On some host machines (example: Gentoo amd64 no-multilib) by default
cmake will install libraries to lib64. But in OpenWrt the correct libdir
is lib (for instance the RPATH is set to lib). So you may end up with
libraries in lib64 while RPATH points to lib:
sk@darth ~/tmp/openwrt $ ldd staging_dir/hostpkg/bin/protoc
linux-vdso.so.1 (0x00007ffc741ea000)
libprotoc.so.3.8.0.0 => not found
libprotobuf.so.3.8.0.0 => not found
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f0a8f7ea000)
libstdc++.so.6 => /usr/lib/gcc/x86_64-pc-linux-gnu/9.2.0/libstdc++.so.6 (0x00007f0a8f572000)
libm.so.6 => /lib64/libm.so.6 (0x00007f0a8f427000)
libgcc_s.so.1 => /usr/lib/gcc/x86_64-pc-linux-gnu/9.2.0/libgcc_s.so.1 (0x00007f0a8f40d000)
libc.so.6 => /lib64/libc.so.6 (0x00007f0a8f23c000)
/lib64/ld-linux-x86-64.so.2 (0x00007f0a8f827000)
sk@darth ~/tmp/openwrt $
Fix this by specifying the libdir during host builds.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Implement a new "cgi-exec" applet which allows to invoke remote commands
and stream their stdandard output back to the client via HTTP. This is
needed in cases where large amounts of data or binary encoded contents
such as tar archives need to be transferred, which are unsuitable to be
transported via ubus directly.
The exec call is guarded by the same ACL semantics as rpcd's file plugin,
means in order to be able to execute a command remotely, the ubus session
identified by the given session ID must have read access to the "exec"
function of the "cgi-io" scope and an explicit "exec" permission rule for
the invoked command in the "file" scope.
In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "command" specifiying the commandline
to invoke.
Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".
Below is an example for the required ACL rules to grant exec access to
both the "date" and "iptables" commands. The "date" rule specifies the
base name of the executable and thus allows invocation with arbitrary
parameters while the latter "iptables" rule merely allows one specific
set of arguments which must appear exactly in the given order.
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "cgi-io",
"objects": [
[ "exec", "read" ]
]
}'
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/bin/date", "exec" ],
[ "/usr/sbin/iptables -n -v -L", "exec" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
- IPv6 support
- Fix HTTP/2 negociation
- Improve endpoint fallback
- Add support for unencrypted DNS
- Many other fixes and features
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
When present on the build system dnsdist will try to make use of libcap. This
change adds an explicit dependency to ensure it's present at build time, to
prevent build failures when another package brings the dependency in.
Signed-off-by: James Taylor <james@jtaylor.id.au>