From patchwork Mon Feb 26 14:14:13 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?b?UmFmYcWCIE1pxYJlY2tp?= <zajec5@gmail.com>
X-Patchwork-Id: 1904393
X-Patchwork-Delegate: zajec5@gmail.com
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=BB1CGApO;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20230601 header.b=fd1eWkwN;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org
 (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=patchwork.ozlabs.org)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:3::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4Tk2jK0MsZz23cm
	for <incoming@patchwork.ozlabs.org>; Tue, 27 Feb 2024 01:16:21 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=3yvmYM2yLybfa0tcMm88UMbR3l8hzbFgGBirilwkmEs=; b=BB1CGApObqxsmv
	WYDBBJLOU2k5GTdJvI77a2c3KbDLQYozXD6FQdmOgvKMLpRUnxluqrucBK3wJHFM6NfW98pnAOtrf
	RgBKRgNPLkV1YW3gW/zPMruhFiHH/ba89RSd9LO0F4udxTH/9LyyhjkaJVZoYsV/lIdDh7GWF6SQt
	b29oh6XTm7RgO3TRjr+f+fz87h//wOYeLUxYY4BHMYHl5QAQL0+LpMi2AfOik6SsxT+QrDnzvBK+S
	T8TRKBLqw3v3g3NHfgcV1TCcErkZOzuD2vb8ZPegvlMk5DPeM7Q++oWI23AmbsSXJN86QGXdTwFOe
	qZWvO43z9vTsz5eJ8xTA==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux))
	id 1rebkZ-000000013jq-1A3Z;
	Mon, 26 Feb 2024 14:14:35 +0000
Received: from mail-ej1-x636.google.com ([2a00:1450:4864:20::636])
	by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux))
	id 1rebkT-000000013dr-01d6
	for openwrt-devel@lists.openwrt.org;
	Mon, 26 Feb 2024 14:14:31 +0000
Received: by mail-ej1-x636.google.com with SMTP id
 a640c23a62f3a-a3f4464c48dso356937266b.3
        for <openwrt-devel@lists.openwrt.org>;
 Mon, 26 Feb 2024 06:14:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1708956866; x=1709561666;
 darn=lists.openwrt.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=TmVe2Le12JTxbRiwVXEe0th5CuzyVA6eUKmL/IoTftw=;
        b=fd1eWkwNgBoVprtd74fu4mlNYEBORdVOsru+FvWGR2o8aN7oUhVQzgnRpmdLaGwDx/
         w+9kuAkN4519xTvw+IN1ihRcja5jweXhOed5WmyETNlMzh+8Y780e+NTrt2PvMUlQ9nN
         iE9uiY2+fRCgc2aARVTVOFTR3aqvaRiKnDKKqw2E793vtAb6U4iX0HFdQ7i3aLkr+fUy
         DuxbOYFFRBi2LxD5T/giX+tiiexrX3cd9Hse/t4bRSCFAySfQXfWfgYRWIE97YC2Jrt3
         YWQ6MM57WBA/aZTWlqIuYdvK1tHZyzXqmp5ioDo77O7LOEIs7sB8c+036gBMmCSESVjJ
         H5mw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1708956866; x=1709561666;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=TmVe2Le12JTxbRiwVXEe0th5CuzyVA6eUKmL/IoTftw=;
        b=OagyYYjSx2/Uo0g3fXJXG3plipa39KFLTCRCNpcKzJW4j8qzXywQZGzCGWURtTQp4M
         raH9y2MBN9wrIYWEx9nM2PYaVvV9WqorH5OpK4RrRyHugjzUBO4Z2fQH9vCpnfnf9d5h
         3c6BTgSVDyquXCD0DCPH77Prav7RQ5Tga+fUqLMHxpPSvAUSWZ9gKK+7fUEfVwnnx8Oi
         kTUfDutucNIevoOY1rtXQzmSuHinxfhtSaHYt82GLsIP2msXeRrd4UjiXH8tFkW1WMH+
         zt2fc6pLClG9HZnsoyYmbzd1SL1GcOpAHfm2j3bN0gDeZR3rz4b44FrC7sB/2WhXawiX
         or1w==
X-Gm-Message-State: AOJu0YyvNU8BB/KUHvGKR+V3KufXJLs9+nZyG7Kl8frq2x9biIfvlruc
	ZRsMpm32lyTNuw1HnKT6sIB00C/waIWD2N4Xkk1TNdqIabZeWbBbXxjBwusC
X-Google-Smtp-Source: 
 AGHT+IFkHV01GjS/YqN2ztYWXd+GlV4ak+MaBTdMpiYEe2Y2bQ2bAXUIqDTf0CiEhcvSTF+GbRAR/A==
X-Received: by 2002:a17:906:4f01:b0:a43:1201:6282 with SMTP id
 t1-20020a1709064f0100b00a4312016282mr3381797eju.26.1708956866202;
        Mon, 26 Feb 2024 06:14:26 -0800 (PST)
Received: from localhost.lan (031011218106.poznan.vectranet.pl.
 [31.11.218.106])
        by smtp.gmail.com with ESMTPSA id
 k24-20020a17090666d800b00a3d00616e1fsm2471082ejp.193.2024.02.26.06.14.25
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 26 Feb 2024 06:14:25 -0800 (PST)
From: =?utf-8?b?UmFmYcWCIE1pxYJlY2tp?= <zajec5@gmail.com>
To: openwrt-devel@lists.openwrt.org
