As recently discussed on lwn.net: https://lwn.net/Articles/695478/
The kernel has special behaviour for uid/gid 65534:
1. The kernel maps UIDs > 65535 to it when some subsystem/API/fs
only supports 16bit UIDs, but a 32bit UID is passed to it.
2. it's used by the kernel's user namespacing as the internal UID
that external UIDs are mapped to that don't have any local mapping.
3. It's used by NFS for all user IDs that cannot be mapped locally if
UID mapping is enabled.
Most distributions already map (or are in the progress of changing)
nobody/nogroup to the 65534 uid/gid, so lets do so as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We now have a real file in that directory, so we do not need a .empty
placeholder.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently, our /etc/mtab points to /proc/mounts. This was all neat so
far, and was good for a sysv-like init system.
However, the way today is to point it at /proc/self/mounts, the
per-process mount tab.
Additionnally, that's what systemd expects. If /etc/mtab is not a
symlink to ../proc/self/mounts and the rootfs is readonly, systemd would
whine loudly (and a service unit would be marked failed).
Since it works well for sysv-like init systems too, just use that.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It was the only one with a trailing slash, it's only for coherence's
sake.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
/etc/profile only sources files that matches the /etc/profile.d/*.sh
pattern, so /etc/profile.d/umask was never sourced.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The ldconfig handling in the main Makefile is utterly broken, as it
calls the build machine ldconfig to generate the ld.so.cache of the
target. Unfortunately, the format of the ld.so.cache is architecture
specific, and therefore the build machine ldconfig cannot be used
as-is.
This patch therefore simply drops using ldconfig entirely, and removes
/etc/ld.so.conf.d/ from the target skeleton. The idea is that all
libraries that should be loaded by the dynamic linker must be
installed in paths where the dynamic linker searches them by default
(typically /lib or /usr/lib).
This might potentially break a few packages, but the only way to know
is to actually stop handling ldconfig.
In order to be notified of such cases, we add a check in
target-finalize to verify that there is no /etc/ld.so.conf file as
well as no /etc/ld.so.conf.d directory.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
/etc/inputrc is configuration file for readline. However, until now, it
was provided by skeleton. This patch install /etc/inputrc from readline
recipe.
Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
/etc/issue is managed with BR2_TARGET_GENERIC_ISSUE. In case
BR2_TARGET_GENERIC_ISSUE is set (which is default), /etc/issue
is overwritten. In case BR2_TARGET_GENERIC_ISSUE is not set,
we don't want /etc/issue exist.
Finaly, remove /etc/issue from skeleton.
Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
Reviewed-by: "Maxime Hadjinlian" <maxime.hadjinlian@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch has same purpose than 49964858f4:
On some machines, the network interface is slow to appear. For example,
on the Raspberry Pi, the network interface eth0 is an ethernet-over-USB,
and our standard boot process is too fast, so our network startup script
is called before the USB bus is compeltely enumerated, thus it can't
configure eth0.
Closes#8116.
However, wait-delay hook is enabled only if wait-delay property appears
in /etc/network/interfaces. This patch enable it automaticaly when
interface is configured through DHCP at bootup. But, if user choose
to write /etc/network/interface himself, he have to explicitly
set wait-delay.
Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
gid 37 was referenced in /etc/passwd but not in /etc/group
Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit 3dde19e5f3, the ftp user was
removed from /etc/passwd, /etc/group and /home in the skeleton, but
the corresponding entry was not removed from /etc/shadow. This commit
fixes that.
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
systemd is increasingly expecting things to live in /usr/bin, /usr/sbin
or /usr/lib nad not in /bin, /sbin or /lib. It has inherited those
expectations from a Fedora change:
https://fedoraproject.org/wiki/Features/UsrMove
Note however, that systemd does support /usr being on a separate
filesystem; it just expects an initramfs to mount it before the final
switchroot over to the actual rootfs.
But the traditional use-case for Buildroot is not to boot with an
initramfs; although that is totally feasible, that's probably not what
is commonly done in the vast majority of cases.
