -b +- * (in a config file) to make it background +- * _and not exit_. +- */ +- } else +-#endif +- if (opt & OPT_n) { /* abort if no lease */ +- bb_simple_info_msg("no lease, failing"); +- retval = 1; +- goto ret; ++ opt = ((opt & ~OPT_b) | OPT_f); + } ++#endif + /* Wait before trying again */ + timeout = tryagain_timeout; + packet_num = 0; diff --git a/aports/busybox/APKBUILD b/aports/busybox/APKBUILD new file mode 100644 index 0000000..a1e83c6 --- /dev/null +++ b/aports/busybox/APKBUILD @@ -0,0 +1,210 @@ +# Maintainer: Gabor Pali +pkgname=busybox +pkgver=1.34.1 +pkgrel=5 +pkgdesc="Size optimized toolbox of many common UNIX utilities" +url="https://busybox.net/" +arch="all" +license="GPL-2.0-only" +makedepends_build="perl" +makedepends_host="linux-headers openssl1.1-compat-dev libretls-dev" +makedepends="$makedepends_build $makedepends_host" +checkdepends= +provides="/bin/sh" +install= +subpackages= +options="!check" +source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2 + 0001-rev-correct-output-for-long-input-lines.patch + + 0001-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch + 0001-adduser-default-to-sbin-nologin-as-shell-for-system-.patch + 0001-properly-fix-wget-https-support.patch + 0001-modutils-check-ELF-header-before-calling-finit_module.patch + 0002-fsck-resolve-LABEL-.-UUID-.-spec-to-device.patch + 0003-ash-exec-busybox.static.patch + 0004-app-location-for-cpio-vi-and-lspci.patch + 0005-udhcpc-set-default-discover-retries-to-5.patch + 0006-ping-make-ping-work-without-root-privileges.patch + 0007-fbsplash-support-console-switching.patch + 0008-fbsplash-support-image-and-bar-alignment-and-positio.patch + 0009-depmod-support-generating-kmod-binary-index-files.patch + 0010-Add-flag-for-not-following-symlinks-when-recursing.patch + 0012-udhcpc-Don-t-background-if-n-is-given.patch + + 0001-ash-add-built-in-BB_ASH_VERSION-variable.patch + + 0001-cpio-add-support-for-ignore-devno-like-GNU-cpio.patch + 0002-cpio-add-support-for-renumber-inodes-like-GNU-cpio.patch + + 0001-pgrep-add-support-for-matching-against-UID-and-RUID.patch + + 0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch + 0002-nslookup-sanitize-all-printed-strings-with-printable.patch + + acpid.logrotate + config + default.script + + acpid.initd + crond.initd + mdev.initd + syslog.initd + udhcpd.initd + + crond.confd + syslog.confd + mdev.conf + persistent-storage + " + +# secfixes: +# 1.34.1-r5: +# - ALPINE-13661 +# - CVE-2022-28391 +# 1.34.0-r0: +# - CVE-2021-42374 +# - CVE-2021-42375 +# - CVE-2021-42378 +# - CVE-2021-42379 +# - CVE-2021-42380 +# - CVE-2021-42381 +# - CVE-2021-42382 +# - CVE-2021-42383 +# - CVE-2021-42384 +# - CVE-2021-42385 +# - CVE-2021-42386 +# 1.33.0-r5: +# - CVE-2021-28831 +# 1.30.1-r2: +# - CVE-2019-5747 +# 1.29.3-r10: +# - CVE-2018-20679 +# 1.28.3-r2: +# - CVE-2018-1000500 +# 1.27.2-r4: +# - CVE-2017-16544 +# - CVE-2017-15873 +# - CVE-2017-15874 +# 0: +# - CVE-2021-42373 +# - CVE-2021-42376 +# - CVE-2021-42377 + +prepare() { + default_prepare + + mkdir -p "$srcdir"/build +} + +build() { + cd "$srcdir"/build + echo "COPIED CONFIG to $(pwd)/.config" + cp "$srcdir"/config .config + [ "$CLIBC" = musl ] && sed -i \ + -e "s/CONFIG_EXTRA_COMPAT=y/CONFIG_EXTRA_COMPAT=n/" \ + .config + make -C "$builddir" O="$PWD" silentoldconfig + make +} + +package() { + local i + + cd "$srcdir"/build + mkdir -p "$pkgdir"/usr/sbin "$pkgdir"/usr/bin "$pkgdir"/tmp \ + "$pkgdir"/var/cache/misc "$pkgdir"/bin "$pkgdir"/sbin + chmod 1777 "$pkgdir"/tmp + install -m755 busybox "$pkgdir"/bin/busybox + + for target in $("$pkgdir"/bin/busybox --list-full | sort); do + ln -s /bin/busybox "$pkgdir"/"$target" + done + + #ifupdown needs those dirs to be present + mkdir -p \ + "$pkgdir"/etc/network/if-down.d \ + "$pkgdir"/etc/network/if-post-down.d \ + "$pkgdir"/etc/network/if-post-up.d \ + "$pkgdir"/etc/network/if-pre-down.d \ + "$pkgdir"/etc/network/if-pre-up.d \ + "$pkgdir"/etc/network/if-up.d + + install -Dm644 "$srcdir"/acpid.logrotate \ + "$pkgdir/etc/logrotate.d/acpid" + + mkdir -p \ + "$pkgdir"/var/lib/udhcpd \ + "$pkgdir"/etc/udhcpc + + ln -s /media/etc/udhcpd.conf "$pkgdir"/etc + cat >"$pkgdir"/etc/securetty <"$pkgdir"/etc/udhcpc/udhcpc.conf <"$pkgdir"/etc/acpi/PWRF/00000080 < + +UDHCPC="/etc/udhcpc" +UDHCPC_CONF="$UDHCPC/udhcpc.conf" + +RESOLV_CONF="/etc/resolv.conf" +[ -f $UDHCPC_CONF ] && . $UDHCPC_CONF + +export broadcast +export dns +export domain +export interface +export ip +export mask +export metric +export staticroutes +export router +export subnet + +export PATH=/usr/bin:/bin:/usr/sbin:/sbin + +run_scripts() { + local dir=$1 + if [ -d $dir ]; then + for i in $dir/*; do + [ -f $i ] && $i + done + fi +} + +deconfig() { + ip -4 addr flush dev $interface +} + +is_wifi() { + test -e /sys/class/net/$interface/phy80211 +} + +if_index() { + if [ -e /sys/class/net/$interface/ifindex ]; then + cat /sys/class/net/$interface/ifindex + else + ip -4 link show dev $interface | head -n1 | cut -d: -f1 + fi +} + +calc_metric() { + local base= + if is_wifi; then + base=300 + else + base=200 + fi + echo $(( $base + $(if_index) )) +} + +route_add() { + local to=$1 gw=$2 num=$3 + # special case for /32 subnets: + # /32 instructs kernel to always use routing for all outgoing packets + # (they can never be sent to local subnet - there is no local subnet for /32). + # Used in datacenters, avoids the need for private ip-addresses between two hops. + if [ "$subnet" = "255.255.255.255" ]; then + ip -4 route add $gw dev $interface + fi + ip -4 route add $to via $gw dev $interface \ + metric $(( $num + ${IF_METRIC:-$(calc_metric)} )) +} + +routes() { + [ -z "$router" ] && [ -z "$staticroutes" ] && return + for i in $NO_GATEWAY; do + [ "$i" = "$interface" ] && return + done + while ip -4 route del default via dev $interface 2>/dev/null; do + : + done + local num=0 + # RFC3442: + # If the DHCP server returns both a Classless Static Routes option + # and a Router option, the DHCP client MUST ignore the Router option. + if [ -n "$staticroutes" ]; then + # static routes format: dest1/mask gw1 ... destn/mask gwn + set -- $staticroutes + while [ -n "$1" ] && [ -n "$2" ]; do + local dest="$1" gw="$2" + if [ "$gw" != "0.0.0.0" ]; then + route_add $dest $gw $num && num=$(( $num + 1)) + fi + shift 2 + done + else + local gw= + for gw in $router; do + route_add 0.0.0.0/0 $gw $num && num=$(( $num + 1 )) + done + fi +} + +resolvconf() { + local i + [ -n "$IF_PEER_DNS" ] && [ "$IF_PEER_DNS" != "yes" ] && return + if [ "$RESOLV_CONF" = "no" ] || [ "$RESOLV_CONF" = "NO" ] \ + || [ -z "$RESOLV_CONF" ] || [ -z "$dns" ]; then + return + fi + for i in $NO_DNS; do + [ "$i" = "$interface" ] && return + done + echo -n > "$RESOLV_CONF.$$" + if [ -n "$search" ]; then + echo "search $search" >> "$RESOLV_CONF.$$" + elif [ -n "$domain" ]; then + echo "search $domain" >> "$RESOLV_CONF.$$" + fi + for i in $dns; do + echo "nameserver $i" >> "$RESOLV_CONF.$$" + done + chmod a+r "$RESOLV_CONF.$$" + mv "$RESOLV_CONF.$$" "$RESOLV_CONF" +} + +bound() { + ip -4 addr add $ip/$mask ${broadcast:+broadcast $broadcast} dev $interface + ip -4 link set dev $interface up + routes + resolvconf +} + +renew() { + if ! ip -4 addr show dev $interface | grep $ip/$mask; then + ip -4 addr flush dev $interface + ip -4 addr add $ip/$mask ${broadcast:+broadcast $broadcast} dev $interface + fi + + local i + for i in $router; do + if ! ip -4 route show | grep ^default | grep $i; then + routes + break + fi + done + + if ! grep "^search $domain"; then + resolvconf + return + fi + for i in $dns; do + if ! grep "^nameserver $i"; then + resolvconf + return + fi + done +} + +case "$1" in + deconfig|renew|bound) + run_scripts $UDHCPC/pre-$1 + $1 + run_scripts $UDHCPC/post-$1 + ;; + leasefail) + echo "udhcpc failed to get a DHCP lease" >&2 + ;; + nak) + echo "udhcpc received DHCP NAK" >&2 + ;; + *) + echo "Error: this script should be called from udhcpc" >&2 + exit 1 + ;; +esac +exit 0 + diff --git a/aports/busybox/mdev.conf b/aports/busybox/mdev.conf new file mode 100644 index 0000000..903786f --- /dev/null +++ b/aports/busybox/mdev.conf @@ -0,0 +1,134 @@ +# +# This is a sample mdev.conf. +# + +# Devices: +# Syntax: %s %d:%d %s +# devices user:group mode + +$MODALIAS=.* root:root 0660 @modprobe -q -b "$MODALIAS" + +# null does already exist; therefore ownership has to be changed with command +null root:root 0666 @chmod 666 $MDEV +zero root:root 0666 +grsec root:root 0660 +full root:root 0666 + +random root:root 0666 +urandom root:root 0444 +hwrandom root:root 0660 + +console root:tty 0600 + +# load frambuffer console when first frambuffer is found +fb0 root:video 0660 @modprobe -q -b fbcon +vchiq root:video 0660 + +fd0 root:floppy 0660 +kmem root:root 0640 +mem root:root 0640 +port root:root 0640 +ptmx root:tty 0666 + +# Kernel-based Virtual Machine. +kvm root:kvm 660 + +# ram.* +ram([0-9]*) root:disk 0660 >rd/%1 +loop([0-9]+) root:disk 0660 >loop/%1 + +# persistent storage +dasd.* root:disk 0660 */lib/mdev/persistent-storage +mmcblk.* root:disk 0660 */lib/mdev/persistent-storage +nbd.* root:disk 0660 */lib/mdev/persistent-storage +nvme.* root:disk 0660 */lib/mdev/persistent-storage +sd[a-z].* root:disk 0660 */lib/mdev/persistent-storage +sr[0-9]+ root:cdrom 0660 */lib/mdev/persistent-storage +vd[a-z].* root:disk 0660 */lib/mdev/persistent-storage +xvd[a-z].* root:disk 0660 */lib/mdev/persistent-storage + +md[0-9] root:disk 0660 + +tty root:tty 0666 +tty[0-9] root:root 0600 +tty[0-9][0-9] root:tty 0660 +ttyS[0-9]* root:uucp 0660 +pty.* root:tty 0660 +vcs[0-9]* root:tty 0660 +vcsa[0-9]* root:tty 0660 + +# rpi bluetooth +#ttyAMA0 root:tty 660 @btattach -B /dev/$MDEV -P bcm -S 115200 -N & + +ttyACM[0-9] root:dialout 0660 @ln -sf $MDEV modem +ttyUSB[0-9] root:dialout 0660 @ln -sf $MDEV modem +ttyLTM[0-9] root:dialout 0660 @ln -sf $MDEV modem +ttySHSF[0-9] root:dialout 0660 @ln -sf $MDEV modem +slamr root:dialout 0660 @ln -sf $MDEV slamr0 +slusb root:dialout 0660 @ln -sf $MDEV slusb0 +fuse root:root 0666 + +# dri device +dri/.* root:video 0660 +card[0-9] root:video 0660 =dri/ + +# alsa sound devices and audio stuff +pcm.* root:audio 0660 =snd/ +control.* root:audio 0660 =snd/ +midi.* root:audio 0660 =snd/ +seq root:audio 0660 =snd/ +timer root:audio 0660 =snd/ + +adsp root:audio 0660 >sound/ +audio root:audio 0660 >sound/ +dsp root:audio 0660 >sound/ +mixer root:audio 0660 >sound/ +sequencer.* root:audio 0660 >sound/ + +SUBSYSTEM=sound;.* root:audio 0660 + +# virtio-ports +SUBSYSTEM=virtio-ports;vport.* root:root 0600 @mkdir -p virtio-ports; ln -sf ../$MDEV virtio-ports/$(cat /sys/class/virtio-ports/$MDEV/name) + +# misc stuff +agpgart root:root 0660 >misc/ +psaux root:root 0660 >misc/ +rtc root:root 0664 >misc/ + +# input stuff +event[0-9]+ root:input 0640 =input/ +mice root:input 0640 =input/ +mouse[0-9] root:input 0640 =input/ +js[0-9] root:input 0640 =input/ +ts[0-9] root:input 0600 =input/ + +# v4l stuff +vbi[0-9] root:video 0660 >v4l/ +video[0-9]+ root:video 0660 >v4l/ + +# dvb stuff +dvb.* root:video 0660 */lib/mdev/dvbdev + +# load drivers for usb devices +usb[0-9]+ root:root 0660 */lib/mdev/usbdev + +# net devices +# 666 is fine: https://www.kernel.org/doc/Documentation/networking/tuntap.txt +net/tun[0-9]* root:netdev 0666 +net/tap[0-9]* root:netdev 0666 + +# zaptel devices +zap(.*) root:dialout 0660 =zap/%1 +dahdi!(.*) root:dialout 0660 =dahdi/%1 +dahdi/(.*) root:dialout 0660 =dahdi/%1 + +# raid controllers +cciss!(.*) root:disk 0660 =cciss/%1 +cciss/(.*) root:disk 0660 =cciss/%1 +ida!(.*) root:disk 0660 =ida/%1 +ida/(.*) root:disk 0660 =ida/%1 +rd!(.*) root:disk 0660 =rd/%1 +rd/(.*) root:disk 0660 =rd/%1 + +# fallback for any!device -> any/device +(.*)!(.*) root:root 0660 =%1/%2 diff --git a/aports/busybox/mdev.initd b/aports/busybox/mdev.initd new file mode 100644 index 0000000..9dbb994 --- /dev/null +++ b/aports/busybox/mdev.initd @@ -0,0 +1,39 @@ +#!/sbin/openrc-run + +depend() { + provide dev + need sysfs dev-mount + before checkfs fsck + keyword -vserver -lxc +} + +start() { + # check if udev is specified on cmd line + if get_bootparam "udev"; then + ewarn "Skipping mdev as udev requested in kernel cmdline" + return 0 + fi + + ebegin "Starting busybox mdev" + mkdir -p /dev + + # use mdev for hotplug + echo "/sbin/mdev" > /proc/sys/kernel/hotplug + + # mdev -s will not create /dev/usb[1-9] devices with recent kernels + # so we trigger hotplug events for usb for now + for i in $(find /sys/devices -name 'usb[0-9]*'); do + [ -e $i/uevent ] && echo add > $i/uevent + done + + # create devices + mdev -s + eend $? +} + +stop() { + ebegin "Stopping busybox mdev" + echo "" > /proc/sys/kernel/hotplug + eend +} + diff --git a/aports/busybox/persistent-storage b/aports/busybox/persistent-storage new file mode 100644 index 0000000..ea68948 --- /dev/null +++ b/aports/busybox/persistent-storage @@ -0,0 +1,68 @@ +#!/bin/sh + +symlink_action() { + case "$ACTION" in + add) ln -sf "$1" "$2";; + remove) rm -f "$2";; + esac +} + +# cdrom symlink +case "$MDEV" in + sr*|xvd*) + caps="$(cat /sys/block/$MDEV/capability 2>/dev/null)" + if [ $(( 0x${caps:-0} & 8 )) -gt 0 ]; then + symlink_action $MDEV cdrom + fi +esac + +# by-id symlinks +mkdir -p disk/by-id + +partition=$(cat /sys/class/block/$MDEV/partition 2>/dev/null) +case "$partition" in + [0-9]*) partsuffix="-part$partition";; +esac + +wwid=$(cat /sys/class/block/$MDEV/wwid 2>/dev/null) +: ${wwid:=$(cat /sys/class/block/$MDEV/device/wwid 2>/dev/null)} + +if [ -n "$wwid" ]; then + case "$MDEV" in + nvme*) symlink_action ../../$MDEV disk/by-id/nvme-${wwid}${partsuffix};; + esac + case "$wwid" in + naa.*) symlink_action ../../$MDEV disk/by-id/wwn-0x${wwid#naa.};; + esac +fi + +serial=$(sed -E -e 's/^\s+//' -e 's/\s+$//' -e 's/ /_/g' \ + /sys/class/block/$MDEV/device/serial 2>/dev/null) + +model=$(sed -E -e 's/^\s+//' -e 's/\s+$//' -e 's/ /_/g' \ + /sys/class/block/$MDEV/device/model 2>/dev/null) + +if [ -n "$serial" ] && [ -n "$model" ]; then + case "$MDEV" in + nvme*) symlink_action ../../$MDEV disk/by-id/nvme-${model}_${serial}${partsuffix};; + esac +fi + +# virtio-blk +if [ -n "$serial" ]; then + case "$MDEV" in + vd*) symlink_action ../../$MDEV disk/by-id/virtio-${serial}${partsuffix};; + esac +fi + +# by-uuid, by-partuuid +eval $(blkid /dev/$MDEV | cut -d: -f2-) +if [ -n "$UUID" ]; then + mkdir -p disk/by-uuid + symlink_action ../../$MDEV disk/by-uuid/$UUID +fi +if [ -n "$PARTUUID" ]; then + mkdir -p disk/by-partuuid + symlink_action ../../$MDEV disk/by-partuuid/$PARTUUID +fi + diff --git a/aports/busybox/syslog.confd b/aports/busybox/syslog.confd new file mode 100644 index 0000000..2f00667 --- /dev/null +++ b/aports/busybox/syslog.confd @@ -0,0 +1 @@ +SYSLOGD_OPTS="-t" diff --git a/aports/busybox/syslog.initd b/aports/busybox/syslog.initd new file mode 100644 index 0000000..629d868 --- /dev/null +++ b/aports/busybox/syslog.initd @@ -0,0 +1,14 @@ +#!/sbin/openrc-run + +description="Message logging system" + +name="busybox syslog" +command="/sbin/syslogd" +command_args="${SYSLOGD_OPTS}" +pidfile="/var/run/syslogd.pid" +start_stop_daemon_args="-g wheel -k 027" + +depend() { + need clock hostname localmount + provide logger +} diff --git a/aports/busybox/udhcpd.initd b/aports/busybox/udhcpd.initd new file mode 100644 index 0000000..02c7620 --- /dev/null +++ b/aports/busybox/udhcpd.initd @@ -0,0 +1,11 @@ +#!/sbin/openrc-run + +name="busybox $SVCNAME" +command="/usr/sbin/$SVCNAME" +command_args="$UDHCPD_OPTS " +pidfile="/var/run/$SVCNAME.pid" + +depend() { + need net + after firewall +} diff --git a/aports/ifupdown-ng/APKBUILD b/aports/ifupdown-ng/APKBUILD new file mode 100644 index 0000000..dfbbbe0 --- /dev/null +++ b/aports/ifupdown-ng/APKBUILD @@ -0,0 +1,42 @@ +# Maintainer: Gabor Pali + +pkgname=ifupdown-ng +pkgver=0.11.3 +pkgrel=0 +pkgdesc="tools for managing network configuration" +url="https://github.com/ifupdown-ng/ifupdown-ng" +arch="all" +license="ISC" +checkdepends= +makedepends= +install="" +subpackages= +source="https://distfiles.dereferenced.org/ifupdown-ng/ifupdown-ng-$pkgver.tar.xz + no-examples.patch + interfaces +" +builddir="$srcdir/ifupdown-ng-$pkgver" +provides="ifupdown-any" +provider_priority=900 + +# We conflict with the vlan package because we provide our own +# vlan support with the link executor. +depends="!vlan" + +build() { + make CONFIG_YAML=n +} + +package() { + make DESTDIR="$pkgdir" EXECUTOR_SCRIPTS_OPT= EXECUTOR_SCRIPTS_STUB= install + install -D -m755 "$builddir"/dist/openrc/networking.initd "$pkgdir"/etc/init.d/networking + install -D -m644 "$builddir"/dist/openrc/networking.confd "$pkgdir"/etc/conf.d/networking + install -D -m644 "$srcdir"/interfaces "$pkgdir"/etc/network/interfaces + ln -s /media/etc/interfaces.conf "$pkgdir"/etc/network/interfaces.conf +} + +sha512sums=" +7339d8d14bc881968093fa4a92c84850d99b5469847858be5423b98c5ed25776198fe1065686c22b6823cf7ace17845e96d7932782c111207264f8e3a52cbbb7 ifupdown-ng-0.11.3.tar.xz +e261fd3f185372bf8f2075216b9dd3e2d8090e978654ee742122ee7869017d309eac54b1415e79878015f312a39fa8fdd4b0d8c2bed8515e5a94c15da1b7b844 no-examples.patch +372debdf3cdbcff247f8d757a4325ae49157bab1bc6f2fc9c621d1f21864321231856a719c00f5d2b77e0715ad44c5928cb856d97b52b659584d76f08326e28c interfaces +" diff --git a/aports/ifupdown-ng/interfaces b/aports/ifupdown-ng/interfaces new file mode 100644 index 0000000..f1c5139 --- /dev/null +++ b/aports/ifupdown-ng/interfaces @@ -0,0 +1,9 @@ +auto lo +iface lo inet loopback + +auto eth0 + +source /etc/network/interfaces.conf + +auto wlan0 +iface wlan0 dhcp diff --git a/aports/ifupdown-ng/no-examples.patch b/aports/ifupdown-ng/no-examples.patch new file mode 100644 index 0000000..a81dfe7 --- /dev/null +++ b/aports/ifupdown-ng/no-examples.patch @@ -0,0 +1,10 @@ +--- ifupdown-ng-0.11.3/Makefile.orig ++++ ifupdown-ng-0.11.3/Makefile +@@ -153,7 +153,6 @@ + for i in ${EXECUTOR_SCRIPTS_STUB}; do \ + install -D -m755 executor-scripts/stub/$$i ${DESTDIR}${EXECUTOR_PATH}/$$i; \ + done +- install -D -m644 dist/ifupdown-ng.conf.example ${DESTDIR}${CONFIG_FILE}.example + + .scd.1 .scd.2 .scd.3 .scd.4 .scd.5 .scd.6 .scd.7 .scd.8: + ${SCDOC} < $< > $@ diff --git a/aports/iptables/APKBUILD b/aports/iptables/APKBUILD new file mode 100644 index 0000000..b5428a5 --- /dev/null +++ b/aports/iptables/APKBUILD @@ -0,0 +1,68 @@ +# Maintainer: Gabor Pali + +pkgname=iptables +pkgver=1.8.7 +pkgrel=1 +pkgdesc="Linux kernel firewall, NAT and packet mangling tools" +url="https://www.netfilter.org/projects/iptables/index.html" +arch="all" +license="GPL-2.0-or-later" +makedepends="libnftnl-dev bison flex autoconf automake" +source="https://www.netfilter.org/projects/iptables/files/iptables-$pkgver.tar.bz2 + iptables.initd + iptables.confd + iptables.rules-save + ip6tables.confd + " + +build() { + export CFLAGS="$CFLAGS -D_GNU_SOURCE" + ./configure \ + --build="$CBUILD" \ + --host="$CHOST" \ + --prefix=/usr \ + --sbindir=/sbin \ + --sysconfdir=/etc \ + --mandir=/tmp \ + --without-kernel \ + --without-pkgconfig \ + --enable-libipq \ + --enable-shared + + # do not use rpath + sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool + sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool + + make +} + +package() { + make -j1 install DESTDIR="$pkgdir" + + rm -rf "$pkgdir"/tmp \ + "$pkgdir"/usr/bin \ + "$pkgdir"/usr/include \ + "$pkgdir"/sbin/ebtables* \ + "$pkgdir"/sbin/arptables* \ + "$pkgdir"/usr/lib/pkgconfig + + mkdir -p "$pkgdir"/usr/lib \ + "$pkgdir"/var/lib/iptables \ + "$pkgdir"/etc/iptables + + install -D -m755 "$srcdir"/iptables.initd "$pkgdir"/etc/init.d/iptables + install -D -m644 "$srcdir"/iptables.confd "$pkgdir"/etc/conf.d/iptables + + install -D -m644 "$srcdir"/iptables.rules-save "$pkgdir"/etc/iptables/rules-save + + install -D -m755 "$srcdir"/iptables.initd "$pkgdir"/etc/init.d/ip6tables + install -D -m644 "$srcdir"/ip6tables.confd "$pkgdir"/etc/conf.d/ip6tables +} + +sha512sums=" +c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75 iptables-1.8.7.tar.bz2 +a37c17a5382c756fcfb183af73af2283f0d09932c5a767241cbab5d784738f6f587f287a0cdf13b4fa74724ecd3a2063a9689ccee84c1bda02e730f63480f74d iptables.initd +258ad0341381f251ef9b278c09d8a794c6e4bfc067950d5770539d3beabf8702a5be9a8a3418c849b9707f4b33a55eabef5594ccc290c9b9c7dc5fcad1ed80a5 iptables.confd +382e1ce634aca598891b8f7cf8d1a91bb485a845cc65a92f85ff29f953b629c2f001c3d38bd18928ae89d53b4877eb993236a538e82a94e0089483e50fbda66f iptables.rules-save +0897a7a22f8b700f7f1f5c355ad6cbf39740e44d6c962af99e479978d8a2d556ca7fe4e31f238829046b4a871ce0b5fd52e2544f1361d15dd1ea3e33992646c4 ip6tables.confd +" diff --git a/aports/iptables/ip6tables.confd b/aports/iptables/ip6tables.confd new file mode 100644 index 0000000..1fa63f3 --- /dev/null +++ b/aports/iptables/ip6tables.confd @@ -0,0 +1,14 @@ +# /etc/conf.d/ip6tables + +# Location in which ip6tables initscript will save set rules on +# service shutdown +IP6TABLES_SAVE="/etc/iptables/rules6-save" + +# Options to pass to ip6tables-save and ip6tables-restore +SAVE_RESTORE_OPTIONS="-c" + +# Save state on stopping iptables +SAVE_ON_STOP="yes" + +# Enable/disable IPv6 forwarding with the rules +IPFORWARD="no" diff --git a/aports/iptables/iptables.confd b/aports/iptables/iptables.confd new file mode 100644 index 0000000..6e356ef --- /dev/null +++ b/aports/iptables/iptables.confd @@ -0,0 +1,4 @@ +IPTABLES_SAVE="/etc/iptables/rules-save" +SAVE_RESTORE_OPTIONS="-c" +SAVE_ON_STOP="no" +IPFORWARD="yes" diff --git a/aports/iptables/iptables.initd b/aports/iptables/iptables.initd new file mode 100644 index 0000000..0f906ee --- /dev/null +++ b/aports/iptables/iptables.initd @@ -0,0 +1,135 @@ +#!/sbin/openrc-run +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.4.11.init,v 1.2 2011/12/04 10:15:59 swegener Exp $ + +description="IPv4/IPv6 packet filtering and NAT" +description_save="Save firewall state" +description_panic="Drop all packets" +description_reload="Reload configuration" + +extra_commands="save panic" +extra_started_commands="reload" + +iptables_name=${SVCNAME} +if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then + iptables_name="iptables" +fi + +iptables_bin="/sbin/${iptables_name}" +case ${iptables_name} in + iptables) iptables_proc="/proc/net/ip_tables_names" + iptables_save=${IPTABLES_SAVE} + sysctl_ipfwd=net.ipv4.ip_forward;; + ip6tables) iptables_proc="/proc/net/ip6_tables_names" + iptables_save=${IP6TABLES_SAVE} + sysctl_ipfwd=net.ipv6.conf.all.forwarding;; +esac + +depend() { + before net + after sysctl + use logger + provide firewall +} + +set_table_policy() { + local chains table=$1 policy=$2 + case ${table} in + nat) chains="PREROUTING POSTROUTING OUTPUT";; + mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; + filter) chains="INPUT FORWARD OUTPUT";; + *) chains="";; + esac + local chain + for chain in ${chains} ; do + ${iptables_bin} -w 5 -t ${table} -P ${chain} ${policy} + done +} + +checkkernel() { + if [ ! -e ${iptables_proc} ] ; then + eerror "Your kernel lacks ${iptables_name} support, please load" + eerror "appropriate modules and try again." + return 1 + fi + return 0 +} +checkconfig() { + if [ ! -f ${iptables_save} ] ; then + eerror "Not starting ${iptables_name}. First create some rules then run:" + eerror "/etc/init.d/${iptables_name} save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ${iptables_name} state and starting firewall" + ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" + eend $? + if yesno "${IPFORWARD}"; then + ebegin "Enabling forwarding" + /sbin/sysctl -w ${sysctl_ipfwd}=1 > /dev/null + eend $? + fi +} + +stop() { + if yesno "${IPFORWARD}"; then + ebegin "Disabling forwarding" + /sbin/sysctl -w ${sysctl_ipfwd}=0 > /dev/null + eend $? + fi + if yesno "${SAVE_ON_STOP}"; then + save || return 1 + fi + checkkernel || return 1 + ebegin "Stopping firewall" + local a + for a in $(cat ${iptables_proc}) ; do + set_table_policy $a ACCEPT + + ${iptables_bin} -w 5 -F -t $a + ${iptables_bin} -w 5 -X -t $a + done + eend $? +} + +reload() { + checkkernel || return 1 + ebegin "Flushing firewall" + local a + for a in $(cat ${iptables_proc}) ; do + ${iptables_bin} -w 5 -F -t $a + ${iptables_bin} -w 5 -X -t $a + done + eend $? + + start +} + +save() { + ebegin "Saving ${iptables_name} state" + checkpath -fm 0600 "${iptables_save}" + ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" + eend $? +} + +panic() { + checkkernel || return 1 + if service_started ${iptables_name}; then + rc-service ${iptables_name} stop + fi + + local a + ebegin "Dropping all packets" + for a in $(cat ${iptables_proc}) ; do + ${iptables_bin} -w 5 -F -t $a + ${iptables_bin} -w 5 -X -t $a + + set_table_policy $a DROP + done + eend $? +} diff --git a/aports/iptables/iptables.rules-save b/aports/iptables/iptables.rules-save new file mode 100644 index 0000000..326a7a8 --- /dev/null +++ b/aports/iptables/iptables.rules-save @@ -0,0 +1,14 @@ +*filter +:INPUT ACCEPT [24:1728] +:FORWARD ACCEPT [480:181212] +:OUTPUT ACCEPT [27:2041] +[377:71090] -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT +[51:4670] -A FORWARD -i eth0 -o wlan0 -j ACCEPT +COMMIT +*nat +:PREROUTING ACCEPT [64:6167] +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [3:174] +:POSTROUTING ACCEPT [3:174] +[51:4670] -A POSTROUTING -o wlan0 -j MASQUERADE +COMMIT diff --git a/aports/linux-lts/APKBUILD b/aports/linux-lts/APKBUILD new file mode 100644 index 0000000..5e2b769 --- /dev/null +++ b/aports/linux-lts/APKBUILD @@ -0,0 +1,115 @@ +# Maintainer: Gabor Pali + +pkgname=linux-lts +pkgver=5.15.33 +case $pkgver in + *.