Merge "buildroot: Add reset g.hn script for GFLT400"
diff --git a/configs/gfrg200_defconfig b/configs/gfrg200_defconfig
index 391cb1f..e83b4e1 100644
--- a/configs/gfrg200_defconfig
+++ b/configs/gfrg200_defconfig
@@ -104,6 +104,7 @@
BR2_PACKAGE_GOOGLE_PLATFORM_CACHE_WARMING=y
BR2_PACKAGE_GOOGLE_PLATFORM_LOGUPLOAD=y
BR2_PACKAGE_GOOGLE_PLATFORM_SYSMGR=y
+BR2_PACKAGE_GOOGLE_PLATFORM_SYSLOG=y
BR2_PACKAGE_GOOGLE_TEST=y
BR2_PACKAGE_GOOGLE_NETWORK_BOX=y
BR2_PACKAGE_GOOGLE_STORAGE_BOX=y
diff --git a/fs/skeleton/etc/group b/fs/skeleton/etc/group
index c0aea49..1c6bfe4 100755
--- a/fs/skeleton/etc/group
+++ b/fs/skeleton/etc/group
@@ -13,6 +13,7 @@
rpcuser:x:29:
_ntp:x:30:
avahi::40:
+syslog::41:
ftp::50:
lock::54:
nobody::98:
diff --git a/fs/skeleton/etc/init.d/S01sysctl.platform_gfibertv b/fs/skeleton/etc/init.d/S01sysctl.platform_gfibertv
index 75336ca..5cd3608 100755
--- a/fs/skeleton/etc/init.d/S01sysctl.platform_gfibertv
+++ b/fs/skeleton/etc/init.d/S01sysctl.platform_gfibertv
@@ -17,6 +17,9 @@
sysctl net.ipv4.conf.all.promote_secondaries=1
# Panic everytime there is a kernel oops
sysctl -q kernel.panic_on_oops=1
+ # Allow 120 seconds to write a core file out to flash.
+ # /bin/coredump gives up after 100 seconds.
+ sysctl -w kernel.hung_task_timeout_secs=120
;;
stop)
;;
diff --git a/fs/skeleton/etc/init.d/firewall b/fs/skeleton/etc/init.d/firewall
index 6bceaad..77378ba 100755
--- a/fs/skeleton/etc/init.d/firewall
+++ b/fs/skeleton/etc/init.d/firewall
@@ -144,15 +144,6 @@
fi
ip46tables -P FORWARD DROP
- # multicast (fiber TV, EAS)
- ip46tables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
- ip46tables -A FORWARD -m pkttype --pkt-type multicast -j ACCEPT
- iptables -t nat -A PREROUTING -m pkttype --pkt-type multicast -j ACCEPT
-
- # Forwarding
- ip46tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
- ip46tables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-
# captive-portal-filter and captive-portal-input contain rules that should
# always be applied to the br1 (captive portal) interface, regardless of
# what services we're trying to provide with it.
@@ -164,6 +155,8 @@
ip46tables -N acs-captive-portal-filter
ip46tables -N acsrules-filter-forward
ip46tables -N MINIUPNPD
+ ip46tables -N wan-input
+ ip46tables -N wan-forward
ip46tables -N log
ip46tables -t nat -N captive-portal-guests-nat
@@ -172,12 +165,14 @@
iptables -t nat -N acsrules-nat-postrouting
ip46tables -t nat -N sniproxy-nat
iptables -t nat -N MINIUPNPD
+ ip46tables -t nat -N wan-nat
- ip46tables -A FORWARD -i br0 -j ACCEPT
- ip46tables -A FORWARD -i br1 -j captive-portal-guests
- ip46tables -A FORWARD -i br1 -j captive-portal-filter
+ ip46tables -A INPUT -i wan0+ -j wan-input
+ ip46tables -A FORWARD -i wan0+ -j wan-forward
+ ip46tables -A FORWARD -i br0 -o wan0+ -j ACCEPT
+ ip46tables -A FORWARD -i br1 -o wan0+ -j captive-portal-guests
+ ip46tables -A FORWARD -i br1 -o wan0+ -j captive-portal-filter
- # I wanted to use '!wan0' here but, it doesn't work as documented.
