fping requires either root or CAP_NET_PING to work, otherwise it is
useless. Use INSTALL_SUID so that fping will be setuid root, and thus
it will be usable by non-root users.
fping knows to drop root priviledges after it parses the command line
and creates the ping socket. You actually get a lot less code running
as root when you make it setuid root and run it from an unprivileged
user.
This is the same way net/iputils already handles "ping", which has the
same requirements.
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
Linux kernel and iproute2 together now implement strict checking of the
existence of route tables.
Previously kernel does not support filtering by table id, now it does
and will error with nlmsgerr "ipv4: FIB table does not exist".
Previously iproute2 dump all routes and filter by table id in userspace,
now this has changed with iproute2 commit c7e6371bc4af ("ip route: Add
protocol, table id and device to dump request")
Error scene
root@OpenWrt:/# ip route flush table 100
Error: ipv4: FIB table does not exist.
Flush terminated
root@OpenWrt:/# echo $?
2
Fixes: https://github.com/openwrt/packages/issues/12095
Ref: https://lists.openwall.net/netdev/2019/05/02/105
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
When libevhtp is added to a package's PKG_BUILD_DEPENDS (i.e. for
seafile-server), libevhtp's target package dependencies are not
automatically selected, in particular libevent2-openssl and
libevent2-pthreads.
Moreover, if libevent-openssl and libevent2-pthreads are not selected,
OpenSSL and thread support are disabled when compiling libevent2, which
in turn causes a compile error when building libevhtp.
This adds a config option, LIBEVHTP_BUILD_DEPENDS, that will select
libevent2-openssl and libevent2-pthreads (via LIBEVHTP_BUILD_SELECT)
when it is selected.
Other build dependencies are moved to PKG_BUILD_DEPENDS.
This also updates seafile-server to remove the (indirect) dependencies
added in 13d843fec1 and instead select
LIBEVHTP_BUILD_DEPENDS.
This also updates the maintainer's email address and adds myself as
another maintainer.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The init.d script for sshd never generates an ecdsa HostKey as seen
here:
for type in rsa ed25519
do
# check for keys
key=/etc/ssh/ssh_host_${type}_key
[ ! -f $key ] && {
# generate missing keys
[ -x /usr/bin/ssh-keygen ] && {
/usr/bin/ssh-keygen -N '' -t $type -f $key 2>&- >&-
}
}
done
so we'll never succeed at loading one. Get rid of the resultant
error message in logging:
May 5 17:13:59 OpenWrt sshd[20070]: error: Unable to load host key: /etc/ssh/ssh_host_ecdsa_key
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
If BI_PARM is never set, it's "" and causes
infinite loop (before my PR sent upstream) or
error out (after my PR sent upstream).
Append -b option only if it's valid.
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
To use eap tls, 'tmpdir' must be created before server starts.
This 'tmpdir' is used to store and verify client certificate,
and therefore radiusd do 'chmod go-rwx'.
If 'tmpdir' does NOT exists, server failed to start and default
'tmpdir' is '/tmp/radiusd'. So init script MUST create default
'tmpdir' like other directories.
Signed-off-by: Eiji MATSUMOTO <toudaiman@gmail.com>
More threads can lead to a problem if a luci-app makes a fork
(e.g. for executing a command). Parallelism is still achieved
by using `processes = 3`.
Make the log more verbose by filtering only standard messages
for start/stop/reload out (leaving one line each).
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
Openwrt is a single user system. So keepalived is runnig as root.
If we add the config options `script_user root` and
`enabled_script_security' the following warnings are gone.
> local1.info Keepalived_vrrp[5382]: SECURITY VIOLATION - scripts are
being executed but script_security not enabled.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
As wifidog-ng builds a kernel module, it must use a PKG_BUILD_DIR in
KERNEL_BUILD_DIR instead of BUILD_DIR, otherwise old build artifacts may
be incorrectly reused when switching between different targets of same
architecture without a full clean.
Instead of fixing up the override, just remove it and instead move the
kernel.mk include above package.mk, so PKG_BUILD_DIR is set up correctly
by default.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
fix mips runtime by backporting some yang changes from master
added commited fixes to 7.3
also add option for snmp support
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Add possibility for user to provide setup and cleanup scripts for
additional flexibility. Setup-script takes precedence over the built-in
behavior of uacme.
