base-files: Allow to disable failsafe mode
authorJohn Crispin <blogic@openwrt.org>
Tue, 19 Apr 2016 08:07:35 +0000 (10:07 +0200)
committerJohn Crispin <blogic@openwrt.org>
Tue, 19 Apr 2016 08:07:35 +0000 (10:07 +0200)
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
package/base-files/Makefile
package/base-files/files/lib/preinit/10_indicate_failsafe
package/base-files/files/lib/preinit/30_failsafe_wait
package/base-files/files/lib/preinit/40_run_failsafe_hook
package/base-files/image-config.in

index 2bc4d15..2286e17 100644 (file)
@@ -18,7 +18,7 @@ PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/
 PKG_BUILD_DEPENDS:=usign/host
 PKG_LICENSE:=GPL-2.0
 
-PKG_CONFIG_DEPENDS := CONFIG_SIGNED_PACKAGES CONFIG_TARGET_INIT_PATH
+PKG_CONFIG_DEPENDS := CONFIG_SIGNED_PACKAGES CONFIG_TARGET_INIT_PATH CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -82,6 +82,7 @@ define ImageConfigOptions
        echo 'pi_broadcast=$(if $(CONFIG_TARGET_PREINIT_BROADCAST),$(CONFIG_TARGET_PREINIT_BROADCAST),"192.168.1.255")' >>$(1)/lib/preinit/00_preinit.conf
        echo 'pi_preinit_net_messages="$(CONFIG_TARGET_PREINIT_SHOW_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
        echo 'pi_preinit_no_failsafe_netmsg="$(CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
+       echo 'pi_preinit_no_failsafe="$(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE)"' >>$(1)/lib/preinit/00_preinit.conf
 endef
 endif
 
index 6afae41..27b94c1 100644 (file)
@@ -9,6 +9,7 @@ indicate_failsafe_led () {
 }
 
 indicate_failsafe() {
+       [ "$pi_preinit_no_failsafe" = "y" ] && return
        echo "- failsafe -"
        preinit_net_echo "Entering Failsafe!\n"
        indicate_failsafe_led
index 3d69baf..9a34f2d 100644 (file)
@@ -39,7 +39,7 @@ fs_wait_for_key () {
                rm -f $keypress_wait
        } &
 
-       echo "Press the [$1] key and hit [enter] $2"
+       [ "$pi_preinit_no_failsafe" != "y" ] && echo "Press the [$1] key and hit [enter] $2"
        echo "Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level"
        # if we're on the console we wait for input
        {
@@ -82,6 +82,10 @@ fs_wait_for_key () {
 
 failsafe_wait() {
        FAILSAFE=
+       [ "$pi_preinit_no_failsafe" == "y" ] && {
+               fs_wait_for_key "" "" $fs_failsafe_wait_timeout
+               return
+       }
        grep -q 'failsafe=' /proc/cmdline && FAILSAFE=true && export FAILSAFE
        if [ "$FAILSAFE" != "true" ]; then
                pi_failsafe_net_message=true
index cb43ad3..7301f77 100644 (file)
@@ -3,6 +3,7 @@
 # Copyright (C) 2010 Vertical Communications
 
 run_failsafe_hook() {
+    [ "$pi_preinit_no_failsafe" = "y" ] && return
     if [ "$FAILSAFE" = "true" ]; then
        boot_run_hook failsafe
        lock -w /tmp/.failsafe
index c68f0b4..ef1d767 100644 (file)
@@ -24,13 +24,24 @@ config TARGET_PREINIT_SUPPRESS_STDERR
                the ash shell launched by inittab will display stderr).  That's
                the same behaviour as seen in previous version of OpenWrt.
 
+config TARGET_PREINIT_DISABLE_FAILSAFE
+       bool
+       prompt "Disable failsafe" if PREINITOPT
+       default n
+       help
+               Disable failsafe mode.  While it is very handy while
+               experimenting or developing it really ought to be
+               disabled in production environments as it is a major
+               security loophole.
+
 config TARGET_PREINIT_TIMEOUT
        int
-       prompt "Failsafe wait timeout" if PREINITOPT
+       prompt "Failsafe/Debug wait timeout" if PREINITOPT
        default 2
        help
-               How long to wait for failsafe mode to be entered before
-               continuing with a regular boot if failsafe not selected.
+               How long to wait for failsafe mode to be entered or for
+               a debug option to be pressed before continuing with a
+               regular boot.
 
 config TARGET_PREINIT_SHOW_NETMSG
        bool
@@ -45,7 +56,7 @@ config TARGET_PREINIT_SHOW_NETMSG
 
 config TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG
        bool
-       prompt "Suppress network message indicating failsafe" if PREINITOPT
+       prompt "Suppress network message indicating failsafe" if ( PREINITOPT && !TARGET_PREINIT_SHOW_NETMSG && !TARGET_PREINIT_DISABLE_FAILSAFE )
        default n
        help
                If "Show all preinit network messages" above is not set, then