From 8c9f0aa3edaabbe9967efbd19d5d442813feb728 Mon Sep 17 00:00:00 2001 From: Luka Perkov Date: Tue, 10 May 2016 22:36:27 +0000 Subject: [PATCH] base-files: Allow to disable failsafe mode Signed-off-by: Daniel Dickinson SVN-Revision: 49326 --- package/base-files/Makefile | 3 ++- .../files/lib/preinit/10_indicate_failsafe | 1 + .../files/lib/preinit/30_failsafe_wait | 6 +++++- .../files/lib/preinit/40_run_failsafe_hook | 1 + package/base-files/image-config.in | 19 +++++++++++++++---- 5 files changed, 24 insertions(+), 6 deletions(-) diff --git a/package/base-files/Makefile b/package/base-files/Makefile index 8bb6225527..08ba43ca55 100644 --- a/package/base-files/Makefile +++ b/package/base-files/Makefile @@ -17,7 +17,7 @@ PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/ PKG_BUILD_DEPENDS:=usign/host PKG_LICENSE:=GPL-2.0 -PKG_CONFIG_DEPENDS := CONFIG_SIGNED_PACKAGES CONFIG_TARGET_INIT_PATH +PKG_CONFIG_DEPENDS := CONFIG_SIGNED_PACKAGES CONFIG_TARGET_INIT_PATH CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE include $(INCLUDE_DIR)/package.mk @@ -81,6 +81,7 @@ define ImageConfigOptions echo 'pi_broadcast=$(if $(CONFIG_TARGET_PREINIT_BROADCAST),$(CONFIG_TARGET_PREINIT_BROADCAST),"192.168.1.255")' >>$(1)/lib/preinit/00_preinit.conf echo 'pi_preinit_net_messages="$(CONFIG_TARGET_PREINIT_SHOW_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf echo 'pi_preinit_no_failsafe_netmsg="$(CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf + echo 'pi_preinit_no_failsafe="$(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE)"' >>$(1)/lib/preinit/00_preinit.conf endef endif diff --git a/package/base-files/files/lib/preinit/10_indicate_failsafe b/package/base-files/files/lib/preinit/10_indicate_failsafe index 6afae410b6..27b94c140f 100644 --- a/package/base-files/files/lib/preinit/10_indicate_failsafe +++ b/package/base-files/files/lib/preinit/10_indicate_failsafe @@ -9,6 +9,7 @@ indicate_failsafe_led () { } indicate_failsafe() { + [ "$pi_preinit_no_failsafe" = "y" ] && return echo "- failsafe -" preinit_net_echo "Entering Failsafe!\n" indicate_failsafe_led diff --git a/package/base-files/files/lib/preinit/30_failsafe_wait b/package/base-files/files/lib/preinit/30_failsafe_wait index 3d69baf3a4..9a34f2de4c 100644 --- a/package/base-files/files/lib/preinit/30_failsafe_wait +++ b/package/base-files/files/lib/preinit/30_failsafe_wait @@ -39,7 +39,7 @@ fs_wait_for_key () { rm -f $keypress_wait } & - echo "Press the [$1] key and hit [enter] $2" + [ "$pi_preinit_no_failsafe" != "y" ] && echo "Press the [$1] key and hit [enter] $2" echo "Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level" # if we're on the console we wait for input { @@ -82,6 +82,10 @@ fs_wait_for_key () { failsafe_wait() { FAILSAFE= + [ "$pi_preinit_no_failsafe" == "y" ] && { + fs_wait_for_key "" "" $fs_failsafe_wait_timeout + return + } grep -q 'failsafe=' /proc/cmdline && FAILSAFE=true && export FAILSAFE if [ "$FAILSAFE" != "true" ]; then pi_failsafe_net_message=true diff --git a/package/base-files/files/lib/preinit/40_run_failsafe_hook b/package/base-files/files/lib/preinit/40_run_failsafe_hook index cb43ad39cb..7301f77349 100644 --- a/package/base-files/files/lib/preinit/40_run_failsafe_hook +++ b/package/base-files/files/lib/preinit/40_run_failsafe_hook @@ -3,6 +3,7 @@ # Copyright (C) 2010 Vertical Communications run_failsafe_hook() { + [ "$pi_preinit_no_failsafe" = "y" ] && return if [ "$FAILSAFE" = "true" ]; then boot_run_hook failsafe lock -w /tmp/.failsafe diff --git a/package/base-files/image-config.in b/package/base-files/image-config.in index 3dfbedcfe5..4cc835d507 100644 --- a/package/base-files/image-config.in +++ b/package/base-files/image-config.in @@ -24,13 +24,24 @@ config TARGET_PREINIT_SUPPRESS_STDERR the ash shell launched by inittab will display stderr). That's the same behaviour as seen in previous version of OpenWrt. +config TARGET_PREINIT_DISABLE_FAILSAFE + bool + prompt "Disable failsafe" if PREINITOPT + default n + help + Disable failsafe mode. While it is very handy while + experimenting or developing it really ought to be + disabled in production environments as it is a major + security loophole. + config TARGET_PREINIT_TIMEOUT int - prompt "Failsafe wait timeout" if PREINITOPT + prompt "Failsafe/Debug wait timeout" if PREINITOPT default 2 help - How long to wait for failsafe mode to be entered before - continuing with a regular boot if failsafe not selected. + How long to wait for failsafe mode to be entered or for + a debug option to be pressed before continuing with a + regular boot. config TARGET_PREINIT_SHOW_NETMSG bool @@ -45,7 +56,7 @@ config TARGET_PREINIT_SHOW_NETMSG config TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG bool - prompt "Suppress network message indicating failsafe" if PREINITOPT + prompt "Suppress network message indicating failsafe" if ( PREINITOPT && !TARGET_PREINIT_SHOW_NETMSG && !TARGET_PREINIT_DISABLE_FAILSAFE ) default n help If "Show all preinit network messages" above is not set, then -- 2.30.2