<grift>
sed creates the new /etc/group with a random suffix and then the file gets renamed
<grift>
i know that sed allows you to specify a suffix
<grift>
so i would like to see where in the code i would need to change this so that sed creates these new /etc/group,passwd,shadow files with a predictable suffix
linzst has joined #openwrt-devel
<dorf>
speaking of privoxy, it's probably better swapped out for tinyproxy with a luci UI.
<dorf>
privoxy is bloatware that's mostly ineffective these days, given it doesn't process https.
<mangix>
grift: that package badly needs modernization. i don't care for it.
<dorf>
mangix: tinyproxy!
<dorf>
eminently suited to openwrt.
dedeckeh has joined #openwrt-devel
<grift>
ok i will look into tinyproxy but i would still like to figure out where those sed calls are to re-create updates /etc/group
<grift>
every time i install a package that requires a new groupid/userid that function messes up the label of /etc/group/passwd and then stuff can not read those files
SpaceRat has quit [Read error: Connection reset by peer]
SpaceRat^ is now known as SpaceRat
<dorf>
let's have a look at that, grift.
<dorf>
it's probably in case the user's not running as root, no?
<dorf>
or maybe it's just lax for another reason.
<dorf>
in any event, tinyproxy is screaming out for a luci-app :)
<dorf>
also, nevermind re 666. I just realized I'm looking at openwrt's repo. no idea why it's 666.
<grift>
well yes i think its running as user nobody? so that looks like corner cutting to allow nobody to write to /var/log/tinyproxy.log
<grift>
but collatoral damage is that others can write as well i guess
<grift>
anyway i am also looking into it further
<dorf>
sure, user nobody privs, that's it.
<grift>
instead probably better to chown
<dorf>
sure
<grift>
root.nobody 0760 or something
<grift>
or nogroup whatever
<grift>
using nobody.nogroup might not be optimal either though
<grift>
too generic
<dorf>
it's a log, why not just chown it to root?
<grift>
but i am wrapping this up with selinux confinement
<grift>
well then if tinyproxy runs as nobody it cant write it?
<dorf>
except for the fact nobody couldn't write to it, yeah.
<grift>
or "append" technically
<grift>
question is why not use syslog?
<grift>
as a logfile might fill up the tmpfs
<dorf>
pretty much everything else runs as root, though. not sure if tinyproxy merits the nobody treatment. it might, but then so does a bunch of other stuff.
<grift>
those days are gone
<grift>
many services run with unpriv identities these day's
<dorf>
if you're going to use syslog, make sure you run the logs at warn or error level, perhaps. otherwise it gets noisy in there.
dedeckeh has quit [Quit: Ping timeout (120 seconds)]
<grift>
i dont mind a bit of noise besides you can just run logread with -Z 9
<dorf>
at around 4 or 5 lines per connection, you'll soon mind :)
<grift>
the wireguard cronjob also floods the logs
<grift>
the issue with the nobody.nogroup idea is that its insecure if more than one service uses it
<grift>
so ideally we'd have a tinyproxy uid
<grift>
and then chown the log root.tinyproxy 0760
<grift>
uig/gid
<dorf>
yeah, that makes more sense. upstream tinyproxy does that.
Tapper has joined #openwrt-devel
grift has quit [Ping timeout: 240 seconds]
grift has joined #openwrt-devel
woodst0ck has joined #openwrt-devel
<f00b4r0>
lynxis: ping
<lynxis>
f00b4r0: pong
<f00b4r0>
lynxis: why did you pull #2417? It's not functional and uses the awful u-boot based intermediary loader?
<f00b4r0>
lynxis: I see in your tree you've expunged. The problem is that the code you pulled doesn't use the recent bells and whistles for mikrotik, namely the platform driver
<f00b4r0>
the partition scheme is wrong btw
<f00b4r0>
partition0@0 starts at reg 0x80000
<f00b4r0>
that PR wasn't ready for merge IMHO
<f00b4r0>
I'm pretty sure robimarko wanted to revisit it.
<f00b4r0>
led naming is also not matching the current style
<f00b4r0>
and the commit message still lmentions the extra loader. Honestly I'd suggest you throw that back and maybe give robi a chance to polish it?
<lynxis>
f00b4r0: I wasn't sure why robertmarko closed the PR. but some people of the openwrt community are using a couple of those devices. I would like to push the 60ghz stuff. I also have 5 of the 60ghz devices around.
<f00b4r0>
https://git.openwrt.org/?p=openwrt/staging/lynxis.git;a=commitdiff;h=0cf4ce8cc4b31e4d6bce40d357c2d70c8a673f1c#patch3 this is also wrong
KGB-0 has joined #openwrt-devel
<lynxis>
f00b4r0: sure there are still things to be moved and fixed up there.
<f00b4r0>
lynxis: my understanding is he closed it to focus on hap-ac2, and planned to revisit once that was merged. Likewise for the sxtac
<lynxis>
f00b4r0: do you know why there is mtd erase at all?
<f00b4r0>
yes I do
<f00b4r0>
:)
<f00b4r0>
the mtd erase is called during sysupgrade when the device is booted from initramfs to clear the flash from extraneous kernel signatures
<f00b4r0>
otherwise the bootloader might pick up a spurious signature from RouterOS and that will result in a brick.
<lynxis>
the bootloader is scanning the whole partition for signatures?
<f00b4r0>
please revert this from your tree, it's a collection of "don't do" for this target
<f00b4r0>
yes
<f00b4r0>
apparently uses "last match"
micmac1 has joined #openwrt-devel
micmac1 has quit [Client Quit]
<f00b4r0>
i really wouldn't want to 1) have to submit patches to fix afterwards and 2) have people copy-pasting this to submit other devices. The canonical working example is the hap-ac2 and we tried to ask other submitters to follow it (rogerpueo did for the sxtac)
<f00b4r0>
even the device name in DTS and makefile doesn't follow the semi-official pattern ;P
dedeckeh has joined #openwrt-devel
grift has quit [Quit: Bye]
grift has joined #openwrt-devel
<lynxis>
f00b4r0: let's get the hap to upstream first.
<f00b4r0>
lynxis: sure. Please just don't push the current lhg60 to master as it is.