*.*) _kernver=${pkgver%.*};; + *.*) _kernver=$pkgver;; +esac +pkgrel=0 +pkgdesc="Linux LTS kernel" +url="https://www.kernel.org" +depends= +makedepends="perl flex bison elfutils-dev sed installkernel bc linux-headers linux-firmware-any openssl1.1-compat-dev diffutils findutils zstd" +options="!strip" +install= +source="https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver.tar.xz + config-lts.x86_64 + " +subpackages= + +if [ "${pkgver%.0}" = "$pkgver" ]; then + source="$source + https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/patch-$pkgver.xz" +fi + +arch="x86_64" +license="GPL-2.0" + +prepare() { + local _patch_failed= + cd "$srcdir"/linux-$_kernver + if [ "$_kernver" != "$pkgver" ]; then + msg "Applying patch-$pkgver.xz" + unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N + fi + + # first apply patches in specified order + for i in $source; do + case $i in + *.patch) + msg "Applying $i..." + if ! patch -s -p1 -N -i "$srcdir"/$i; then + echo $i >>failed + _patch_failed=1 + fi + ;; + esac + done + + if ! [ -z "$_patch_failed" ]; then + error "The following patches failed:" + cat failed + return 1 + fi + + # remove localversion from patch if any + rm -f localversion* + oldconfig +} + +oldconfig() { + local _config=config-lts.x86_64 + local _builddir="$srcdir"/build-lts.x86_64 + mkdir -p "$_builddir" + echo "-$pkgrel-lts" > "$_builddir"/localversion-alpine \ + || return 1 + + cp "$srcdir"/$_config "$_builddir"/.config + make -C "$srcdir"/linux-$_kernver \ + O="$_builddir" \ + ARCH="x86_64" \ + listnewconfig oldconfig +} + +build() { + unset LDFLAGS + export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})" + cd "$srcdir"/build-lts.x86_64 + make ARCH="x86_64" CC="${CC:-gcc}" \ + KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" +} + +package() { + local _outdir="$pkgdir" + local _abi_release=${pkgver}-${pkgrel}-lts + export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})" + + cd "$srcdir"/build-lts.x86_64 + # modules_install seems to regenerate a defect Modules.symvers on s390x. Work + # around it by backing it up and restore it after modules_install + cp Module.symvers Module.symvers.backup + + mkdir -p "$_outdir"/boot "$_outdir"/lib/modules + + make -j1 modules_install install \ + ARCH="x86_64" \ + INSTALL_MOD_PATH="$_outdir" \ + INSTALL_PATH="$_outdir"/boot \ + INSTALL_DTBS_PATH="$_outdir/boot/dtbs-lts" + + cp Module.symvers.backup Module.symvers + + rm -f "$_outdir"/lib/modules/${_abi_release}/build \ + "$_outdir"/lib/modules/${_abi_release}/source + rm -rf "$_outdir"/lib/firmware + + install -D -m644 include/config/kernel.release \ + "$_outdir"/usr/share/kernel/lts/kernel.release +} + +sha512sums=" +d25ad40b5bcd6a4c6042fd0fd84e196e7a58024734c3e9a484fd0d5d54a0c1d87db8a3c784eff55e43b6f021709dc685eb0efa18d2aec327e4f88a79f405705a linux-5.15.tar.xz +a91a622f12e1b5d59a6ed12be98a18da2055a21420536c84790028ee5c5d92417beaf259048f0796635bc6bda75092b56065b3f728aafde9cd72a14283f7e0a6 config-lts.x86_64 +399e287c5715702774f0a9b7e817c0bcd8135de4152ae784ac73d53a7777de6c577d414d92ff6b56b91766b7af7af630cdc421b105262ea5f3c2fda9436a8c17 patch-5.15.33.xz +" diff --git a/aports/linux-lts/config-lts.x86_64 b/aports/linux-lts/config-lts.x86_64 new file mode 100644 index 0000000..368107a --- /dev/null +++ b/aports/linux-lts/config-lts.x86_64 @@ -0,0 +1,3022 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86_64 5.15.30 Kernel Configuration +# +CONFIG_CC_VERSION_TEXT="gcc (Alpine 10.3.1_git20211027) 10.3.1 20211027" +CONFIG_CC_IS_GCC=y +CONFIG_GCC_VERSION=100301 +CONFIG_CLANG_VERSION=0 +CONFIG_AS_IS_GNU=y +CONFIG_AS_VERSION=23700 +CONFIG_LD_IS_BFD=y +CONFIG_LD_VERSION=23700 +CONFIG_LLD_VERSION=0 +CONFIG_CC_CAN_LINK=y +CONFIG_CC_CAN_LINK_STATIC=y +CONFIG_CC_HAS_ASM_GOTO=y +CONFIG_CC_HAS_ASM_INLINE=y +CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_TABLE_SORT=y +CONFIG_THREAD_INFO_IN_TASK=y + +# +# General setup +# +CONFIG_BROKEN_ON_SMP=y +CONFIG_INIT_ENV_ARG_LIMIT=32 +# CONFIG_COMPILE_TEST is not set +# CONFIG_WERROR is not set +CONFIG_LOCALVERSION="" +# CONFIG_LOCALVERSION_AUTO is not set +CONFIG_BUILD_SALT="" +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_HAVE_KERNEL_ZSTD=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +# CONFIG_KERNEL_ZSTD is not set +CONFIG_DEFAULT_INIT="" +CONFIG_DEFAULT_HOSTNAME="(none)" +# CONFIG_SWAP is not set +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +# CONFIG_WATCH_QUEUE is not set +CONFIG_CROSS_MEMORY_ATTACH=y +# CONFIG_USELIB is not set +# CONFIG_AUDIT is not set +CONFIG_HAVE_ARCH_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_HARDIRQS_SW_RESEND=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y +CONFIG_GENERIC_IRQ_RESERVATION_MODE=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +# CONFIG_GENERIC_IRQ_DEBUGFS is not set +# end of IRQ subsystem + +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_INIT=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y +CONFIG_HAVE_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y +# end of Timers subsystem + +CONFIG_BPF=y +CONFIG_HAVE_EBPF_JIT=y +CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y + +# +# BPF subsystem +# +# CONFIG_BPF_SYSCALL is not set +# CONFIG_BPF_JIT is not set +# end of BPF subsystem + +# CONFIG_PREEMPT_NONE is not set +CONFIG_PREEMPT_VOLUNTARY=y +# CONFIG_PREEMPT is not set + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +CONFIG_BSD_PROCESS_ACCT=y +# CONFIG_BSD_PROCESS_ACCT_V3 is not set +CONFIG_TASKSTATS=y +CONFIG_TASK_DELAY_ACCT=y +CONFIG_TASK_XACCT=y +CONFIG_TASK_IO_ACCOUNTING=y +# CONFIG_PSI is not set +# end of CPU/Task time and stats accounting + +# +# RCU Subsystem +# +CONFIG_TINY_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +CONFIG_TINY_SRCU=y +# end of RCU Subsystem + +# CONFIG_IKCONFIG is not set +# CONFIG_IKHEADERS is not set +CONFIG_LOG_BUF_SHIFT=18 +CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 +# CONFIG_PRINTK_INDEX is not set +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y + +# +# Scheduler features +# +# end of Scheduler features + +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y +CONFIG_CC_HAS_INT128=y +CONFIG_ARCH_SUPPORTS_INT128=y +# CONFIG_CGROUPS is not set +CONFIG_NAMESPACES=y +# CONFIG_UTS_NS is not set +# CONFIG_TIME_NS is not set +# CONFIG_IPC_NS is not set +# CONFIG_USER_NS is not set +# CONFIG_PID_NS is not set +# CONFIG_NET_NS is not set +# CONFIG_CHECKPOINT_RESTORE is not set +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_SYSFS_DEPRECATED is not set +CONFIG_RELAY=y +# CONFIG_BLK_DEV_INITRD is not set +# CONFIG_BOOT_CONFIG is not set +CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y +# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set +CONFIG_LD_ORPHAN_WARN=y +CONFIG_SYSCTL=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +# CONFIG_EXPERT is not set +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +CONFIG_FHANDLE=y +CONFIG_POSIX_TIMERS=y +CONFIG_PRINTK=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +CONFIG_PCSPKR_PLATFORM=y +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_FUTEX_PI=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_IO_URING=y +CONFIG_ADVISE_SYSCALLS=y +CONFIG_MEMBARRIER=y +CONFIG_KALLSYMS=y +CONFIG_KALLSYMS_BASE_RELATIVE=y +# CONFIG_USERFAULTFD is not set +CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y +CONFIG_RSEQ=y +# CONFIG_EMBEDDED is not set +CONFIG_HAVE_PERF_EVENTS=y + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# end of Kernel Performance Events And Counters + +CONFIG_VM_EVENT_COUNTERS=y +CONFIG_SLUB_DEBUG=y +# CONFIG_COMPAT_BRK is not set +# CONFIG_SLAB is not set +CONFIG_SLUB=y +CONFIG_SLAB_MERGE_DEFAULT=y +# CONFIG_SLAB_FREELIST_RANDOM is not set +# CONFIG_SLAB_FREELIST_HARDENED is not set +# CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set +CONFIG_SYSTEM_DATA_VERIFICATION=y +# CONFIG_PROFILING is not set +# end of General setup + +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HAS_FILTER_PGPROT=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_NR_GPIO=1024 +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_AUDIT_ARCH=y +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_PGTABLE_LEVELS=5 +CONFIG_CC_HAS_SANE_STACKPROTECTOR=y + +# +# Processor type and features +# +# CONFIG_SMP is not set +CONFIG_X86_FEATURE_NAMES=y +# CONFIG_X86_MPPARSE is not set +# CONFIG_GOLDFISH is not set +CONFIG_RETPOLINE=y +# CONFIG_X86_CPU_RESCTRL is not set +# CONFIG_X86_EXTENDED_PLATFORM is not set +# CONFIG_X86_INTEL_LPSS is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +# CONFIG_IOSF_MBI is not set +CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +# CONFIG_HYPERVISOR_GUEST is not set +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +# CONFIG_MCORE2 is not set +# CONFIG_MATOM is not set +CONFIG_GENERIC_CPU=y +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_IA32_FEAT_CTL=y +CONFIG_X86_VMX_FEATURE_NAMES=y +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_CPU_SUP_HYGON=y +CONFIG_CPU_SUP_CENTAUR=y +CONFIG_CPU_SUP_ZHAOXIN=y +CONFIG_HPET_TIMER=y +CONFIG_HPET_EMULATE_RTC=y +CONFIG_DMI=y +# CONFIG_GART_IOMMU is not set +CONFIG_NR_CPUS_RANGE_BEGIN=1 +CONFIG_NR_CPUS_RANGE_END=1 +CONFIG_NR_CPUS_DEFAULT=1 +CONFIG_NR_CPUS=1 +CONFIG_UP_LATE_INIT=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y +CONFIG_X86_MCE=y +# CONFIG_X86_MCELOG_LEGACY is not set +CONFIG_X86_MCE_INTEL=y +CONFIG_X86_MCE_AMD=y +CONFIG_X86_MCE_THRESHOLD=y +# CONFIG_X86_MCE_INJECT is not set + +# +# Performance monitoring +# +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_PERF_EVENTS_INTEL_RAPL=y +CONFIG_PERF_EVENTS_INTEL_CSTATE=y +# CONFIG_PERF_EVENTS_AMD_POWER is not set +CONFIG_PERF_EVENTS_AMD_UNCORE=y +# end of Performance monitoring + +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX64=y +CONFIG_X86_VSYSCALL_EMULATION=y +CONFIG_X86_IOPL_IOPERM=y +# CONFIG_I8K is not set +# CONFIG_MICROCODE is not set +# CONFIG_X86_MSR is not set +# CONFIG_X86_CPUID is not set +CONFIG_X86_5LEVEL=y +CONFIG_X86_DIRECT_GBPAGES=y +# CONFIG_X86_CPA_STATISTICS is not set +# CONFIG_AMD_MEM_ENCRYPT is not set +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ARCH_SELECT_MEMORY_MODEL=y +CONFIG_ARCH_PROC_KCORE_TEXT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +# CONFIG_X86_PMEM_LEGACY is not set +CONFIG_X86_CHECK_BIOS_CORRUPTION=y +CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y +CONFIG_MTRR=y +# CONFIG_MTRR_SANITIZER is not set +CONFIG_X86_PAT=y +CONFIG_ARCH_USES_PG_UNCACHED=y +CONFIG_ARCH_RANDOM=y +CONFIG_X86_SMAP=y +CONFIG_X86_UMIP=y +CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +CONFIG_X86_INTEL_TSX_MODE_OFF=y +# CONFIG_X86_INTEL_TSX_MODE_ON is not set +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set +# CONFIG_X86_SGX is not set +# CONFIG_EFI is not set +# CONFIG_HZ_100 is not set +# CONFIG_HZ_250 is not set +# CONFIG_HZ_300 is not set +CONFIG_HZ_1000=y +CONFIG_HZ=1000 +CONFIG_SCHED_HRTICK=y +# CONFIG_KEXEC is not set +# CONFIG_KEXEC_FILE is not set +CONFIG_CRASH_DUMP=y +CONFIG_PHYSICAL_START=0x1000000 +CONFIG_RELOCATABLE=y +CONFIG_RANDOMIZE_BASE=y +CONFIG_X86_NEED_RELOCS=y +CONFIG_PHYSICAL_ALIGN=0x200000 +CONFIG_DYNAMIC_MEMORY_LAYOUT=y +CONFIG_RANDOMIZE_MEMORY=y +CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0x0 +# CONFIG_LEGACY_VSYSCALL_EMULATE is not set +CONFIG_LEGACY_VSYSCALL_XONLY=y +# CONFIG_LEGACY_VSYSCALL_NONE is not set +# CONFIG_CMDLINE_BOOL is not set +CONFIG_MODIFY_LDT_SYSCALL=y +CONFIG_HAVE_LIVEPATCH=y +# end of Processor type and features + +CONFIG_ARCH_HAS_ADD_PAGES=y +CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y + +# +# Power management and ACPI options +# +# CONFIG_SUSPEND is not set +# CONFIG_PM is not set +CONFIG_ARCH_SUPPORTS_ACPI=y +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_SPCR_TABLE=y +# CONFIG_ACPI_FPDT is not set +CONFIG_ACPI_LPIT=y +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +CONFIG_ACPI_AC=y +CONFIG_ACPI_BATTERY=y +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_FAN=y +CONFIG_ACPI_DOCK=y +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_CSTATE=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_PROCESSOR=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +CONFIG_ACPI_THERMAL=y +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_PCI_SLOT is not set +# CONFIG_ACPI_CONTAINER is not set +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_CUSTOM_METHOD is not set +# CONFIG_ACPI_NFIT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_ACPI_DPTF is not set +# CONFIG_ACPI_CONFIGFS is not set +# CONFIG_PMIC_OPREGION is not set +CONFIG_X86_PM_TIMER=y + +# +# CPU Frequency scaling +# +# CONFIG_CPU_FREQ is not set +# end of CPU Frequency scaling + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +# CONFIG_CPU_IDLE_GOV_LADDER is not set +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_CPU_IDLE_GOV_TEO is not set +# end of CPU Idle + +# CONFIG_INTEL_IDLE is not set +# end of Power management and ACPI options + +# +# Bus options (PCI etc.) +# +CONFIG_PCI_DIRECT=y +# CONFIG_PCI_MMCONFIG is not set +CONFIG_ISA_DMA_API=y +CONFIG_AMD_NB=y +# end of Bus options (PCI etc.) + +# +# Binary Emulations +# +# CONFIG_IA32_EMULATION is not set +# CONFIG_X86_X32 is not set +# end of Binary Emulations + +CONFIG_HAVE_KVM=y +# CONFIG_VIRTUALIZATION is not set +CONFIG_AS_AVX512=y +CONFIG_AS_SHA1_NI=y +CONFIG_AS_SHA256_NI=y +CONFIG_AS_TPAUSE=y + +# +# General architecture-dependent options +# +CONFIG_CRASH_CORE=y +CONFIG_GENERIC_ENTRY=y +# CONFIG_KPROBES is not set +CONFIG_JUMP_LABEL=y +# CONFIG_STATIC_KEYS_SELFTEST is not set +# CONFIG_STATIC_CALL_SELFTEST is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y +CONFIG_HAVE_NMI=y +CONFIG_TRACE_IRQFLAGS_SUPPORT=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_HAS_FORTIFY_SOURCE=y +CONFIG_ARCH_HAS_SET_MEMORY=y +CONFIG_ARCH_HAS_SET_DIRECT_MAP=y +CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_ARCH_WANTS_NO_INSTR=y +CONFIG_HAVE_ASM_MODVERSIONS=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_RSEQ=y +CONFIG_HAVE_FUNCTION_ARG_ACCESS_API=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP=y +CONFIG_SECCOMP_FILTER=y +# CONFIG_SECCOMP_CACHE_DEBUG is not set +CONFIG_HAVE_ARCH_STACKLEAK=y +CONFIG_HAVE_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR_STRONG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG_THIN=y +CONFIG_LTO_NONE=y +CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y +CONFIG_HAVE_CONTEXT_TRACKING=y +CONFIG_HAVE_CONTEXT_TRACKING_OFFSTACK=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_MOVE_PUD=y +CONFIG_HAVE_MOVE_PMD=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_HAVE_MOD_ARCH_SPECIFIC=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_HAVE_SOFTIRQ_ON_OWN_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_HAVE_EXIT_THREAD=y +CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_HAVE_STACK_VALIDATION=y +CONFIG_HAVE_RELIABLE_STACKTRACE=y +# CONFIG_COMPAT_32BIT_TIME is not set +CONFIG_HAVE_ARCH_VMAP_STACK=y +CONFIG_VMAP_STACK=y +CONFIG_HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET=y +# CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is not set +CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y +CONFIG_STRICT_KERNEL_RWX=y +CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y +CONFIG_STRICT_MODULE_RWX=y +CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y +# CONFIG_LOCK_EVENT_COUNTS is not set +CONFIG_ARCH_HAS_MEM_ENCRYPT=y +CONFIG_HAVE_STATIC_CALL=y +CONFIG_HAVE_STATIC_CALL_INLINE=y +CONFIG_HAVE_PREEMPT_DYNAMIC=y +CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_HAS_ELFCORE_COMPAT=y +CONFIG_ARCH_HAS_PARANOID_L1D_FLUSH=y + +# +# GCOV-based kernel profiling +# +# CONFIG_GCOV_KERNEL is not set +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# end of GCOV-based kernel profiling + +CONFIG_HAVE_GCC_PLUGINS=y +# CONFIG_GCC_PLUGINS is not set +# end of General architecture-dependent options + +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +CONFIG_MODULES=y +# CONFIG_MODULE_FORCE_LOAD is not set +CONFIG_MODULE_UNLOAD=y +CONFIG_MODULE_FORCE_UNLOAD=y +# CONFIG_MODVERSIONS is not set +# CONFIG_MODULE_SRCVERSION_ALL is not set +# CONFIG_MODULE_SIG is not set +# CONFIG_MODULE_COMPRESS_NONE is not set +# CONFIG_MODULE_COMPRESS_GZIP is not set +CONFIG_MODULE_COMPRESS_XZ=y +# CONFIG_MODULE_COMPRESS_ZSTD is not set +# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set +CONFIG_MODPROBE_PATH="/sbin/modprobe" +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +# CONFIG_BLK_DEV_BSGLIB is not set +# CONFIG_BLK_DEV_INTEGRITY is not set +# CONFIG_BLK_DEV_ZONED is not set +# CONFIG_BLK_WBT is not set +# CONFIG_BLK_DEBUG_FS is not set +# CONFIG_BLK_SED_OPAL is not set +# CONFIG_BLK_INLINE_ENCRYPTION is not set + +# +# Partition Types +# +# CONFIG_PARTITION_ADVANCED is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_EFI_PARTITION=y +# end of Partition Types + +CONFIG_BLK_MQ_PCI=y +CONFIG_BLK_MQ_VIRTIO=y + +# +# IO Schedulers +# +# CONFIG_MQ_IOSCHED_DEADLINE is not set +# CONFIG_MQ_IOSCHED_KYBER is not set +# CONFIG_IOSCHED_BFQ is not set +# end of IO Schedulers + +CONFIG_ASN1=y +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE=y +CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE=y +CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y + +# +# Executable file formats +# +CONFIG_BINFMT_ELF=y +CONFIG_ELFCORE=y +CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y +CONFIG_BINFMT_SCRIPT=y +CONFIG_BINFMT_MISC=y +CONFIG_COREDUMP=y +# end of Executable file formats + +# +# Memory Management options +# +CONFIG_SELECT_MEMORY_MODEL=y +CONFIG_SPARSEMEM_MANUAL=y +CONFIG_SPARSEMEM=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_HAVE_FAST_GUP=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +# CONFIG_MEMORY_HOTPLUG is not set +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_MEMORY_BALLOON=y +CONFIG_BALLOON_COMPACTION=y +CONFIG_COMPACTION=y +CONFIG_PAGE_REPORTING=y +CONFIG_MIGRATION=y +CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_VIRT_TO_BUS=y +# CONFIG_KSM is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y +# CONFIG_MEMORY_FAILURE is not set +# CONFIG_TRANSPARENT_HUGEPAGE is not set +CONFIG_ARCH_WANTS_THP_SWAP=y +CONFIG_NEED_PER_CPU_KM=y +# CONFIG_CLEANCACHE is not set +# CONFIG_CMA is not set +# CONFIG_ZPOOL is not set +# CONFIG_ZSMALLOC is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +# CONFIG_IDLE_PAGE_TRACKING is not set +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_ARCH_HAS_PTE_DEVMAP=y +CONFIG_ZONE_DMA=y +CONFIG_ZONE_DMA32=y +CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y +CONFIG_ARCH_HAS_PKEYS=y +# CONFIG_PERCPU_STATS is not set +# CONFIG_GUP_TEST is not set +CONFIG_ARCH_HAS_PTE_SPECIAL=y +CONFIG_SECRETMEM=y + +# +# Data Access Monitoring +# +# CONFIG_DAMON is not set +# end of Data Access Monitoring +# end of Memory Management options + +CONFIG_NET=y +CONFIG_NET_INGRESS=y +CONFIG_SKB_EXTENSIONS=y + +# +# Networking options +# +CONFIG_PACKET=y +# CONFIG_PACKET_DIAG is not set +CONFIG_UNIX=y +CONFIG_UNIX_SCM=y +CONFIG_AF_UNIX_OOB=y +# CONFIG_UNIX_DIAG is not set +# CONFIG_TLS is not set +CONFIG_XFRM=y +CONFIG_XFRM_ALGO=y +CONFIG_XFRM_USER=y +# CONFIG_XFRM_INTERFACE is not set +# CONFIG_XFRM_SUB_POLICY is not set +# CONFIG_XFRM_MIGRATE is not set +# CONFIG_XFRM_STATISTICS is not set +CONFIG_XFRM_AH=y +CONFIG_XFRM_ESP=y +# CONFIG_NET_KEY is not set +CONFIG_INET=y +CONFIG_IP_MULTICAST=y +CONFIG_IP_ADVANCED_ROUTER=y +# CONFIG_IP_FIB_TRIE_STATS is not set +CONFIG_IP_MULTIPLE_TABLES=y +CONFIG_IP_ROUTE_MULTIPATH=y +CONFIG_IP_ROUTE_VERBOSE=y +CONFIG_IP_PNP=y +CONFIG_IP_PNP_DHCP=y +CONFIG_IP_PNP_BOOTP=y +CONFIG_IP_PNP_RARP=y +# CONFIG_NET_IPIP is not set +# CONFIG_NET_IPGRE_DEMUX is not set +CONFIG_NET_IP_TUNNEL=y +CONFIG_IP_MROUTE_COMMON=y +CONFIG_IP_MROUTE=y +# CONFIG_IP_MROUTE_MULTIPLE_TABLES is not set +CONFIG_IP_PIMSM_V1=y +CONFIG_IP_PIMSM_V2=y +CONFIG_SYN_COOKIES=y +# CONFIG_NET_IPVTI is not set +# CONFIG_NET_FOU is not set +# CONFIG_NET_FOU_IP_TUNNELS is not set +# CONFIG_INET_AH is not set +# CONFIG_INET_ESP is not set +# CONFIG_INET_IPCOMP is not set +CONFIG_INET_TUNNEL=y +# CONFIG_INET_DIAG is not set +CONFIG_TCP_CONG_ADVANCED=y +# CONFIG_TCP_CONG_BIC is not set +CONFIG_TCP_CONG_CUBIC=y +# CONFIG_TCP_CONG_WESTWOOD is not set +# CONFIG_TCP_CONG_HTCP is not set +# CONFIG_TCP_CONG_HSTCP is not set +# CONFIG_TCP_CONG_HYBLA is not set +# CONFIG_TCP_CONG_VEGAS is not set +# CONFIG_TCP_CONG_NV is not set +# CONFIG_TCP_CONG_SCALABLE is not set +# CONFIG_TCP_CONG_LP is not set +# CONFIG_TCP_CONG_VENO is not set +# CONFIG_TCP_CONG_YEAH is not set +# CONFIG_TCP_CONG_ILLINOIS is not set +# CONFIG_TCP_CONG_DCTCP is not set +# CONFIG_TCP_CONG_CDG is not set +# CONFIG_TCP_CONG_BBR is not set +CONFIG_DEFAULT_CUBIC=y +# CONFIG_DEFAULT_RENO is not set +CONFIG_DEFAULT_TCP_CONG="cubic" +CONFIG_TCP_MD5SIG=y +CONFIG_IPV6=y +# CONFIG_IPV6_ROUTER_PREF is not set +# CONFIG_IPV6_OPTIMISTIC_DAD is not set +CONFIG_INET6_AH=y +CONFIG_INET6_ESP=y +# CONFIG_INET6_ESP_OFFLOAD is not set +# CONFIG_INET6_ESPINTCP is not set +# CONFIG_INET6_IPCOMP is not set +# CONFIG_IPV6_MIP6 is not set +# CONFIG_IPV6_ILA is not set +# CONFIG_IPV6_VTI is not set +CONFIG_IPV6_SIT=y +# CONFIG_IPV6_SIT_6RD is not set +CONFIG_IPV6_NDISC_NODETYPE=y +# CONFIG_IPV6_TUNNEL is not set +# CONFIG_IPV6_MULTIPLE_TABLES is not set +# CONFIG_IPV6_MROUTE is not set +# CONFIG_IPV6_SEG6_LWTUNNEL is not set +# CONFIG_IPV6_SEG6_HMAC is not set +# CONFIG_IPV6_RPL_LWTUNNEL is not set +# CONFIG_IPV6_IOAM6_LWTUNNEL is not set +CONFIG_NETLABEL=y +# CONFIG_MPTCP is not set +# CONFIG_NETWORK_SECMARK is not set +CONFIG_NET_PTP_CLASSIFY=y +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +CONFIG_NETFILTER=y +# CONFIG_NETFILTER_ADVANCED is not set + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_LOG_SYSLOG=y +CONFIG_NF_CONNTRACK_PROCFS=y +# CONFIG_NF_CONNTRACK_LABELS is not set +CONFIG_NF_CONNTRACK_FTP=y +CONFIG_NF_CONNTRACK_IRC=y +# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set +CONFIG_NF_CONNTRACK_SIP=y +CONFIG_NF_CT_NETLINK=y +# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set +CONFIG_NF_NAT=y +CONFIG_NF_NAT_FTP=y +CONFIG_NF_NAT_IRC=y +CONFIG_NF_NAT_SIP=y +CONFIG_NF_NAT_MASQUERADE=y +# CONFIG_NF_TABLES is not set +CONFIG_NETFILTER_XTABLES=y + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=y + +# +# Xtables targets +# +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_NAT=y +# CONFIG_NETFILTER_XT_TARGET_NETMAP is not set +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +# CONFIG_NETFILTER_XT_TARGET_REDIRECT is not set +CONFIG_NETFILTER_XT_TARGET_MASQUERADE=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_STATE=y +# end of Core Netfilter Configuration + +# CONFIG_IP_SET is not set +# CONFIG_IP_VS is not set + +# +# IP: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV4=y +# CONFIG_NF_SOCKET_IPV4 is not set +# CONFIG_NF_TPROXY_IPV4 is not set +# CONFIG_NF_DUP_IPV4 is not set +CONFIG_NF_LOG_ARP=y +CONFIG_NF_LOG_IPV4=y +CONFIG_NF_REJECT_IPV4=y +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_MANGLE=y +# CONFIG_IP_NF_RAW is not set +# end of IP: Netfilter Configuration + +# +# IPv6: Netfilter Configuration +# +# CONFIG_NF_SOCKET_IPV6 is not set +# CONFIG_NF_TPROXY_IPV6 is not set +# CONFIG_NF_DUP_IPV6 is not set +CONFIG_NF_REJECT_IPV6=y +CONFIG_NF_LOG_IPV6=y +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MATCH_IPV6HEADER=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_TARGET_REJECT=y +CONFIG_IP6_NF_MANGLE=y +# CONFIG_IP6_NF_RAW is not set +# end of IPv6: Netfilter Configuration + +CONFIG_NF_DEFRAG_IPV6=y +# CONFIG_NF_CONNTRACK_BRIDGE is not set +# CONFIG_BPFILTER is not set +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +# CONFIG_L2TP is not set +# CONFIG_BRIDGE is not set +# CONFIG_NET_DSA is not set +# CONFIG_VLAN_8021Q is not set +# CONFIG_DECNET is not set +# CONFIG_LLC2 is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +CONFIG_NET_SCHED=y + +# +# Queueing/Scheduling +# +# CONFIG_NET_SCH_CBQ is not set +# CONFIG_NET_SCH_HTB is not set +# CONFIG_NET_SCH_HFSC is not set +# CONFIG_NET_SCH_PRIO is not set +# CONFIG_NET_SCH_MULTIQ is not set +# CONFIG_NET_SCH_RED is not set +# CONFIG_NET_SCH_SFB is not set +# CONFIG_NET_SCH_SFQ is not set +# CONFIG_NET_SCH_TEQL is not set +# CONFIG_NET_SCH_TBF is not set +# CONFIG_NET_SCH_CBS is not set +# CONFIG_NET_SCH_ETF is not set +# CONFIG_NET_SCH_TAPRIO is not set +# CONFIG_NET_SCH_GRED is not set +# CONFIG_NET_SCH_DSMARK is not set +# CONFIG_NET_SCH_NETEM is not set +# CONFIG_NET_SCH_DRR is not set +# CONFIG_NET_SCH_MQPRIO is not set +# CONFIG_NET_SCH_SKBPRIO is not set +# CONFIG_NET_SCH_CHOKE is not set +# CONFIG_NET_SCH_QFQ is not set +# CONFIG_NET_SCH_CODEL is not set +# CONFIG_NET_SCH_FQ_CODEL is not set +# CONFIG_NET_SCH_CAKE is not set +# CONFIG_NET_SCH_FQ is not set +# CONFIG_NET_SCH_HHF is not set +# CONFIG_NET_SCH_PIE is not set +# CONFIG_NET_SCH_INGRESS is not set +# CONFIG_NET_SCH_PLUG is not set +# CONFIG_NET_SCH_ETS is not set +# CONFIG_NET_SCH_DEFAULT is not set + +# +# Classification +# +CONFIG_NET_CLS=y +# CONFIG_NET_CLS_BASIC is not set +# CONFIG_NET_CLS_TCINDEX is not set +# CONFIG_NET_CLS_ROUTE4 is not set +# CONFIG_NET_CLS_FW is not set +# CONFIG_NET_CLS_U32 is not set +# CONFIG_NET_CLS_RSVP is not set +# CONFIG_NET_CLS_RSVP6 is not set +# CONFIG_NET_CLS_FLOW is not set +# CONFIG_NET_CLS_BPF is not set +# CONFIG_NET_CLS_FLOWER is not set +# CONFIG_NET_CLS_MATCHALL is not set +CONFIG_NET_EMATCH=y +CONFIG_NET_EMATCH_STACK=32 +# CONFIG_NET_EMATCH_CMP is not set +# CONFIG_NET_EMATCH_NBYTE is not set +# CONFIG_NET_EMATCH_U32 is not set +# CONFIG_NET_EMATCH_META is not set +# CONFIG_NET_EMATCH_TEXT is not set +# CONFIG_NET_EMATCH_IPT is not set +CONFIG_NET_CLS_ACT=y +# CONFIG_NET_ACT_POLICE is not set +# CONFIG_NET_ACT_GACT is not set +# CONFIG_NET_ACT_MIRRED is not set +# CONFIG_NET_ACT_SAMPLE is not set +# CONFIG_NET_ACT_IPT is not set +# CONFIG_NET_ACT_NAT is not set +# CONFIG_NET_ACT_PEDIT is not set +# CONFIG_NET_ACT_SIMP is not set +# CONFIG_NET_ACT_SKBEDIT is not set +# CONFIG_NET_ACT_CSUM is not set +# CONFIG_NET_ACT_MPLS is not set +# CONFIG_NET_ACT_VLAN is not set +# CONFIG_NET_ACT_BPF is not set +# CONFIG_NET_ACT_SKBMOD is not set +# CONFIG_NET_ACT_IFE is not set +# CONFIG_NET_ACT_TUNNEL_KEY is not set +# CONFIG_NET_ACT_GATE is not set +# CONFIG_NET_TC_SKB_EXT is not set +CONFIG_NET_SCH_FIFO=y +# CONFIG_DCB is not set +# CONFIG_DNS_RESOLVER is not set +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +# CONFIG_VSOCKETS is not set +# CONFIG_NETLINK_DIAG is not set +# CONFIG_MPLS is not set +# CONFIG_NET_NSH is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +# CONFIG_NET_L3_MASTER_DEV is not set +# CONFIG_QRTR is not set +# CONFIG_NET_NCSI is not set +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# end of Network testing +# end of Networking options + +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +# CONFIG_MCTP is not set +CONFIG_FIB_RULES=y +CONFIG_WIRELESS=y +CONFIG_WIRELESS_EXT=y +CONFIG_WEXT_CORE=y +CONFIG_WEXT_PROC=y +CONFIG_WEXT_SPY=y +CONFIG_WEXT_PRIV=y +CONFIG_CFG80211=y +# CONFIG_NL80211_TESTMODE is not set +# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set +CONFIG_CFG80211_REQUIRE_SIGNED_REGDB=y +CONFIG_CFG80211_USE_KERNEL_REGDB_KEYS=y +CONFIG_CFG80211_DEFAULT_PS=y +# CONFIG_CFG80211_DEBUGFS is not set +CONFIG_CFG80211_CRDA_SUPPORT=y +CONFIG_CFG80211_WEXT=y +CONFIG_CFG80211_WEXT_EXPORT=y +CONFIG_LIB80211=m +CONFIG_LIB80211_CRYPT_WEP=m +CONFIG_LIB80211_CRYPT_CCMP=m +CONFIG_LIB80211_CRYPT_TKIP=m +# CONFIG_LIB80211_DEBUG is not set +CONFIG_MAC80211=y +CONFIG_MAC80211_HAS_RC=y +CONFIG_MAC80211_RC_MINSTREL=y +CONFIG_MAC80211_RC_DEFAULT_MINSTREL=y +CONFIG_MAC80211_RC_DEFAULT="minstrel_ht" +# CONFIG_MAC80211_MESH is not set +CONFIG_MAC80211_LEDS=y +# CONFIG_MAC80211_DEBUGFS is not set +# CONFIG_MAC80211_MESSAGE_TRACING is not set +# CONFIG_MAC80211_DEBUG_MENU is not set +CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 +CONFIG_RFKILL=y +CONFIG_RFKILL_LEDS=y +CONFIG_RFKILL_INPUT=y +CONFIG_NET_9P=y +CONFIG_NET_9P_VIRTIO=y +# CONFIG_NET_9P_DEBUG is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +# CONFIG_PSAMPLE is not set +# CONFIG_NET_IFE is not set +# CONFIG_LWTUNNEL is not set +CONFIG_DST_CACHE=y +CONFIG_GRO_CELLS=y +# CONFIG_FAILOVER is not set +CONFIG_ETHTOOL_NETLINK=y + +# +# Device Drivers +# +CONFIG_HAVE_EISA=y +# CONFIG_EISA is not set +CONFIG_HAVE_PCI=y +CONFIG_PCI=y +CONFIG_PCI_DOMAINS=y +CONFIG_PCIEPORTBUS=y +CONFIG_HOTPLUG_PCI_PCIE=y +# CONFIG_PCIEAER is not set +CONFIG_PCIEASPM=y +CONFIG_PCIEASPM_DEFAULT=y +# CONFIG_PCIEASPM_POWERSAVE is not set +# CONFIG_PCIEASPM_POWER_SUPERSAVE is not set +# CONFIG_PCIEASPM_PERFORMANCE is not set +# CONFIG_PCIE_PTM is not set +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +CONFIG_PCI_QUIRKS=y +# CONFIG_PCI_STUB is not set +CONFIG_PCI_ATS=y +CONFIG_PCI_LOCKLESS_CONFIG=y +# CONFIG_PCI_IOV is not set +CONFIG_PCI_PRI=y +CONFIG_PCI_PASID=y +CONFIG_PCI_LABEL=y +CONFIG_HOTPLUG_PCI=y +CONFIG_HOTPLUG_PCI_ACPI=y +# CONFIG_HOTPLUG_PCI_ACPI_IBM is not set +# CONFIG_HOTPLUG_PCI_CPCI is not set +# CONFIG_HOTPLUG_PCI_SHPC is not set + +# +# PCI controller drivers +# +# CONFIG_VMD is not set + +# +# DesignWare PCI Core Support +# +# CONFIG_PCIE_DW_PLAT_HOST is not set +# CONFIG_PCI_MESON is not set +# end of DesignWare PCI Core Support + +# +# Mobiveil PCIe Core Support +# +# end of Mobiveil PCIe Core Support + +# +# Cadence PCIe controllers support +# +# end of Cadence PCIe controllers support +# end of PCI controller drivers + +# +# PCI Endpoint +# +# CONFIG_PCI_ENDPOINT is not set +# end of PCI Endpoint + +# +# PCI switch controller drivers +# +# CONFIG_PCI_SW_SWITCHTEC is not set +# end of PCI switch controller drivers + +# CONFIG_CXL_BUS is not set +# CONFIG_PCCARD is not set +# CONFIG_RAPIDIO is not set + +# +# Generic Driver Options +# +CONFIG_UEVENT_HELPER=y +CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y + +# +# Firmware loader +# +CONFIG_FW_LOADER=y +CONFIG_EXTRA_FIRMWARE="" +# CONFIG_FW_LOADER_USER_HELPER is not set +# CONFIG_FW_LOADER_COMPRESS is not set +# end of Firmware loader + +CONFIG_WANT_DEV_COREDUMP=y +CONFIG_ALLOW_DEV_COREDUMP=y +CONFIG_DEV_COREDUMP=y +# CONFIG_TEST_ASYNC_DRIVER_PROBE is not set +CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y +# end of Generic Driver Options + +# +# Bus devices +# +# CONFIG_MHI_BUS is not set +# end of Bus devices + +CONFIG_CONNECTOR=y +CONFIG_PROC_EVENTS=y + +# +# Firmware Drivers +# + +# +# ARM System Control and Management Interface Protocol +# +# end of ARM System Control and Management Interface Protocol + +# CONFIG_EDD is not set +CONFIG_FIRMWARE_MEMMAP=y +CONFIG_DMIID=y +# CONFIG_DMI_SYSFS is not set +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_FW_CFG_SYSFS is not set +CONFIG_SYSFB=y +# CONFIG_SYSFB_SIMPLEFB is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# Tegra firmware driver +# +# end of Tegra firmware driver +# end of Firmware Drivers + +# CONFIG_GNSS is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +# CONFIG_PNP_DEBUG_MESSAGES is not set + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_CRYPTOLOOP is not set +# CONFIG_BLK_DEV_DRBD is not set +# CONFIG_BLK_DEV_NBD is not set +# CONFIG_BLK_DEV_SX8 is not set +# CONFIG_BLK_DEV_RAM is not set +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +CONFIG_VIRTIO_BLK=y +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_RSXX is not set + +# +# NVME Support +# +# CONFIG_BLK_DEV_NVME is not set +# CONFIG_NVME_FC is not set +# CONFIG_NVME_TCP is not set +# end of NVME Support + +# +# Misc devices +# +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_SRAM is not set +# CONFIG_DW_XDATA_PCIE is not set +# CONFIG_PCI_ENDPOINT_TEST is not set +# CONFIG_XILINX_SDFEC is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +CONFIG_EEPROM_93CX6=m +# end of EEPROM support + +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# +# end of Texas Instruments shared transport line discipline + +# +# Altera FPGA firmware download module (requires I2C) +# +# CONFIG_INTEL_MEI is not set +# CONFIG_INTEL_MEI_ME is not set +# CONFIG_INTEL_MEI_TXE is not set +# CONFIG_VMWARE_VMCI is not set +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_BCM_VK is not set +# CONFIG_MISC_ALCOR_PCI is not set +# CONFIG_MISC_RTSX_PCI is not set +# CONFIG_HABANA_AI is not set +# CONFIG_PVPANIC is not set +# end of Misc devices + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +# CONFIG_SCSI is not set +# end of SCSI device support + +# CONFIG_ATA is not set +# CONFIG_MD is not set +# CONFIG_TARGET_CORE is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# end of IEEE 1394 (FireWire) support + +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +# CONFIG_DUMMY is not set +# CONFIG_WIREGUARD is not set +# CONFIG_EQUALIZER is not set +# CONFIG_NET_TEAM is not set +# CONFIG_MACVLAN is not set +# CONFIG_IPVLAN is not set +# CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set +# CONFIG_BAREUDP is not set +# CONFIG_GTP is not set +# CONFIG_MACSEC is not set +CONFIG_NETCONSOLE=y +CONFIG_NETPOLL=y +CONFIG_NET_POLL_CONTROLLER=y +# CONFIG_TUN is not set +# CONFIG_TUN_VNET_CROSS_LE is not set +# CONFIG_VETH is not set +# CONFIG_VIRTIO_NET is not set +# CONFIG_NLMON is not set +# CONFIG_ARCNET is not set +CONFIG_ETHERNET=y +# CONFIG_NET_VENDOR_3COM is not set +# CONFIG_NET_VENDOR_ADAPTEC is not set +# CONFIG_NET_VENDOR_AGERE is not set +# CONFIG_NET_VENDOR_ALACRITECH is not set +# CONFIG_NET_VENDOR_ALTEON is not set +# CONFIG_ALTERA_TSE is not set +# CONFIG_NET_VENDOR_AMAZON is not set +# CONFIG_NET_VENDOR_AMD is not set +# CONFIG_NET_VENDOR_AQUANTIA is not set +# CONFIG_NET_VENDOR_ARC is not set +# CONFIG_NET_VENDOR_ATHEROS is not set +# CONFIG_NET_VENDOR_BROADCOM is not set +# CONFIG_NET_VENDOR_BROCADE is not set +# CONFIG_NET_VENDOR_CADENCE is not set +# CONFIG_NET_VENDOR_CAVIUM is not set +# CONFIG_NET_VENDOR_CHELSIO is not set +# CONFIG_NET_VENDOR_CISCO is not set +# CONFIG_NET_VENDOR_CORTINA is not set +# CONFIG_CX_ECAT is not set +# CONFIG_DNET is not set +# CONFIG_NET_VENDOR_DEC is not set +# CONFIG_NET_VENDOR_DLINK is not set +# CONFIG_NET_VENDOR_EMULEX is not set +# CONFIG_NET_VENDOR_EZCHIP is not set +# CONFIG_NET_VENDOR_GOOGLE is not set +# CONFIG_NET_VENDOR_HUAWEI is not set +# CONFIG_NET_VENDOR_I825XX is not set +CONFIG_NET_VENDOR_INTEL=y +# CONFIG_E100 is not set +CONFIG_E1000=y +# CONFIG_E1000E is not set +# CONFIG_IGB is not set +# CONFIG_IGBVF is not set +# CONFIG_IXGB is not set +# CONFIG_IXGBE is not set +# CONFIG_IXGBEVF is not set +# CONFIG_I40E is not set +# CONFIG_I40EVF is not set +# CONFIG_ICE is not set +# CONFIG_FM10K is not set +# CONFIG_IGC is not set +# CONFIG_NET_VENDOR_MICROSOFT is not set +# CONFIG_JME is not set +# CONFIG_NET_VENDOR_LITEX is not set +# CONFIG_NET_VENDOR_MARVELL is not set +# CONFIG_NET_VENDOR_MELLANOX is not set +# CONFIG_NET_VENDOR_MICREL is not set +# CONFIG_NET_VENDOR_MICROCHIP is not set +# CONFIG_NET_VENDOR_MICROSEMI is not set +# CONFIG_NET_VENDOR_MYRI is not set +# CONFIG_FEALNX is not set +# CONFIG_NET_VENDOR_NATSEMI is not set +# CONFIG_NET_VENDOR_NETERION is not set +# CONFIG_NET_VENDOR_NETRONOME is not set +# CONFIG_NET_VENDOR_NI is not set +# CONFIG_NET_VENDOR_NVIDIA is not set +# CONFIG_NET_VENDOR_OKI is not set +# CONFIG_ETHOC is not set +# CONFIG_NET_VENDOR_PACKET_ENGINES is not set +# CONFIG_NET_VENDOR_PENSANDO is not set +# CONFIG_NET_VENDOR_QLOGIC is not set +# CONFIG_NET_VENDOR_QUALCOMM is not set +# CONFIG_NET_VENDOR_RDC is not set +# CONFIG_NET_VENDOR_REALTEK is not set +# CONFIG_NET_VENDOR_RENESAS is not set +# CONFIG_NET_VENDOR_ROCKER is not set +# CONFIG_NET_VENDOR_SAMSUNG is not set +# CONFIG_NET_VENDOR_SEEQ is not set +# CONFIG_NET_VENDOR_SOLARFLARE is not set +# CONFIG_NET_VENDOR_SILAN is not set +# CONFIG_NET_VENDOR_SIS is not set +# CONFIG_NET_VENDOR_SMSC is not set +# CONFIG_NET_VENDOR_SOCIONEXT is not set +# CONFIG_NET_VENDOR_STMICRO is not set +# CONFIG_NET_VENDOR_SUN is not set +# CONFIG_NET_VENDOR_SYNOPSYS is not set +# CONFIG_NET_VENDOR_TEHUTI is not set +# CONFIG_NET_VENDOR_TI is not set +# CONFIG_NET_VENDOR_VIA is not set +# CONFIG_NET_VENDOR_WIZNET is not set +# CONFIG_NET_VENDOR_XILINX is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +# CONFIG_PHYLIB is not set +# CONFIG_MDIO_DEVICE is not set + +# +# PCS device drivers +# +# end of PCS device drivers + +# CONFIG_PPP is not set +# CONFIG_SLIP is not set + +# +# Host-side USB support is needed for USB Network Adapter support +# +CONFIG_WLAN=y +CONFIG_WLAN_VENDOR_ADMTEK=y +CONFIG_ADM8211=m +CONFIG_ATH_COMMON=m +CONFIG_WLAN_VENDOR_ATH=y +# CONFIG_ATH_DEBUG is not set +CONFIG_ATH5K=m +# CONFIG_ATH5K_DEBUG is not set +CONFIG_ATH5K_PCI=y +CONFIG_ATH9K_HW=m +CONFIG_ATH9K_COMMON=m +CONFIG_ATH9K_BTCOEX_SUPPORT=y +CONFIG_ATH9K=m +CONFIG_ATH9K_PCI=y +# CONFIG_ATH9K_AHB is not set +# CONFIG_ATH9K_DEBUGFS is not set +# CONFIG_ATH9K_DYNACK is not set +CONFIG_ATH9K_RFKILL=y +# CONFIG_ATH9K_CHANNEL_CONTEXT is not set +CONFIG_ATH9K_PCOEM=y +CONFIG_ATH9K_PCI_NO_EEPROM=m +# CONFIG_ATH9K_HWRNG is not set +CONFIG_ATH6KL=m +# CONFIG_ATH6KL_DEBUG is not set +# CONFIG_WIL6210 is not set +CONFIG_ATH10K=m +CONFIG_ATH10K_CE=y +CONFIG_ATH10K_PCI=m +# CONFIG_ATH10K_DEBUG is not set +# CONFIG_ATH10K_DEBUGFS is not set +CONFIG_WCN36XX=m +# CONFIG_WCN36XX_DEBUGFS is not set +# CONFIG_ATH11K is not set +CONFIG_WLAN_VENDOR_ATMEL=y +CONFIG_ATMEL=m +# CONFIG_PCI_ATMEL is not set +CONFIG_WLAN_VENDOR_BROADCOM=y +CONFIG_B43=m +CONFIG_B43_BCMA=y +CONFIG_B43_SSB=y +CONFIG_B43_BUSES_BCMA_AND_SSB=y +# CONFIG_B43_BUSES_BCMA is not set +# CONFIG_B43_BUSES_SSB is not set +CONFIG_B43_PCI_AUTOSELECT=y +CONFIG_B43_PCICORE_AUTOSELECT=y +CONFIG_B43_BCMA_PIO=y +CONFIG_B43_PIO=y +CONFIG_B43_PHY_G=y +CONFIG_B43_PHY_N=y +CONFIG_B43_PHY_LP=y +CONFIG_B43_PHY_HT=y +CONFIG_B43_LEDS=y +CONFIG_B43_HWRNG=y +# CONFIG_B43_DEBUG is not set +CONFIG_B43LEGACY=m +CONFIG_B43LEGACY_PCI_AUTOSELECT=y +CONFIG_B43LEGACY_PCICORE_AUTOSELECT=y +CONFIG_B43LEGACY_LEDS=y +CONFIG_B43LEGACY_HWRNG=y +CONFIG_B43LEGACY_DEBUG=y +CONFIG_B43LEGACY_DMA=y +CONFIG_B43LEGACY_PIO=y +CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y +# CONFIG_B43LEGACY_DMA_MODE is not set +# CONFIG_B43LEGACY_PIO_MODE is not set +CONFIG_BRCMUTIL=m +CONFIG_BRCMSMAC=m +CONFIG_BRCMFMAC=m +# CONFIG_BRCMFMAC_PCIE is not set +# CONFIG_BRCM_TRACING is not set +# CONFIG_BRCMDBG is not set +CONFIG_WLAN_VENDOR_CISCO=y +# CONFIG_AIRO is not set +CONFIG_WLAN_VENDOR_INTEL=y +CONFIG_IPW2100=m +# CONFIG_IPW2100_MONITOR is not set +# CONFIG_IPW2100_DEBUG is not set +CONFIG_IPW2200=m +# CONFIG_IPW2200_MONITOR is not set +# CONFIG_IPW2200_QOS is not set +# CONFIG_IPW2200_DEBUG is not set +CONFIG_LIBIPW=m +# CONFIG_LIBIPW_DEBUG is not set +CONFIG_IWLEGACY=m +CONFIG_IWL4965=m +CONFIG_IWL3945=m + +# +# iwl3945 / iwl4965 Debugging Options +# +# CONFIG_IWLEGACY_DEBUG is not set +# end of iwl3945 / iwl4965 Debugging Options + +CONFIG_IWLWIFI=m +CONFIG_IWLWIFI_LEDS=y +CONFIG_IWLDVM=m +CONFIG_IWLMVM=m +CONFIG_IWLWIFI_OPMODE_MODULAR=y +# CONFIG_IWLWIFI_BCAST_FILTERING is not set + +# +# Debugging Options +# +# CONFIG_IWLWIFI_DEBUG is not set +# end of Debugging Options + +CONFIG_WLAN_VENDOR_INTERSIL=y +# CONFIG_HOSTAP is not set +CONFIG_HERMES=m +CONFIG_HERMES_PRISM=y +CONFIG_HERMES_CACHE_FW_ON_INIT=y +# CONFIG_PLX_HERMES is not set +# CONFIG_TMD_HERMES is not set +# CONFIG_NORTEL_HERMES is not set +# CONFIG_PCI_HERMES is not set +# CONFIG_P54_COMMON is not set +CONFIG_WLAN_VENDOR_MARVELL=y +CONFIG_LIBERTAS=m +# CONFIG_LIBERTAS_DEBUG is not set +# CONFIG_LIBERTAS_MESH is not set +CONFIG_LIBERTAS_THINFIRM=m +# CONFIG_LIBERTAS_THINFIRM_DEBUG is not set +CONFIG_MWIFIEX=m +# CONFIG_MWIFIEX_PCIE is not set +CONFIG_MWL8K=m +CONFIG_WLAN_VENDOR_MEDIATEK=y +CONFIG_MT76_CORE=m +CONFIG_MT76_LEDS=y +CONFIG_MT76x02_LIB=m +CONFIG_MT76_CONNAC_LIB=m +CONFIG_MT76x0_COMMON=m +CONFIG_MT76x0E=m +CONFIG_MT76x2_COMMON=m +CONFIG_MT76x2E=m +CONFIG_MT7603E=m +CONFIG_MT7615_COMMON=m +CONFIG_MT7615E=m +CONFIG_MT7915E=m +CONFIG_MT7921E=m +CONFIG_WLAN_VENDOR_MICROCHIP=y +CONFIG_WLAN_VENDOR_RALINK=y +CONFIG_RT2X00=m +CONFIG_RT2400PCI=m +CONFIG_RT2500PCI=m +CONFIG_RT61PCI=m +CONFIG_RT2800PCI=m +CONFIG_RT2800PCI_RT33XX=y +CONFIG_RT2800PCI_RT35XX=y +CONFIG_RT2800PCI_RT53XX=y +CONFIG_RT2800PCI_RT3290=y +CONFIG_RT2800_LIB=m +CONFIG_RT2800_LIB_MMIO=m +CONFIG_RT2X00_LIB_MMIO=m +CONFIG_RT2X00_LIB_PCI=m +CONFIG_RT2X00_LIB=m +CONFIG_RT2X00_LIB_FIRMWARE=y +CONFIG_RT2X00_LIB_CRYPTO=y +CONFIG_RT2X00_LIB_LEDS=y +# CONFIG_RT2X00_DEBUG is not set +CONFIG_WLAN_VENDOR_REALTEK=y +CONFIG_RTL8180=m +CONFIG_RTL_CARDS=y +CONFIG_RTL8192CE=m +CONFIG_RTL8192SE=m +CONFIG_RTL8192DE=m +CONFIG_RTL8723AE=m +CONFIG_RTL8723BE=m +CONFIG_RTL8188EE=m +CONFIG_RTL8192EE=m +CONFIG_RTL8821AE=m +CONFIG_RTLWIFI=m +CONFIG_RTLWIFI_PCI=m +# CONFIG_RTLWIFI_DEBUG is not set +CONFIG_RTL8192C_COMMON=m +CONFIG_RTL8723_COMMON=m +CONFIG_RTLBTCOEXIST=m +# CONFIG_RTW88 is not set +CONFIG_WLAN_VENDOR_RSI=y +# CONFIG_RSI_91X is not set +CONFIG_WLAN_VENDOR_ST=y +# CONFIG_CW1200 is not set +CONFIG_WLAN_VENDOR_TI=y +CONFIG_WL1251=m +CONFIG_WL12XX=m +CONFIG_WL18XX=m +CONFIG_WLCORE=m +CONFIG_WLAN_VENDOR_ZYDAS=y +CONFIG_WLAN_VENDOR_QUANTENNA=y +CONFIG_QTNFMAC=m +CONFIG_QTNFMAC_PCIE=m +# CONFIG_MAC80211_HWSIM is not set +# CONFIG_VIRT_WIFI is not set +# CONFIG_WAN is not set + +# +# Wireless WAN +# +# CONFIG_WWAN is not set +# end of Wireless WAN + +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +# CONFIG_NETDEVSIM is not set +# CONFIG_NET_FAILOVER is not set +# CONFIG_ISDN is not set + +# +# Input device support +# +CONFIG_INPUT=y +# CONFIG_INPUT_LEDS is not set +# CONFIG_INPUT_FF_MEMLESS is not set +# CONFIG_INPUT_SPARSEKMAP is not set +# CONFIG_INPUT_MATRIXKMAP is not set + +# +# Userland interfaces +# +# CONFIG_INPUT_MOUSEDEV is not set +# CONFIG_INPUT_JOYDEV is not set +CONFIG_INPUT_EVDEV=y +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +# CONFIG_INPUT_KEYBOARD is not set +# CONFIG_INPUT_MOUSE is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +# CONFIG_INPUT_MISC is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +CONFIG_SERIO_I8042=y +CONFIG_SERIO_SERPORT=y +# CONFIG_SERIO_CT82C710 is not set +# CONFIG_SERIO_PCIPS2 is not set +# CONFIG_SERIO_LIBPS2 is not set +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +# CONFIG_USERIO is not set +# CONFIG_GAMEPORT is not set +# end of Hardware I/O ports +# end of Input device support + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_HW_CONSOLE=y +# CONFIG_VT_HW_CONSOLE_BINDING is not set +CONFIG_UNIX98_PTYS=y +# CONFIG_LEGACY_PTYS is not set +CONFIG_LDISC_AUTOLOAD=y + +# +# Serial drivers +# +CONFIG_SERIAL_EARLYCON=y +CONFIG_SERIAL_8250=y +CONFIG_SERIAL_8250_DEPRECATED_OPTIONS=y +CONFIG_SERIAL_8250_PNP=y +# CONFIG_SERIAL_8250_16550A_VARIANTS is not set +# CONFIG_SERIAL_8250_FINTEK is not set +CONFIG_SERIAL_8250_CONSOLE=y +CONFIG_SERIAL_8250_PCI=y +CONFIG_SERIAL_8250_EXAR=y +CONFIG_SERIAL_8250_NR_UARTS=32 +CONFIG_SERIAL_8250_RUNTIME_UARTS=4 +CONFIG_SERIAL_8250_EXTENDED=y +CONFIG_SERIAL_8250_MANY_PORTS=y +CONFIG_SERIAL_8250_SHARE_IRQ=y +CONFIG_SERIAL_8250_DETECT_IRQ=y +CONFIG_SERIAL_8250_RSA=y +CONFIG_SERIAL_8250_DWLIB=y +# CONFIG_SERIAL_8250_DW is not set +# CONFIG_SERIAL_8250_RT288X is not set +CONFIG_SERIAL_8250_LPSS=y +CONFIG_SERIAL_8250_MID=y + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +CONFIG_SERIAL_CORE=y +CONFIG_SERIAL_CORE_CONSOLE=y +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_LANTIQ is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_BCM63XX is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +# CONFIG_SERIAL_FSL_LINFLEXUART is not set +# CONFIG_SERIAL_SPRD is not set +# end of Serial drivers + +CONFIG_SERIAL_NONSTANDARD=y +# CONFIG_MOXA_INTELLIO is not set +# CONFIG_MOXA_SMARTIO is not set +# CONFIG_SYNCLINK_GT is not set +# CONFIG_N_HDLC is not set +# CONFIG_N_GSM is not set +# CONFIG_NOZOMI is not set +# CONFIG_NULL_TTY is not set +# CONFIG_SERIAL_DEV_BUS is not set +# CONFIG_VIRTIO_CONSOLE is not set +# CONFIG_IPMI_HANDLER is not set +CONFIG_HW_RANDOM=y +# CONFIG_HW_RANDOM_TIMERIOMEM is not set +# CONFIG_HW_RANDOM_INTEL is not set +# CONFIG_HW_RANDOM_AMD is not set +# CONFIG_HW_RANDOM_BA431 is not set +CONFIG_HW_RANDOM_VIA=y +# CONFIG_HW_RANDOM_VIRTIO is not set +# CONFIG_HW_RANDOM_XIPHERA is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +CONFIG_DEVMEM=y +CONFIG_NVRAM=y +CONFIG_DEVPORT=y +CONFIG_HPET=y +# CONFIG_HPET_MMAP is not set +# CONFIG_HANGCHECK_TIMER is not set +# CONFIG_TCG_TPM is not set +# CONFIG_TELCLOCK is not set +# CONFIG_XILLYBUS is not set +# CONFIG_RANDOM_TRUST_CPU is not set +# CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices + +# +# I2C support +# +# CONFIG_I2C is not set +# end of I2C support + +# CONFIG_I3C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set +CONFIG_PPS=y +# CONFIG_PPS_DEBUG is not set + +# +# PPS clients support +# +# CONFIG_PPS_CLIENT_KTIMER is not set +# CONFIG_PPS_CLIENT_LDISC is not set +# CONFIG_PPS_CLIENT_GPIO is not set + +# +# PPS generators support +# + +# +# PTP clock support +# +CONFIG_PTP_1588_CLOCK=y +CONFIG_PTP_1588_CLOCK_OPTIONAL=y + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +# end of PTP clock support + +# CONFIG_PINCTRL is not set +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +# CONFIG_POWER_RESET is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +# CONFIG_POWER_SUPPLY_HWMON is not set +# CONFIG_PDA_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_CHARGER_MAX8903 is not set +# CONFIG_BATTERY_GOLDFISH is not set +CONFIG_HWMON=y +# CONFIG_HWMON_DEBUG_CHIP is not set + +# +# Native drivers +# +# CONFIG_SENSORS_ABITUGURU is not set +# CONFIG_SENSORS_ABITUGURU3 is not set +# CONFIG_SENSORS_AS370 is not set +# CONFIG_SENSORS_AXI_FAN_CONTROL is not set +# CONFIG_SENSORS_K8TEMP is not set +# CONFIG_SENSORS_K10TEMP is not set +# CONFIG_SENSORS_FAM15H_POWER is not set +# CONFIG_SENSORS_APPLESMC is not set +# CONFIG_SENSORS_ASPEED is not set +# CONFIG_SENSORS_DELL_SMM is not set +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_I5500 is not set +# CONFIG_SENSORS_CORETEMP is not set +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_MR75203 is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_NTC_THERMISTOR is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_NPCM7XX is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_SCH5627 is not set +# CONFIG_SENSORS_SCH5636 is not set +# CONFIG_SENSORS_VIA_CPUTEMP is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83627EHF is not set + +# +# ACPI drivers +# +# CONFIG_SENSORS_ACPI_POWER is not set +# CONFIG_SENSORS_ATK0110 is not set +CONFIG_THERMAL=y +# CONFIG_THERMAL_NETLINK is not set +# CONFIG_THERMAL_STATISTICS is not set +CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0 +CONFIG_THERMAL_HWMON=y +CONFIG_THERMAL_WRITABLE_TRIPS=y +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +CONFIG_THERMAL_GOV_USER_SPACE=y +# CONFIG_THERMAL_EMULATION is not set + +# +# Intel thermal drivers +# +# CONFIG_INTEL_POWERCLAMP is not set +CONFIG_X86_THERMAL_VECTOR=y +# CONFIG_X86_PKG_TEMP_THERMAL is not set +# CONFIG_INTEL_SOC_DTS_THERMAL is not set + +# +# ACPI INT340X thermal drivers +# +# CONFIG_INT340X_THERMAL is not set +# end of ACPI INT340X thermal drivers + +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_INTEL_TCC_COOLING is not set +# CONFIG_INTEL_MENLOW is not set +# end of Intel thermal drivers + +CONFIG_WATCHDOG=y +# CONFIG_WATCHDOG_CORE is not set +# CONFIG_WATCHDOG_NOWAYOUT is not set +CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED=y +CONFIG_WATCHDOG_OPEN_TIMEOUT=0 +# CONFIG_WATCHDOG_SYSFS is not set +# CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT is not set + +# +# Watchdog Pretimeout Governors +# + +# +# Watchdog Device Drivers +# +# CONFIG_SOFT_WATCHDOG is not set +# CONFIG_WDAT_WDT is not set +# CONFIG_XILINX_WATCHDOG is not set +# CONFIG_CADENCE_WATCHDOG is not set +# CONFIG_DW_WATCHDOG is not set +# CONFIG_MAX63XX_WATCHDOG is not set +# CONFIG_ACQUIRE_WDT is not set +# CONFIG_ADVANTECH_WDT is not set +# CONFIG_ALIM1535_WDT is not set +# CONFIG_ALIM7101_WDT is not set +# CONFIG_EBC_C384_WDT is not set +# CONFIG_F71808E_WDT is not set +# CONFIG_SP5100_TCO is not set +# CONFIG_SBC_FITPC2_WATCHDOG is not set +# CONFIG_EUROTECH_WDT is not set +# CONFIG_IB700_WDT is not set +# CONFIG_IBMASR is not set +# CONFIG_WAFER_WDT is not set +# CONFIG_I6300ESB_WDT is not set +# CONFIG_IE6XX_WDT is not set +# CONFIG_ITCO_WDT is not set +# CONFIG_IT8712F_WDT is not set +# CONFIG_IT87_WDT is not set +# CONFIG_HP_WATCHDOG is not set +# CONFIG_SC1200_WDT is not set +# CONFIG_PC87413_WDT is not set +# CONFIG_NV_TCO is not set +# CONFIG_60XX_WDT is not set +# CONFIG_CPU5_WDT is not set +# CONFIG_SMSC_SCH311X_WDT is not set +# CONFIG_SMSC37B787_WDT is not set +# CONFIG_TQMX86_WDT is not set +# CONFIG_VIA_WDT is not set +# CONFIG_W83627HF_WDT is not set +# CONFIG_W83877F_WDT is not set +# CONFIG_W83977F_WDT is not set +# CONFIG_MACHZ_WDT is not set +# CONFIG_SBC_EPX_C3_WATCHDOG is not set +# CONFIG_NI903X_WDT is not set +# CONFIG_NIC7018_WDT is not set + +# +# PCI-based Watchdog Cards +# +# CONFIG_PCIPCWATCHDOG is not set +# CONFIG_WDTPCI is not set +CONFIG_SSB_POSSIBLE=y +CONFIG_SSB=m +CONFIG_SSB_SPROM=y +CONFIG_SSB_BLOCKIO=y +CONFIG_SSB_PCIHOST_POSSIBLE=y +CONFIG_SSB_PCIHOST=y +CONFIG_SSB_B43_PCI_BRIDGE=y +CONFIG_SSB_DRIVER_PCICORE_POSSIBLE=y +CONFIG_SSB_DRIVER_PCICORE=y +CONFIG_BCMA_POSSIBLE=y +CONFIG_BCMA=m +CONFIG_BCMA_BLOCKIO=y +CONFIG_BCMA_HOST_PCI_POSSIBLE=y +CONFIG_BCMA_HOST_PCI=y +# CONFIG_BCMA_HOST_SOC is not set +CONFIG_BCMA_DRIVER_PCI=y +# CONFIG_BCMA_DRIVER_GMAC_CMN is not set +# CONFIG_BCMA_DEBUG is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_MADERA is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_LPSS_PCI is not set +# CONFIG_MFD_INTEL_PMT is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_TQMX86 is not set +# CONFIG_MFD_VX855 is not set +# end of Multifunction device drivers + +# CONFIG_REGULATOR is not set +# CONFIG_RC_CORE is not set +# CONFIG_MEDIA_CEC_SUPPORT is not set +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +# CONFIG_AGP is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +# CONFIG_VGA_SWITCHEROO is not set +# CONFIG_DRM is not set + +# +# ARM devices +# +# end of ARM devices + +# +# Frame buffer Devices +# +# CONFIG_FB is not set +# end of Frame buffer Devices + +# +# Backlight & LCD device support +# +# CONFIG_LCD_CLASS_DEVICE is not set +# CONFIG_BACKLIGHT_CLASS_DEVICE is not set +# end of Backlight & LCD device support + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +# end of Console display driver support +# end of Graphics support + +# CONFIG_SOUND is not set + +# +# HID support +# +# CONFIG_HID is not set + +# +# Intel ISH HID support +# +# CONFIG_INTEL_ISH_HID is not set +# end of Intel ISH HID support +# end of HID support + +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +# CONFIG_USB_SUPPORT is not set +# CONFIG_MMC is not set +# CONFIG_MEMSTICK is not set +CONFIG_NEW_LEDS=y +CONFIG_LEDS_CLASS=y +# CONFIG_LEDS_CLASS_FLASH is not set +# CONFIG_LEDS_CLASS_MULTICOLOR is not set +# CONFIG_LEDS_BRIGHTNESS_HW_CHANGED is not set + +# +# LED drivers +# +# CONFIG_LEDS_APU is not set +# CONFIG_LEDS_CLEVO_MAIL is not set +# CONFIG_LEDS_INTEL_SS4200 is not set + +# +# LED driver for blink(1) USB RGB LED is under Special HID drivers (HID_THINGM) +# +# CONFIG_LEDS_MLXCPLD is not set +# CONFIG_LEDS_MLXREG is not set +# CONFIG_LEDS_USER is not set +# CONFIG_LEDS_NIC78BX is not set + +# +# Flash and Torch LED drivers +# + +# +# LED Triggers +# +CONFIG_LEDS_TRIGGERS=y +# CONFIG_LEDS_TRIGGER_TIMER is not set +# CONFIG_LEDS_TRIGGER_ONESHOT is not set +# CONFIG_LEDS_TRIGGER_HEARTBEAT is not set +# CONFIG_LEDS_TRIGGER_BACKLIGHT is not set +# CONFIG_LEDS_TRIGGER_CPU is not set +# CONFIG_LEDS_TRIGGER_ACTIVITY is not set +# CONFIG_LEDS_TRIGGER_DEFAULT_ON is not set + +# +# iptables trigger is under Netfilter config (LED target) +# +# CONFIG_LEDS_TRIGGER_TRANSIENT is not set +# CONFIG_LEDS_TRIGGER_CAMERA is not set +# CONFIG_LEDS_TRIGGER_PANIC is not set +# CONFIG_LEDS_TRIGGER_NETDEV is not set +# CONFIG_LEDS_TRIGGER_PATTERN is not set +# CONFIG_LEDS_TRIGGER_AUDIO is not set +# CONFIG_LEDS_TRIGGER_TTY is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +CONFIG_RTC_LIB=y +CONFIG_RTC_MC146818_LIB=y +CONFIG_RTC_CLASS=y +# CONFIG_RTC_HCTOSYS is not set +CONFIG_RTC_SYSTOHC=y +CONFIG_RTC_SYSTOHC_DEVICE="rtc0" +# CONFIG_RTC_DEBUG is not set +CONFIG_RTC_NVMEM=y + +# +# RTC interfaces +# +CONFIG_RTC_INTF_SYSFS=y +CONFIG_RTC_INTF_PROC=y +CONFIG_RTC_INTF_DEV=y +# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set +# CONFIG_RTC_DRV_TEST is not set + +# +# I2C RTC drivers +# + +# +# SPI RTC drivers +# + +# +# SPI and I2C RTC drivers +# + +# +# Platform RTC drivers +# +CONFIG_RTC_DRV_CMOS=y +# CONFIG_RTC_DRV_DS1286 is not set +# CONFIG_RTC_DRV_DS1511 is not set +# CONFIG_RTC_DRV_DS1553 is not set +# CONFIG_RTC_DRV_DS1685_FAMILY is not set +# CONFIG_RTC_DRV_DS1742 is not set +# CONFIG_RTC_DRV_DS2404 is not set +# CONFIG_RTC_DRV_STK17TA8 is not set +# CONFIG_RTC_DRV_M48T86 is not set +# CONFIG_RTC_DRV_M48T35 is not set +# CONFIG_RTC_DRV_M48T59 is not set +# CONFIG_RTC_DRV_MSM6242 is not set +# CONFIG_RTC_DRV_BQ4802 is not set +# CONFIG_RTC_DRV_RP5C01 is not set +# CONFIG_RTC_DRV_V3020 is not set + +# +# on-CPU RTC drivers +# +# CONFIG_RTC_DRV_FTRTC010 is not set + +# +# HID Sensor RTC drivers +# +# CONFIG_RTC_DRV_GOLDFISH is not set +# CONFIG_DMADEVICES is not set + +# +# DMABUF options +# +# CONFIG_SYNC_FILE is not set +# CONFIG_DMABUF_HEAPS is not set +# end of DMABUF options + +# CONFIG_AUXDISPLAY is not set +# CONFIG_UIO is not set +# CONFIG_VFIO is not set +# CONFIG_VIRT_DRIVERS is not set +CONFIG_VIRTIO=y +CONFIG_VIRTIO_PCI_LIB=y +CONFIG_VIRTIO_MENU=y +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_BALLOON=y +CONFIG_VIRTIO_INPUT=y +CONFIG_VIRTIO_MMIO=y +# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set +# CONFIG_VDPA is not set +CONFIG_VHOST_MENU=y +# CONFIG_VHOST_NET is not set +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set + +# +# Microsoft Hyper-V guest support +# +# end of Microsoft Hyper-V guest support + +# CONFIG_GREYBUS is not set +# CONFIG_COMEDI is not set +# CONFIG_STAGING is not set +# CONFIG_X86_PLATFORM_DEVICES is not set +CONFIG_PMC_ATOM=y +# CONFIG_CHROME_PLATFORMS is not set +# CONFIG_MELLANOX_PLATFORM is not set +# CONFIG_SURFACE_PLATFORMS is not set +CONFIG_HAVE_CLK=y +CONFIG_HAVE_CLK_PREPARE=y +CONFIG_COMMON_CLK=y + +# +# Clock driver for ARM Reference designs +# +# CONFIG_ICST is not set +# CONFIG_CLK_SP810 is not set +# end of Clock driver for ARM Reference designs + +# CONFIG_XILINX_VCU is not set +# CONFIG_HWSPINLOCK is not set + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_I8253_LOCK=y +CONFIG_CLKBLD_I8253=y +# end of Clock Source drivers + +# CONFIG_MAILBOX is not set +# CONFIG_IOMMU_SUPPORT is not set + +# +# Remoteproc drivers +# +# CONFIG_REMOTEPROC is not set +# end of Remoteproc drivers + +# +# Rpmsg drivers +# +# CONFIG_RPMSG_VIRTIO is not set +# end of Rpmsg drivers + +# CONFIG_SOUNDWIRE is not set + +# +# SOC (System On Chip) specific Drivers +# + +# +# Amlogic SoC drivers +# +# end of Amlogic SoC drivers + +# +# Broadcom SoC drivers +# +# end of Broadcom SoC drivers + +# +# NXP/Freescale QorIQ SoC drivers +# +# end of NXP/Freescale QorIQ SoC drivers + +# +# i.MX SoC drivers +# +# end of i.MX SoC drivers + +# +# Enable LiteX SoC Builder specific drivers +# +# end of Enable LiteX SoC Builder specific drivers + +# +# Qualcomm SoC drivers +# +# end of Qualcomm SoC drivers + +# CONFIG_SOC_TI is not set + +# +# Xilinx SoC drivers +# +# end of Xilinx SoC drivers +# end of SOC (System On Chip) specific Drivers + +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_VME_BUS is not set +# CONFIG_PWM is not set + +# +# IRQ chip support +# +# end of IRQ chip support + +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_PHY_CAN_TRANSCEIVER is not set +# CONFIG_BCM_KONA_USB2_PHY is not set +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_PHY_INTEL_LGM_EMMC is not set +# end of PHY Subsystem + +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# end of Performance monitor support + +# CONFIG_RAS is not set +# CONFIG_USB4 is not set + +# +# Android +# +# CONFIG_ANDROID is not set +# end of Android + +# CONFIG_LIBNVDIMM is not set +# CONFIG_DAX is not set +CONFIG_NVMEM=y +CONFIG_NVMEM_SYSFS=y +# CONFIG_NVMEM_RMEM is not set + +# +# HW tracing support +# +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set +# end of HW tracing support + +# CONFIG_FPGA is not set +# CONFIG_TEE is not set +# CONFIG_UNISYS_VISORBUS is not set +# CONFIG_SIOX is not set +# CONFIG_SLIMBUS is not set +# CONFIG_INTERCONNECT is not set +# CONFIG_COUNTER is not set +# end of Device Drivers + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +# CONFIG_VALIDATE_FS_PARSER is not set +# CONFIG_EXT2_FS is not set +# CONFIG_EXT3_FS is not set +# CONFIG_EXT4_FS is not set +# CONFIG_REISERFS_FS is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +# CONFIG_FS_DAX is not set +CONFIG_EXPORTFS=y +# CONFIG_EXPORTFS_BLOCK_OPS is not set +CONFIG_FILE_LOCKING=y +# CONFIG_FS_ENCRYPTION is not set +# CONFIG_FS_VERITY is not set +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +# CONFIG_FANOTIFY is not set +# CONFIG_QUOTA is not set +CONFIG_AUTOFS4_FS=y +CONFIG_AUTOFS_FS=y +# CONFIG_FUSE_FS is not set +# CONFIG_OVERLAY_FS is not set + +# +# Caches +# +# CONFIG_FSCACHE is not set +# end of Caches + +# +# CD-ROM/DVD Filesystems +# +# CONFIG_ISO9660_FS is not set +# CONFIG_UDF_FS is not set +# end of CD-ROM/DVD Filesystems + +# +# DOS/FAT/EXFAT/NT Filesystems +# +# CONFIG_MSDOS_FS is not set +# CONFIG_VFAT_FS is not set +# CONFIG_EXFAT_FS is not set +# CONFIG_NTFS_FS is not set +# CONFIG_NTFS3_FS is not set +# end of DOS/FAT/EXFAT/NT Filesystems + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y +CONFIG_PROC_VMCORE=y +# CONFIG_PROC_VMCORE_DEVICE_DUMP is not set +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +# CONFIG_PROC_CHILDREN is not set +CONFIG_PROC_PID_ARCH_STATUS=y +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +# CONFIG_TMPFS_POSIX_ACL is not set +# CONFIG_TMPFS_XATTR is not set +# CONFIG_TMPFS_INODE64 is not set +CONFIG_HUGETLBFS=y +CONFIG_HUGETLB_PAGE=y +CONFIG_HUGETLB_PAGE_FREE_VMEMMAP=y +# CONFIG_HUGETLB_PAGE_FREE_VMEMMAP_DEFAULT_ON is not set +CONFIG_MEMFD_CREATE=y +CONFIG_ARCH_HAS_GIGANTIC_PAGE=y +# CONFIG_CONFIGFS_FS is not set +# end of Pseudo filesystems + +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ORANGEFS_FS is not set +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_ECRYPT_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +# CONFIG_CRAMFS is not set +CONFIG_SQUASHFS=y +CONFIG_SQUASHFS_FILE_CACHE=y +# CONFIG_SQUASHFS_FILE_DIRECT is not set +CONFIG_SQUASHFS_DECOMP_SINGLE=y +# CONFIG_SQUASHFS_DECOMP_MULTI is not set +# CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU is not set +# CONFIG_SQUASHFS_XATTR is not set +CONFIG_SQUASHFS_ZLIB=y +CONFIG_SQUASHFS_LZ4=y +CONFIG_SQUASHFS_LZO=y +CONFIG_SQUASHFS_XZ=y +CONFIG_SQUASHFS_ZSTD=y +# CONFIG_SQUASHFS_4K_DEVBLK_SIZE is not set +# CONFIG_SQUASHFS_EMBEDDED is not set +CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3 +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +# CONFIG_PSTORE is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +# CONFIG_EROFS_FS is not set +CONFIG_NETWORK_FILESYSTEMS=y +# CONFIG_NFS_FS is not set +# CONFIG_NFSD is not set +# CONFIG_CEPH_FS is not set +# CONFIG_CIFS is not set +# CONFIG_SMB_SERVER is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_9P_FS=y +# CONFIG_9P_FS_POSIX_ACL is not set +# CONFIG_9P_FS_SECURITY is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="utf8" +# CONFIG_NLS_CODEPAGE_437 is not set +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +# CONFIG_NLS_ASCII is not set +# CONFIG_NLS_ISO8859_1 is not set +# CONFIG_NLS_ISO8859_2 is not set +# CONFIG_NLS_ISO8859_3 is not set +# CONFIG_NLS_ISO8859_4 is not set +# CONFIG_NLS_ISO8859_5 is not set +# CONFIG_NLS_ISO8859_6 is not set +# CONFIG_NLS_ISO8859_7 is not set +# CONFIG_NLS_ISO8859_9 is not set +# CONFIG_NLS_ISO8859_13 is not set +# CONFIG_NLS_ISO8859_14 is not set +# CONFIG_NLS_ISO8859_15 is not set +# CONFIG_NLS_KOI8_R is not set +# CONFIG_NLS_KOI8_U is not set +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +# CONFIG_NLS_UTF8 is not set +# CONFIG_UNICODE is not set +CONFIG_IO_WQ=y +# end of File systems + +# +# Security options +# +CONFIG_KEYS=y +# CONFIG_KEYS_REQUEST_CACHE is not set +# CONFIG_PERSISTENT_KEYRINGS is not set +# CONFIG_ENCRYPTED_KEYS is not set +# CONFIG_KEY_DH_OPERATIONS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +CONFIG_SECURITY=y +# CONFIG_SECURITYFS is not set +CONFIG_SECURITY_NETWORK=y +CONFIG_PAGE_TABLE_ISOLATION=y +# CONFIG_SECURITY_NETWORK_XFRM is not set +# CONFIG_SECURITY_PATH is not set +CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y +# CONFIG_HARDENED_USERCOPY is not set +# CONFIG_FORTIFY_SOURCE is not set +# CONFIG_STATIC_USERMODEHELPER is not set +# CONFIG_SECURITY_SMACK is not set +# CONFIG_SECURITY_TOMOYO is not set +# CONFIG_SECURITY_APPARMOR is not set +# CONFIG_SECURITY_LOADPIN is not set +# CONFIG_SECURITY_YAMA is not set +# CONFIG_SECURITY_SAFESETID is not set +# CONFIG_SECURITY_LOCKDOWN_LSM is not set +# CONFIG_SECURITY_LANDLOCK is not set +CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY_SIGNATURE is not set +# CONFIG_IMA is not set +# CONFIG_EVM is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,bpf" + +# +# Kernel hardening options +# + +# +# Memory initialization +# +CONFIG_INIT_STACK_NONE=y +# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set +# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set +# end of Memory initialization +# end of Kernel hardening options +# end of Security options + +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_SKCIPHER=y +CONFIG_CRYPTO_SKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_AKCIPHER2=y +CONFIG_CRYPTO_AKCIPHER=y +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_ACOMP2=y +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +# CONFIG_CRYPTO_USER is not set +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y +CONFIG_CRYPTO_GF128MUL=y +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +# CONFIG_CRYPTO_CRYPTD is not set +CONFIG_CRYPTO_AUTHENC=y +# CONFIG_CRYPTO_TEST is not set + +# +# Public-key cryptography +# +CONFIG_CRYPTO_RSA=y +# CONFIG_CRYPTO_DH is not set +# CONFIG_CRYPTO_ECDH is not set +# CONFIG_CRYPTO_ECDSA is not set +# CONFIG_CRYPTO_ECRDSA is not set +# CONFIG_CRYPTO_SM2 is not set +# CONFIG_CRYPTO_CURVE25519 is not set +# CONFIG_CRYPTO_CURVE25519_X86 is not set + +# +# Authenticated Encryption with Associated Data +# +CONFIG_CRYPTO_CCM=y +CONFIG_CRYPTO_GCM=y +# CONFIG_CRYPTO_CHACHA20POLY1305 is not set +# CONFIG_CRYPTO_AEGIS128 is not set +# CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_ECHAINIV=y + +# +# Block modes +# +CONFIG_CRYPTO_CBC=y +# CONFIG_CRYPTO_CFB is not set +CONFIG_CRYPTO_CTR=y +# CONFIG_CRYPTO_CTS is not set +# CONFIG_CRYPTO_ECB is not set +# CONFIG_CRYPTO_LRW is not set +# CONFIG_CRYPTO_OFB is not set +# CONFIG_CRYPTO_PCBC is not set +# CONFIG_CRYPTO_XTS is not set +# CONFIG_CRYPTO_KEYWRAP is not set +# CONFIG_CRYPTO_NHPOLY1305_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_AVX2 is not set +# CONFIG_CRYPTO_ADIANTUM is not set +# CONFIG_CRYPTO_ESSIV is not set + +# +# Hash modes +# +CONFIG_CRYPTO_CMAC=y +CONFIG_CRYPTO_HMAC=y +# CONFIG_CRYPTO_XCBC is not set +# CONFIG_CRYPTO_VMAC is not set + +# +# Digest +# +# CONFIG_CRYPTO_CRC32C is not set +# CONFIG_CRYPTO_CRC32C_INTEL is not set +# CONFIG_CRYPTO_CRC32 is not set +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +# CONFIG_CRYPTO_XXHASH is not set +# CONFIG_CRYPTO_BLAKE2B is not set +# CONFIG_CRYPTO_BLAKE2S is not set +# CONFIG_CRYPTO_BLAKE2S_X86 is not set +# CONFIG_CRYPTO_CRCT10DIF is not set +CONFIG_CRYPTO_GHASH=y +# CONFIG_CRYPTO_POLY1305 is not set +# CONFIG_CRYPTO_POLY1305_X86_64 is not set +# CONFIG_CRYPTO_MD4 is not set +CONFIG_CRYPTO_MD5=y +CONFIG_CRYPTO_MICHAEL_MIC=y +# CONFIG_CRYPTO_RMD160 is not set +# CONFIG_CRYPTO_SHA1 is not set +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +# CONFIG_CRYPTO_SHA256_SSSE3 is not set +# CONFIG_CRYPTO_SHA512_SSSE3 is not set +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +# CONFIG_CRYPTO_SHA3 is not set +# CONFIG_CRYPTO_SM3 is not set +# CONFIG_CRYPTO_STREEBOG is not set +# CONFIG_CRYPTO_WP512 is not set +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set + +# +# Ciphers +# +CONFIG_CRYPTO_AES=y +# CONFIG_CRYPTO_AES_TI is not set +# CONFIG_CRYPTO_AES_NI_INTEL is not set +# CONFIG_CRYPTO_BLOWFISH is not set +# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA is not set +# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_CAST5 is not set +# CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAST6 is not set +# CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set +# CONFIG_CRYPTO_DES is not set +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +# CONFIG_CRYPTO_FCRYPT is not set +# CONFIG_CRYPTO_CHACHA20 is not set +# CONFIG_CRYPTO_CHACHA20_X86_64 is not set +# CONFIG_CRYPTO_SERPENT is not set +# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set +# CONFIG_CRYPTO_SM4 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_TWOFISH is not set +# CONFIG_CRYPTO_TWOFISH_X86_64 is not set +# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set +# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set + +# +# Compression +# +# CONFIG_CRYPTO_DEFLATE is not set +# CONFIG_CRYPTO_LZO is not set +# CONFIG_CRYPTO_842 is not set +# CONFIG_CRYPTO_LZ4 is not set +# CONFIG_CRYPTO_LZ4HC is not set +# CONFIG_CRYPTO_ZSTD is not set + +# +# Random Number Generation +# +# CONFIG_CRYPTO_ANSI_CPRNG is not set +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +# CONFIG_CRYPTO_DRBG_HASH is not set +# CONFIG_CRYPTO_DRBG_CTR is not set +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +# CONFIG_CRYPTO_USER_API_HASH is not set +# CONFIG_CRYPTO_USER_API_SKCIPHER is not set +# CONFIG_CRYPTO_USER_API_RNG is not set +# CONFIG_CRYPTO_USER_API_AEAD is not set +CONFIG_CRYPTO_HASH_INFO=y + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_AES=y +CONFIG_CRYPTO_LIB_ARC4=y +# CONFIG_CRYPTO_LIB_BLAKE2S is not set +# CONFIG_CRYPTO_LIB_CHACHA is not set +# CONFIG_CRYPTO_LIB_CURVE25519 is not set +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 +# CONFIG_CRYPTO_LIB_POLY1305 is not set +# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_LIB_SHA256=y +# CONFIG_CRYPTO_HW is not set +CONFIG_ASYMMETRIC_KEY_TYPE=y +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y +CONFIG_X509_CERTIFICATE_PARSER=y +# CONFIG_PKCS8_PRIVATE_KEY_PARSER is not set +CONFIG_PKCS7_MESSAGE_PARSER=y +# CONFIG_PKCS7_TEST_KEY is not set +# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set + +# +# Certificates for signature checking +# +CONFIG_SYSTEM_TRUSTED_KEYRING=y +CONFIG_SYSTEM_TRUSTED_KEYS="" +# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +# CONFIG_SECONDARY_TRUSTED_KEYRING is not set +# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set +# end of Certificates for signature checking + +# +# Library routines +# +# CONFIG_PACKING is not set +CONFIG_BITREVERSE=y +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +CONFIG_GENERIC_FIND_FIRST_BIT=y +CONFIG_CORDIC=y +# CONFIG_PRIME_NUMBERS is not set +CONFIG_RATIONAL=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_ARCH_USE_SYM_ANNOTATIONS=y +CONFIG_CRC_CCITT=y +# CONFIG_CRC16 is not set +# CONFIG_CRC_T10DIF is not set +CONFIG_CRC_ITU_T=y +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +# CONFIG_CRC64 is not set +# CONFIG_CRC4 is not set +CONFIG_CRC7=y +# CONFIG_LIBCRC32C is not set +# CONFIG_CRC8 is not set +CONFIG_XXHASH=y +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_ZLIB_INFLATE=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_DECOMPRESS=y +CONFIG_ZSTD_DECOMPRESS=y +CONFIG_XZ_DEC=y +CONFIG_XZ_DEC_X86=y +CONFIG_XZ_DEC_POWERPC=y +CONFIG_XZ_DEC_IA64=y +CONFIG_XZ_DEC_ARM=y +CONFIG_XZ_DEC_ARMTHUMB=y +CONFIG_XZ_DEC_SPARC=y +CONFIG_XZ_DEC_BCJ=y +# CONFIG_XZ_DEC_TEST is not set +CONFIG_GENERIC_ALLOCATOR=y +CONFIG_ASSOCIATIVE_ARRAY=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_SWIOTLB=y +# CONFIG_DMA_API_DEBUG is not set +# CONFIG_DMA_MAP_BENCHMARK is not set +CONFIG_SGL_ALLOC=y +CONFIG_DQL=y +CONFIG_NLATTR=y +CONFIG_CLZ_TAB=y +# CONFIG_IRQ_POLL is not set +CONFIG_MPILIB=y +CONFIG_OID_REGISTRY=y +CONFIG_HAVE_GENERIC_VDSO=y +CONFIG_GENERIC_GETTIMEOFDAY=y +CONFIG_GENERIC_VDSO_TIME_NS=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y +CONFIG_ARCH_HAS_COPY_MC=y +CONFIG_ARCH_STACKWALK=y +CONFIG_SBITMAP=y +# end of Library routines + +# +# Kernel hacking +# + +# +# printk and dmesg options +# +CONFIG_PRINTK_TIME=y +# CONFIG_PRINTK_CALLER is not set +# CONFIG_STACKTRACE_BUILD_ID is not set +CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 +CONFIG_CONSOLE_LOGLEVEL_QUIET=4 +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_DYNAMIC_DEBUG is not set +# CONFIG_DYNAMIC_DEBUG_CORE is not set +CONFIG_SYMBOLIC_ERRNAME=y +CONFIG_DEBUG_BUGVERBOSE=y +# end of printk and dmesg options + +# +# Compile-time checks and compiler options +# +CONFIG_FRAME_WARN=2048 +# CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_HEADERS_INSTALL is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_STACK_VALIDATION=y +# end of Compile-time checks and compiler options + +# +# Generic Kernel Debugging Instruments +# +# CONFIG_MAGIC_SYSRQ is not set +CONFIG_DEBUG_FS=y +CONFIG_DEBUG_FS_ALLOW_ALL=y +# CONFIG_DEBUG_FS_DISALLOW_MOUNT is not set +# CONFIG_DEBUG_FS_ALLOW_NONE is not set +CONFIG_HAVE_ARCH_KGDB=y +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_UBSAN is not set +CONFIG_HAVE_ARCH_KCSAN=y +# end of Generic Kernel Debugging Instruments + +# CONFIG_DEBUG_KERNEL is not set + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_PAGE_POISONING is not set +# CONFIG_DEBUG_RODATA_TEST is not set +CONFIG_ARCH_HAS_DEBUG_WX=y +# CONFIG_DEBUG_WX is not set +CONFIG_GENERIC_PTDUMP=y +# CONFIG_SLUB_DEBUG_ON is not set +# CONFIG_SLUB_STATS is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y +# CONFIG_DEBUG_VM_PGTABLE is not set +CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y +CONFIG_DEBUG_MEMORY_INIT=y +CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y +CONFIG_HAVE_ARCH_KASAN=y +CONFIG_HAVE_ARCH_KASAN_VMALLOC=y +CONFIG_CC_HAS_KASAN_GENERIC=y +CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y +# CONFIG_KASAN is not set +CONFIG_HAVE_ARCH_KFENCE=y +# CONFIG_KFENCE is not set +# end of Memory Debugging + +# +# Debug Oops, Lockups and Hangs +# +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y +# CONFIG_TEST_LOCKUP is not set +# end of Debug Oops, Lockups and Hangs + +# +# Scheduler Debugging +# +CONFIG_SCHED_INFO=y +# end of Scheduler Debugging + +# CONFIG_DEBUG_TIMEKEEPING is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +CONFIG_LOCK_DEBUGGING_SUPPORT=y +# CONFIG_WW_MUTEX_SELFTEST is not set +# end of Lock Debugging (spinlocks, mutexes, etc...) + +# CONFIG_DEBUG_IRQFLAGS is not set +CONFIG_STACKTRACE=y +# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set + +# +# Debug kernel data structures +# +# CONFIG_BUG_ON_DATA_CORRUPTION is not set +# end of Debug kernel data structures + +# +# RCU Debugging +# +# end of RCU Debugging + +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_ARGS=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_OBJTOOL_MCOUNT=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_TRACING_SUPPORT=y +# CONFIG_FTRACE is not set +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_SAMPLES is not set +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y +CONFIG_STRICT_DEVMEM=y +# CONFIG_IO_STRICT_DEVMEM is not set + +# +# x86 Debugging +# +CONFIG_TRACE_IRQFLAGS_NMI_SUPPORT=y +CONFIG_EARLY_PRINTK_USB=y +CONFIG_X86_VERBOSE_BOOTUP=y +CONFIG_EARLY_PRINTK=y +CONFIG_EARLY_PRINTK_DBGP=y +# CONFIG_EARLY_PRINTK_USB_XDBC is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +# CONFIG_PUNIT_ATOM_DEBUG is not set +CONFIG_UNWINDER_ORC=y +# CONFIG_UNWINDER_FRAME_POINTER is not set +# end of x86 Debugging + +# +# Kernel Testing and Coverage +# +# CONFIG_KUNIT is not set +CONFIG_ARCH_HAS_KCOV=y +CONFIG_CC_HAS_SANCOV_TRACE_PC=y +# CONFIG_KCOV is not set +# CONFIG_RUNTIME_TESTING_MENU is not set +CONFIG_ARCH_USE_MEMTEST=y +# CONFIG_MEMTEST is not set +# end of Kernel Testing and Coverage +# end of Kernel hacking diff --git a/aports/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch b/aports/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch new file mode 100644 index 0000000..3d41060 --- /dev/null +++ b/aports/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch @@ -0,0 +1,25 @@ +From 78245081fe109ed7777b79ba9c99890d56c21272 Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Wed, 1 Feb 2017 04:04:52 +0000 +Subject: [PATCH] call /sbin/mkmntdirs in localmount OpenRC service + +--- + init.d/localmount.in | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/init.d/localmount.in b/init.d/localmount.in +index c571504a..14189396 100644 +--- a/init.d/localmount.in ++++ b/init.d/localmount.in +@@ -21,6 +21,8 @@ depend() + + start() + { ++ [ -x /sbin/mkmntdirs ] && mkmntdirs ++ + # Mount local filesystems in /etc/fstab. + # The types variable must start with no, and must be a type + local critical= types="noproc" x= no_netdev= rc= +-- +2.33.1 + diff --git a/aports/openrc/0002-fsck-don-t-add-C0-to-busybox-fsck.patch b/aports/openrc/0002-fsck-don-t-add-C0-to-busybox-fsck.patch new file mode 100644 index 0000000..1d79818 --- /dev/null +++ b/aports/openrc/0002-fsck-don-t-add-C0-to-busybox-fsck.patch @@ -0,0 +1,35 @@ +From b143f35a45d59708365a52e329fd8caa6475a9bb Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Tue, 28 Nov 2017 13:35:10 +0100 +Subject: [PATCH] fsck: don't add -C0 to busybox fsck + +--- + init.d/fsck.in | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/init.d/fsck.in b/init.d/fsck.in +index 7052d808..99a9ae4f 100644 +--- a/init.d/fsck.in ++++ b/init.d/fsck.in +@@ -82,7 +82,7 @@ start() + local skiptypes + skiptypes=$(printf 'no%s,' ${net_fs_list} ${extra_net_fs_list}) + [ "${skiptypes}" = "no," ] && skiptypes="" +- fsck_opts="$fsck_opts -C0 -T -t ${skiptypes}noopts=_netdev" ++ fsck_opts="$fsck_opts -T -t ${skiptypes}noopts=_netdev" + if [ -z "$fsck_passno" -a -z "$fsck_mnt" ]; then + fsck_args=${fsck_args:--A -p} + if echo 2>/dev/null >/.test.