Re: OpenWrt 21.02 and 19.07 minor release

[Hauke Mehrtens]

On 2/10/22 16:12, Seo Suchan wrote:

looks like those dnsmasq exploits aren't real

bugs never looked by human (no commit related by it), but bots confirmed 
that thoses look fixed by commit 011f8cf1d011ade2f9e7231fca3cabfb1e8eaf06


https://oss-fuzz.com/revisions?job=afl_asan_dnsmasq=202112300601:202201020605 
 



when I read that commit it looks like 2.86 had bug that faild to build 
on gcc 4.8 and it caused fuzzer to get immediately crash, producing 
bunch of 'exploits'


Thanks for that information. Do you know about some official statement 
about this?


I fixed some other problems in OpenWrt 21.02:
* Linux: update to latests minor version
* hostapd: backport the patches
* wolfssl: update to recent version
* tcpdump: backport a patch
* mbedtls: update to new LTS version
* glibc: Update to latest minor version

Hauke

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [RFC] ApkWrt

[Daniel Golle]

On Sat, Feb 12, 2022 at 10:32:09PM +0100, Enrico Mioso wrote:
> Hello!
> thanks for your interesting work!
> 
> Out of curiosity - did you use extroot or some other mean to run the Alpine 
> Linux Container?

APK3 has the ability to manage different storage layers, one of them
being the normal rootfs. We use that just like we used opkg before.


For containers, we may use special packages which will be installed
into another storage layer (using 'uvol').
Then uxc (a minimalist OCI run-time based on OpenWrt's procd-ujail)
can be used to setup the container environment.

The idea is that in future we will have a binary repository which will
contain container packages, such as base-installations of popular
Linux distributions (I've packaged Alpine and Debian for now) or
complete exports of existing containerzied services (such as PiHole
or Jellyfin).
As a result, users should be able to manage containers just like they
would install/update/remove regular packages using the package
manager.

Ie.
apk add jellyfin
should create a storage volume and write the rootfs of the container
there (as well as OCI run-time config.json) and register the
container with uxc.

If selected to launch automatically when the system is started, uxc
will launch the container automatically once the storage volume becomes
available during boot up.

I hope this makes it a bit more clear.



> 
> Thanks!
> Enrico
> 
> 
> On Sat, 12 Feb 2022, Paul Spooren wrote:
> 
> > Date: Sat, 12 Feb 2022 14:16:05
> > From: Paul Spooren 
> > To: openwrt-devel 
> > Cc: Ariadne Conill ,
> > Daniel Golle , Timo Teras ,
> > John Crispin 
> > Subject: [RFC] ApkWrt
> > 
> > Hi all,
> > 
> > For the last year or so[1] I’ve been working on replacing the package 
> > manager OPKG with APK (Alpine Package Keeper)[2]. Different from our OPKG 
> > fork is APK an actively developed project. OPKG is replaced entirely, both 
> > on device as well as the build system.
> > 
> > Using some CI I started to build all available snapshot firmware images and 
> > published them for others to test[3]. Some targets fail to build but I’m 
> > working on it. Please feel free to give it a try and provide feedback!
> > 
> > At this point only the base system is compiled without the community feeds, 
> > the installation of remote packages already works (e.g. `apk add tc-full`). 
> > Other commands like `apk audit` allow system integrity checks and more.
> > 
> > The SDK already works to create `.apk` packages, the ImageBuilder requires 
> > a bit more work. Overall APK still depends on OpenSSL and libfetch, after 
> > getting the base up and running I’ll start to look into replacing those 
> > with more lightweight alternatives like WolfSSL and uclient-fetch.
> > 
> > Within the next month I hope to create documentation in collaboration with 
> > Daniel to explain how APK, uvol and uxc can work together. Essentially it 
> > allows to install containers on OpenWrt devices. Just a few days ago we ran 
> > Alpine Linux within a container on a Belkin RT3200, simply installed from 
> > an `alpine.apk` package, the same works for Debian containers. In future 
> > this could allow to run arbitrary container setups on routers.
> > 
> > This work required a bunch of help, so thanks to John, Timo, Ariadne and 
> > Daniel!
> > 
> > Best,
> > Paul
> > 
> > [1]: https://github.com/openwrt/openwrt/pull/4294
> > [2]: https://gitlab.alpinelinux.org/alpine/apk-tools
> > [3]: https://downloads.asu.aparcar.org/apkwrt/targets/
> > 
> > 
> > ___
> > openwrt-devel mailing list
> > openwrt-devel@lists.openwrt.org
> > https://lists.openwrt.org/mailman/listinfo/openwrt-devel

> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [RFC] ApkWrt

[Enrico Mioso]

Hello!
thanks for your interesting work!

Out of curiosity - did you use extroot or some other mean to run the Alpine 
Linux Container?

Thanks!
Enrico


On Sat, 12 Feb 2022, Paul Spooren wrote:


Date: Sat, 12 Feb 2022 14:16:05
From: Paul Spooren 
To: openwrt-devel 
Cc: Ariadne Conill ,
Daniel Golle , Timo Teras ,
John Crispin 
Subject: [RFC] ApkWrt

Hi all,

For the last year or so[1] I’ve been working on replacing the package manager 
OPKG with APK (Alpine Package Keeper)[2]. Different from our OPKG fork is APK 
an actively developed project. OPKG is replaced entirely, both on device as 
well as the build system.

Using some CI I started to build all available snapshot firmware images and 
published them for others to test[3]. Some targets fail to build but I’m 
working on it. Please feel free to give it a try and provide feedback!

At this point only the base system is compiled without the community feeds, the 
installation of remote packages already works (e.g. `apk add tc-full`). Other 
commands like `apk audit` allow system integrity checks and more.

The SDK already works to create `.apk` packages, the ImageBuilder requires a 
bit more work. Overall APK still depends on OpenSSL and libfetch, after getting 
the base up and running I’ll start to look into replacing those with more 
lightweight alternatives like WolfSSL and uclient-fetch.

Within the next month I hope to create documentation in collaboration with 
Daniel to explain how APK, uvol and uxc can work together. Essentially it 
allows to install containers on OpenWrt devices. Just a few days ago we ran 
Alpine Linux within a container on a Belkin RT3200, simply installed from an 
`alpine.apk` package, the same works for Debian containers. In future this 
could allow to run arbitrary container setups on routers.

This work required a bunch of help, so thanks to John, Timo, Ariadne and Daniel!

Best,
Paul

[1]: https://github.com/openwrt/openwrt/pull/4294
[2]: https://gitlab.alpinelinux.org/alpine/apk-tools
[3]: https://downloads.asu.aparcar.org/apkwrt/targets/


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [RFC] ApkWrt

[Ariadne Conill]

Hi,

On Sat, 12 Feb 2022, Paul Spooren wrote:


Hi all,

For the last year or so[1] I’ve been working on replacing the package manager 
OPKG with APK (Alpine Package Keeper)[2]. Different from our OPKG fork is APK 
an actively developed project. OPKG is replaced entirely, both on device as 
well as the build system.


One thing that excites me about this is that, while it's not yet possible, 
it will eventually be possible to use any APK ecosystem build tool 
(through the magic of `apk mkpkg`) to build packages which targets 
OpenWrt (as long as the build recipe is aware of OpenWrt, of course).


So, this means that a project could have a CI pipeline which generates 
packages for Alpine (e.g. for server roles), and also for OpenWrt (e.g. 
for embedded).  This will unlock a lot of new possibilities for OpenWrt 
outside the traditional "router" space I think.



Using some CI I started to build all available snapshot firmware images and 
published them for others to test[3]. Some targets fail to build but I’m 
working on it. Please feel free to give it a try and provide feedback!

At this point only the base system is compiled without the community feeds, the 
installation of remote packages already works (e.g. `apk add tc-full`). Other 
commands like `apk audit` allow system integrity checks and more.

