seedrng #3

Open

lbailly wants to merge 57 commits from seedrng into main

pull from: seedrng

merge into: lbailly:main

lbailly:main

lbailly:systemd

lbailly:shell-customization

lbailly:CI

lbailly:multi-vm-ci

lbailly:strong-tftp

lbailly:zyxel-activation

Conversation 0 Commits 57 Files changed 74 +2319 -147

lbailly commented 2024-09-27 10:22:32 +02:00

Owner

Copy link

No description provided.

lbailly added 55 commits 2024-09-27 10:22:32 +02:00

feat(ci): build VM QEMU MIPS 65de896019

tftp: introduce the FIT enclosing boot.scr ... 2d6414ea41

This simplify TFTP.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

tftp: introduce an alternative command line for TFTP ... 86e81efbd6

Normal command line and TFTP command line can be sometimes very
different.

e.g. We don't want to load UBI filesystems for a TFTP boot as it may
interfere with our root device loading.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

chore(zyxel/nwa50ax): write flash erase block size as kb size ... 8f5ea94765

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

fix(zyxel/nwa50ax): make altroot useful ... ea740bbfaf

Let's use `ubi1` if it exist, as it should be the second device
containing a rootfs.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

fix(zyxel/nwa50ax): ensure the DTB is in the FIT ... 85bfe94429

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

fix(zyxel/nwa50ax): ubi cannot run on phram ... c1e61d6af5

Discovered the hard way.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

fix(preinit): scan multiple times the cmdline and rename altroot in rootalt ... 17355c3911

The way the parsing works is examining one character at a time.

First, if we had `rootfstype=... root=...`, the parsing would jump and
ignore `root=...`, which sucks.

To fix this, we scan multiple times a copy of the cmdline.

Now, we have a new problem: `root=... altroot=...` lead to opts.device
being equal to the altroot as we are looking one char at a time, so we
will arrive at a moment looking at `root=...` for `altroot=...`.

To avoid this, we rename `altroot` in `rootalt`, cheap, I know.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

feat(hostapd): make the package configurable to enable RADIUS ... 3d528a71e9

The default hostapd disable too many things, we need a bit more for
RADIUS.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

feat(mtd-utils): save more space ... eaa8c089a8

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

feat(pki): init TLS PKI module ... f34a63d1c8

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

feat(jitterentropy): introduce a jitterentropy module ... 664624a478

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

dhcpc handle case when env vars are missing ... 36f3015acd

the notify-script should continue and signal readiness even if one or
more of the outputs it writes are mssing in the environment

fix(bridge/members): log attach/detach ... 1d0fc24111

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

fix(ifwait): return :present if newlink is up/yes ... ca9642a61e

Urgh…

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

fix(ifwait): match over strings and not symbols ... f0b4e826cb

Are they the same in Fennel?

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

fix(bridge): pick up MAC from another interface ... 21ff11503e

This avoids the OPERSTATE unknown when the bridge is brought up but the
members are not ready yet.

This will make OPERSTATE to down, enabling us to wait until we have
brought up completely all the members.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

fix(bridge): reorder initialization for bridge dependents ... 1bd9af1e9d

Consider the scenario where you run DHCPv4 on the primary bridge
interface.

You have no real interface to "wait upon", so it's OK. Nonetheless,
anything depending on successful completion of DHCPv4, e.g. adding a
default route, will block `s6-rc -v2 up change default`.

The way new interfaces are attached to the bridge is via `s6-rc -b -u
change $attach-oneshot-service`, this introduce in turn a deadlock.

At some point, DHCPv4 will timeout, unblocking the deadlock and
attaching the members to the primary bridge interface, making it ready
to send L2 broadcast packets for DHCP, unblocking DHCP in turn again.

This is not satisfying because we really want to have a no-hiccups
bring-up.

To fix this, we proceed to multiple changes:

- we remove `svc.ifwait.build` out of band `s6-rc -b -u $oneshot-attach`
  call, which is, by design, wrong here.
- users can now depend on the members service to know when a bridge is
  fully operational (we could make it more granular and let them depend
  on the LAN member joining rather than WLAN, etc.)
- users can also depend on the primary service being brought up rather
  than just being present, this is useful if you need to bring it up
  when it has AT LEAST one member to get link local address or MAC
  addresses (fixing DHCPv6 bring up as well because `ff02::1` is used
  there).

One thing is not addressed yet, if you are running a WLAN service using
RADIUS attached to the bridge, at bring up time, it will try to reach
out the external RADIUS server and *fail*.