for ifc in lo br0; do
ip46tables -A INPUT -i "$ifc" -j ACCEPT
done
@@ -186,8 +181,19 @@
ip46tables -A INPUT -i br1 -j acs-captive-portal-input
ip46tables -A INPUT -i br1 -j sniproxy-input
+ ip46tables -t nat -A PREROUTING -i wan0+ -j wan-nat
+
+ # multicast (fiber TV, EAS)
+ ip46tables -A wan-input -m pkttype --pkt-type multicast -j ACCEPT
+ ip46tables -A wan-forward -m pkttype --pkt-type multicast -j ACCEPT
+ ip46tables -t nat -A wan-nat -m pkttype --pkt-type multicast -j ACCEPT
+
+ # Forwarding
+ ip46tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+ ip46tables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
# igmp group membership control
- ip46tables -A INPUT -p igmp -j ACCEPT
+ ip46tables -A wan-input -p igmp -j ACCEPT
# ping and PMTUD
iptables -A INPUT -p icmp --icmp-type 8/0 -j ACCEPT
@@ -195,14 +201,14 @@
iptables -A INPUT -p icmp --icmp-type 11/0 -j ACCEPT
ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT
# RFC4890 says RFC4380 requires forwarding ipv6 ping requests
- ip6tables -A FORWARD -p icmpv6 --icmpv6-type echo-request -j ACCEPT
+ ip6tables -A wan-forward -p icmpv6 --icmpv6-type echo-request -j ACCEPT
# Incoming connections
# TODO(apenwarr): Whitelist ports here too for added safety.
if [ -e /tmp/NFS ]; then
# Workaround because netfilter conntracking loaded *after* the NFS
# session was established.
- ip46tables -A INPUT -p tcp --sport 2049 -j ACCEPT
+ ip46tables -A wan-input -p tcp --sport 2049 -j ACCEPT
fi
# Outgoing connections
@@ -211,40 +217,40 @@
# TODO(apenwarr): Remove this when we have real port forwarding controls.
if [ -e /tmp/DEBUG ]; then
- ip46tables -A INPUT -p tcp --dport 22 -j ACCEPT # ssh
- ip46tables -A FORWARD -p tcp --dport 22 -j ACCEPT # ssh for lan clients
- ip46tables -A INPUT -p tcp --dport 5001 -j ACCEPT # iperf
- ip46tables -A INPUT -p udp --dport 5001 -j ACCEPT # iperf
- ip46tables -A INPUT -p udp --dport 4948 -j ACCEPT # isoping
+ ip46tables -A wan-input -p tcp --dport 22 -j ACCEPT # ssh
+ ip46tables -A wan-forward -p tcp --dport 22 -j ACCEPT # ssh for lan clients
+ ip46tables -A wan-input -p tcp --dport 5001 -j ACCEPT # iperf
+ ip46tables -A wan-input -p udp --dport 5001 -j ACCEPT # iperf
+ ip46tables -A wan-input -p udp --dport 4948 -j ACCEPT # isoping
fi
# Open incoming ports for McDoleCast
if experiment McDoleCast; then
- ip46tables -A INPUT -p tcp --dport 31098 -j ACCEPT # sagesrv
- ip46tables -A INPUT -p tcp --dport 32825 -j ACCEPT # marjoram
+ ip46tables -A wan-input -p tcp --dport 31098 -j ACCEPT # sagesrv
+ ip46tables -A wan-input -p tcp --dport 32825 -j ACCEPT # marjoram
fi
# cwmpd ACS kick
- ip46tables -A INPUT -p tcp --dport 7547 -j ACCEPT # cwmpd
- ip6tables -A FORWARD -p tcp --dport 7547 -j ACCEPT # cwmpd
- iptables -t nat -A PREROUTING -p tcp --dport 7547 -j ACCEPT # cwmpd
+ ip46tables -A wan-input -p tcp --dport 7547 -j ACCEPT # cwmpd
+ ip6tables -A wan-forward -p tcp --dport 7547 -j ACCEPT # cwmpd
+ ip46tables -t nat -A wan-nat -p tcp --dport 7547 -j ACCEPT # cwmpd
if [ -e /tmp/factory_status ]; then
- ip46tables -A INPUT -p tcp --dport 8883 -j ACCEPT # factory web server
+ ip46tables -A wan-input -p tcp --dport 8883 -j ACCEPT # factory web server
fi
# active FTP out
ip46tables -A FORWARD -m conntrack --ctstate RELATED \
-m helper --helper ftp -o wan0+ -p tcp --dport 1024: -j ACCEPT
- ip46tables -A FORWARD -m conntrack --ctstate RELATED \
- -m helper --helper ftp -i wan0+ -p tcp --dport 1024: -j ACCEPT
+ ip46tables -A wan-forward -m conntrack --ctstate RELATED \