$$; then +@@ -90,6 +90,9 @@ start() + fsck_opts="$fsck_opts -R" + fi + fi ++ if [ "$(readlink -f $(which fsck))" != "/bin/busybox" ]; then ++ fsck_opts="$fsck_opts -C0" ++ fi + fi + + trap : INT QUIT +-- +2.33.1 + diff --git a/aports/openrc/0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch b/aports/openrc/0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch new file mode 100644 index 0000000..546ccb7 --- /dev/null +++ b/aports/openrc/0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch @@ -0,0 +1,70 @@ +From 17f33c1968a51484eefdafbfb5b8fef5ac13d215 Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Wed, 1 Feb 2017 04:17:14 +0000 +Subject: [PATCH] rc: pull in sysinit and boot as stacked levels when needed + +We need start services from sysinit and boot runlevel, even if the new +runlevel is empty. + +This fixes problem introduced with commit 7716bf31 (Fix stacked runlevel +support), at which the start_services list are no longer used to start +the services. + +This also make sure that all services in sysinit and boot runlevels are +started before switching to next. This was not guaranteed when switching +to a non-empty runlevel. + +Fixes issue #54. +--- + src/rc/rc.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/rc/rc.c b/src/rc/rc.c +index ef46925d..82786074 100644 +--- a/src/rc/rc.c ++++ b/src/rc/rc.c +@@ -729,6 +729,7 @@ int main(int argc, char **argv) + const char *bootlevel = NULL; + char *newlevel = NULL; + const char *systype = NULL; ++ RC_STRINGLIST *runlevel_chain; + RC_STRINGLIST *deporder = NULL; + RC_STRINGLIST *tmplist; + RC_STRING *service; +@@ -986,6 +987,7 @@ int main(int argc, char **argv) + main_hotplugged_services = rc_services_in_state(RC_SERVICE_HOTPLUGGED); + main_start_services = rc_services_in_runlevel_stacked(newlevel ? + newlevel : runlevel); ++ runlevel_chain = rc_runlevel_stacks(newlevel ? newlevel : runlevel); + if (strcmp(newlevel ? newlevel : runlevel, RC_LEVEL_SHUTDOWN) != 0 && + strcmp(newlevel ? newlevel : runlevel, RC_LEVEL_SYSINIT) != 0) + { +@@ -1003,6 +1005,7 @@ int main(int argc, char **argv) + tmplist = rc_services_in_runlevel(bootlevel); + TAILQ_CONCAT(main_start_services, tmplist, entries); + free(tmplist); ++ rc_stringlist_add(runlevel_chain, bootlevel); + } + if (main_hotplugged_services) { + TAILQ_FOREACH(service, main_hotplugged_services, +@@ -1011,6 +1014,7 @@ int main(int argc, char **argv) + service->value); + } + } ++ rc_stringlist_add(runlevel_chain, RC_LEVEL_SYSINIT); + } + + parallel = rc_conf_yesno("rc_parallel"); +@@ -1067,9 +1071,6 @@ int main(int argc, char **argv) + + /* If we have a list of services to start then... */ + if (main_start_services) { +- /* Get a list of the chained runlevels which compose the target runlevel */ +- RC_STRINGLIST *runlevel_chain = rc_runlevel_stacks(runlevel); +- + /* Loop through them in reverse order. */ + RC_STRING *rlevel; + TAILQ_FOREACH_REVERSE(rlevel, runlevel_chain, rc_stringlist, entries) +-- +2.33.1 + diff --git a/aports/openrc/0004-make-consolefont-service-compatible-with-busyboxs-se.patch b/aports/openrc/0004-make-consolefont-service-compatible-with-busyboxs-se.patch new file mode 100644 index 0000000..b92b5ac --- /dev/null +++ b/aports/openrc/0004-make-consolefont-service-compatible-with-busyboxs-se.patch @@ -0,0 +1,70 @@ +From 613fb7f437c42e0ed01b2366b597598235e64a2d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= +Date: Wed, 17 Aug 2016 17:52:58 +0200 +Subject: [PATCH] make consolefont service compatible with busyboxs setfont + applet + +Compared to kdbs setfont program it doesn't support -O and -m. +--- + conf.d/consolefont | 11 ++--------- + init.d/consolefont.in | 7 ++----- + 2 files changed, 4 insertions(+), 14 deletions(-) + +diff --git a/conf.d/consolefont b/conf.d/consolefont +index e01ae842..75544b2f 100644 +--- a/conf.d/consolefont ++++ b/conf.d/consolefont +@@ -3,16 +3,9 @@ + # + # consolefont specifies the default font that you'd like Linux to use on the + # console. You can find a good selection of fonts in /usr/share/consolefonts; +-# you shouldn't specify the trailing ".psf.gz", just the font name below. +-# To use the default console font, comment out the CONSOLEFONT setting below. +-consolefont="default8x16" ++consolefont="default8x16.psf.gz" + + # consoletranslation is the charset map file to use. Leave commented to use + # the default one. Have a look in /usr/share/consoletrans for a selection of + # map files you can use. +-#consoletranslation="8859-1_to_uni" +- +-# unicodemap is the unicode map file to use. Leave commented to use the +-# default one. Have a look in /usr/share/unimaps for a selection of map files +-# you can use. +-#unicodemap="iso01" ++#consoletranslation="8859-1_to_uni.trans" +diff --git a/init.d/consolefont.in b/init.d/consolefont.in +index d65dd14c..ccb6ee87 100644 +--- a/init.d/consolefont.in ++++ b/init.d/consolefont.in +@@ -22,7 +22,6 @@ start() + { + ttyn=${rc_tty_number:-${RC_TTY_NUMBER:-12}} + consolefont=${consolefont:-${CONSOLEFONT}} +- unicodemap=${unicodemap:-${UNICODEMAP}} + consoletranslation=${consoletranslation:-${CONSOLETRANSLATION}} + + if [ -z "$consolefont" ]; then +@@ -43,9 +42,6 @@ start() + if [ -n "$consoletranslation" ]; then + param="$param -m $consoletranslation" + fi +- if [ -n "${unicodemap}" ]; then +- param="$param -u $unicodemap" +- fi + + # Set the console font + ebegin "Setting console font [$consolefont]" +@@ -63,7 +59,8 @@ start() + # Store the font so we can use it ASAP on boot + if [ $retval -eq 0 ] && checkpath -W "$RC_LIBEXECDIR"; then + mkdir -p "$RC_LIBEXECDIR"/console +- setfont -O "$RC_LIBEXECDIR"/console/font ++ zcat "/usr/share/consolefonts/$consolefont" \ ++ > "$RC_LIBEXECDIR"/console/font + fi + + return $retval +-- +2.33.1 + diff --git a/aports/openrc/0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch b/aports/openrc/0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch new file mode 100644 index 0000000..f25d984 --- /dev/null +++ b/aports/openrc/0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch @@ -0,0 +1,31 @@ +From a07970bf087c089f467eefa30c2476f17f6e9536 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= +Date: Thu, 7 Mar 2019 16:55:53 +0100 +Subject: [PATCH] Support early loading of keymap if kbd is installed + +Early loading of the keymap with busybox was never supported and would +require modifying the save-keymaps services as well. Since no one +complained that it doesn't work with busybox so far just make it work +with kbd for now. +--- + sh/init-early.sh.Linux.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sh/init-early.sh.Linux.in b/sh/init-early.sh.Linux.in +index f304e924..7571ff3d 100644 +--- a/sh/init-early.sh.Linux.in ++++ b/sh/init-early.sh.Linux.in +@@ -48,8 +48,8 @@ if service_present "$RC_DEFAULTLEVEL" consolefont || + fi + + # Try and set a keyboard map as early as possible +-if service_present "$RC_DEFAULTLEVEL" keymaps || +- service_present "$RC_BOOTLEVEL" keymaps; then ++if service_present "$RC_DEFAULTLEVEL" loadkeys || ++ service_present "$RC_BOOTLEVEL" loadkeys; then + kbd_mode $kmode -C "$CONSOLE" 2>/dev/null + if [ -r "$RC_LIBEXECDIR"/console/keymap ]; then + loadkeys -q "$RC_LIBEXECDIR"/console/keymap 2>/dev/null +-- +2.33.1 + diff --git a/aports/openrc/0006-Add-support-for-starting-services-in-a-specified-VRF.patch b/aports/openrc/0006-Add-support-for-starting-services-in-a-specified-VRF.patch new file mode 100644 index 0000000..6f7ed69 --- /dev/null +++ b/aports/openrc/0006-Add-support-for-starting-services-in-a-specified-VRF.patch @@ -0,0 +1,101 @@ +From c250503412b061e69a99cfe12514e47fc06b5885 Mon Sep 17 00:00:00 2001 +From: Ariadne Conill +Date: Fri, 14 Feb 2020 16:02:43 +0000 +Subject: [PATCH] Add support for starting services in a specified VRF. + +The venerable iproute2 utility has recently introduced support +for executing programs in specific VRFs which are virtualized +routing tables. These are typically used to isolate different +networking planes from each other, for security or flexibility +reasons. + +Services which use the normal supervisor/start-stop-daemon +pattern can be configured by setting the vrf variable in the +/etc/conf.d tree for the service. + +This allows for things like configuring the sshd service to +run in a management VRF, which is useful for high assurance +environments where the management plane is intended to be +isolated. + +Signed-off-by: Ariadne Conill +--- + sh/openrc-run.sh.in | 6 ++++++ + sh/runit.sh | 2 +- + sh/s6.sh | 2 +- + sh/start-stop-daemon.sh | 2 +- + sh/supervise-daemon.sh | 2 +- + 5 files changed, 10 insertions(+), 4 deletions(-) + +diff --git a/sh/openrc-run.sh.in b/sh/openrc-run.sh.in +index 5c84af45..a1f374b0 100644 +--- a/sh/openrc-run.sh.in ++++ b/sh/openrc-run.sh.in +@@ -236,6 +236,12 @@ if ! sourcex -e "$_conf_d/$RC_SVCNAME.$RC_RUNLEVEL"; then + fi + unset _conf_d + ++# If we are configured to run in a VRF, provide a hint for that ++RC_VRF_EXEC="" ++if [ -n "$vrf" ]; then ++ RC_VRF_EXEC="/sbin/ip vrf exec $vrf" ++fi ++ + # load service supervisor functions + sourcex "@LIBEXECDIR@/sh/runit.sh" + sourcex "@LIBEXECDIR@/sh/s6.sh" +diff --git a/sh/runit.sh b/sh/runit.sh +index 5d82c9f6..c0186a43 100644 +--- a/sh/runit.sh ++++ b/sh/runit.sh +@@ -23,7 +23,7 @@ runit_start() + local i=0 retval=1 + # it can take upto 5 seconds for runsv to start + while [ $i -lt 6 ] ; do +- if sv start "${service_link}" > /dev/null 2>&1; then ++ if ${RC_VRF_EXEC} sv start "${service_link}" > /dev/null 2>&1; then + retval=0 + break + fi +diff --git a/sh/s6.sh b/sh/s6.sh +index acbe965b..1f339703 100644 +--- a/sh/s6.sh ++++ b/sh/s6.sh +@@ -37,7 +37,7 @@ s6_start() + ln -sf "${s6_service_path}" "${s6_service_link}" + s6-svscanctl -na "${RC_SVCDIR}"/s6-scan + sleep 1.5 +- s6-svc -u "${s6_service_link}" ++ ${RC_VRF_EXEC} s6-svc -u "${s6_service_link}" + if [ -n "$s6_svwait_options_start" ]; then + s6-svwait ${s6_svwait_options_start} "${s6_service_link}" + fi +diff --git a/sh/start-stop-daemon.sh b/sh/start-stop-daemon.sh +index 2e549ae1..5e7a1b88 100644 +--- a/sh/start-stop-daemon.sh ++++ b/sh/start-stop-daemon.sh +@@ -45,7 +45,7 @@ ssd_start() + #the eval call is necessary for cases like: + # command_args="this \"is a\" test" + # to work properly. +- eval start-stop-daemon --start \ ++ eval ${RC_VRF_EXEC} start-stop-daemon --start \ + --exec $command \ + ${chroot:+--chroot} $chroot \ + ${directory:+--chdir} $directory \ +diff --git a/sh/supervise-daemon.sh b/sh/supervise-daemon.sh +index e403a789..259b8166 100644 +--- a/sh/supervise-daemon.sh ++++ b/sh/supervise-daemon.sh +@@ -24,7 +24,7 @@ supervise_start() + # The eval call is necessary for cases like: + # command_args="this \"is a\" test" + # to work properly. +- eval supervise-daemon "${RC_SVCNAME}" --start \ ++ eval ${RC_VRF_EXEC} supervise-daemon "${RC_SVCNAME}" --start \ + ${retry:+--retry} $retry \ + ${directory:+--chdir} $directory \ + ${chroot:+--chroot} $chroot \ +-- +2.33.1 + diff --git a/aports/openrc/0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch b/aports/openrc/0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch new file mode 100644 index 0000000..34100ef --- /dev/null +++ b/aports/openrc/0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch @@ -0,0 +1,47 @@ +From f406231dc9a49b67ca558983de80513f95078309 Mon Sep 17 00:00:00 2001 +From: Ariadne Conill +Date: Wed, 8 Sep 2021 23:51:11 -0600 +Subject: [PATCH] Clean up staticroute config - remove irrelevant parts (for + BSD, Hurd) and suggest that route(8) is legacy. + +--- + conf.d/staticroute | 23 +++-------------------- + 1 file changed, 3 insertions(+), 20 deletions(-) + +diff --git a/conf.d/staticroute b/conf.d/staticroute +index 19d0961f..49d0e0bb 100644 +--- a/conf.d/staticroute ++++ b/conf.d/staticroute +@@ -1,26 +1,9 @@ +-# Static routes are defined differently depending on your operating +-# system, so please be sure to use the correct syntax. + # Do not use this file to define the default route. + # In all settings, multiple routes should be separated using ; or new lines. + +-# Define static routes on Linux using route. See route(8) for syntax. +-#staticroute="net 192.168.0.0 netmask 255.255.255.0 gw 10.73.1.1 +-#net 192.168.1.0 netmask 255.255.255.0 gw 10.73.1.1" +- + # Define static routes on Linux using iproute2. See ip(8) for syntax. + #staticiproute="192.168.0.0/24 via 10.73.1.1; 192.168.1.0/24 via 10.73.1.1" + +-# Define static routes on GNU/Hurd. See route(8) for syntax. +-# /etc/route.conf(5) takes precedence over this configuration. +-# FIXME: "net ..." not supported +-#staticroute="net 192.168.0.0 -netmask 255.255.255.0 --address 10.73.1.1 +-#net 192.168.1.0 -netmask 255.255.255.0 --address 10.73.1.1" +- +-# Define static routes on GNU/KFreeBSD. See route(8) for syntax. +-#staticroute="net 192.168.0.0 10.73.1.1 netmask 255.255.255.0 +-#net 192.168.1.0 10.73.1.1 netmask 255.255.255.0" +- +-# Define static routes on other BSD systems. See route(8) for syntax. +-# /etc/route.conf(5) takes precedence over this configuration. +-#staticroute="net 192.168.0.0 -netmask 255.255.255.0 10.73.1.1 +-#net 192.168.1.0 -netmask 255.255.255.0 10.73.1.1" ++# Or define static routes on Linux using route (legacy). See route(8) for syntax. ++#staticroute="net 192.168.0.0 netmask 255.255.255.0 gw 10.73.1.1 ++#net 192.168.1.0 netmask 255.255.255.0 gw 10.73.1.1" +-- +2.33.1 + diff --git a/aports/openrc/0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch b/aports/openrc/0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch new file mode 100644 index 0000000..f498d05 --- /dev/null +++ b/aports/openrc/0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch @@ -0,0 +1,44 @@ +From a756576ae62e4f24a2ea36e87053187cdfc1be63 Mon Sep 17 00:00:00 2001 +From: Ariadne Conill +Date: Wed, 13 Oct 2021 21:12:10 -0600 +Subject: [PATCH] bootmisc: switch wipe_tmp setting to no by default + +When wipe_tmp=yes, an insufficiently bounded rm -rf occurs that, +under specific unknown circumstances, can escape into other filesystems +resulting in data loss. + +See alpine/aports#13070. +--- + conf.d/bootmisc | 2 +- + init.d/bootmisc.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/conf.d/bootmisc b/conf.d/bootmisc +index dd5b08e0..5cf18d33 100644 +--- a/conf.d/bootmisc ++++ b/conf.d/bootmisc +@@ -3,7 +3,7 @@ clean_tmp_dirs="/tmp" + + # Should we wipe the tmp paths completely or just selectively remove known + # locks / files / etc... ? +-wipe_tmp="YES" ++wipe_tmp="NO" + + # Write the initial dmesg log into /var/log/dmesg after boot + # This may be useful if you need the kernel boot log afterwards +diff --git a/init.d/bootmisc.in b/init.d/bootmisc.in +index b1a849a3..8485110a 100644 +--- a/init.d/bootmisc.in ++++ b/init.d/bootmisc.in +@@ -17,7 +17,7 @@ depend() + keyword -prefix -timeout + } + +-: ${wipe_tmp:=${WIPE_TMP:-yes}} ++: ${wipe_tmp:=${WIPE_TMP:-no}} + : ${log_dmesg:=${LOG_DMESG:-yes}} + + cleanup_tmp_dir() +-- +2.33.1 + diff --git a/aports/openrc/APKBUILD b/aports/openrc/APKBUILD new file mode 100644 index 0000000..fd2f6de --- /dev/null +++ b/aports/openrc/APKBUILD @@ -0,0 +1,124 @@ +# Maintainer: Gabor Pali +pkgname=openrc +pkgver=0.44.7 +pkgrel=5 +pkgdesc="OpenRC manages the services, startup and shutdown of a host" +url="https://github.com/OpenRC/openrc" +arch="all" +license="BSD-2-Clause" +depends="ifupdown-any" +makedepends="bsd-compat-headers linux-headers" +checkdepends= +subpackages= +install= +source="$pkgname-$pkgver.tar.gz::https://github.com/OpenRC/openrc/archive/$pkgver.tar.gz + + 0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch + 0002-fsck-don-t-add-C0-to-busybox-fsck.patch + 0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch + 0004-make-consolefont-service-compatible-with-busyboxs-se.patch + 0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch + 0006-Add-support-for-starting-services-in-a-specified-VRF.patch + 0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch + 0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch + seedrng.patch + + openrc.logrotate + hostname.initd + hwdrivers.initd + modules.initd + modloop.initd + modloop.confd + sysfsconf.initd + firstboot.initd + sysctl.initd + machine-id.initd + " + +# secfixes: +# 0.44.6-r1: +# - CVE-2021-42341 + +prepare() { + default_prepare + sed -i -e '/^sed/d' "$builddir"/pkgconfig/Makefile +} + +build() { + export MKZSHCOMP=no + export MKBASHCOMP=no + make LIBDIR=/lib LIBEXECDIR=/lib/rc +} + +package() { + local i j + + make LIBEXECDIR=/lib/rc DESTDIR="$pkgdir/" install + + # we cannot have anything turned on by default + rm -f "$pkgdir"/etc/runlevels/*/* + + # we still use our ifup/ifdown based net config + rm -f "$pkgdir"/etc/conf.d/network "$pkgdir"/etc/init.d/network + + # our hostname init script reads hostname from /etc/hostname + rm -f "$pkgdir"/etc/conf.d/hostname + + # we override some of the scripts + for i in "$srcdir"/*.initd; do + j=${i##*/} + install -Dm755 $i "$pkgdir"/etc/init.d/${j%.initd} + done + + # we override some of the conf.d files + for i in "$srcdir"/*.confd; do + j=${i##*/} + install -Dm644 $i "$pkgdir"/etc/conf.d/${j%.confd} + done + + # we use a virtual keymaps services to allow users to set their + # keymaps either with the OpenRC loadkeys service provided by + # the kbd aport or with the loadkmap service provided by the + # busybox-initscripts aport. + rm -f "$pkgdir/etc/init.d/keymaps" \ + "$pkgdir/etc/conf.d/keymaps" + + install -Dm644 "$srcdir/$pkgname.logrotate" "$pkgdir/etc/logrotate.d/$pkgname" + install -d "$pkgdir"/etc/local.d "$pkgdir"/run + + # openrc upstream removed service(8) for whatever reason, put it back + ln -s /sbin/rc-service "$pkgdir"/sbin/service + + # remove deprecated /sbin/runscript to avoid conflict with minicom + rm "$pkgdir"/sbin/runscript + + rm -rf "$pkgdir"/usr/share/man \ + "$pkgdir"/usr/share/openrc \ + "$pkgdir"/usr/include \ + "$pkgdir"/usr/lib/pkgconfig \ + "$pkgdir"/etc/sysctl.d/README \ + "$pkgdir"/etc/local.d/README +} + +sha512sums=" +c6b3e2e30615d97a5185320a140ced881bc59ba31ea8dff5d80440396166af237826de6ffc7836ec141e305c92176cd9cc3dabff7e42ac0d80e5238513fefdb7 openrc-0.44.7.tar.gz +6085d127f7385eb86a00676a263c8613748fb0cbbf064bc908d346a1b368e226d8a3014e871d281f57d334a70ec1301269fe431e085f0e907b4f6ef8a99bf07f 0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch +3f47b4f7e6c5b7fb53ff8a13470fbada67f7470e5eba71a683e6c022162c3905f560d561c3d61698e3fde367d6ae715edf76e99949f52a22a3bbf79debc33f64 0002-fsck-don-t-add-C0-to-busybox-fsck.patch +61c72be18283108163bde4349616e55adb535bd34312ee09f90fcd85277ffe17dcef792bbf465877c0d8b1fec87a3836f714d8d849a9cf322902a89bc1256e13 0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch +71a743bf969110a27259405ef4b4dc4fad608b8e49039fd6afb1b1486d0f1dfccc3ef5275410fa3d6d1554ccee59c5a3424be4f2919e14453ebb709282c588a7 0004-make-consolefont-service-compatible-with-busyboxs-se.patch +9e2ae6c8e189ceae0f3f2662d9504f796e9a6a987a26ee2e10add85746b6596eb04cc256dc532a39f711b4e1aa07f1d12a384ef45d23cab49878b887bf0a878c 0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch +8bf00b82d7fc0eb1b529ec735009f91d277141ba7e5c04e23d10bbcf36eb453f0b31d48aec45e50b5be4c14f611acc4454933f3cefdf8beab07d851328223464 0006-Add-support-for-starting-services-in-a-specified-VRF.patch +431ac28808e684bea5511386bf5f06efe7f509f1dbe7e15ae6309563d813deae8f3edd872a0943ef8088e3cf778d7bc5ebd15a893dc4a08f4022b7a56bbafc63 0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch +475f4ea63b9b5d7eb9c623e96b6cc3d3072abcb7194d0045b84e0688836c8514fccfc68b0eae0b4bee60878cdea8042c3ce7e48406ee7a2f0e4a3e128a153468 0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch +715af2188cf4d1ed42f75b31ad718f5c533ea6f8cfc3c5df0fd7fc4240cd342dc637b7edf358c5da1e77d700618adaa7927ddaeae60698dd9f130dd64d83d8d5 seedrng.patch +12bb6354e808fbf47bbab963de55ee7901738b4a912659982c57ef2777fff9a670e867fcb8ec316a76b151032c92dc89a950d7d1d835ef53f753a8f3b41d2cec openrc.logrotate +493f27d588e64bb2bb542b32493ed05873f4724e8ad1751002982d7b4e07963cfb72f93603b2d678f305177cf9556d408a87b793744c6b7cd46cf9be4b744c02 hostname.initd +c06eac7264f6cc6888563feeae5ca745aae538323077903de1b19102e4f16baa34c18b8c27af5dd5423e7670834e2261e9aa55f2b1ec8d8fdc2be105fe894d55 hwdrivers.initd +7113c930f7f5fb5b345b115db175f8e5837e3541b3e022d5cecf1b59067ed4b40b2adea2324a008035b97d653311217ac5cf961b4d0fc8b714a8b2505883cdc6 modules.initd +61857beb0ce1b462ff4bde595ee3808d12b1c51935e6a6bc263bf26a4adc99b434676277e270d82ed2886ceb9c82cb2a5604887bc25fef20bec223097c4d0ee4 modloop.initd +80e43ded522e2d48b876131c7c9997debd43f3790e0985801a8c1dd60bc6e09f625b35a127bf225eb45a65eec7808a50d1c08a5e8abceafc61726211e061e0a2 modloop.confd +d76c75c58e6f4b0801edac4e081b725ef3d50a9a8c9bbb5692bf4d0f804af7d383bf71a73d5d03ed348a89741ef0b2427eb6a7cbf5a9b9ff60a240639fa6ec88 sysfsconf.initd +990855f875513a85c2b737685ac5bfdfa86f8dadacf00c1826a456547f99b69d4ecf1b9a09c0ce002f1df618b44b1febabe53f95a2c0cd02b504d565bccb50c8 firstboot.initd +2d5f9f6d41b7c0a8643cfdee1ce3c399bfe4ebff54421f33ab1e74c1c4c1b96a49e54b5cd69f0339a060342e4e5a11067bbff68c39fa487919259d73e8e46ed1 sysctl.initd +35682e1742196133b79e4a0b21fe8df039a982ba4fdd0181b1e3872f3885e40726179d4996fec83a1da11ff314d71f8910609c1c05acb3d0f9b923147e2f1d55 machine-id.initd +" diff --git a/aports/openrc/firstboot.initd b/aports/openrc/firstboot.initd new file mode 100644 index 0000000..eac4ef8 --- /dev/null +++ b/aports/openrc/firstboot.initd @@ -0,0 +1,34 @@ +#!/sbin/openrc-run + +# The first boot init service + +# read kernel options +init_KOPT() { + eval "set -- $(cat /proc/cmdline 2>/dev/null)" + for opt; do + case "$opt" in + ssh_*=*) + eval "KOPT_${opt%%=*}='${opt#*=}'" ;; + esac + done +} + +start() { + rm -f /etc/runlevels/*/$RC_SVCNAME + init_KOPT + local rc=0 + ebegin "Starting ${RC_SVCNAME}" + if [ -n "$KOPT_ssh_key" ] && [ ! -f "/root/.ssh/authorized_keys" ]; then + einfo "Fetching ssh keys" + mkdir -pm 700 /root/.ssh + checkpath -fm 0600 /root/.ssh/authorized_keys + case "$KOPT_ssh_key" in + https://*|ftps://*|http://*) + wget -q "$KOPT_ssh_key" -O /root/.ssh/authorized_keys + rc=$?;; + *) echo "$KOPT_ssh_key" > /root/.ssh/authorized_keys;; + esac + fi + eend $rc +} + diff --git a/aports/openrc/hostname.initd b/aports/openrc/hostname.initd new file mode 100644 index 0000000..bd20874 --- /dev/null +++ b/aports/openrc/hostname.initd @@ -0,0 +1,18 @@ +#!/sbin/openrc-run + +description="Sets the hostname of the machine." + +depend() { + keyword -prefix -lxc -docker +} + +start() { + if [ -s /etc/hostname ] ; then + opts="-F /etc/hostname" + else + opts="${hostname:-localhost}" + fi + ebegin "Setting hostname" + hostname $opts + eend $? +} diff --git a/aports/openrc/hwdrivers.initd b/aports/openrc/hwdrivers.initd new file mode 100644 index 0000000..80184c9 --- /dev/null +++ b/aports/openrc/hwdrivers.initd @@ -0,0 +1,32 @@ +#!/sbin/openrc-run + +depend() { + need sysfs dev + before checkfs fsck + after modloop + keyword -vserver -lxc +} + +# Load hardware drivers +start() { + # check for boot option "nocoldplug" + if get_bootparam noautodetect; then + ewarn "Autodetection of hardware disabled from boot cmdline" + return 0 + fi + + ebegin "Loading hardware drivers" + find /sys -name modalias -type f -print0 | xargs -0 sort -u \ + | xargs modprobe -b -a 2> /dev/null + # we run it twice so we detect all devices + find /sys -name modalias -type f -print0 | xargs -0 sort -u \ + | xargs modprobe -b -a 2> /dev/null + + # check if framebuffer drivers got pulled in + if [ -e /dev/fb0 ] && ! [ -e /sys/module/fbcon ]; then + modprobe -b -q fbcon + fi + + eend 0 +} + diff --git a/aports/openrc/machine-id.initd b/aports/openrc/machine-id.initd new file mode 100644 index 0000000..bdd0698 --- /dev/null +++ b/aports/openrc/machine-id.initd @@ -0,0 +1,17 @@ +#!/sbin/openrc-run + +description="Generate machine-id if needed" + +depend() { + need root dev +} + +start() { + if [ -s /etc/machine-id ] ; then + return 0 + fi + ebegin "Generating machine-id" + dd if=/dev/urandom status=none bs=16 count=1 \ + | md5sum | cut -d' ' -f1 > /etc/machine-id + eend $? +} diff --git a/aports/openrc/modloop.confd b/aports/openrc/modloop.confd new file mode 100644 index 0000000..6966429 --- /dev/null +++ b/aports/openrc/modloop.confd @@ -0,0 +1,6 @@ +# Enable loadable module support when running from RAM +# when OverlayFS support is available in the kernel. +# 0 means default tmpfs size (50% of physical RAM). +# for more information please see kernel documention at: +# https://www.kernel.org/doc/Documentation/filesystems/tmpfs.txt +overlay_size=0 diff --git a/aports/openrc/modloop.initd b/aports/openrc/modloop.initd new file mode 100755 index 0000000..fb7006c --- /dev/null +++ b/aports/openrc/modloop.initd @@ -0,0 +1,153 @@ +#!/sbin/openrc-run + +# script that will mount image with modules + +depend() { + after dev-mount + before checkfs fsck hwdrivers modules hwclock dev sysfs + keyword -vserver -lxc +} + +# read kernel options +init_KOPT() { + for opt in $(cat /proc/cmdline 2>/dev/null); do + case "$opt" in + modloop=*|modloop_verify=*) + eval "KOPT_${opt%%=*}='${opt#*=}'" ;; + esac + done +} + +mountdirs() { + awk '$2 !