base-files: Allow to disable failsafe mode
authorLuka Perkov <luka@openwrt.org>
Tue, 10 May 2016 22:36:27 +0000 (22:36 +0000)
committerLuka Perkov <luka@openwrt.org>
Tue, 10 May 2016 22:36:27 +0000 (22:36 +0000)
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
SVN-Revision: 49326

package/base-files/Makefile
package/base-files/files/lib/preinit/10_indicate_failsafe
package/base-files/files/lib/preinit/30_failsafe_wait
package/base-files/files/lib/preinit/40_run_failsafe_hook
package/base-files/image-config.in

index 8bb622552747dc184fdca779adb3e2bc1f4240a3..08ba43ca5509c4ff76e435c32263686a4ac99f5a 100644 (file)
@@ -17,7 +17,7 @@ PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/
 PKG_BUILD_DEPENDS:=usign/host
 PKG_LICENSE:=GPL-2.0
 
-PKG_CONFIG_DEPENDS := CONFIG_SIGNED_PACKAGES CONFIG_TARGET_INIT_PATH
+PKG_CONFIG_DEPENDS := CONFIG_SIGNED_PACKAGES CONFIG_TARGET_INIT_PATH CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -81,6 +81,7 @@ define ImageConfigOptions
        echo 'pi_broadcast=$(if $(CONFIG_TARGET_PREINIT_BROADCAST),$(CONFIG_TARGET_PREINIT_BROADCAST),"192.168.1.255")' >>$(1)/lib/preinit/00_preinit.conf
        echo 'pi_preinit_net_messages="$(CONFIG_TARGET_PREINIT_SHOW_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
        echo 'pi_preinit_no_failsafe_netmsg="$(CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
+       echo 'pi_preinit_no_failsafe="$(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE)"' >>$(1)/lib/preinit/00_preinit.conf
 endef
 endif
 
index 6afae410b681e51c9cad0762f2347c5ad7729f92..27b94c140fb80a12a58f6ce511dd9728c29be710 100644 (file)
@@ -9,6 +9,7 @@ indicate_failsafe_led () {
 }
 
 indicate_failsafe() {
+       [ "$pi_preinit_no_failsafe" = "y" ] && return
        echo "- failsafe -"
        preinit_net_echo "Entering Failsafe!\n"
        indicate_failsafe_led
index 3d69baf3a4b34397086f00297485ff85c7a16171..9a34f2de4cb39a890e5f34faa175a9e587d7a484 100644 (file)
@@ -39,7 +39,7 @@ fs_wait_for_key () {
                rm -f $keypress_wait
        } &
 
-       echo "Press the [$1] key and hit [enter] $2"
+       [ "$pi_preinit_no_failsafe" != "y" ] && echo "Press the [$1] key and hit [enter] $2"
        echo "Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level"
        # if we're on the console we wait for input
        {
@@ -82,6 +82,10 @@ fs_wait_for_key () {
 
 failsafe_wait() {
        FAILSAFE=
+       [ "$pi_preinit_no_failsafe" == "y" ] && {
+               fs_wait_for_key "" "" $fs_failsafe_wait_timeout
+               return
+       }
        grep -q 'failsafe=' /proc/cmdline && FAILSAFE=true && export FAILSAFE
        if [ "$FAILSAFE" != "true" ]; then
                pi_failsafe_net_message=true
index cb43ad39cbae07c533af63d7ff445d41a5b988df..7301f77349a1a1e42fcef9bcbc927ef55c83b991 100644 (file)
@@ -3,6 +3,7 @@
 # Copyright (C) 2010 Vertical Communications
 
 run_failsafe_hook() {
+    [ "$pi_preinit_no_failsafe" = "y" ] && return
     if [ "$FAILSAFE" = "true" ]; then
        boot_run_hook failsafe
        lock -w /tmp/.failsafe
index 3dfbedcfe590f15a0faa7766eb4af03429ec1534..4cc835d5077e41b4b0ca59870f479183e4f26e42 100644 (file)
@@ -24,13 +24,24 @@ config TARGET_PREINIT_SUPPRESS_STDERR
                the ash shell launched by inittab will display stderr).  That's
                the same behaviour as seen in previous version of OpenWrt.
 
+config TARGET_PREINIT_DISABLE_FAILSAFE
+       bool
+       prompt "Disable failsafe" if PREINITOPT
+       default n
+       help
+               Disable failsafe mode.  While it is very handy while
+               experimenting or developing it really ought to be
+               disabled in production environments as it is a major
+               security loophole.
+
 config TARGET_PREINIT_TIMEOUT
        int
-       prompt "Failsafe wait timeout" if PREINITOPT
+       prompt "Failsafe/Debug wait timeout" if PREINITOPT
        default 2
        help
-               How long to wait for failsafe mode to be entered before
-               continuing with a regular boot if failsafe not selected.
+               How long to wait for failsafe mode to be entered or for
+               a debug option to be pressed before continuing with a
+               regular boot.
 
 config TARGET_PREINIT_SHOW_NETMSG
        bool
@@ -45,7 +56,7 @@ config TARGET_PREINIT_SHOW_NETMSG
 
 config TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG
        bool
-       prompt "Suppress network message indicating failsafe" if PREINITOPT
+       prompt "Suppress network message indicating failsafe" if ( PREINITOPT && !TARGET_PREINIT_SHOW_NETMSG && !TARGET_PREINIT_DISABLE_FAILSAFE )
        default n
        help
                If "Show all preinit network messages" above is not set, then