+ -m helper --helper ftp -p tcp --dport 1024: -j ACCEPT
# add ACS-configured things
ip46tables -A FORWARD -i br1 -j acs-captive-portal-filter
- ip46tables -A FORWARD -j acsrules-filter-forward
+ ip46tables -A FORWARD -i wan0+ -j acsrules-filter-forward
ip46tables -t nat -A PREROUTING -i br1 -j captive-portal-guests-nat
ip46tables -t nat -A PREROUTING -i br1 -j acs-captive-portal-nat
- iptables -t nat -A PREROUTING -j acsrules-nat-prerouting
- iptables -t nat -A POSTROUTING -j acsrules-nat-postrouting
+ iptables -t nat -A PREROUTING -i wan0+ -j acsrules-nat-prerouting
+ iptables -t nat -A POSTROUTING -o wan0+ -j acsrules-nat-postrouting
# these are managed by sniproxy, if running
ip46tables -t nat -A PREROUTING -j sniproxy-nat -i br1
@@ -254,7 +260,7 @@
iptables -t nat -A PREROUTING -i wan0+ -j MINIUPNPD
# nat
- iptables -t nat -A POSTROUTING -o wan0+ -j MASQUERADE
+ ip46tables -t nat -A POSTROUTING -o wan0+ -j MASQUERADE
# ipv6 addressing
ip6tables -A INPUT -p icmpv6 --icmpv6-type router-advertisement -j ACCEPT
diff --git a/fs/skeleton/etc/init.d/network b/fs/skeleton/etc/init.d/network
index 2b15d8e..4edcc21 100755
--- a/fs/skeleton/etc/init.d/network
+++ b/fs/skeleton/etc/init.d/network
@@ -152,10 +152,10 @@
# On GFRG250, the Quantenna PCIe module has not initialized by the time the
# kernel enumerates PCIe devices. For development, also include GFRG200 and
# GFRG210.
- if contains "GFRG200 GFRG210 GFRG250" "$(cat /etc/platform)"; then
+ if contains ",GFRG200,GFRG210,GFRG250," ",$(cat /etc/platform),"; then
echo 1 > /sys/bus/pci/rescan
fi
- if contains "GFHD254" "$(cat /etc/platform)" && ! startswith "$(uname -r)" "3"; then
+ if contains ",GFHD254," ",$(cat /etc/platform)," && ! startswith "$(uname -r)" "3"; then
echo 1 > /sys/bus/pci/devices/0000:01:00.0/remove
sleep 1
echo 1 > /sys/bus/pci/rescan
diff --git a/fs/skeleton/etc/passwd b/fs/skeleton/etc/passwd
index f592857..37b277e 100755
--- a/fs/skeleton/etc/passwd
+++ b/fs/skeleton/etc/passwd
@@ -6,9 +6,11 @@
rpcuser:x:29:29:RPC Service User:/var/tmp:/dev/null
_ntp:x:30:30:OpenNTP Daemon:/var/empty/ntp:/dev/null
avahi:x:40:40:Avahi mDNS:/:/dev/null
+syslog:*:41:41:syslogd:/var/tmp:/dev/null
nobody:*:99:99:Nobody:/:/dev/null
dbus:x:102:105::/var/run/dbus:/dev/null
video:x:200:200:Video User:/var/media:/dev/null
appclient:x:201:201:Application User:/:/dev/null
prism:$1$fufhpwhn$eAwIc7tGVHqELSV1MnPP91:300:300:Prism User:/var/prism:/usr/bin/clish
nfsnobody:x:65534:65534:Anonymous NFS User:/var/tmp:/dev/null
+
diff --git a/fs/skeleton/usr/bin/set_laser_channel.platform_gfiberlt b/fs/skeleton/usr/bin/set_laser_channel.platform_gfiberlt
index e822152..439709e 100755
--- a/fs/skeleton/usr/bin/set_laser_channel.platform_gfiberlt
+++ b/fs/skeleton/usr/bin/set_laser_channel.platform_gfiberlt
@@ -40,7 +40,7 @@
fi
# Program the laser channel.
-result=$(i2cset -y 0 0x51 0x91 $1)
+result=$(i2cset -y 0 0x51 0x90 $1 i)
if [ "$?" -ne "0" ]; then
echo "Failed to set laser channel! i2cset error: $result"
exit 1
diff --git a/linux/linux.mk b/linux/linux.mk
index 1320e9a..88b83f2 100644
--- a/linux/linux.mk
+++ b/linux/linux.mk
@@ -45,10 +45,6 @@
INSTALL_MOD_PATH=$(TARGET_DIR) \
CROSS_COMPILE="$(CCACHE) $(TARGET_CROSS)" \
DEPMOD=$(HOST_DIR)/usr/sbin/depmod
- initramfs=true
-# (initramfs=true replaces the $(initramfs) build command with 'true',
-# effectively making the kernel build scripts never replace the initramfs
-# with a different one; making the initramfs is our job in buildroot.)