~ /^\/(sys|proc|dev|run)/ && $2 != "/" {print $2}' /proc/mounts +} + +find_modloop() { + local dir="$1" + local kver=$(uname -r) + local oifs="$IFS" + IFS=$'\n' + set -- $(blkid "$dir"/boot/* "$dir"/*) + IFS="$oifs" + for line; do + img=${line%%:*} + verify_modloop "$img" || eerror "Failed to verify signature of $img!" + mount "$img" -o loop,ro /.modloop || continue + if [ -d /.modloop/modules/$kver ]; then + return 0 + fi + umount /.modloop + done + return 1 +} + +verify_modloop() { + local modloop=$1 key= + if ! yesno "${KOPT_modloop_verify:=yes}"; then + return 0 + fi + for key in /etc/apk/keys/*.pub; do + local sig=/var/cache/misc/${modloop##*/}.SIGN.RSA.${key##*/} + if [ -f "$sig" ]; then + if ! command -v openssl > /dev/null; then + ewarn "Missing openssl. Modloop verification disabled!" + return 0 + fi + einfo "Verifying modloop" + openssl dgst -sha1 -verify "$key" -signature "$sig" "$modloop" \ + >/dev/null 2>&1 || return 1 + fi + done +} + +find_backing_file() { + local dir="$1" + local dev=$(df -P "$dir" | tail -1 | awk '{print $1}') + cat /sys/block/${dev#/dev/}/loop/backing_file 2>/dev/null +} + +start() { + local modloop= mount_opts= modloop_dldir="/lib" + init_KOPT + + case "$KOPT_modloop" in + none) return 0;; + http://*|https://*|ftp://*) + modloop=$modloop_dldir/${KOPT_modloop##*/} + if [ ! -f "$modloop" ]; then + mkdir -p "$modloop_dldir" + wget -P "$modloop_dldir" "$KOPT_modloop" || eend 1 + fi + ;; + *) + for dir in $(mountdirs); do + if [ -f "$dir"/$KOPT_modloop ]; then + modloop="$dir/${KOPT_modloop##/}" + alpine_mnt="$dir" + break + fi + done + ;; + esac + + ebegin "Mounting modloop $modloop" + mkdir -p /.modloop + if [ -n "$modloop" ]; then + verify_modloop "$modloop" || eerror "Failed to verify signature of $img!" + mount -o loop,ro $modloop /.modloop + eend $? || return 1 + else + for dir in $(mountdirs); do + if find_modloop "$dir"; then + alpine_mnt="$dir" + break + fi + done + if [ -d /.modloop/modules/$(uname -r) ]; then + eend 0 + else + eend 1 || return 1 + fi + fi + + #use overlayfs if available and configured + if grep -q -w "overlay$" /proc/filesystems && [ ! -z ${unionfs_size+x} ]; then + ewarn "Use of unionfs_size is deprecated use overlay_size instead" + overlay_size="$unionfs_size" + fi + if grep -q -w "overlay$" /proc/filesystems && [ -n "$overlay_size" ]; then + ebegin "OverlayFS detected, mounting modloop rw" + [ "$overlay_size" != 0 ] && mount_ops="-o size=$overlay_size" + mkdir -p /.modoverlayfs /lib/modules + mount -t tmpfs $mount_ops tmpfs /.modoverlayfs + mkdir -p /.modoverlayfs/modules /.modoverlayfs/work + mount -t overlay -o upperdir=/.modoverlayfs/modules,lowerdir=/lib/modules:/.modloop/modules,workdir=/.modoverlayfs/work overlay /lib/modules + depmod -A + eend $? || return 1 + else + rm -rf /lib/modules && ln -sf /.modloop/modules /lib/ + fi + + # copy firmware if there are any + if [ -d $alpine_mnt/firmware ]; then + ebegin "Copying firmware from $alpine_mnt/firmware" + cp -R -a $alpine_mnt/firmware /lib/ + eend $? + elif [ -d /lib/modules/firmware ]; then + rmdir /lib/firmware 2>/dev/null \ + && ln -s /lib/modules/firmware /lib/ + fi + return 0 +} + +stop() { + local ret=0 + local mnt; for mnt in /lib/modules /.modoverlayfs /.modloop; do + if mountinfo --quiet "$mnt"; then + ebegin "Unmounting $mnt" + umount -d "$mnt" || ret=1 + fi + done + eend $ret || return 1 +} + diff --git a/aports/openrc/modules.initd b/aports/openrc/modules.initd new file mode 100644 index 0000000..3cd141e --- /dev/null +++ b/aports/openrc/modules.initd @@ -0,0 +1,80 @@ +#!/sbin/openrc-run + +description="Loads a user defined list of kernel modules." + +depend() +{ + before hwclock hwdrivers + keyword -openvz -prefix -vserver -lxc +} + +start() { + yesno $rc_verbose && verbose=yes + + ebegin "Loading modules" + eindent + for f in /lib/modules-load.d/*.conf \ + /usr/lib/modules-load.d/*.conf; do + + if ! [ -f "$f" ]; then + continue + fi + + if [ -f /etc/modules-load.d/"${f##*/}" ]; then + veinfo "Ignoring $f due to /etc/modules-load.d/${f##*/}" + continue + fi + + if [ -f /run/modules-load.d/"${f##*/}" ]; then + veinfo "Ignoring $f due to /run/modules-load.d/${f##*/}" + continue + fi + + veinfo "Processing $f" + sed -e 's/\#.*//g' -e '/^[[:space:]]*$/d' < "$f" \ + | while read module args; do + modprobe -q $module $args + done + done + + if [ -f /etc/modules ]; then + veinfo "Processing /etc/modules" + sed -e 's/\#.*//g' -e '/^[[:space:]]*$/d' < /etc/modules \ + | while read module args; do + modprobe -q $module $args + done + fi + + for f in /etc/modules-load.d/*.conf; do + if [ ! -f "$f" ]; then + continue + fi + + if [ -f /run/modules-load.d/"${f##*/}" ]; then + veinfo "Ignoring $f due to /run/modules-load.d/${f##*/}" + continue + fi + + veinfo "Processing $f" + sed -e 's/\#.*//g' -e '/^[[:space:]]*$/d' < "$f" \ + | while read module args; do + modprobe -q $module $args + done + done + + for f in /run/modules-load.d/*.conf; do + if [ ! -f "$f" ]; then + continue + fi + + veinfo "Processing $f" + sed -e 's/\#.*//g' -e '/^[[:space:]]*$/d' < "$f" \ + | while read module args; do + modprobe -q $module $args + done + done + eoutdent + + eend $? +} + diff --git a/aports/openrc/networking.initd b/aports/openrc/networking.initd new file mode 100644 index 0000000..417f4a3 --- /dev/null +++ b/aports/openrc/networking.initd @@ -0,0 +1,88 @@ +#!/sbin/openrc-run + +# note that the spoofprotect, syncoockies and ip_forward options are set in +# /etc/sysctl.conf + +: ${cfgfile:="/etc/network/interfaces"} +: ${ifquery:="ifquery"} +: ${ifstate:="/run/ifstate"} + +single_iface="${RC_SVCNAME#*.}" +if [ "$single_iface" = "$RC_SVCNAME" ]; then + single_iface= +fi + +depend() { + need localmount + want dev-settle + after bootmisc hwdrivers modules + provide net + keyword -jail -prefix -vserver -docker +} + +# find interfaces we want to start +find_ifaces() { + if [ -n "$single_iface" ]; then + echo $single_iface + return 0 + fi + + if command -v "$ifquery" >/dev/null; then + $ifquery -i "$cfgfile" --list --auto + return + fi + + # fallback in case ifquery does not exist + awk '$1 == "auto" {for (i = 2; i <= NF; i = i + 1) printf("%s ", $i)}' "$cfgfile" +} + +# return the list of interfaces we should try stop +find_running_ifaces() { + if [ -n "$single_iface" ]; then + echo $single_iface + return 0 + fi + + if command -v "$ifquery" >/dev/null; then + $ifquery --state-file $ifstate -i "$cfgfile" --running + return + fi + + # fallback + awk -F= '{print $2}' $ifstate +} + +start() { + local iface= ret=1 + ebegin "Starting networking" + eindent + for iface in $(find_ifaces); do + local r=0 + ebegin "$iface" + if ! ifup -i "$cfgfile" $iface >/dev/null; then + ifdown -i "$cfgfile" $iface >/dev/null 2>&1 + r=1 + fi + # atleast one interface needs to be started for action + # to be success + eend $r && ret=0 + done + eoutdent + return $ret +} + +stop() { + local iface= + # Don't stop the network at shutdown. + yesno ${keep_network:-YES} && yesno $RC_GOINGDOWN && return 0 + + ebegin "Stopping networking" + eindent + for iface in $(find_running_ifaces); do + ebegin "$iface" + ifdown -i "$cfgfile" -f $iface >/dev/null + eend $? + done + eoutdent + return 0 +} diff --git a/aports/openrc/openrc.logrotate b/aports/openrc/openrc.logrotate new file mode 100644 index 0000000..5e5e64b --- /dev/null +++ b/aports/openrc/openrc.logrotate @@ -0,0 +1,4 @@ +/var/log/rc.log { + missingok + notifempty +} diff --git a/aports/openrc/seedrng.patch b/aports/openrc/seedrng.patch new file mode 100644 index 0000000..ff61d81 --- /dev/null +++ b/aports/openrc/seedrng.patch @@ -0,0 +1,640 @@ +From 076c2552aeff88a27fe275dfaae61dedf4bb4bd5 Mon Sep 17 00:00:00 2001 +From: "Jason A. Donenfeld" +Date: Thu, 24 Mar 2022 22:07:16 -0600 +Subject: [PATCH] Use seedrng for seeding the random number generator + +The RNG can't actually be seeded from a shell script, due to the +reliance on ioctls. For this reason, the seedrng project provides a +basic script meant to be copy and pasted into projects like OpenRC and +tweaked as needed: https://git.zx2c4.com/seedrng/about/ + +This commit imports it into OpenRC and wires up /etc/init.d/urandom to +call it. It shouldn't be called by other things on the system, so it +lives in rc_sbindir. + +Closes #506. +Closes #507. + +Signed-off-by: Jason A. Donenfeld +--- + AUTHORS | 1 + + conf.d/urandom | 9 +- + init.d/urandom.in | 41 ++-- + src/rc/Makefile | 6 +- + src/rc/meson.build | 10 +- + src/rc/seedrng.c | 453 +++++++++++++++++++++++++++++++++++++++++++++ + 6 files changed, 499 insertions(+), 21 deletions(-) + create mode 100644 src/rc/seedrng.c + +diff --git a/AUTHORS b/AUTHORS +index 0616d5175..ede0f471b 100644 +--- a/AUTHORS ++++ b/AUTHORS +@@ -43,6 +43,7 @@ Ian Stakenvicius + Jakob Drexel + James Le Cuirot + Jan Psota ++Jason A. Donenfeld + Jason Zaman + Joe Harvell + Joe M +diff --git a/conf.d/urandom b/conf.d/urandom +index f721a2491..744e4f702 100644 +--- a/conf.d/urandom ++++ b/conf.d/urandom +@@ -2,4 +2,11 @@ + # (say for crypt swap), so you will need to customize this + # behavior. If you have /var on a separate partition, then + # make sure this path lives on your root device somewhere. +-urandom_seed="/var/lib/misc/random-seed" ++seed_dir="/var/lib/seedrng" ++lock_file="/var/run/seedrng.lock" ++ ++# Set this to true if you do not want seed files to actually ++# credit the RNG. Set this if you plan to replicate this ++# file system image and do not have the wherewithal to first ++# delete the contents of /var/lib/seedrng. ++skip_credit="false" +diff --git a/init.d/urandom.in b/init.d/urandom.in +index 0d6ab66e0..cda431fdb 100644 +--- a/init.d/urandom.in ++++ b/init.d/urandom.in +@@ -1,5 +1,5 @@ + #!@SBINDIR@/openrc-run +-# Copyright (c) 2007-2015 The OpenRC Authors. ++# Copyright (c) 2007-2022 The OpenRC Authors. + # See the Authors file at the top-level directory of this distribution and + # https://github.com/OpenRC/openrc/blob/HEAD/AUTHORS + # +@@ -9,7 +9,10 @@ + # This file may not be copied, modified, propagated, or distributed + # except according to the terms contained in the LICENSE file. + +-: ${urandom_seed:=${URANDOM_SEED:-/var/lib/misc/random-seed}} ++export SEEDRNG_SEED_DIR="${seed_dir:-/var/lib/seedrng}" ++export SEEDRNG_LOCK_FILE="${lock_file:-/var/run/seedrng.lock}" ++export SEEDRNG_SKIP_CREDIT="${skip_credit:-false}" ++: ${urandom_seed:=${SEEDRNG_SEED_DIR}/../misc/random-seed} + description="Initializes the random number generator." + + depend() +@@ -21,33 +24,35 @@ depend() + + save_seed() + { +- local psz=1 +- +- if [ -e /proc/sys/kernel/random/poolsize ]; then +- : $(( psz = $(cat /proc/sys/kernel/random/poolsize) / 4096 )) +- fi +- + ( # sub shell to prevent umask pollution + umask 077 +- dd if=/dev/urandom of="$urandom_seed" count=${psz} 2>/dev/null ++ dd if=/dev/urandom of="$urandom_seed" count=1 2>/dev/null + ) + } + + start() + { +- [ -c /dev/urandom ] || return +- if [ -f "$urandom_seed" ]; then +- ebegin "Initializing random number generator" +- cat "$urandom_seed" > /dev/urandom +- eend $? "Error initializing random number generator" ++ if [ "$RC_UNAME" = Linux ]; then ++ seedrng ++ else ++ [ -c /dev/urandom ] || return ++ if [ -f "$urandom_seed" ]; then ++ ebegin "Initializing random number generator" ++ cat "$urandom_seed" > /dev/urandom ++ eend $? "Error initializing random number generator" ++ fi ++ rm -f "$urandom_seed" && save_seed + fi +- rm -f "$urandom_seed" && save_seed + return 0 + } + + stop() + { +- ebegin "Saving random seed" +- save_seed +- eend $? "Failed to save random seed" ++ if [ "$RC_UNAME" = Linux ]; then ++ seedrng ++ else ++ ebegin "Saving random seed" ++ save_seed ++ eend $? "Failed to save random seed" ++ fi + } +diff --git a/src/rc/Makefile b/src/rc/Makefile +index fd796d920..62539f134 100644 +--- a/src/rc/Makefile ++++ b/src/rc/Makefile +@@ -15,7 +15,7 @@ endif + + ifeq (${OS},Linux) + SRCS+= kill_all.c openrc-init.c openrc-shutdown.c rc-sysvinit.c broadcast.c \ +- rc-wtmp.c ++ rc-wtmp.c seedrng.c + endif + + CLEANFILES= version.h rc-selinux.o +@@ -47,6 +47,7 @@ RC_SBINPROGS= mark_service_starting mark_service_started \ + + ifeq (${OS},Linux) + RC_BINPROGS+= kill_all ++RC_SBINPROGS+= seedrng + SBINPROGS+= openrc-init openrc-shutdown + endif + +@@ -180,3 +181,6 @@ shell_var: shell_var.o + + swclock: swclock.o _usage.o rc-misc.o + ${CC} ${LOCAL_CFLAGS} ${LOCAL_LDFLAGS} ${CFLAGS} ${LDFLAGS} -o $@ $^ ${LDADD} ++ ++seedrng: seedrng.o ++ ${CC} ${LOCAL_CFLAGS} ${LOCAL_LDFLAGS} ${CFLAGS} ${LDFLAGS} -o $@ $^ ${LDADD} +diff --git a/src/rc/meson.build b/src/rc/meson.build +index 8fdf3ac3b..b724c51f2 100644 +--- a/src/rc/meson.build ++++ b/src/rc/meson.build +@@ -268,7 +268,15 @@ if os == 'Linux' + link_with: [libeinfo,librc], + install: true, + install_dir: rc_bindir) +- endif ++ ++ executable('seedrng', ++ ['seedrng.c'], ++ c_args : cc_branding_flags, ++ include_directories: [incdir, einfo_incdir, rc_incdir], ++ link_with: [libeinfo, librc], ++ install: true, ++ install_dir: rc_sbindir) ++endif + + executable('shell_var', + ['shell_var.c'], +diff --git a/src/rc/seedrng.c b/src/rc/seedrng.c +new file mode 100644 +index 000000000..c1f941457 +--- /dev/null ++++ b/src/rc/seedrng.c +@@ -0,0 +1,453 @@ ++/* ++ * seedrng.c ++ * Seed kernel RNG from seed file, based on code from: ++ * https://git.zx2c4.com/seedrng/about/ ++ */ ++ ++/* ++ * Copyright (c) 2022 The OpenRC Authors. ++ * See the Authors file at the top-level directory of this distribution and ++ * https://github.com/OpenRC/openrc/blob/HEAD/AUTHORS ++ * ++ * This file is part of OpenRC. It is subject to the license terms in ++ * the LICENSE file found in the top-level directory of this ++ * distribution and at https://github.com/OpenRC/openrc/blob/HEAD/LICENSE ++ * This file may not be copied, modified, propagated, or distributed ++ * except according to the terms contained in the LICENSE file. ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "rc.h" ++#include "einfo.h" ++#include "helpers.h" ++ ++#ifndef GRND_INSECURE ++#define GRND_INSECURE 0x0004 /* Apparently some headers don't ship with this yet. */ ++#endif ++ ++static const char *SEED_DIR; ++static const char *LOCK_FILE; ++static char *CREDITABLE_SEED; ++static char *NON_CREDITABLE_SEED; ++ ++enum blake2s_lengths { ++ BLAKE2S_BLOCK_LEN = 64, ++ BLAKE2S_HASH_LEN = 32, ++ BLAKE2S_KEY_LEN = 32 ++}; ++ ++enum seedrng_lengths { ++ MAX_SEED_LEN = 512, ++ MIN_SEED_LEN = BLAKE2S_HASH_LEN ++}; ++ ++struct blake2s_state { ++ uint32_t h[8]; ++ uint32_t t[2]; ++ uint32_t f[2]; ++ uint8_t buf[BLAKE2S_BLOCK_LEN]; ++ unsigned int buflen; ++ unsigned int outlen; ++}; ++ ++#define le32_to_cpup(a) le32toh(*(a)) ++#define cpu_to_le32(a) htole32(a) ++#ifndef ARRAY_SIZE ++#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) ++#endif ++#ifndef DIV_ROUND_UP ++#define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) ++#endif ++ ++static inline void cpu_to_le32_array(uint32_t *buf, unsigned int words) ++{ ++ while (words--) { ++ *buf = cpu_to_le32(*buf); ++ ++buf; ++ } ++} ++ ++static inline void le32_to_cpu_array(uint32_t *buf, unsigned int words) ++{ ++ while (words--) { ++ *buf = le32_to_cpup(buf); ++ ++buf; ++ } ++} ++ ++static inline uint32_t ror32(uint32_t word, unsigned int shift) ++{ ++ return (word >> (shift & 31)) | (word << ((-shift) & 31)); ++} ++ ++static const uint32_t blake2s_iv[8] = { ++ 0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL, ++ 0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL ++}; ++ ++static const uint8_t blake2s_sigma[10][16] = { ++ { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, ++ { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }, ++ { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 }, ++ { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 }, ++ { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 }, ++ { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 }, ++ { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 }, ++ { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 }, ++ { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 }, ++ { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 }, ++}; ++ ++static void blake2s_set_lastblock(struct blake2s_state *state) ++{ ++ state->f[0] = -1; ++} ++ ++static void blake2s_increment_counter(struct blake2s_state *state, const uint32_t inc) ++{ ++ state->t[0] += inc; ++ state->t[1] += (state->t[0] < inc); ++} ++ ++static void blake2s_init_param(struct blake2s_state *state, const uint32_t param) ++{ ++ int i; ++ ++ memset(state, 0, sizeof(*state)); ++ for (i = 0; i < 8; ++i) ++ state->h[i] = blake2s_iv[i]; ++ state->h[0] ^= param; ++} ++ ++static void blake2s_init(struct blake2s_state *state, const size_t outlen) ++{ ++ blake2s_init_param(state, 0x01010000 | outlen); ++ state->outlen = outlen; ++} ++ ++static void blake2s_compress(struct blake2s_state *state, const uint8_t *block, size_t nblocks, const uint32_t inc) ++{ ++ uint32_t m[16]; ++ uint32_t v[16]; ++ int i; ++ ++ while (nblocks > 0) { ++ blake2s_increment_counter(state, inc); ++ memcpy(m, block, BLAKE2S_BLOCK_LEN); ++ le32_to_cpu_array(m, ARRAY_SIZE(m)); ++ memcpy(v, state->h, 32); ++ v[ 8] = blake2s_iv[0]; ++ v[ 9] = blake2s_iv[1]; ++ v[10] = blake2s_iv[2]; ++ v[11] = blake2s_iv[3]; ++ v[12] = blake2s_iv[4] ^ state->t[0]; ++ v[13] = blake2s_iv[5] ^ state->t[1]; ++ v[14] = blake2s_iv[6] ^ state->f[0]; ++ v[15] = blake2s_iv[7] ^ state->f[1]; ++ ++#define G(r, i, a, b, c, d) do { \ ++ a += b + m[blake2s_sigma[r][2 * i + 0]]; \ ++ d = ror32(d ^ a, 16); \ ++ c += d; \ ++ b = ror32(b ^ c, 12); \ ++ a += b + m[blake2s_sigma[r][2 * i + 1]]; \ ++ d = ror32(d ^ a, 8); \ ++ c += d; \ ++ b = ror32(b ^ c, 7); \ ++} while (0) ++ ++#define ROUND(r) do { \ ++ G(r, 0, v[0], v[ 4], v[ 8], v[12]); \ ++ G(r, 1, v[1], v[ 5], v[ 9], v[13]); \ ++ G(r, 2, v[2], v[ 6], v[10], v[14]); \ ++ G(r, 3, v[3], v[ 7], v[11], v[15]); \ ++ G(r, 4, v[0], v[ 5], v[10], v[15]); \ ++ G(r, 5, v[1], v[ 6], v[11], v[12]); \ ++ G(r, 6, v[2], v[ 7], v[ 8], v[13]); \ ++ G(r, 7, v[3], v[ 4], v[ 9], v[14]); \ ++} while (0) ++ ROUND(0); ++ ROUND(1); ++ ROUND(2); ++ ROUND(3); ++ ROUND(4); ++ ROUND(5); ++ ROUND(6); ++ ROUND(7); ++ ROUND(8); ++ ROUND(9); ++ ++#undef G ++#undef ROUND ++ ++ for (i = 0; i < 8; ++i) ++ state->h[i] ^= v[i] ^ v[i + 8]; ++ ++ block += BLAKE2S_BLOCK_LEN; ++ --nblocks; ++ } ++} ++ ++static void blake2s_update(struct blake2s_state *state, const void *inp, size_t inlen) ++{ ++ const size_t fill = BLAKE2S_BLOCK_LEN - state->buflen; ++ const uint8_t *in = inp; ++ ++ if (!inlen) ++ return; ++ if (inlen > fill) { ++ memcpy(state->buf + state->buflen, in, fill); ++ blake2s_compress(state, state->buf, 1, BLAKE2S_BLOCK_LEN); ++ state->buflen = 0; ++ in += fill; ++ inlen -= fill; ++ } ++ if (inlen > BLAKE2S_BLOCK_LEN) { ++ const size_t nblocks = DIV_ROUND_UP(inlen, BLAKE2S_BLOCK_LEN); ++ blake2s_compress(state, in, nblocks - 1, BLAKE2S_BLOCK_LEN); ++ in += BLAKE2S_BLOCK_LEN * (nblocks - 1); ++ inlen -= BLAKE2S_BLOCK_LEN * (nblocks - 1); ++ } ++ memcpy(state->buf + state->buflen, in, inlen); ++ state->buflen += inlen; ++} ++ ++static void blake2s_final(struct blake2s_state *state, uint8_t *out) ++{ ++ blake2s_set_lastblock(state); ++ memset(state->buf + state->buflen, 0, BLAKE2S_BLOCK_LEN - state->buflen); ++ blake2s_compress(state, state->buf, 1, state->buflen); ++ cpu_to_le32_array(state->h, ARRAY_SIZE(state->h)); ++ memcpy(out, state->h, state->outlen); ++} ++ ++static size_t determine_optimal_seed_len(void) ++{ ++ size_t ret = 0; ++ char poolsize_str[11] = { 0 }; ++ int fd = open("/proc/sys/kernel/random/poolsize", O_RDONLY); ++ ++ if (fd < 0 || read(fd, poolsize_str, sizeof(poolsize_str) - 1) < 0) { ++ ewarn("Unable to determine pool size, falling back to %u bits: %s", MIN_SEED_LEN * 8, strerror(errno)); ++ ret = MIN_SEED_LEN; ++ } else ++ ret = DIV_ROUND_UP(strtoul(poolsize_str, NULL, 10), 8); ++ if (fd >= 0) ++ close(fd); ++ if (ret < MIN_SEED_LEN) ++ ret = MIN_SEED_LEN; ++ else if (ret > MAX_SEED_LEN) ++ ret = MAX_SEED_LEN; ++ return ret; ++} ++ ++static int read_new_seed(uint8_t *seed, size_t len, bool *is_creditable) ++{ ++ ssize_t ret; ++ int urandom_fd; ++ ++ *is_creditable = false; ++ ret = getrandom(seed, len, GRND_NONBLOCK); ++ if (ret == (ssize_t)len) { ++ *is_creditable = true; ++ return 0; ++ } ++ if (ret == -1 && errno == ENOSYS) { ++ struct pollfd random_fd = { ++ .fd = open("/dev/random", O_RDONLY), ++ .events = POLLIN ++ }; ++ if (random_fd.fd < 0) ++ return -errno; ++ *is_creditable = poll(&random_fd, 1, 0) == 1; ++ close(random_fd.fd); ++ } else if (getrandom(seed, len, GRND_INSECURE) == (ssize_t)len) ++ return 0; ++ urandom_fd = open("/dev/urandom", O_RDONLY); ++ if (urandom_fd < 0) ++ return -errno; ++ ret = read(urandom_fd, seed, len); ++ if (ret == (ssize_t)len) ++ ret = 0; ++ else ++ ret = -errno ? -errno : -EIO; ++ close(urandom_fd); ++ return ret; ++} ++ ++static int seed_rng(uint8_t *seed, size_t len, bool credit) ++{ ++ struct { ++ int entropy_count; ++ int buf_size; ++ uint8_t buffer[MAX_SEED_LEN]; ++ } req = { ++ .entropy_count = credit ? len * 8 : 0, ++ .buf_size = len ++ }; ++ int random_fd, ret; ++ ++ if (len > sizeof(req.buffer)) ++ return -EFBIG; ++ memcpy(req.buffer, seed, len); ++ ++ random_fd = open("/dev/random", O_RDWR); ++ if (random_fd < 0) ++ return -errno; ++ ret = ioctl(random_fd, RNDADDENTROPY, &req); ++ if (ret) ++ ret = -errno ? -errno : -EIO; ++ close(random_fd); ++ return ret; ++} ++ ++static int seed_from_file_if_exists(const char *filename, bool credit, struct blake2s_state *hash) ++{ ++ uint8_t seed[MAX_SEED_LEN]; ++ ssize_t seed_len; ++ int fd, dfd, ret = 0; ++ ++ fd = open(filename, O_RDONLY); ++ if (fd < 0 && errno == ENOENT) ++ return 0; ++ else if (fd < 0) { ++ ret = -errno; ++ eerror("Unable to open seed file: %s", strerror(errno)); ++ return ret; ++ } ++ dfd = open(SEED_DIR, O_DIRECTORY | O_RDONLY); ++ if (dfd < 0) { ++ ret = -errno; ++ close(fd); ++ eerror("Unable to open seed directory: %s", strerror(errno)); ++ return ret; ++ } ++ seed_len = read(fd, seed, sizeof(seed)); ++ if (seed_len < 0) { ++ ret = -errno; ++ eerror("Unable to read seed file: %s", strerror(errno)); ++ } ++ close(fd); ++ if (ret) { ++ close(dfd); ++ return ret; ++ } ++ if ((unlink(filename) < 0 || fsync(dfd) < 0) && seed_len) { ++ ret = -errno; ++ eerror("Unable to remove seed after reading, so not seeding: %s", strerror(errno)); ++ } ++ close(dfd); ++ if (ret) ++ return ret; ++ if (!seed_len) ++ return 0; ++ ++ blake2s_update(hash, &seed_len, sizeof(seed_len)); ++ blake2s_update(hash, seed, seed_len); ++ ++ einfo("Seeding %zd bits %s crediting", seed_len * 8, credit ? "and" : "without"); ++ ret = seed_rng(seed, seed_len, credit); ++ if (ret < 0) ++ eerror("Unable to seed: %s", strerror(-ret)); ++ return ret; ++} ++ ++static void populate_global_paths(void) ++{ ++ SEED_DIR = getenv("SEEDRNG_SEED_DIR"); ++ if (!SEED_DIR || !*SEED_DIR) ++ SEED_DIR = "/var/lib/seedrng"; ++ LOCK_FILE = getenv("SEEDRNG_LOCK_FILE"); ++ if (!LOCK_FILE || !*LOCK_FILE) ++ LOCK_FILE = "/var/run/seedrng.lock"; ++ xasprintf(&CREDITABLE_SEED, "%s/seed.credit", SEED_DIR); ++ xasprintf(&NON_CREDITABLE_SEED, "%s/seed.no-credit", SEED_DIR); ++} ++ ++int main(int argc _unused, char *argv[] _unused) ++{ ++ static const char seedrng_prefix[] = "SeedRNG v1 Old+New Prefix"; ++ static const char seedrng_failure[] = "SeedRNG v1 No New Seed Failure"; ++ int ret, fd, lock, program_ret = 0; ++ uint8_t new_seed[MAX_SEED_LEN]; ++ size_t new_seed_len; ++ bool new_seed_creditable; ++ struct timespec realtime = { 0 }, boottime = { 0 }; ++ struct blake2s_state hash; ++ ++ umask(0077); ++ if (getuid()) ++ eerrorx("This rc helper program requires root"); ++ ++ populate_global_paths(); ++ blake2s_init(&hash, BLAKE2S_HASH_LEN); ++ blake2s_update(&hash, seedrng_prefix, strlen(seedrng_prefix)); ++ clock_gettime(CLOCK_REALTIME, &realtime); ++ clock_gettime(CLOCK_BOOTTIME, &boottime); ++ blake2s_update(&hash, &realtime, sizeof(realtime)); ++ blake2s_update(&hash, &boottime, sizeof(boottime)); ++ ++ if (mkdir(SEED_DIR, 0700) < 0 && errno != EEXIST) ++ eerrorx("Unable to create \"%s\" directory: %s", SEED_DIR, strerror(errno)); ++ ++ lock = open(LOCK_FILE, O_WRONLY | O_CREAT, 0000); ++ if (lock < 0 || flock(lock, LOCK_EX) < 0) ++ eerrorx("Unable to open lock file: %s", strerror(errno)); ++ ++ ret = seed_from_file_if_exists(NON_CREDITABLE_SEED, false, &hash); ++ if (ret < 0) ++ program_ret |= 1 << 1; ++ ret = seed_from_file_if_exists(CREDITABLE_SEED, !rc_yesno(getenv("SEEDRNG_SKIP_CREDIT")), &hash); ++ if (ret < 0) ++ program_ret |= 1 << 2; ++ ++ new_seed_len = determine_optimal_seed_len(); ++ ret = read_new_seed(new_seed, new_seed_len, &new_seed_creditable); ++ if (ret < 0) { ++ eerror("Unable to read new seed: %s", strerror(-ret)); ++ new_seed_len = BLAKE2S_HASH_LEN; ++ strncpy((char *)new_seed, seedrng_failure, new_seed_len); ++ program_ret |= 1 << 3; ++ } ++ blake2s_update(&hash, &new_seed_len, sizeof(new_seed_len)); ++ blake2s_update(&hash, new_seed, new_seed_len); ++ blake2s_final(&hash, new_seed + new_seed_len - BLAKE2S_HASH_LEN); ++ ++ einfo("Saving %zu bits of %s seed for next boot", new_seed_len * 8, new_seed_creditable ? "creditable" : "non-creditable"); ++ fd = open(NON_CREDITABLE_SEED, O_WRONLY | O_CREAT | O_TRUNC, 0400); ++ if (fd < 0) { ++ eerror("Unable to open seed file for writing: %s", strerror(errno)); ++ program_ret |= 1 << 4; ++ goto out; ++ } ++ if (write(fd, new_seed, new_seed_len) != (ssize_t)new_seed_len || fsync(fd) < 0) { ++ eerror("Unable to write seed file: %s", strerror(errno)); ++ program_ret |= 1 << 5; ++ goto out; ++ } ++ if (new_seed_creditable && rename(NON_CREDITABLE_SEED, CREDITABLE_SEED) < 0) { ++ ewarn("Unable to make new seed creditable: %s", strerror(errno)); ++ program_ret |= 1 << 6; ++ } ++out: ++ close(fd); ++ close(lock); ++ return program_ret; ++} diff --git a/aports/openrc/sysctl.initd b/aports/openrc/sysctl.initd new file mode 100644 index 0000000..befdb91 --- /dev/null +++ b/aports/openrc/sysctl.initd @@ -0,0 +1,87 @@ +#!