Cc: =?utf-8?b?UmFmYcWCIE1pxYJlY2tp?= <rafal@milecki.pl>,
 Christian Marangi <ansuelsmth@gmail.com>, Jo-Philipp Wich <jo@mein.io>,
 Jonas Gorski <jonas.gorski@gmail.com>
Subject: [PATCH 3/3] base-files: sysupgrade: add uci-defaults script disabling
 services #2
Date: Mon, 26 Feb 2024 15:14:13 +0100
Message-Id: <20240226141413.5570-3-zajec5@gmail.com>
X-Mailer: git-send-email 2.35.3
In-Reply-To: <20240226141413.5570-1-zajec5@gmail.com>
References: <20240226141413.5570-1-zajec5@gmail.com>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20240226_061429_238066_29911C38 
X-CRM114-Status: UNSURE (   9.30  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: 0.0 (/)
X-Spam-Report: =?unknown-8bit?q?Spam_detection_software=2C_running_on_the_sy?=
	=?unknown-8bit?q?stem_=22bombadil=2Einfradead=2Eorg=22=2C?=
	=?unknown-8bit?q?_has_NOT_identified_this_incoming_email_as_spam=2E__The_ori?=
	=?unknown-8bit?q?ginal?=
	=?unknown-8bit?q?_message_has_been_attached_to_this_so_you_can_view_it_or_la?=
	=?unknown-8bit?q?bel?=
	=?unknown-8bit?q?_similar_future_email=2E__If_you_have_any_questions=2C_see?=
	=?unknown-8bit?q?_the_administrator_of_that_system_for_details=2E?=
	=?unknown-8bit?q?_?=
	=?unknown-8bit?q?_Content_preview=3A__From=3A_Rafa=C5=82_Mi=C5=82ecki_Disabl?=
	=?unknown-8bit?q?ed_services_should_be_kept_disabled?=
	=?unknown-8bit?q?_after_sysupgrade=2E_This_can_be_easily_handled_using_a_pro?=
	=?unknown-8bit?q?per_uci-defaults?=
	=?unknown-8bit?q?_script=2E_Extend_sysupgrade_to_check_for_disabled_services?=
	=?unknown-8bit?q?=2C_generate_uci-defaults?=
	=?unknown-8bit?q?_script_disabling_them_and_include_it_in_backup=2E_?=
	=?unknown-8bit?q?_?=
	=?unknown-8bit?q?_Content_analysis_details=3A___=280=2E0_points=2C_5=2E0_req?=
	=?unknown-8bit?q?uired=29?=
	=?unknown-8bit?q?_?=
	=?unknown-8bit?q?_pts_rule_name______________description?=
	=?unknown-8bit?q?_----_----------------------_------------------------------?=
	=?unknown-8bit?q?--------------------?=
	=?unknown-8bit?q?_-0=2E0_RCVD=5FIN=5FDNSWL=5FNONE_____RBL=3A_Sender_listed_a?=
	=?unknown-8bit?q?t_https=3A//www=2Ednswl=2Eorg/=2C_no?=
	=?unknown-8bit?q?_trust?=
	=?unknown-8bit?b?IFsyYTAwOjE0NTA6NDg2NDoyMDowOjA6MDo2MzYgbGlzdGVkIGluXQ==?=
	=?unknown-8bit?b?IFtsaXN0LmRuc3dsLm9yZ10=?=
	=?unknown-8bit?q?_-0=2E0_SPF=5FPASS_______________SPF=3A_sender_matches_SPF_?=
	=?unknown-8bit?q?record?=
	=?unknown-8bit?q?_0=2E0_SPF=5FHELO=5FNONE__________SPF=3A_HELO_does_not_publ?=
	=?unknown-8bit?q?ish_an_SPF_Record?=
	=?unknown-8bit?q?_-0=2E1_DKIM=5FVALID=5FEF__________Message_has_a_valid_DKIM?=
	=?unknown-8bit?q?_or_DK_signature_from?=
	=?unknown-8bit?q?_envelope-from_domain?=
	=?unknown-8bit?q?_-0=2E1_DKIM=5FVALID=5FAU__________Message_has_a_valid_DKIM?=
	=?unknown-8bit?q?_or_DK_signature_from_author=27s?=
	=?unknown-8bit?q?_domain?=
	=?unknown-8bit?q?_0=2E1_DKIM=5FSIGNED____________Message_has_a_DKIM_or_DK_si?=
	=?unknown-8bit?q?gnature=2C_not_necessarily_valid?=
	=?unknown-8bit?q?_-0=2E1_DKIM=5FVALID_____________Message_has_at_least_one_v?=
	=?unknown-8bit?q?alid_DKIM_or_DK_signature?=
	=?unknown-8bit?q?_0=2E2_FREEMAIL=5FENVFROM=5FEND=5FDIGIT_Envelope-from_freem?=
	=?unknown-8bit?q?ail_username_ends_in?=
	=?unknown-8bit?q?_digit?=
	=?unknown-8bit?q?_=5Bzajec5=28at=29gmail=2Ecom=5D?=
	=?unknown-8bit?q?_0=2E0_FREEMAIL=5FFROM__________Sender_email_is_commonly_ab?=
	=?unknown-8bit?q?used_enduser_mail_provider?=
	=?unknown-8bit?q?_=5Bzajec5=28at=29gmail=2Ecom=5D?=
	=?unknown-8bit?q?_-0=2E0_T=5FSCC=5FBODY=5FTEXT=5FLINE___No_description_avail?=
	=?unknown-8bit?q?able=2E?=
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