However, a lot of packages still install stuff directly into /bin,
/sbin or /lib, which systemd may need early-on in the boot process,
even before it may have a chance to mount /usr. Even though we can
tell systemd, at configure-time, where it should expect programs to
be at runtime, it does not make sense to go head-first against an
upstream wa^Hill.
Add an option so that /bin, /sbin and /lib be symlinks to /usr/bin
and /usr/sbin. That option is forcibly enabled when the init system
is systemd.
Note: we need not handle /lib32 or /lib64, as they already are symlinks
to /lib, which means they will automatically be redirected to /usr/lib,
as /usr/lib32 and /usr/lib64 already are.
Furthermore, this means we're no longer supporting a split-usr setup, so
the corresponding configure options have been removed as well for
systemd and, when using a merged /usr, for eudev as well.
In Buildroot, we decided (with this patch) not to support a split-usr
when systemd is used as an init system. This is a design decision, not
a systemd issue. Thus the select is with BR2_INIT_SYSTEMD rather than
with BR2_PACKAGE_SYSTEMD.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Mike Williams <mike@mikebwilliams.com>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Tested-by: Mike Williams <mike@mikebwilliams.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fix indent and put PATH on a single line.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
There's a lot of code in /etc/profile, which doesn't really belong in a
minimal default skeleton.
Also, add an 'unset i' to avoid clutter.
If the user has a specific needs, it needs to be added in
/etc/profile.d/ by a post-build script.
Signed-off-by Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
/dev/shm is needed for systems using shared memory. On init-based systems
this directory is usually created in the inittab along with /dev/pts, by
the lines:
package/busybox/inittab:
::sysinit:/bin/mkdir -p /dev/pts
::sysinit:/bin/mkdir -p /dev/shm
package/sysvinit/inittab:
si2::sysinit:/bin/mkdir -p /dev/pts
si3::sysinit:/bin/mkdir -p /dev/shm
However this is broken when static /dev management is selected and the root
filesystem is read-only, showing during boot the error:
mkdir: can't create directory '/dev/shm': Read-only file system
Fix it by creating the empty /dev/shm directory, just like /dev/pts.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The folder init.d is currently installed by default since it's part of
our skeleton.
This patch creates a package out of it and make busybox/sysvinit depends
on it.
This way, if you chose another init, you don't end up with a useless
init.d folder.
[Thomas:
- make the initscripts package selectable via a hidden bool
- remove some unneeded changes in sysvinit.mk.]
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add /etc/profile.d/locale.sh script from Arch Linux to /etc/profile.
This script looks for locale.conf, sources it, and exports the LANG and
LC_* variables.
[Arnout: put in /etc/profile in the skeleton rather than making it
systemd specific.]
Signed-off-by: Maxim Mikityanskiy <maxtram95@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
securetty is supposed to restrict the terminals root is allowed to
login from. As it happens, login from busybox (w/ securetty support)
is actually enforcing use of securetty, while login from util-linux
is completely ignoring securetty altogether.
Remove securetty from our skeleton altogether and stop worrying about
it.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
A random-seed from a read-only filesystem is useless.
Also, drop the check for /etc/random-seed existence; it must exist after a
touch.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Seeding the entropy pool with a known seed makes more harm than good. This is
especially bad for when /etc is not on a persistent writable storage, so the
entropy pool is seeded with the same value on every boot. Just drop it.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When using busybox compiled from current git, login emits the following
message:
login: /etc/group: bad record
Fix it by adding the missing colon to /etc/group in system/skeleton.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Making /var/run and /run symlinks to /tmp is bad since the underlying
tmpfs filesystem is mode 1777 which leads to possible security attack
vectors via badly owned/mask-mode pidfiles and state files residing there.
So make /run a proper directory with /var/run symlinked to it.
Eventually all startup scripts and state info should be pointed to /run
directly as per the linux fhs and good practice.
Add a tmpfs filesystem entry for /run so that busybox inittab, systemv
inittab and systemd automount mounts it there to avoid breaking the
system.