/sbin/openrc-run + +depend() +{ + after clock + before bootmisc logger + keyword -prefix -systemd-nspawn -vserver +} + +start() +{ + local quiet retval=0 status + ebegin "Configuring kernel parameters" + + yesno $rc_verbose || quiet=-q + + eindent + + for f in /lib/sysctl.d/*.conf \ + /usr/lib/sysctl.d/*.conf; do + + if [ -f /etc/sysctl.d/"${f##*/}" ]; then + veinfo "Ignoring $f due to /etc/sysctl.d/${f##*/}" + continue + fi + + if [ -f /run/sysctl.d/"${f##*/}" ]; then + veinfo "Ignoring $f due to /run/sysctl.d/${f##*/}" + continue + fi + + if [ -f "$f" ]; then + vebegin "applying $f" + sysctl $quiet -p "$f" + status=$? + if [ $status -gt 0 ]; then + # Don't change retval= since we expect some package/distro provided + # sysctl configurations to break, so just warn when the user wants + # verbose messages + vewarn "Unable to configure kernel parameters from $f" + fi + fi + done + + for f in /etc/sysctl.d/*.conf; do + + if [ -f /run/sysctl.d/"${f##*/}" ]; then + veinfo "Ignoring $f due to /run/sysctl.d/${f##*/}" + continue + fi + + if [ -f "$f" ]; then + vebegin "applying $f" + sysctl $quiet -p "$f" + status=$? + if [ $status -gt 0 ]; then + retval=$(( $retval + $status )) + eerror "Unable to configure kernel parameters from $f" + fi + fi + done + + if [ -f /etc/sysctl.conf ]; then + vebegin "applying /etc/sysctl.conf" + sysctl $quiet -p /etc/sysctl.conf + status=$? + if [ $status -gt 0 ]; then + retval=$(( $retval + $status )) + eerror "Unable to configure kernel parameters from /etc/sysctl.conf" + fi + fi + + for f in /run/sysctl.d/*.conf; do + if [ -f "$f" ]; then + vebegin "applying $f" + sysctl $quiet -p "$f" + status=$? + if [ $status -gt 0 ]; then + retval=$(( $retval + $status )) + eerror "Unable to configure kernel parameters from $f" + fi + fi + done + eoutdent + + eend $retval +} diff --git a/aports/openrc/sysfsconf.initd b/aports/openrc/sysfsconf.initd new file mode 100644 index 0000000..433e51d --- /dev/null +++ b/aports/openrc/sysfsconf.initd @@ -0,0 +1,66 @@ +#!/sbin/openrc-run + +description="Set sysfs variables from /etc/sysfs.conf and /etc/sysfs.d/*.conf" +conffile=/etc/sysfs.conf +confdir=/etc/sysfs.d + +depend() { + need sysfs +} + +setval() { + local value="$1" attrib="$2" + # Some fields need a terminating newline, others + # need the terminating newline to be absent :-( + echo -n "$value" > "$attrib" 2>/dev/null \ + || echo "$value" > "$attrib" +} + +load_conffile() { + local file="$1" + while read line; do + local line=${line%%#*} + local cmd= attrib= value= + set -- $line + if [ $# -eq 0 ]; then + continue + fi + case "$1$3" in + mode=) cmd=chmod + attrib="$2" + value="$4" + ;; + owner=) cmd=chown + attrib="$2" + value="$4" + ;; + *) if [ "$2" = "=" ]; then + cmd=setval + attrib="$1" + value="$3" + fi + ;; + esac + if ! [ -e "/sys/$attrib" ]; then + eerror "$attrib: unknown attribute" + continue + fi + if [ -z "$attrib" ] || [ -z "$value" ]; then + eerror "syntax error in $file: '$line'" + continue + fi + $cmd "$value" "/sys/$attrib" + done < "$file" +} + +start() { + [ -r "$conffile" -o -d "$confdir" ] || return 0 + ebegin "Setting sysfs variables" + for file in $confdir/*.conf $conffile; do + [ -r "$file" ] || continue + load_conffile "$file" || return 1 + done + eend 0 + +} + diff --git a/aports/openrc/test-networking.sh b/aports/openrc/test-networking.sh new file mode 100644 index 0000000..5e5f70b --- /dev/null +++ b/aports/openrc/test-networking.sh @@ -0,0 +1,65 @@ +#!/bin/sh + +# unit tests for find_ifaces and find_running_ifaces in networking.initd + +cfgfile=/tmp/openrc-test-network.$$ +sourcefile=$cfgfile.source +sourcedir=$cfgfile.d +ifstate=$cfgfile.state + +cat >$cfgfile<$sourcefile<$sourcedir/a<$ifstate< + +pkgname=socat +pkgver=1.7.4.2 +pkgrel=0 +pkgdesc="Multipurpose relay for binary protocols" +options="!check" +url="http://www.dest-unreach.org/socat/" +arch="all" +license="GPL-2.0-only WITH OpenSSL-Exception" +makedepends="openssl1.1-compat-dev readline-dev linux-headers" +subpackages= +source="http://www.dest-unreach.org/socat/download/socat-$pkgver.tar.gz + use-linux-headers.patch + netdb-internal.patch + no-extras.patch + " + +build() { + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --disable-stdio \ + --disable-fdnum \ + --disable-file \ + --disable-creat \ + --disable-gopen \ + --disable-pipe \ + --disable-termios \ + --disable-ip6 \ + --disable-rawip \ + --disable-genericsocket \ + --disable-interface \ + --disable-udp \ + --disable-sctp \ + --disable-vsock \ + --disable-socks4 \ + --disable-socks4a \ + --disable-proxy \ + --disable-exec \ + --disable-system \ + --disable-pty \ + --disable-fs \ + --disable-readline \ + --disable-openssl \ + --disable-tun \ + --disable-sycls \ + --disable-filan \ + --disable-retry \ + --disable-libwrap \ + --prefix=/usr + make +} + +package() { + make DESTDIR="$pkgdir" install +} + +sha512sums=" +c331a6348e0febb35cd8adc2b116e3b8896cd7f64bcd93e507df4b8197ee1e6738ca256abf74c9b225e7a3769cf9643f0e237826125c6f390b5124ce0f10c972 socat-1.7.4.2.tar.gz +2032b6528cb27b69d8fb6a6f64af32fcc1f6e4934bb0d7c8931b38ab7ad5e27f6f4344a6cf49751fa3178cd725f954e195373362f7d5929e587d7f0309346059 use-linux-headers.patch +22a6e0c2317a9317997c98114daac258ebbcc3d8e58e49a6ebf24781b98967afed47c63807282582fa0909076fe349281f05e4462faacb90e7aabc853903d6e6 netdb-internal.patch +de2ca2d318ada9ac7140ad6fbc42006ea0ef040d68cc579ed1452246fd16a7eceb4ce577336bc20e513cf6fe24da296447529ec36c22fa17a4c18be29e180b81 no-extras.patch +" diff --git a/aports/socat/netdb-internal.patch b/aports/socat/netdb-internal.patch new file mode 100644 index 0000000..d1ebc8e --- /dev/null +++ b/aports/socat/netdb-internal.patch @@ -0,0 +1,13 @@ +--- socat-1.7.2.4.orig/compat.h ++++ socat-1.7.2.4/compat.h +@@ -656,6 +656,10 @@ + # define NETDB_INTERNAL h_NETDB_INTERNAL + #endif + ++#if !defined(NETDB_INTERNAL) ++# define NETDB_INTERNAL (-1) ++#endif ++ + #ifndef INET_ADDRSTRLEN + # define INET_ADDRSTRLEN sizeof(struct sockaddr_in) + #endif diff --git a/aports/socat/no-extras.patch b/aports/socat/no-extras.patch new file mode 100644 index 0000000..94bd71a --- /dev/null +++ b/aports/socat/no-extras.patch @@ -0,0 +1,50 @@ +--- socat-1.7.4.2/Makefile.in.orig 2022-04-01 22:07:25.284535646 +0000 ++++ socat-1.7.4.2/Makefile.in 2022-04-01 22:09:04.484450962 +0000 +@@ -57,7 +57,7 @@ + UTLOBJS = $(UTLSRCS:.c=.o) + CFILES = $(XIOSRCS) $(UTLSRCS) socat.c procan_main.c filan_main.c + OFILES = $(CFILES:.c=.o) +-PROGS = socat procan filan ++PROGS = socat + + HFILES = sycls.h sslcls.h error.h dalan.h procan.h filan.h hostan.h sysincludes.h xio.h xioopen.h sysutils.h utils.h nestlex.h vsnprintf_r.h snprinterr.h compat.h \ + xioconfig.h mytypes.h xioopts.h xiodiag.h xiohelp.h xiosysincludes.h \ +@@ -87,7 +87,7 @@ + Config/Makefile.MacOSX-10-5 Config/config.MacOSX-10-5.h \ + Config/Makefile.DragonFly-2-8-2 Config/config.DragonFly-2-8-2.h + +-all: progs doc ++all: progs + + scmclean: gitclean + +@@ -131,19 +131,12 @@ + strip: progs + strip $(PROGS) + +-install: progs $(srcdir)/doc/socat.1 ++install: progs + mkdir -p $(DESTDIR)$(BINDEST) + $(INSTALL) -m 755 socat $(DESTDIR)$(BINDEST) +- $(INSTALL) -m 755 procan $(DESTDIR)$(BINDEST) +- $(INSTALL) -m 755 filan $(DESTDIR)$(BINDEST) +- mkdir -p $(DESTDIR)$(MANDEST)/man1 +- $(INSTALL) -m 644 $(srcdir)/doc/socat.1 $(DESTDIR)$(MANDEST)/man1/ + + uninstall: + rm -f $(DESTDIR)$(BINDEST)/socat +- rm -f $(DESTDIR)$(BINDEST)/procan +- rm -f $(DESTDIR)$(BINDEST)/filan +- rm -f $(DESTDIR)$(MANDEST)/man1/socat.1 + + # make a GNU-zipped tar ball of the source files + dist: socat.tar.gz socat.tar.bz2 +@@ -165,7 +158,7 @@ + rm -r $(TARDIR) + + clean: +- rm -f *.o libxio.a socat procan filan \ ++ rm -f *.o libxio.a socat \ + socat.tar socat.tar.Z socat.tar.gz socat.tar.bz2 \ + socat.out compile.log test.log + diff --git a/aports/socat/use-linux-headers.patch b/aports/socat/use-linux-headers.patch new file mode 100644 index 0000000..5ef90ac --- /dev/null +++ b/aports/socat/use-linux-headers.patch @@ -0,0 +1,11 @@ +--- socat-1.7.2.4.orig/sysincludes.h ++++ socat-1.7.2.4/sysincludes.h +@@ -134,7 +134,7 @@ + #include + #endif + #if HAVE_NETINET_IF_ETHER_H +-#include ++#include + #endif + #if HAVE_LINUX_IF_TUN_H + #include diff --git a/aports/wpa_passthru/APKBUILD b/aports/wpa_passthru/APKBUILD new file mode 100644 index 0000000..5672428 --- /dev/null +++ b/aports/wpa_passthru/APKBUILD @@ -0,0 +1,23 @@ +# Maintainer: Gabor Pali + +pkgname=wpa_passthru +pkgver=0.1.0 +pkgrel=0 +pkgdesc="WPA Supplicant pass-through for Wifibox" +url="https://github.com/pgj/freebsd-wifibox-alpine" +arch="all" +license="BSD2" +install="" +subpackages= +source="wpa_passthru.initd + wpa_passthru +" + +package() { + install -D -m755 "$srcdir"/wpa_passthru.initd "$pkgdir"/etc/init.d/wpa_passthru + install -D -m755 "$srcdir"/wpa_passthru "$pkgdir"/sbin/wpa_passthru +} +sha512sums=" +ab107ef28b73517468c8e4558642b798fb3b6861e9ad92df4fd9912b5c3a56aa83822ce71ac1d4b84bf3113dc9c8c1aec6a76e3be17f0613ee722108a384e3ff wpa_passthru.initd +46178341d5cd323bc2e7bdf1f21158e7806f6746efe480f1f0f9b57254355b78def8e90d5f5e87e10122b04f6280da711865640ee38faa7566c5da0f3d9f18c3 wpa_passthru +" diff --git a/aports/wpa_passthru/wpa_passthru b/aports/wpa_passthru/wpa_passthru new file mode 100644 index 0000000..4e95d2f --- /dev/null +++ b/aports/wpa_passthru/wpa_passthru @@ -0,0 +1,101 @@ +#!/bin/sh +# shellcheck disable=SC2034,SC3043,SC3060 + +log() { + local _level="$1" + local _message="$2" + + /usr/bin/logger -p "daemon.${_level}" -t "wpa_passthru[$$]" "${_message}" +} + +enabled=no + +# shellcheck disable=SC1091 +. /media/etc/wpa_ctrl.conf + +_wlan_devs=$(set | /bin/grep -F "_port=" | /bin/sed 's!_port=.*!!') +log debug "Configuration: enabled=${enabled}, network=${network}, wlan devs=[${_wlan_devs}]" + +if [ "${enabled}" = "no" ]; then + log info "Not enabled, exiting." + exit 0 +fi + +if_lan=eth0 +wpa_conf="/media/wpa/wpa_supplicant.conf" + +cleanup() { + local _socats + + _socats=$(/usr/bin/pgrep socat) + log info "Stopping, socat processes: [${_socats}]" + [ -n "${_socats}" ] \ + && /usr/bin/kill -TERM ${_socats} + [ -n "${_socket_directory}" ] \ + && /bin/rm -rf "${_socket_directory}" +} + +trap cleanup EXIT TERM + +find_network() { + /sbin/ifconfig ${if_lan} \ + | /bin/grep -F "inet addr:" \ + | /bin/sed -E 's!.*inet addr:([0-9\.]+).*Mask:([0-9\.]+)!\1:\2!' +} + +get_ctrl_interface() { + /bin/grep "^ctrl_interface=" "${wpa_conf}" \ + | /bin/sed 's!^ctrl_interface=!!' +} + +if [ -z "${network}" ]; then + if ! /sbin/ifconfig ${if_lan}; then + log error "Interface ${if_lan} not found, exiting." + exit 1 + fi + + network=$(find_network) +fi + +_ip=${network%%:*} + +if [ -z "${_ip}" ]; then + log error "No IP address for ${if_lan} could found, exiting." + exit 1 +fi + +_ctrl_interface=$(get_ctrl_interface) + +if [ -z "${_ctrl_interface}" ]; then + log warn "No control interface found, exiting." + exit 0 +fi + +_socket_directory=$(/bin/mktemp -d) + +for _wlan_dev in ${_wlan_devs}; do + _wlan=${_wlan_dev//_/-} + _ctrl_socket="${_ctrl_interface}/${_wlan}" + + if [ ! -S "${_ctrl_socket}" ]; then + log warn "${_ctrl_socket} is not available, skipping." + continue + fi + + _socket="${_socket_directory}/${_wlan}" + _port=$(eval "echo \${${_wlan_dev}_port}") + + if [ -z "${_port}" ]; then + log warn "No port defined for ${_wlan}, skipping." + continue + fi + + log info "Associating ${_ip}:${_port} (${network}) with ${_ctrl_socket} (${_socket})" + /usr/bin/socat \ + TCP4-LISTEN:"${_port}",reuseaddr,bind="${_ip}",range="${network}",fork \ + UNIX-SENDTO:"${_ctrl_socket}",bind="${_socket}",unlink-early & +done + +while /bin/true; do + /bin/sleep 60 +done diff --git a/aports/wpa_passthru/wpa_passthru.initd b/aports/wpa_passthru/wpa_passthru.initd new file mode 100644 index 0000000..d7c5c07 --- /dev/null +++ b/aports/wpa_passthru/wpa_passthru.initd @@ -0,0 +1,12 @@ +#!/sbin/openrc-run + +supervisor=supervise-daemon +name="WPA Supplicant pass-through" +description="Control socket pass-through support for WPA Supplicant" + +command=/sbin/wpa_passthru +command_background=true + +depend() { + need wpa_supplicant +} diff --git a/aports/wpa_supplicant/APKBUILD b/aports/wpa_supplicant/APKBUILD new file mode 100644 index 0000000..9bde48d --- /dev/null +++ b/aports/wpa_supplicant/APKBUILD @@ -0,0 +1,91 @@ +# Maintainer: Gabor Pali + +pkgname=wpa_supplicant +pkgver=2.9 +pkgrel=17 +pkgdesc="utility providing key negotiation for WPA wireless networks" +url="https://w1.fi/wpa_supplicant/" +arch="x86_64" +options="!check" # has no tests +license="BSD-3-Clause" +subpackages= +makedepends="linux-headers openssl1.1-compat-dev dbus-dev libnl3-dev pcsc-lite-dev" +source="https://w1.fi/releases/wpa_supplicant-$pkgver.tar.gz + + wpa_supplicant.initd + wpa_supplicant.confd + + eloop.patch + no-tools.patch + CVE-2019-16275.patch + CVE-2021-0326.patch + CVE-2021-27803.patch + CVE-2021-30004.patch::https://w1.fi/cgit/hostap/patch/?id=a0541334a6394f8237a4393b7372693cd7e96f15 + + config" + +# secfixes: +# 2.9-r13: +# - CVE-2021-30004 +# 2.9-r12: +# - CVE-2021-27803 +# 2.9-r10: +# - CVE-2021-0326 +# 2.9-r5: +# - CVE-2019-16275 +# 2.7-r3: +# - CVE-2019-11555 +# 2.7-r2: +# - CVE-2019-9494 +# - CVE-2019-9495 +# - CVE-2019-9497 +# - CVE-2019-9498 +# - CVE-2019-9499 +# 2.6-r14: +# - CVE-2018-14526 +# 2.6-r7: +# - CVE-2017-13077 +# - CVE-2017-13078 +# - CVE-2017-13079 +# - CVE-2017-13080 +# - CVE-2017-13081 +# - CVE-2017-13082 +# - CVE-2017-13086 +# - CVE-2017-13087 +# - CVE-2017-13088 + +prepare() { + default_prepare + + # Copy our configuration file to the build directory + cp "$srcdir"/config "$builddir"/wpa_supplicant/.config +} + +build() { + cd "$builddir"/wpa_supplicant + make LIBDIR=/lib BINDIR=/sbin +} + +package() { + cd "$builddir"/wpa_supplicant + make DESTDIR="$pkgdir" LIBDIR=/lib BINDIR=/sbin install + + # openrc runscripts + install -Dm755 "$srcdir"/wpa_supplicant.initd \ + "$pkgdir"/etc/init.d/wpa_supplicant + install -Dm644 "$srcdir"/wpa_supplicant.confd \ + "$pkgdir"/etc/conf.d/wpa_supplicant +} + +sha512sums=" +37a33f22cab9d27084fbef29856eaea0f692ff339c5b38bd32402dccf293cb849afd4a870cd3b5ca78179f0102f4011ce2f3444a53dc41dc75a5863b0a2226c8 wpa_supplicant-2.9.tar.gz +92c4cbaa9776a354275640c9411d2f547f4c0e00415af4ab30039f1a0be6a11082d49e2514905010f0abcc4a9276353276da9864e3d5f7264a0f0767c8cc9d78 wpa_supplicant.initd +ec4185c202e4fd8f1270af01f6a4210d79980f4a91e56efe83dc7c8f99bb7f050ca2008f8411b02b45ac1574234c6391efe18ff3fa2f0680c2c732582dee3c09 wpa_supplicant.confd +39cb1a0706bdaf1797dc88543a62c5b68497a2f733e8b42e8eb1e1bb39a6513fc10bfdde8f7fcb0ad8370aba6325c7613b2b9a390be4a07c4e556a2c6c618d86 no-tools.patch +2be055dd1f7da5a3d8e79c2f2c0220ddd31df309452da18f290144d2112d6dbde0fc633bb2ad02c386a39d7785323acaf5f70e5969995a1e8303a094eb5fe232 eloop.patch +63710cfb0992f2c346a9807d8c97cbeaed032fa376a0e93a2e56f7742ce515e9c4dfadbdb1af03ba272281f639aab832f0178f67634c222a5d99e1d462aa9e38 CVE-2019-16275.patch +e212dd6a2c56c086c14a2c96f479f7a8e6521b6a24c648eb03363db078398e64a38e343ff6faa327d5a0244a7969ecd34c5844d676c697eeb8eb842101fa9cf9 CVE-2021-0326.patch +af8b4a526a6833de4921fcbbd1b03da7e027276c909d512bd59a95e9767ffe8580135f9aee8947c4317681c4fe130f7ec50cba947f8375313f832a66c66b2cd5 CVE-2021-27803.patch +674328dc44246ce10939a769ed70c71e94e61600592d54ed9088dacbed1fd3dd3d0a834c75825d1448380ec8c076eb30e0d72e601794f507c12db3b6e724af5e CVE-2021-30004.patch +5aeebaad14f9d43bac8d7322a5a001a54d2cbc83376528f08eaff60217b170c67a44b5a634c3c14c90eec134aee844d9b79c471c45cd601948f492d645ec9678 config +" diff --git a/aports/wpa_supplicant/CVE-2019-16275.patch b/aports/wpa_supplicant/CVE-2019-16275.patch new file mode 100644 index 0000000..d764a9d --- /dev/null +++ b/aports/wpa_supplicant/CVE-2019-16275.patch @@ -0,0 +1,73 @@ +From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Thu, 29 Aug 2019 11:52:04 +0300 +Subject: [PATCH] AP: Silently ignore management frame from unexpected source + address + +Do not process any received Management frames with unexpected/invalid SA +so that we do not add any state for unexpected STA addresses or end up +sending out frames to unexpected destination. This prevents unexpected +sequences where an unprotected frame might end up causing the AP to send +out a response to another device and that other device processing the +unexpected response. + +In particular, this prevents some potential denial of service cases +where the unexpected response frame from the AP might result in a +connected station dropping its association. + +Signed-off-by: Jouni Malinen +--- + src/ap/drv_callbacks.c | 13 +++++++++++++ + src/ap/ieee802_11.c | 12 ++++++++++++ + 2 files changed, 25 insertions(+) + +diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c +index 31587685fe3b..34ca379edc3d 100644 +--- a/src/ap/drv_callbacks.c ++++ b/src/ap/drv_callbacks.c +@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, + "hostapd_notif_assoc: Skip event with no address"); + return -1; + } ++ ++ if (is_multicast_ether_addr(addr) || ++ is_zero_ether_addr(addr) || ++ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) { ++ /* Do not process any frames with unexpected/invalid SA so that ++ * we do not add any state for unexpected STA addresses or end ++ * up sending out frames to unexpected destination. */ ++ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR ++ " in received indication - ignore this indication silently", ++ __func__, MAC2STR(addr)); ++ return 0; ++ } ++ + random_add_randomness(addr, ETH_ALEN); + + hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index c85a28db44b7..e7065372e158 100644 +--- a/src/ap/ieee802_11.c ++++ b/src/ap/ieee802_11.c +@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, + fc = le_to_host16(mgmt->frame_control); + stype = WLAN_FC_GET_STYPE(fc); + ++ if (is_multicast_ether_addr(mgmt->sa) || ++ is_zero_ether_addr(mgmt->sa) || ++ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { ++ /* Do not process any frames with unexpected/invalid SA so that ++ * we do not add any state for unexpected STA addresses or end ++ * up sending out frames to unexpected destination. */ ++ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR ++ " in received frame - ignore this frame silently", ++ MAC2STR(mgmt->sa)); ++ return 0; ++ } ++ + if (stype == WLAN_FC_STYPE_BEACON) { + handle_beacon(hapd, mgmt, len, fi); + return 1; +-- +2.20.1 + diff --git a/aports/wpa_supplicant/CVE-2021-0326.patch b/aports/wpa_supplicant/CVE-2021-0326.patch new file mode 100644 index 0000000..2ad5f44 --- /dev/null +++ b/aports/wpa_supplicant/CVE-2021-0326.patch @@ -0,0 +1,37 @@ +From 947272febe24a8f0ea828b5b2f35f13c3821901e Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Mon, 9 Nov 2020 11:43:12 +0200 +Subject: P2P: Fix copying of secondary device types for P2P group client + +Parsing and copying of WPS secondary device types list was verifying +that the contents is not too long for the internal maximum in the case +of WPS messages, but similar validation was missing from the case of P2P +group information which encodes this information in a different +attribute. This could result in writing beyond the memory area assigned +for these entries and corrupting memory within an instance of struct +p2p_device. This could result in invalid operations and unexpected +behavior when trying to free pointers from that corrupted memory. + +Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269 +Fixes: e57ae6e19edf ("P2P: Keep track of secondary device types for peers") +Signed-off-by: Jouni Malinen +--- + src/p2p/p2p.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c +index 74b7b52..5cbfc21 100644 +--- a/src/p2p/p2p.c ++++ b/src/p2p/p2p.c +@@ -453,6 +453,8 @@ static void p2p_copy_client_info(struct p2p_device *dev, + dev->info.config_methods = cli->config_methods; + os_memcpy(dev->info.pri_dev_type, cli->pri_dev_type, 8); + dev->info.wps_sec_dev_type_list_len = 8 * cli->num_sec_dev_types; ++ if (dev->info.wps_sec_dev_type_list_len > WPS_SEC_DEV_TYPE_MAX_LEN) ++ dev->info.wps_sec_dev_type_list_len = WPS_SEC_DEV_TYPE_MAX_LEN; + os_memcpy(dev->info.wps_sec_dev_type_list, cli->sec_dev_types, + dev->info.wps_sec_dev_type_list_len); + } +-- +cgit v0.12 + diff --git a/aports/wpa_supplicant/CVE-2021-27803.patch b/aports/wpa_supplicant/CVE-2021-27803.patch new file mode 100644 index 0000000..1942bb3 --- /dev/null +++ b/aports/wpa_supplicant/CVE-2021-27803.patch @@ -0,0 +1,50 @@ +From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Tue, 8 Dec 2020 23:52:50 +0200 +Subject: [PATCH] P2P: Fix a corner case in peer addition based on PD Request + +p2p_add_device() may remove the oldest entry if there is no room in the +peer table for a new peer. This would result in any pointer to that +removed entry becoming stale. A corner case with an invalid PD Request +frame could result in such a case ending up using (read+write) freed +memory. This could only by triggered when the peer table has reached its +maximum size and the PD Request frame is received from the P2P Device +Address of the oldest remaining entry and the frame has incorrect P2P +Device Address in the payload. + +Fix this by fetching the dev pointer again after having called +p2p_add_device() so that the stale pointer cannot be used. + +Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request") +Signed-off-by: Jouni Malinen +--- + src/p2p/p2p_pd.