# Get the real Linux version, which tells us where kernel modules are
# going to be installed in the target filesystem.
diff --git a/package/google/google_miniclient/S11mpserver b/package/google/google_miniclient/S11mpserver
index 0b304e1..9c9f9f3 100755
--- a/package/google/google_miniclient/S11mpserver
+++ b/package/google/google_miniclient/S11mpserver
@@ -10,6 +10,7 @@
# mcnmp_server playback code needs widevine and pullreader .so
export LD_LIBRARY_PATH=/app/client
export SAGEBIN_PATH=/usr/lib/sage_firmware
+ export DRM_BIN_FILE=/user/widevine/drm.bin
rm -f /tmp/nexus_multiprocess
babysit 10 mcnmp_server 2>&1 | logos mcnmp_server 0 20000000 &
wait-until-created /tmp/nexus_multiprocess
diff --git a/package/google/google_miniclient/runminiclient b/package/google/google_miniclient/runminiclient
index a5e65bc..4dde33f 100755
--- a/package/google/google_miniclient/runminiclient
+++ b/package/google/google_miniclient/runminiclient
@@ -33,6 +33,7 @@
}
export LD_LIBRARY_PATH=/app/client:/usr/local/lib:$LD_LIBRARY_PATH
+export DRM_BIN_FILE=/user/widevine/drm.bin
export SERIALNUMBER=$(cat /etc/serial)
ulimit -c 49152
diff --git a/package/google/google_platform/Config.in b/package/google/google_platform/Config.in
index 8a462d0..8d0ca58 100644
--- a/package/google/google_platform/Config.in
+++ b/package/google/google_platform/Config.in
@@ -101,6 +101,12 @@
help
Include the ledpattern tool.
+config BR2_PACKAGE_GOOGLE_PLATFORM_SYSLOG
+ bool "include syslogd"
+ default n
+ help
+ Simple syslog daemon with strong filtering support.
+
config BR2_PACKAGE_GOOGLE_OPENBOX
bool "Openbox Release"
default n
diff --git a/package/google/google_platform/google_platform.mk b/package/google/google_platform/google_platform.mk
index b660253..4b7923d 100644
--- a/package/google/google_platform/google_platform.mk
+++ b/package/google/google_platform/google_platform.mk
@@ -143,6 +143,10 @@
BUILD_LEDPATTERN=y
endif
+ifeq ($(BR2_PACKAGE_GOOGLE_PLATFORM_SYSLOG),y)
+BUILD_SYSLOG=y
+endif
+
ifneq ($(BR2_PACKAGE_GOOGLE_FIBER_JACK),y)
# fiber jack kernel is too old for the new-style loguploader for now
BUILD_LOGUPLOAD=y
@@ -277,6 +281,11 @@
$(INSTALL) -m 0755 -D -T package/google/google_platform/gfiber_public.der/$(PUB_KEY) $(TARGET_DIR)/etc/gfiber_public.der
$(if $(BR2_PACKAGE_GOOGLE_TV_BOX),mkdir -p -m 0755 $(TARGET_DIR)/usr/sv/)
$(if $(BR2_PACKAGE_GOOGLE_TV_BOX),$(INSTALL) -m 0555 -D package/google/google_platform/*.ts $(TARGET_DIR)/usr/sv/)
+ $(INSTALL) -m 0644 -D package/google/google_platform/syslog.conf $(TARGET_DIR)/etc/
+
+ # Avahi service files
+ $(INSTALL) -m 0644 -D package/google/google_platform/services/isoping.service $(TARGET_DIR)/etc/avahi/services
+ $(if $(BUILD_SYSLOG),$(INSTALL) -m 0644 -D package/google/google_platform/services/syslog.service $(TARGET_DIR)/etc/avahi/services)
# registercheck
#TODO(apenwarr): do we actually need this for anything?