From: Rafał Miłecki <rafal@milecki.pl>

Disabled services should be kept disabled after sysupgrade. This can be
easily handled using a proper uci-defaults script.

Extend sysupgrade to check for disabled services, generate uci-defaults
script disabling them and include it in backup.

Cc: Christian Marangi <ansuelsmth@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
---
 package/base-files/files/sbin/sysupgrade | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/package/base-files/files/sbin/sysupgrade b/package/base-files/files/sbin/sysupgrade
index 9d5d736aef..8c6200d7e9 100755
--- a/package/base-files/files/sbin/sysupgrade
+++ b/package/base-files/files/sbin/sysupgrade
@@ -236,6 +236,7 @@ include /lib/upgrade
 
 create_backup_archive() {
 	local conf_tar="$1"
+	local disabled
 
 	[ "$(rootfs_type)" = "tmpfs" ] && {
 		echo "Cannot save config while running from ramdisk." >&2
@@ -250,6 +251,14 @@ create_backup_archive() {
 	[ "$VERBOSE" -gt 1 ] && TAR_V="v" || TAR_V=""
 	sed -i -e 's,^/,,' "$CONFFILES"
 	{
+		for service in /etc/init.d/*; do
+			if ! $service enabled; then
+				disabled="$disabled$service disable\n"
+			fi
+		done
+		disabled="$disabled\nexit 0"
+		tar_make_member_inline "/etc/uci-defaults/10_disable_services" "$(echo -e $disabled)"
+
 		# Part of archive with installed packages info
 		if [ "$SAVE_INSTALLED_PKGS" -eq 1 ]; then
 			# Format: pkg-name<TAB>{rom,overlay,unknown}