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c +index 3994ec03f86b..05fd593494ef 100644 +--- a/src/p2p/p2p_pd.c ++++ b/src/p2p/p2p_pd.c +@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa, + goto out; + } + ++ dev = p2p_get_device(p2p, sa); + if (!dev) { +- dev = p2p_get_device(p2p, sa); +- if (!dev) { +- p2p_dbg(p2p, +- "Provision Discovery device not found " +- MACSTR, MAC2STR(sa)); +- goto out; +- } ++ p2p_dbg(p2p, ++ "Provision Discovery device not found " ++ MACSTR, MAC2STR(sa)); ++ goto out; + } + } else if (msg.wfd_subelems) { + wpabuf_free(dev->info.wfd_subelems); +-- +2.25.1 + diff --git a/aports/wpa_supplicant/config b/aports/wpa_supplicant/config new file mode 100644 index 0000000..9b940cb --- /dev/null +++ b/aports/wpa_supplicant/config @@ -0,0 +1,628 @@ +# Example wpa_supplicant build time configuration +# +# This file lists the configuration options that are used when building the +# hostapd binary. All lines starting with # are ignored. Configuration option +# lines must be commented out complete, if they are not to be included, i.e., +# just setting VARIABLE=n is not disabling that variable. +# +# This file is included in Makefile, so variables like CFLAGS and LIBS can also +# be modified from here. In most cases, these lines should use += in order not +# to override previous values of the variables. + + +# Uncomment following two lines and fix the paths if you have installed OpenSSL +# or GnuTLS in non-default location +#CFLAGS += -I/usr/local/openssl/include +#LIBS += -L/usr/local/openssl/lib + +# Some Red Hat versions seem to include kerberos header files from OpenSSL, but +# the kerberos files are not in the default include path. Following line can be +# used to fix build issues on such systems (krb5.h not found). +#CFLAGS += -I/usr/include/kerberos + +# Driver interface for generic Linux wireless extensions +# Note: WEXT is deprecated in the current Linux kernel version and no new +# functionality is added to it. nl80211-based interface is the new +# replacement for WEXT and its use allows wpa_supplicant to properly control +# the driver to improve existing functionality like roaming and to support new +# functionality. +#CONFIG_DRIVER_WEXT=y + +# Driver interface for Linux drivers using the nl80211 kernel interface +CONFIG_DRIVER_NL80211=y + +# QCA vendor extensions to nl80211 +#CONFIG_DRIVER_NL80211_QCA=y + +# driver_nl80211.c requires libnl. If you are compiling it yourself +# you may need to point hostapd to your version of libnl. +# +#CFLAGS += -I$ +#LIBS += -L$ + +# Use libnl v2.0 (or 3.0) libraries. +#CONFIG_LIBNL20=y + +# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) +CONFIG_LIBNL32=y + + +# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) +#CONFIG_DRIVER_BSD=y +#CFLAGS += -I/usr/local/include +#LIBS += -L/usr/local/lib +#LIBS_p += -L/usr/local/lib +#LIBS_c += -L/usr/local/lib + +# Driver interface for Windows NDIS +#CONFIG_DRIVER_NDIS=y +#CFLAGS += -I/usr/include/w32api/ddk +#LIBS += -L/usr/local/lib +# For native build using mingw +#CONFIG_NATIVE_WINDOWS=y +# Additional directories for cross-compilation on Linux host for mingw target +#CFLAGS += -I/opt/mingw/mingw32/include/ddk +#LIBS += -L/opt/mingw/mingw32/lib +#CC=mingw32-gcc +# By default, driver_ndis uses WinPcap for low-level operations. This can be +# replaced with the following option which replaces WinPcap calls with NDISUIO. +# However, this requires that WZC is disabled (net stop wzcsvc) before starting +# wpa_supplicant. +# CONFIG_USE_NDISUIO=y + +# Driver interface for wired Ethernet drivers +#CONFIG_DRIVER_WIRED=y + +# Driver interface for MACsec capable Qualcomm Atheros drivers +#CONFIG_DRIVER_MACSEC_QCA=y + +# Driver interface for Linux MACsec drivers +#CONFIG_DRIVER_MACSEC_LINUX=y + +# Driver interface for the Broadcom RoboSwitch family +#CONFIG_DRIVER_ROBOSWITCH=y + +# Driver interface for no driver (e.g., WPS ER only) +#CONFIG_DRIVER_NONE=y + +# Solaris libraries +#LIBS += -lsocket -ldlpi -lnsl +#LIBS_c += -lsocket + +# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or +# MACsec is included) +CONFIG_IEEE8021X_EAPOL=y + +# EAP-MD5 +CONFIG_EAP_MD5=y + +# EAP-MSCHAPv2 +CONFIG_EAP_MSCHAPV2=y + +# EAP-TLS +CONFIG_EAP_TLS=y + +# EAL-PEAP +CONFIG_EAP_PEAP=y + +# EAP-TTLS +CONFIG_EAP_TTLS=y + +# EAP-FAST +# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed +# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., +# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. +CONFIG_EAP_FAST=y + +# EAP-TEAP +# Note: The current EAP-TEAP implementation is experimental and should not be +# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number +# of conflicting statements and missing details and the implementation has +# vendor specific workarounds for those and as such, may not interoperate with +# any other implementation. This should not be used for anything else than +# experimentation and interoperability testing until those issues has been +# resolved. +#CONFIG_EAP_TEAP=y + +# EAP-GTC +CONFIG_EAP_GTC=y + +# EAP-OTP +CONFIG_EAP_OTP=y + +# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) +CONFIG_EAP_SIM=y + +# Enable SIM simulator (Milenage) for EAP-SIM +#CONFIG_SIM_SIMULATOR=y + +# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) +CONFIG_EAP_PSK=y + +# EAP-pwd (secure authentication using only a password) +CONFIG_EAP_PWD=y + +# EAP-PAX +CONFIG_EAP_PAX=y + +# LEAP +CONFIG_EAP_LEAP=y + +# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) +CONFIG_EAP_AKA=y + +# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). +# This requires CONFIG_EAP_AKA to be enabled, too. +CONFIG_EAP_AKA_PRIME=y + +# Enable USIM simulator (Milenage) for EAP-AKA +#CONFIG_USIM_SIMULATOR=y + +# EAP-SAKE +#CONFIG_EAP_SAKE=y + +# EAP-GPSK +#CONFIG_EAP_GPSK=y +# Include support for optional SHA256 cipher suite in EAP-GPSK +#CONFIG_EAP_GPSK_SHA256=y + +# EAP-TNC and related Trusted Network Connect support (experimental) +#CONFIG_EAP_TNC=y + +# Wi-Fi Protected Setup (WPS) +CONFIG_WPS=y +# Enable WPS external registrar functionality +#CONFIG_WPS_ER=y +# Disable credentials for an open network by default when acting as a WPS +# registrar. +#CONFIG_WPS_REG_DISABLE_OPEN=y +# Enable WPS support with NFC config method +#CONFIG_WPS_NFC=y + +# EAP-IKEv2 +#CONFIG_EAP_IKEV2=y + +# EAP-EKE +#CONFIG_EAP_EKE=y + +# MACsec +#CONFIG_MACSEC=y + +# PKCS#12 (PFX) support (used to read private key and certificate file from +# a file that usually has extension .p12 or .pfx) +CONFIG_PKCS12=y + +# Smartcard support (i.e., private key on a smartcard), e.g., with openssl +# engine. +CONFIG_SMARTCARD=y + +# PC/SC interface for smartcards (USIM, GSM SIM) +# Enable this if EAP-SIM or EAP-AKA is included +CONFIG_PCSC=y + +# Support HT overrides (disable HT/HT40, mask MCS rates, etc.) +#CONFIG_HT_OVERRIDES=y + +# Support VHT overrides (disable VHT, mask MCS rates, etc.) +#CONFIG_VHT_OVERRIDES=y + +# Development testing +CONFIG_EAPOL_TEST=n + +# Enable IPv6 support in eapol_test. +# See: https://gitlab.alpinelinux.org/alpine/aports/-/issues/12429 +# +# XXX: This option is not documented in the wpa_supplicant defconfig. +CONFIG_IPV6=y + +# Select control interface backend for external programs, e.g, wpa_cli: +# unix = UNIX domain sockets (default for Linux/*BSD) +# udp = UDP sockets using localhost (127.0.0.1) +# udp6 = UDP IPv6 sockets using localhost (::1) +# named_pipe = Windows Named Pipe (default for Windows) +# udp-remote = UDP sockets with remote access (only for tests systems/purpose) +# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose) +# y = use default (backwards compatibility) +# If this option is commented out, control interface is not included in the +# build. +CONFIG_CTRL_IFACE=y + +# Include support for GNU Readline and History Libraries in wpa_cli. +# When building a wpa_cli binary for distribution, please note that these +# libraries are licensed under GPL and as such, BSD license may not apply for +# the resulting binary. +#CONFIG_READLINE=y + +# Include internal line edit mode in wpa_cli. This can be used as a replacement +# for GNU Readline to provide limited command line editing and history support. +#CONFIG_WPA_CLI_EDIT=y + +# Remove debugging code that is printing out debug message to stdout. +# This can be used to reduce the size of the wpa_supplicant considerably +# if debugging code is not needed. The size reduction can be around 35% +# (e.g., 90 kB). +#CONFIG_NO_STDOUT_DEBUG=y + +# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save +# 35-50 kB in code size. +#CONFIG_NO_WPA=y + +# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support +# This option can be used to reduce code size by removing support for +# converting ASCII passphrases into PSK. If this functionality is removed, the +# PSK can only be configured as the 64-octet hexstring (e.g., from +# wpa_passphrase). This saves about 0.5 kB in code size. +#CONFIG_NO_WPA_PASSPHRASE=y + +# Simultaneous Authentication of Equals (SAE), WPA3-Personal +CONFIG_SAE=y + +# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. +# This can be used if ap_scan=1 mode is never enabled. +#CONFIG_NO_SCAN_PROCESSING=y + +# Select configuration backend: +# file = text file (e.g., wpa_supplicant.conf; note: the configuration file +# path is given on command line, not here; this option is just used to +# select the backend that allows configuration files to be used) +# winreg = Windows registry (see win_example.reg for an example) +CONFIG_BACKEND=file + +# Remove configuration write functionality (i.e., to allow the configuration +# file to be updated based on runtime configuration changes). The runtime +# configuration can still be changed, the changes are just not going to be +# persistent over restarts. This option can be used to reduce code size by +# about 3.5 kB. +#CONFIG_NO_CONFIG_WRITE=y + +# Remove support for configuration blobs to reduce code size by about 1.5 kB. +#CONFIG_NO_CONFIG_BLOBS=y + +# Select program entry point implementation: +# main = UNIX/POSIX like main() function (default) +# main_winsvc = Windows service (read parameters from registry) +# main_none = Very basic example (development use only) +#CONFIG_MAIN=main + +# Select wrapper for operating system and C library specific functions +# unix = UNIX/POSIX like systems (default) +# win32 = Windows systems +# none = Empty template +#CONFIG_OS=unix + +# Select event loop implementation +# eloop = select() loop (default) +# eloop_win = Windows events and WaitForMultipleObject() loop +#CONFIG_ELOOP=eloop + +# Should we use poll instead of select? Select is used by default. +#CONFIG_ELOOP_POLL=y + +# Should we use epoll instead of select? Select is used by default. +#CONFIG_ELOOP_EPOLL=y + +# Should we use kqueue instead of select? Select is used by default. +#CONFIG_ELOOP_KQUEUE=y + +# Select layer 2 packet implementation +# linux = Linux packet socket (default) +# pcap = libpcap/libdnet/WinPcap +# freebsd = FreeBSD libpcap +# winpcap = WinPcap with receive thread +# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) +# none = Empty template +#CONFIG_L2_PACKET=linux + +# Disable Linux packet socket workaround applicable for station interface +# in a bridge for EAPOL frames. This should be uncommented only if the kernel +# is known to not have the regression issue in packet socket behavior with +# bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). +#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y + +# IEEE 802.11w (management frame protection), also known as PMF +# Driver support is also needed for IEEE 802.11w. +CONFIG_IEEE80211W=y +# +# Support Operating Channel Validation +#CONFIG_OCV=y + +# Select TLS implementation +# openssl = OpenSSL (default) +# gnutls = GnuTLS +# internal = Internal TLSv1 implementation (experimental) +# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) +# none = Empty template +CONFIG_TLS=openssl + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. It should be noted that some existing TLS v1.0 -based +# implementation may not be compatible with TLS v1.1 message (ClientHello is +# sent prior to negotiating which version will be used) +CONFIG_TLSV11=y + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. It should be +# noted that some existing TLS v1.0 -based implementation may not be compatible +# with TLS v1.2 message (ClientHello is sent prior to negotiating which version +# will be used) +CONFIG_TLSV12=y + +# Select which ciphers to use by default with OpenSSL if the user does not +# specify them. +#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" + +# If CONFIG_TLS=internal is used, additional library and include paths are +# needed for LibTomMath. Alternatively, an integrated, minimal version of +# LibTomMath can be used. See beginning of libtommath.c for details on benefits +# and drawbacks of this option. +#CONFIG_INTERNAL_LIBTOMMATH=y +#ifndef CONFIG_INTERNAL_LIBTOMMATH +#LTM_PATH=/usr/src/libtommath-0.39 +#CFLAGS += -I$(LTM_PATH) +#LIBS += -L$(LTM_PATH) +#LIBS_p += -L$(LTM_PATH) +#endif +# At the cost of about 4 kB of additional binary size, the internal LibTomMath +# can be configured to include faster routines for exptmod, sqr, and div to +# speed up DH and RSA calculation considerably +#CONFIG_INTERNAL_LIBTOMMATH_FAST=y + +# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. +# This is only for Windows builds and requires WMI-related header files and +# WbemUuid.Lib from Platform SDK even when building with MinGW. +#CONFIG_NDIS_EVENTS_INTEGRATED=y +#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" + +# Add support for old DBus control interface +# (fi.epitest.hostap.WPASupplicant) +#CONFIG_CTRL_IFACE_DBUS=y + +# Add support for new DBus control interface +# (fi.w1.hostap.wpa_supplicant1) +#CONFIG_CTRL_IFACE_DBUS_NEW=y + +# Add introspection support for new DBus control interface +#CONFIG_CTRL_IFACE_DBUS_INTRO=y + +# Add support for loading EAP methods dynamically as shared libraries. +# When this option is enabled, each EAP method can be either included +# statically (CONFIG_EAP_=y) or dynamically (CONFIG_EAP_=dyn). +# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to +# be loaded in the beginning of the wpa_supplicant configuration file +# (see load_dynamic_eap parameter in the example file) before being used in +# the network blocks. +# +# Note that some shared parts of EAP methods are included in the main program +# and in order to be able to use dynamic EAP methods using these parts, the +# main program must have been build with the EAP method enabled (=y or =dyn). +# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries +# unless at least one of them was included in the main build to force inclusion +# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included +# in the main build to be able to load these methods dynamically. +# +# Please also note that using dynamic libraries will increase the total binary +# size. Thus, it may not be the best option for targets that have limited +# amount of memory/flash. +#CONFIG_DYNAMIC_EAP_METHODS=y + +# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode +#CONFIG_IEEE80211R=y + +# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) +#CONFIG_DEBUG_FILE=y + +# Send debug messages to syslog instead of stdout +#CONFIG_DEBUG_SYSLOG=y +# Set syslog facility for debug messages +#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON + +# Add support for sending all debug messages (regardless of debug verbosity) +# to the Linux kernel tracing facility. This helps debug the entire stack by +# making it easy to record everything happening from the driver up into the +# same file, e.g., using trace-cmd. +#CONFIG_DEBUG_LINUX_TRACING=y + +# Add support for writing debug log to Android logcat instead of standard +# output +#CONFIG_ANDROID_LOG=y + +# Enable privilege separation (see README 'Privilege separation' for details) +#CONFIG_PRIVSEP=y + +# Enable mitigation against certain attacks against TKIP by delaying Michael +# MIC error reports by a random amount of time between 0 and 60 seconds +CONFIG_DELAYED_MIC_ERROR_REPORT=y + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, uncomment these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, uncomment these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +# wpa_supplicant depends on strong random number generation being available +# from the operating system. os_get_random() function is used to fetch random +# data when needed, e.g., for key generation. On Linux and BSD systems, this +# works by reading /dev/urandom. It should be noted that the OS entropy pool +# needs to be properly initialized before wpa_supplicant is started. This is +# important especially on embedded devices that do not have a hardware random +# number generator and may by default start up with minimal entropy available +# for random number generation. +# +# As a safety net, wpa_supplicant is by default trying to internally collect +# additional entropy for generating random data to mix in with the data fetched +# from the OS. This by itself is not considered to be very strong, but it may +# help in cases where the system pool is not initialized properly. However, it +# is very strongly recommended that the system pool is initialized with enough +# entropy either by using hardware assisted random number generator or by +# storing state over device reboots. +# +# wpa_supplicant can be configured to maintain its own entropy store over +# restarts to enhance random number generation. This is not perfect, but it is +# much more secure than using the same sequence of random numbers after every +# reboot. This can be enabled with -e command line option. The +# specified file needs to be readable and writable by wpa_supplicant. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal wpa_supplicant random pool can be +# disabled. This will save some in binary size and CPU use. However, this +# should only be considered for builds that are known to be used on devices +# that meet the requirements described above. +#CONFIG_NO_RANDOM_POOL=y + +# Should we attempt to use the getrandom(2) call that provides more reliable +# yet secure randomness source than /dev/random on Linux 3.17 and newer. +# Requires glibc 2.25 to build, falls back to /dev/random if unavailable. +#CONFIG_GETRANDOM=y + +# IEEE 802.11n (High Throughput) support (mainly for AP mode) +#CONFIG_IEEE80211N=y + +# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) +# (depends on CONFIG_IEEE80211N) +#CONFIG_IEEE80211AC=y + +# Wireless Network Management (IEEE Std 802.11v-2011) +# Note: This is experimental and not complete implementation. +#CONFIG_WNM=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks (GAS/ANQP to learn more about the networks and network +# selection based on available credentials). +#CONFIG_INTERWORKING=y + +# Hotspot 2.0 +#CONFIG_HS20=y + +# Enable interface matching in wpa_supplicant +#CONFIG_MATCH_IFACE=y + +# Disable roaming in wpa_supplicant +#CONFIG_NO_ROAMING=y + +# AP mode operations with wpa_supplicant +# This can be used for controlling AP mode operations with wpa_supplicant. It +# should be noted that this is mainly aimed at simple cases like +# WPA2-Personal while more complex configurations like WPA2-Enterprise with an +# external RADIUS server can be supported with hostapd. +CONFIG_AP=y + +# P2P (Wi-Fi Direct) +# This can be used to enable P2P support in wpa_supplicant. See README-P2P for +# more information on P2P operations. +CONFIG_P2P=y + +# Enable TDLS support +#CONFIG_TDLS=y + +# Wi-Fi Display +# This can be used to enable Wi-Fi Display extensions for P2P using an external +# program to control the additional information exchanges in the messages. +#CONFIG_WIFI_DISPLAY=y + +# Autoscan +# This can be used to enable automatic scan support in wpa_supplicant. +# See wpa_supplicant.conf for more information on autoscan usage. +# +# Enabling directly a module will enable autoscan support. +# For exponential module: +#CONFIG_AUTOSCAN_EXPONENTIAL=y +# For periodic module: +#CONFIG_AUTOSCAN_PERIODIC=y + +# Password (and passphrase, etc.) backend for external storage +# These optional mechanisms can be used to add support for storing passwords +# and other secrets in external (to wpa_supplicant) location. This allows, for +# example, operating system specific key storage to be used +# +# External password backend for testing purposes (developer use) +#CONFIG_EXT_PASSWORD_TEST=y + +# Enable Fast Session Transfer (FST) +#CONFIG_FST=y + +# Enable CLI commands for FST testing +#CONFIG_FST_TEST=y + +# OS X builds. This is only for building eapol_test. +#CONFIG_OSX=y + +# Automatic Channel Selection +# This will allow wpa_supplicant to pick the channel automatically when channel +# is set to "0". +# +# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative +# to "channel=0". This would enable us to eventually add other ACS algorithms in +# similar way. +# +# Automatic selection is currently only done through initialization, later on +# we hope to do background checks to keep us moving to more ideal channels as +# time goes by. ACS is currently only supported through the nl80211 driver and +# your driver must have survey dump capability that is filled by the driver +# during scanning. +# +# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with +# a newly to create wpa_supplicant.conf variable acs_num_scans. +# +# Supported ACS drivers: +# * ath9k +# * ath5k +# * ath10k +# +# For more details refer to: +# http://wireless.kernel.org/en/users/Documentation/acs +#CONFIG_ACS=y + +# Support Multi Band Operation +#CONFIG_MBO=y + +# Fast Initial Link Setup (FILS) (IEEE 802.11ai) +#CONFIG_FILS=y +# FILS shared key authentication with PFS +#CONFIG_FILS_SK_PFS=y + +# Support RSN on IBSS networks +# This is needed to be able to use mode=1 network profile with proto=RSN and +# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None). +CONFIG_IBSS_RSN=y + +# External PMKSA cache control +# This can be used to enable control interface commands that allow the current +# PMKSA cache entries to be fetched and new entries to be added. +#CONFIG_PMKSA_CACHE_EXTERNAL=y + +# Mesh Networking (IEEE 802.11s) +#CONFIG_MESH=y + +# Background scanning modules +# These can be used to request wpa_supplicant to perform background scanning +# operations for roaming within an ESS (same SSID). See the bgscan parameter in +# the wpa_supplicant.conf file for more details. +# Periodic background scans based on signal strength +CONFIG_BGSCAN_SIMPLE=y +# Learn channels used by the network and try to avoid bgscans on other +# channels (experimental) +#CONFIG_BGSCAN_LEARN=y + +# Opportunistic Wireless Encryption (OWE) +# Experimental implementation of draft-harkins-owe-07.txt +#CONFIG_OWE=y + +# Device Provisioning Protocol (DPP) +# This requires CONFIG_IEEE80211W=y to be enabled, too. (see +# wpa_supplicant/README-DPP for details) +#CONFIG_DPP=y diff --git a/aports/wpa_supplicant/eloop.patch b/aports/wpa_supplicant/eloop.patch new file mode 100644 index 0000000..bab2cee --- /dev/null +++ b/aports/wpa_supplicant/eloop.patch @@ -0,0 +1,16 @@ +$OpenBSD: patch-src_utils_eloop_c,v 1.5 2015/09/29 11:57:54 dcoppa Exp $ + +don't try to access list members to free them unless already initialised + +--- a/src/utils/eloop.c.orig Sun Sep 27 21:02:05 2015 ++++ b/src/utils/eloop.c Mon Sep 28 09:35:05 2015 +@@ -1064,6 +1064,9 @@ void eloop_destroy(void) + struct eloop_timeout *timeout, *prev; + struct os_reltime now; + ++ if (eloop.timeout.prev == NULL) ++ return; ++ + os_get_reltime(&now); + dl_list_for_each_safe(timeout, prev, &eloop.timeout, + struct eloop_timeout, list) { diff --git a/aports/wpa_supplicant/no-tools.patch b/aports/wpa_supplicant/no-tools.patch new file mode 100644 index 0000000..3282352 --- /dev/null +++ b/aports/wpa_supplicant/no-tools.patch @@ -0,0 +1,54 @@ +--- wpa_supplicant-2.9/wpa_supplicant/Makefile.orig ++++ wpa_supplicant-2.9/wpa_supplicant/Makefile +@@ -44,12 +44,8 @@ + CONFIG_TDLS_TESTING=y + endif + +-BINALL=wpa_supplicant wpa_cli ++BINALL=wpa_supplicant + +-ifndef CONFIG_NO_WPA_PASSPHRASE +-BINALL += wpa_passphrase +-endif +- + ALL = $(BINALL) + ALL += systemd/wpa_supplicant.service + ALL += systemd/wpa_supplicant@.service +@@ -1805,7 +1801,7 @@ + OBJS_priv += ../src/drivers/driver_common.o + + OBJS += wpa_supplicant.o events.o blacklist.o wpas_glue.o scan.o +-OBJS_t := $(OBJS) $(OBJS_l2) eapol_test.o ++OBJS_t := $(OBJS) $(OBJS_l2) + OBJS_t += ../src/radius/radius_client.o + OBJS_t += ../src/radius/radius.o + ifndef CONFIG_AP +@@ -1903,10 +1899,6 @@ + $(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS) + @$(E) " LD " $@ + +-eapol_test: $(OBJS_t) +- $(Q)$(LDO) $(LDFLAGS) -o eapol_test $(OBJS_t) $(LIBS) +- @$(E) " LD " $@ +- + preauth_test: $(OBJS_t2) + $(Q)$(LDO) $(LDFLAGS) -o preauth_test $(OBJS_t2) $(LIBS) + @$(E) " LD " $@ +@@ -2007,8 +1999,6 @@ + mv -f $< $@ + win_if_list.exe: win_if_list + mv -f $< $@ +-eapol_test.exe: eapol_test +- mv -f $< $@ + + WINALL=wpa_supplicant.exe wpa_cli.exe wpa_passphrase.exe win_if_list.exe + +@@ -2040,7 +2030,7 @@ + $(MAKE) -C ../src clean + $(MAKE) -C dbus clean + rm -f core *~ *.o *.d *.gcno *.gcda *.gcov +- rm -f eap_*.so $(ALL) $(WINALL) eapol_test preauth_test ++ rm -f eap_*.so $(ALL) $(WINALL) preauth_test + rm -f wpa_priv + rm -f nfc_pw_token + rm -f lcov.info diff --git a/aports/wpa_supplicant/wpa_supplicant.confd b/aports/wpa_supplicant/wpa_supplicant.confd new file mode 100644 index 0000000..d93fcef --- /dev/null +++ b/aports/wpa_supplicant/wpa_supplicant.confd @@ -0,0 +1,3 @@ +wpa_supplicant_args="" +wpa_supplicant_dbus=no +wpa_supplicant_conf=/media/wpa/wpa_supplicant.conf diff --git a/aports/wpa_supplicant/wpa_supplicant.initd b/aports/wpa_supplicant/wpa_supplicant.initd new file mode 100644 index 0000000..c1a4834 --- /dev/null +++ b/aports/wpa_supplicant/wpa_supplicant.initd @@ -0,0 +1,79 @@ +#!/sbin/openrc-run +# Copyright (c) 2009 Roy Marples +# All rights reserved. Released under the 2-clause BSD license. +supervisor=supervise-daemon + +name="WPA Supplicant" +description="Wi-Fi Protected Access client and IEEE 802.1X supplicant" + +command=/sbin/wpa_supplicant +wpa_supplicant_if=${wpa_supplicant_if:+-i}$wpa_supplicant_if +command_args="$wpa_supplicant_args $wpa_supplicant_if" + +default_conf=/etc/wpa_supplicant/wpa_supplicant.conf + +depend() { + need localmount + use logger dbus + after bootmisc modules entropy udev-settle + before dns dhcpcd net + keyword -shutdown +} + +find_wireless() { + local iface= + for iface in /sys/class/net/*; do + if [ -e "$iface"/wireless -o -e "$iface"/phy80211 ]; then + echo "${iface##*/}" + return 0 + fi + done + + return 1 +} + +append_wireless() { + local iface= i= + + iface=$(find_wireless) + if [ -n "$iface" ]; then + for i in $iface; do + command_args="$command_args -i$i" + done + else + eerror "Could not find a wireless interface" + fi +} + +start_pre() { + case " $command_args" in + *" -i"*) ;; + *) append_wireless;; + esac + + # set default conf if dbus is explicitly disabled + if [ -n "${wpa_supplicant_dbus}" ] && ! yesno "${wpa_supplicant_dbus}"; then + : ${wpa_supplicant_conf:=${default_conf}} + fi + + # use default conf if it exists + if [ -f "${default_conf}" ]; then + : ${wpa_supplicant_conf:=${default_conf}} + fi + + # enable default dbus if we still dont have a config + if [ -z "${wpa_supplicant_conf}" ]; then + : ${wpa_supplicant_dbus:=yes} + else + command_args="${command_args} -c$wpa_supplicant_conf" + fi + case " ${command_args}" in + *" -u"*);; + *) if yesno "{wpa_supplicant_dbus}"; then + command_args="-u ${command_args}" + fi + ;; + esac + + checkpath -d -m 0755 -o root:root /var/run/wpa_supplicant +} -- cgit v1.2.3