diff --git a/package/google/google_platform/rc/syslog/dependencies b/package/google/google_platform/rc/syslog/dependencies
new file mode 100644
index 0000000..f977fbb
--- /dev/null
+++ b/package/google/google_platform/rc/syslog/dependencies
@@ -0,0 +1 @@
+firewall
diff --git a/package/google/google_platform/rc/syslog/run b/package/google/google_platform/rc/syslog/run
new file mode 100755
index 0000000..4acc747
--- /dev/null
+++ b/package/google/google_platform/rc/syslog/run
@@ -0,0 +1,5 @@
+#!/usr/bin/execlineb
+fdmove -c 2 1
+if { runnable syslogd }
+# run with CAP_NET_BIND_SERVICE
+minijail0 -u syslog -g syslog -c 0x400 /bin/syslogd -l 0.0.0.0:514
diff --git a/package/google/google_platform/rc/syslog/type b/package/google/google_platform/rc/syslog/type
new file mode 100644
index 0000000..5883cff
--- /dev/null
+++ b/package/google/google_platform/rc/syslog/type
@@ -0,0 +1 @@
+longrun
diff --git a/package/google/google_platform/services/isoping.service b/package/google/google_platform/services/isoping.service
new file mode 100644
index 0000000..6a6618d
--- /dev/null
+++ b/package/google/google_platform/services/isoping.service
@@ -0,0 +1,9 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
+<service-group>
+ <name replace-wildcards="yes">isoping on %h</name>
+ <service>
+ <type>_isoping._udp</type>
+ <port>4948</port>
+ </service>
+</service-group>
diff --git a/package/google/google_platform/services/syslog.service b/package/google/google_platform/services/syslog.service
new file mode 100644
index 0000000..172abc6
--- /dev/null
+++ b/package/google/google_platform/services/syslog.service
@@ -0,0 +1,9 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
+<service-group>
+ <name replace-wildcards="yes">syslog on %h</name>
+ <service>
+ <type>_syslog._udp</type>
+ <port>514</port>
+ </service>
+</service-group>
diff --git a/package/google/google_platform/syslog.conf b/package/google/google_platform/syslog.conf
new file mode 100644
index 0000000..8d98f9d
--- /dev/null
+++ b/package/google/google_platform/syslog.conf
@@ -0,0 +1 @@
+.*
diff --git a/package/mv_app/xml_params/i2c_xml_cfg_file.xml b/package/mv_app/xml_params/i2c_xml_cfg_file.xml
index b41c999..3512bfa 100644
--- a/package/mv_app/xml_params/i2c_xml_cfg_file.xml
+++ b/package/mv_app/xml_params/i2c_xml_cfg_file.xml
@@ -2,6 +2,6 @@
<cnfg>
<I2C_CONFIG>
<!-- Whether the transceiver can use i2c block read or character read 0-automatic, 1-read byte, 2-read block -->
- <i2c_xvr_read_mode>0</i2c_xvr_read_mode>
+ <i2c_xvr_read_mode>2</i2c_xvr_read_mode>
</I2C_CONFIG>
</cnfg>
diff --git a/package/simpleramfs/simpleramfs.mk b/package/simpleramfs/simpleramfs.mk
index 154b965..3049a1e 100644
--- a/package/simpleramfs/simpleramfs.mk
+++ b/package/simpleramfs/simpleramfs.mk
@@ -104,7 +104,6 @@
$(@D)/fs/bin/
# driver firmware and modules
- ln -f fs/skeleton/sbin/hotplug $(@D)/fs/sbin/
ln -f fs/skeleton/etc/utils.sh $(@D)/fs/etc/
if [ "$(BR2_PACKAGE_MINDSPEED_DRIVERS)" = "y" ]; then \
mkdir -p $(@D)/fs/lib/modules $(@D)/fs/lib/firmware && \
diff --git a/toolchain/golang_bootstrap/golang_bootstrap.mk b/toolchain/golang_bootstrap/golang_bootstrap.mk
index d29a22f..d2e2b30 100644
--- a/toolchain/golang_bootstrap/golang_bootstrap.mk
+++ b/toolchain/golang_bootstrap/golang_bootstrap.mk
@@ -25,6 +25,8 @@
define HOST_GOLANG_BOOTSTRAP_BUILD_CMDS
export PATH=$(TARGET_PATH) ; \
cd "$(@D)/src" && \
+ GOBIN= \
+ GOEXE= \
GOPATH= \
GOROOT= \
GOROOT_FINAL="$(GOLANG_BOOTSTRAP_GOROOT)" \