This helps users with more complex use-cases to utilize uacme to update
certificates without adding complexity to the provided run.sh script.
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
Add possibility for user to provide setup and cleanup scripts for
additional flexibility. Setup-script takes precedence over the built-in
behavior of acme.
This helps users with more complex use-cases to utilize acme to update
certificates without adding complexity to the provided run.sh script.
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
An interface can have both a /64 and a /128 from a provider.
In such a case, use the address from the /64 to do the ping check, not
the /128.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
Since 19.07, netifd will not try to bring a device up
after someone brought it down. This way, there is no need
to rename the device.
It also fixes a rename error on 19.07 when the *_down device
was being in use (by netifd?).
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* Remove preinst, the default prerm script will stop the service
* Use default Python package filespec and shebang fix
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This updates the package to use the default Python package build recipe,
adds a src package, and changes to download from PyPI (using pypi.mk).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
And libevent2-pthreads to DEPENDS.
While building with -j12 I seem to get:
[ sometimes this also includes libevent2-openssl ]
```
-- EVHTP_VERSION : 1.2.18
-- EVHTP_DISABLE_SSL : OFF
-- EVHTP_DISABLE_EVTHR : OFF
-- EVHTP_DISABLE_REGEX : OFF
-- EVHTP_BUILD_SHARED :
-- EVHTP_USE_JEMALLOC :
-- EVHTP_USE_TCMALLOC :
-- CMAKE_BUILD_TYPE : Release
-- CMAKE_INSTALL_PREFIX : /usr
-- CMAKE_BINARY_DIR : /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18
-- CMAKE_CURRENT_BINARY_DIR : /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18
-- CMAKE_CURRENT_SOURCE_DIR : /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18
-- PROJECT_BINARY_DIR : /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18
-- PROJECT_SOURCE_DIR : /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18
-- CMAKE_MODULE_PATH : /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/cmake
-- CMAKE_SYSTEM_NAME : Linux
-- CMAKE_SYSTEM_VERSION : 1
-- CMAKE_C_COMPILER : /home/sandu/work/openwrt/openwrt/staging_dir/toolchain-i386_pentium4_gcc-8.4.0_musl/bin/i486-openwrt-linux-musl-gcc
-- CMAKE_AR : /home/sandu/work/openwrt/openwrt/staging_dir/toolchain-i386_pentium4_gcc-8.4.0_musl/bin/i486-openwrt-linux-musl-gcc-ar
-- CMAKE_RANLIB : /home/sandu/work/openwrt/openwrt/staging_dir/toolchain-i386_pentium4_gcc-8.4.0_musl/bin/i486-openwrt-linux-musl-gcc-ranlib
-- CFLAGS : -Os -pipe -march=pentium4 -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -ffile-prefix-map=/home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18=libevhtp-1.2.18 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro
-DNDEBUG
-- Configuring done
CMake Error: The following variables are used in this project, but they are set to NOTFOUND.
Please set them or make sure they are set and tested correctly in the CMake files:
LIBEVENT_THREAD
linked by target "evhtp" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18
linked by target "test_proxy" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_basic" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "test_client" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_https_client" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "test_vhost" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "test_basic" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "test_extensive" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_chunked" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "test_query" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "test_perf" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_pause" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_https_server" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_vhost" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_request_fini" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
-- Generating done
CMake Warning:
Manually-specified variables were not used by the project:
CMAKE_ASM_COMPILER
CMAKE_ASM_COMPILER_ARG1
CMAKE_MODULE_LINKER_FLAGS
CMAKE_SHARED_LINKER_FLAGS
DL_LIBRARY
CMake Generate step failed. Build files cannot be regenerated correctly.
```
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Henrique de Moraes Holschuh
Yousong Zhou
Syrone Wong
Jeffery To
Philip Prindeville
Eiji MATSUMOTO
Stan Grishin
Peter Stadler
Toke Høiland-Jørgensen
Florian Eckert
Matthias Schiffer
W. van den Akker
Warren Ng
Lucian Cristian
Jeroen Peelaerts
Jan Pavlinec
Nikos Mavrogiannopoulos
Ian Cooper
Antti Seppälä
Darryl Sokoloski
Brian J. Murrell
Huangbin Zhan
Marco Gulino
Luiz Angelo Daros de Luca
Dirk Brenken
Zheng Luo
Alexandru Ardelean
Robby K