To solve this, granular dependency on the DHCPv4 once LAN is joined.
Then the hostapd can wait on defaultroute4 completion so that
connectivity is available to reach RADIUS server.

It can join the bridge later on without any hiccup as well.

This is left as a TODO as hostapd can survive RADIUS authentication
failure and retry later.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

libubox: init at unstable-04-09-2024 ... eb083bee20

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

ubus: init at unstable-04-09-2024 ... 4287a05182

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

modules/ubus: init ... c24c659ee1

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

libubox: build with Lua ... 6d4237ff87

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

ubus: build with Lua ... 78d0088b65

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

fix(bridge): members are now granular services ... ebcdbf76bc

They are still part of the bundle, but we can wait on each of them
independently now.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

feat(services): introduce structured bundles ... 0fb671023c

Structured bundles keep their original contents as a `passthru` field
named `components`.

This enable users to depend on a specific piece of the bundle instead of
the whole bundle.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

feat(hostapd): ubus support ... 032e57b34c

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

feat(hostapd): disable openssl to save space ... 71813a1f8f

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

fix(ubus): set the socket path properly ... ffc6492365

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

feat(hostapd): enable ubus on RADIUS variant ... 5444059b63

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

fix(ubus): rendez vous URL for the unix socket ... 1a770910a6

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

Merge pull request 'feat(hostapd): ubus support' (#16) from hostapd-ubus into main ... ce17fea337

Reviewed-on: DGNum/liminix#16

overlay: update hostapd with readiness support ... 0d36000d9f

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

iwinfo: init at unstable-07-09-2024 ... 4cf10c2e75

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

iwinfo: use Lua 5.3 port ... b57df3f288

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

fennerepl: remove readline ... 26d2812aa4

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

fennelrepl: add iwinfo to it ... 0c363be423

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

fix(write-fennel): escape binary path for PATH ... c39bfc2bb5

otherwise, escapeShellArg might just do nothing!

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

feat(ifwait): add ifbridgeable script ... 5590fea16e

This enable to wait for bridgeability of a WLAN interface via
`iwinfo`.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

feat(modules/hostapd): offer readiness oneshot ... 13069415fd

WLAN oper wait until the WLAN interface is ready.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

fix(evalConfig): fix pkgs relation with nixpkgs ... 94a5b19c77

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

fix(overlay): adopt upstream fix for Lua readline ... 0ee2ce4183

9f58e7b926
("maybe fix nixpkgs-unstable lua")

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

Merge branch 'bridgeability' into 'main' bc1f54e701

feat(recovery): implement failsafe boot ... 95850a44c2

for TFTP or anything, really.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

feat(initramfs): enable zstd compression ... c942b2be09

Busybox is still 3MB.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

feat(modules/nixpkgs): introduce source parameter ... 73ea02b982

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

feat(recovery): strengthen debugging capabilities of preinit ... 9fcfae3eae

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

feat(recovery): bump to 20MB the TFTP phram size ... 3ed1564235

Otherwise, this will fail to boot on a modern closure.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

fix(tftpboot): revert squashfs use and go back to JFFS2 ... b468275f53

squashfs doesn't copy all the files we need.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

chore(min-copy-closure): improve liminix-rebuild for maintenance ... 6970d811e8

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

fix(modules/hostname): hash the hostname to avoid duplicate services in the db ... 8ac3e32b8b

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

feat(libubox): support for Lua 5.3 ... 54db2ad006

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

feat(ubus): support for Lua 5.3 ... 036f91d2f0

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

feat: repair CI and cleanup cross-compilation mechanism ... 013e4c396c

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

feat(ci): use ci.nix 9fdae776de

feat(ci-wlan): use wpa_supplicant e44b081d49

lbailly force-pushed seedrng from 40c1b7f419 to 5b0df5aee2 2024-09-30 13:19:15 +02:00 Compare

All checks were successful

Hide all checks

build liminix / build_zyxel-nwa50ax_mips (pull_request) Successful in 18s

Details

build liminix / test_hostapd (pull_request) Successful in 20s

Details

build liminix / build_vm_qemu_mips (pull_request) Successful in 21s

Details

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin seedrng:seedrng

git checkout seedrng

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git checkout main

git merge --no-ff seedrng

git checkout seedrng

git rebase main

git checkout main

git merge --ff-only seedrng

git checkout seedrng

git rebase main

git checkout main

git merge --no-ff seedrng

git checkout main

git merge --squash seedrng

git checkout main

git merge --ff-only seedrng

git checkout main

git merge seedrng

git push origin main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: lbailly/liminix#3

No description provided.