While at it fix inconsistent spacing in /etc/fstab by using tabs and
drop the "static file system information" header whatever that means.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch allows the setup of simple a single interface to be
automatically brought up and configured via DHCP on system startup.
The interface name can be set via a configuration option. This patch
does not support systemd-networkd, any complex network configuration should
be done via overlay of /etc/network/interfaces or the relevant networkd
configuration file
[Peter: rename to BR2_SYSTEM_DHCP, tweak help text & implementation]
Signed-off-by: Jérémy Rosen <jeremy.rosen@openwide.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Make the S40network script create the /run/network directory for the
debian variant of ifupdown which uses it as a lock directory.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: Karoly Kasza <kaszak@gmail.com>
Reviewed-by: Karoly Kasza <kaszak@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Drop null id since that means "don't show anything" for busybox init,
hence the shutdown sequence (/etc/init.d/rcK) doesn't show anything
giving the false impression that it's not being run.
If someone wants a really silent console they'll need to adjust much more than
this anyway.
Also swap the root read-only remount with swapoff since the swap can be
a regular (loop) file in the root filesystem and make the operation fail
resulting in a dirty filesystem.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
They're obsolete and the package was removed way back in 2010.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It has no counterpart in passwd so it's basically a NOP.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It has no counterpart in passwd so it's basically a NOP.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It has no counterpart in passwd so it's basically a NOP.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Non-login users shouldn't have a valid shell so drop it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
AFAIK no package uses it and even if it did it would belong there.
And it's not a standard user either.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
AFAIK no package uses it and even if it did it would belong there.
And it's not a standard user either.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The sshd privilege drop user doesn't belong in the skeleton, it's
exclusively used by OpenSSH.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It belongs to the package.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We dropped the hal package quite some time ago, and it's not even a
properly created user.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
They all depend on having a custom busybox config and/or fully featured
utilities which depend on BR2_PACKAGE_BUSYBOX_SHOW_OTHERS.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Even if the main shell is bash /etc/profile is also parsed so it's
redundant.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
That directory has been unused for ages so remove it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't blindly install the /etc/nsswitch.conf file, it's useless for
toolchains that aren't (e)glibc-based and misleading.
Make the installation conditional on a (e)glibc toolchain.
[Thomas: use $(INSTALL) instead of cp.]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Update inittabs (skeleton/busybox & sysvinit) to remove the trailing
REMOUNT_ROOTFS_RW comment used as magic string in system/system.mk to
enable/disable remounting the root filesystem rw or not since it affects
sysvinit in doing so properly as reported in bug #7442.
Instead update the sed expressions to match clean non-commented strings
by searching for "-o remount,rw /" and checking that's the end of the
line as well to avoid affecting possibly other remounts that a user can
have in a custom inittab.
Long-term the startup block of inittab should just move to a S00sysinit
script or similar so that rcS can pick it up directly.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We define the two groups 'nobody' and 'nogroup' in our skeleton, but
they have the same gid, which is not valid.
This breaks the mkuser script, as noticed by Thomas.
Anyway, the user 'nobody' belongs to the group 'nogroup' in any sane
distribution.
So, just remove the spurious 'nobody' group.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
User "default" with no password has been around for long time, but not
used within buildroot. Since we now have BR2_ROOTFS_USERS_TABLES it is
no longer needed.
Signed-off-by: Stephan Hoffmann <sho@relinux.de>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ramfs (which is used instead of tmpfs if CONFIG_SHMEM isn't enabled in the
kernel configuration), defaults to mode 0755 instead of 01777 like tmpfs
uses.
/tmp should be world writable and sticky, so explictly enforce the mode so
ramfs users gets it correct instead of relying on the defaults.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add /dev/hvc* devices, and add them to securetty. These
are required for ppc64 virtual consoles.
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This update adds IP protocols created in the last 20 years.
Signed-off-by: Peter Sanford <psanford@nearbuysystems.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>