The SDK already works to create `.apk` packages, the ImageBuilder requires a 
bit more work. Overall APK still depends on OpenSSL and libfetch, after getting 
the base up and running I’ll start to look into replacing those with more 
lightweight alternatives like WolfSSL and uclient-fetch.


I should actually have patches for this next week, just need to finish up 
the packaging for Alpine first.  Alpine is not particularly attached to 
OpenSSL.



Within the next month I hope to create documentation in collaboration with 
Daniel to explain how APK, uvol and uxc can work together. Essentially it 
allows to install containers on OpenWrt devices. Just a few days ago we ran 
Alpine Linux within a container on a Belkin RT3200, simply installed from an 
`alpine.apk` package, the same works for Debian containers. In future this 
could allow to run arbitrary container setups on routers.


Interestingly, I have been proposing a similar idea in the OCI world, to 
use ADB (the underlying APKv3 structured data + filesystem image format) 
as a way to represent container layers.  So, I am very curious to see what 
you all have come up with on the OpenWrt side.


Ariadne___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [RFC] ApkWrt

[Daniel Golle]

On Sat, Feb 12, 2022 at 02:28:40PM +, Lucas Ramage wrote:
> This is incredible work Paul!
> 
> If I were running Alpine, would I be able to install an OpenWrt repository in 
> /etc/apk/repositories and install OpenWrt packages?

At this point Alpine is still using APK version 2.2 while Paul's ApkWrt
is already using the upcoming APK 3.0 (which comes with a new index and
database format).
Once Alpine Linux will have switched to APK 3.0, packages from OpenWrt
should work on Alpine in most cases. It's a bit like installing
packages from Ubuntu on Debian. In most cases it just works.

> 
> Would I be able to copy my APKBUILDS over from Alpine's aports repository and 
> easily port them over to OpenWrt?

No, as OpenWrt is not using APKBUILD but rather we kept our
build and packaging system as-is and just use that to generate APK
packages instead of opkg's IPK.

> 
> I look forward to reading the documentation.
> 
> Regards,
> 
> On February 12, 2022 1:16:05 PM UTC, Paul Spooren  wrote:
> >Hi all,
> >
> >For the last year or so[1] I’ve been working on replacing the package 
> >manager OPKG with APK (Alpine Package Keeper)[2]. Different from our OPKG 
> >fork is APK an actively developed project. OPKG is replaced entirely, both 
> >on device as well as the build system.
> >
> >Using some CI I started to build all available snapshot firmware images and 
> >published them for others to test[3]. Some targets fail to build but I’m 
> >working on it. Please feel free to give it a try and provide feedback!
> >
> >At this point only the base system is compiled without the community feeds, 
> >the installation of remote packages already works (e.g. `apk add tc-full`). 
> >Other commands like `apk audit` allow system integrity checks and more.
> >
> >The SDK already works to create `.apk` packages, the ImageBuilder requires a 
> >bit more work. Overall APK still depends on OpenSSL and libfetch, after 
> >getting the base up and running I’ll start to look into replacing those with 
> >more lightweight alternatives like WolfSSL and uclient-fetch.
> >
> >Within the next month I hope to create documentation in collaboration with 
> >Daniel to explain how APK, uvol and uxc can work together. Essentially it 
> >allows to install containers on OpenWrt devices. Just a few days ago we ran 
> >Alpine Linux within a container on a Belkin RT3200, simply installed from an 
> >`alpine.apk` package, the same works for Debian containers. In future this 
> >could allow to run arbitrary container setups on routers.
> >
> >This work required a bunch of help, so thanks to John, Timo, Ariadne and 
> >Daniel!
> >
> >Best,
> >Paul
> >
> >[1]: https://github.com/openwrt/openwrt/pull/4294
> >[2]: https://gitlab.alpinelinux.org/alpine/apk-tools
> >[3]: https://downloads.asu.aparcar.org/apkwrt/targets/
> >
> >
> >___
> >openwrt-devel mailing list
> >openwrt-devel@lists.openwrt.org
> >https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> 
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [RFC] ApkWrt

[Lucas Ramage]

This is incredible work Paul!

