Skip to content
Snippets Groups Projects
Normal view History Permalink
0001-base-files-do-not-automatically-activate-services-an.patch 2.33 KiB
Newer Older
Karel Koci's avatar
openwrt patch: Automatically activate service atsha204-feed-entropy  
Karel Koci committed
1 
From 1316e0b23d4f753cda97b34586566e1f07c42097 Mon Sep 17 00:00:00 2001
Karel Koci's avatar
Activate only selected services instead all of them
Karel Koci committed
2 3 4 5 6 
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <karel.koci@nic.cz>
Date: Tue, 29 May 2018 16:13:18 +0200
Subject: [PATCH] base-files: do not automatically activate services and
 restart activated
Karel Koci's avatar
openwrt patch: Automatically activate service atsha204-feed-entropy  
Karel Koci committed
7 8 
For security reasons only selected services are automatically activated.
Those are listed in /etc/services_wanted.
Karel Koci's avatar
Activate only selected services instead all of them
Karel Koci committed
9 10 
We also restart services when updated instead of just starting them.
---
Karel Koci's avatar
openwrt patch: Automatically activate service atsha204-feed-entropy  
Karel Koci committed
11 12 13 
 package/base-files/files/etc/services_wanted | 51 ++++++++++++++++++++
 package/base-files/files/lib/functions.sh    | 16 +++---
 2 files changed, 61 insertions(+), 6 deletions(-)
Karel Koci's avatar
Activate only selected services instead all of them
Karel Koci committed
14 15 16 17 
 create mode 100644 package/base-files/files/etc/services_wanted

diff --git a/package/base-files/files/etc/services_wanted b/package/base-files/files/etc/services_wanted
new file mode 100644
Karel Koci's avatar
openwrt patch: Automatically activate service atsha204-feed-entropy  
Karel Koci committed
18 
index 0000000..981f67a
Karel Koci's avatar
Activate only selected services instead all of them
Karel Koci committed
19 20 
--- /dev/null
+++ b/package/base-files/files/etc/services_wanted
Michal Hrusecky's avatar
Enable haveged and drop dropbear  
Michal Hrusecky committed
21 
@@ -0,0 +1,53 @@
Karel Koci's avatar
Activate only selected services instead all of them
Karel Koci committed
22 23 
+asm1062-fix
+atd
Karel Koci's avatar
openwrt patch: Automatically activate service atsha204-feed-entropy  
Karel Koci committed
24 
+atsha204-feed-entropy
Karel Koci's avatar
Activate only selected services instead all of them
Karel Koci committed
25 26 27 28 29 30 31 32 33 34 35 36 
+boot
+btrfs-scan
+cron
+cups
+dnsmasq
+done
+firewall
+foris-controller
+foris-ws
+fstab
+gpio_switch
+hd-idle
Michal Hrusecky's avatar
Enable haveged and drop dropbear  
Michal Hrusecky committed
37 
+haveged
Karel Koci's avatar
Activate only selected services instead all of them
Karel Koci committed
38 39 40 41 42 43 44 
+led
+libatsha204
+lighttpd
+lm-sensors
+lvm2
+lxc-auto
+mountd
Michal Hrusecky's avatar
Autoenable mox_autosetup service  
Michal Hrusecky committed
45 
+mox_autosetup
Karel Koci's avatar
Activate only selected services instead all of them
Karel Koci committed
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 
+nethist
+network
+odhcpd
+rainbow
+relayd
+resolver
+rpcd
+setup_led
+sfpswitch
+smartd
+socat
+sqm
+sshd
+start-indicator
+sysctl
+sysfixtime
+sysfsutils
+syslog-ng
+sysntpd
+system
+ucitrack
Michal Hrusecky's avatar
umdns: Add to autoenabled services  
Michal Hrusecky committed
67 
+umdns
Karel Koci's avatar
Activate only selected services instead all of them
Karel Koci committed
68 69 70 71 72 73 
+umount
+update_mac
+updater
+urandom_seed
+usbmode
+watchdog_adjust
Michal Hrusecky's avatar
Enable zram-swap on MOX  
Michal Hrusecky committed
74 
+zram
Karel Koci's avatar
Activate only selected services instead all of them
Karel Koci committed
75 
diff --git a/package/base-files/files/lib/functions.sh b/package/base-files/files/lib/functions.sh
Karel Koci's avatar
openwrt patch: Automatically activate service atsha204-feed-entropy  
Karel Koci committed
76 
index 23598f9..33cd8fd 100755
Karel Koci's avatar
Activate only selected services instead all of them
Karel Koci committed
77 78 
--- a/package/base-files/files/lib/functions.sh
+++ b/package/base-files/files/lib/functions.sh
Karel Koci's avatar
openwrt patch: Automatically activate service atsha204-feed-entropy  
Karel Koci committed
79 
@@ -239,13 +239,17 @@ default_postinst() {
Karel Koci's avatar
Activate only selected services instead all of them
Karel Koci committed
80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 
 
 	local shell="$(which bash)"
 	for i in $(grep -s "^/etc/init.d/" "$root/usr/lib/opkg/info/${pkgname}.list"); do
-		if [ -n "$root" ]; then
-			${shell:-/bin/sh} "$root/etc/rc.common" "$root$i" enable
-		else
-			if [ "$PKG_UPGRADE" != "1" ]; then
-				"$i" enable
+		if grep -q "^$(basename "$i")$" "$root/etc/services_wanted"; then
+			if [ -n "$root" ]; then
+				${shell:-/bin/sh} "$root/etc/rc.common" "$root$i" enable
+			else
+				if [ "$PKG_UPGRADE" != "1" ]; then
+					"$i" enable
+				fi
 			fi
-			"$i" start
+		fi
Michal Hrusecky's avatar
Do not restart stuff from base-files  
Michal Hrusecky committed
98 
+		if [ -z "$root" -a "$pkgname" \!= "updater" -a "$pkgname" \!= "base-files" ] && "$i" enabled; then
Karel Koci's avatar
Activate only selected services instead all of them
Karel Koci committed
99 100 101 102 103 
+			"$i" restart
 		fi
 	done
 
--
Karel Koci's avatar
openwrt patch: Automatically activate service atsha204-feed-entropy  
Karel Koci committed
104 
2.19.1
Karel Koci's avatar
Activate only selected services instead all of them
Karel Koci committed
105