If I were running Alpine, would I be able to install an OpenWrt repository in 
/etc/apk/repositories and install OpenWrt packages?

Would I be able to copy my APKBUILDS over from Alpine's aports repository and 
easily port them over to OpenWrt?

I look forward to reading the documentation.

Regards,

On February 12, 2022 1:16:05 PM UTC, Paul Spooren  wrote:
>Hi all,
>
>For the last year or so[1] I’ve been working on replacing the package manager 
>OPKG with APK (Alpine Package Keeper)[2]. Different from our OPKG fork is APK 
>an actively developed project. OPKG is replaced entirely, both on device as 
>well as the build system.
>
>Using some CI I started to build all available snapshot firmware images and 
>published them for others to test[3]. Some targets fail to build but I’m 
>working on it. Please feel free to give it a try and provide feedback!
>
>At this point only the base system is compiled without the community feeds, 
>the installation of remote packages already works (e.g. `apk add tc-full`). 
>Other commands like `apk audit` allow system integrity checks and more.
>
>The SDK already works to create `.apk` packages, the ImageBuilder requires a 
>bit more work. Overall APK still depends on OpenSSL and libfetch, after 
>getting the base up and running I’ll start to look into replacing those with 
>more lightweight alternatives like WolfSSL and uclient-fetch.
>
>Within the next month I hope to create documentation in collaboration with 
>Daniel to explain how APK, uvol and uxc can work together. Essentially it 
>allows to install containers on OpenWrt devices. Just a few days ago we ran 
>Alpine Linux within a container on a Belkin RT3200, simply installed from an 
>`alpine.apk` package, the same works for Debian containers. In future this 
>could allow to run arbitrary container setups on routers.
>
>This work required a bunch of help, so thanks to John, Timo, Ariadne and 
>Daniel!
>
>Best,
>Paul
>
>[1]: https://github.com/openwrt/openwrt/pull/4294
>[2]: https://gitlab.alpinelinux.org/alpine/apk-tools
>[3]: https://downloads.asu.aparcar.org/apkwrt/targets/
>
>
>___
>openwrt-devel mailing list
>openwrt-devel@lists.openwrt.org
>https://lists.openwrt.org/mailman/listinfo/openwrt-devel

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[RFC] ApkWrt

[Paul Spooren]

Hi all,

For the last year or so[1] I’ve been working on replacing the package manager 
OPKG with APK (Alpine Package Keeper)[2]. Different from our OPKG fork is APK 
an actively developed project. OPKG is replaced entirely, both on device as 
well as the build system.

Using some CI I started to build all available snapshot firmware images and 
published them for others to test[3]. Some targets fail to build but I’m 
working on it. Please feel free to give it a try and provide feedback!

At this point only the base system is compiled without the community feeds, the 
installation of remote packages already works (e.g. `apk add tc-full`). Other 
commands like `apk audit` allow system integrity checks and more.

The SDK already works to create `.apk` packages, the ImageBuilder requires a 
bit more work. Overall APK still depends on OpenSSL and libfetch, after getting 
the base up and running I’ll start to look into replacing those with more 
lightweight alternatives like WolfSSL and uclient-fetch.

Within the next month I hope to create documentation in collaboration with 
Daniel to explain how APK, uvol and uxc can work together. Essentially it 
allows to install containers on OpenWrt devices. Just a few days ago we ran 
Alpine Linux within a container on a Belkin RT3200, simply installed from an 
`alpine.apk` package, the same works for Debian containers. In future this 
could allow to run arbitrary container setups on routers.

This work required a bunch of help, so thanks to John, Timo, Ariadne and Daniel!

Best,
Paul

[1]: https://github.com/openwrt/openwrt/pull/4294
[2]: https://gitlab.alpinelinux.org/alpine/apk-tools
[3]: https://downloads.asu.aparcar.org/apkwrt/targets/


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel