This would mitigate issues where apk unexpectedly replaces packages
somewhat as this way the user will be able to see precisely what changes
will happen to their system before they are committed. Furthermore, most
users are likely accustomed to package managers like apt, dnf, pacman,
among others that all are interactive by default and as such this would
provide a more familiar experience for them.
This will not affected pre-existing installs, and advanced users who
do not like this behaviour can restore the old one by deleting
/etc/apk/interactive.
[ci:skip-build]: already built successfully in CI
Alpine does not use setup-udev anymore and provides the same
functionality through setup-devd. The setup-udev script was deleted [1]
but postmarketos-base still used it and caused pmbootstrap to fail when
building a device image. Use the rc-service setup directly from
setup-devd.
[1] b56c4c2b9d
Fixes error: postmarketos-base-18-r0: trying to overwrite etc/fstab owned by alpine-baselayout-data-3.2.0-r20.
caused by 9ecba8a514
[ci:skip-build] already built successfully in CI
MMS support (via mmsd-tng) involves sending/receiving network
requests/responses over the wwan interface. If it's ipv4-only and the
device is connected to some other ipv4 network on another iface (like
wifi), this can cause the rp_filter to reject responses on wwan iface
because it incorrectly thinks they are martian packets.
This does theoretically disable some "security" feature in the kernel,
but it's worth noting that:
1) rp_filter isn't implemented at all in the kernel for ipv6
2) other distros (mobian, pureos at least) are also disabling rp_filter
3) this seems to be a relatively common problem with folks using mms on
pmOS, since many carriers' data networks are ipv4-only
also see:
https://gitlab.com/kop316/mmsd/-/merge_requests/55/diffs?commit_id=b22c253fb939ff1eb949ea4e628706e6a28c851a
[ci:skip-build] already built successfully in CI
This configures bootmisc to clear /tmp on bootup. I think most folks
expect distros to do this, many even mount /tmp as tmpfs. I don't think
that's a great idea in pmOS since RAM is usually limited on many
devices. So this, clearing it on boot, seems like a reasonable compromise.
Fixes#1342
Installing postmarketos-base currently changes the file permissions
of /etc/sudoers:
# apk add sudo
# stat /etc/sudoers
Access: (0440/-r--r-----) Uid: ( 0/ root) Gid: ( 0/ root)
# apk add postmarketos-base
# stat /etc/sudoers
Access: (0044/----r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
The file mode 0044 decodes to:
- User *cannot* read
- Group can read
- Other can read
which does not make any sense. The "sudoers" man page makes it very
clear that this file should have a file mode of 0440 [1]
("readable by owner and group, writable by none").
This looks like a bad typo. However, given that only read permissions
were given out this shouldn't have major security implications
(except allowing all users to see who can use sudo).
Install the file with 0440 instead of 0044 to fix this:
# apk add postmarketos-base
# stat /etc/sudoers
Access: (0440/-r--r-----) Uid: ( 0/ root) Gid: ( 0/ root)
[1]: https://www.sudo.ws/man/1.9.8/sudoers.man.html#Error_log_entries
Allow users in group "input" to control the tm2-touchkey leds.
Additionally correcting the udev rule for disabling the tm2-touchkey leds by default.
[ci:skip-build] already built successfully in CI
The udev file "20-tm2-touchkey-leds.rules" disables the leds of
tm2-touchkey by default because they are in an unconfigured state.
The udev file "95-rt5033-battery-refresh.rules" triggers a refresh
of the rt5033-battery information within UPower 5 secs after
initialization. This avoids a wrong battery icon after boot.
The udev file "50-firmware.rules" was moved from /etc/udev/rules.d
to /lib/udev/rules.d.
Related: https://wiki.postmarketos.org/wiki/Packaging#Device_specific_quirks
This enables the firewall by default, and could be split off into a
future ui-base package so that the firewall (among other things) are
enabled only when UIs are installed.
Don't suspend the device while alsa is playing. I ran this for two days
in combination with suspend time set to 1 min on the pinephone and it
works great. Finally no suspend while VLC is playing podcasts.
CRDA in the kernel requires a regulatory database to be available
to configure the WiFi card correctly following the regulations in
each possible environment.
Add post-upgrade file with a warning, so we don't symlink it to the
post-install script.
[ci:skip-vercheck]: no need to rebuild the package
Related: build.postmarketos.org#85
Remove devmappings service. The original purpose of this service was to
ensure that /boot is mounted properly after the initramfs passed control
to OpenRC, because the initramfs used to umount /boot before that. With
/etc/fstab alone, /boot get not get mounted with subpartitions (which we
use on Android devices), if util-linux >= 2.33 was installed (MR 115).
Nowadays, we don't umount /boot in the initramfs before passing control
to OpenRC anymore (MR 1398). So this service isn't needed anymore, and
prevented the previous pmOS_inst_boot <> pmOS_boot patch from working
correctly.
This adds sleep-inhibitor as a dependency when elogind is present, and
installs a conf for it with some plugins enabled that are beneficial to
devices running pmOS. The elogind suspend hook is dropped.
This resolves issues where suspend is aborted in the hook *after*
PrepareForSleep is sent over dbus (which might cause some things to
disable radios/modems, etc for suspend).
The 'period' in the conf is in minutes, a value of 0.1 is 6 seconds,
which seems reasonable for releasing the lock when conditions for
inhibiting no longer apply, without spinning the CPU too frequently.
Do not change config files in post-install scripts anymore (with sed
commands or by other means). Instead, ship the files inside the packages
and use "replaces", so apk allows the package to overwrite files from
other packages:
https://wiki.alpinelinux.org/wiki/APKBUILD_Reference#replaces
Notes on specific files:
* /etc/elogind/logind.conf: original file only consists of commented out
compile defaults. Copy them over for now. In the future we should be
able to install our own config into a .d directory, without all the
comments: 8358fc5950
* /etc/fstab: original file only has /dev/cdrom and /dev/usbdisk
entries, which are not useful for postmarketOS:
https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/alpine-baselayout/APKBUILD
* /etc/motd: reformat the text, add link to the chat
* /etc/conf.d/syslog: original file only contained 'SYSLOGD_OPTS="-t"',
make the override file as if the sed statement from post-install was
executed
* /etc/wpa_supplicant/wpa_supplicant.conf: post-install script touches
this file. We probably added it back in 2017 in relation to enabling
D-Bus (though the PR does not mention it explicity), but at least with
the current init.d script of NetworkManager, we can simply have '-u' in
wpa_supplicant_args:
https://github.com/postmarketOS/pmbootstrap/pull/578https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/wpa_supplicant/wpa_supplicant.initd
* /etc/sudoers: base on original /etc/sudoers, but remove all the
commented out stuff except for the visudo note at the top. We could
also put a file in /etc/sudoers.d, but since the wheel line is present
in the original /etc/sudoers and only commented out, it would be kind
of unexpected to enable it in a file in /etc/sudoers.d. I prefer this
stripped down version of the file, that is easy to read.
Refactor the install code to be generic, so we only need to add the new
path in one place when adding a new file. Put the full path into the
filename to make this possible.
I've tried to mimic the final directory structure in the aport first
(e.g. $pkgdir/sbin/swapfile -> main/postmarketos-base/sbin/swapfile),
but that leads to conflicts as abuild only takes the filename for
checksums (conflict with etc/conf.d/swapfile):
https://gitlab.alpinelinux.org/alpine/abuild/-/issues/10013
We don't really need checksum verification for the files shipped in the
same directory (not downloaded), but nevertheless this is a bug. It
leads to confusing behavior and might be fixed by letting abuild demand
that there is only one source file with the same name, as I suggested in
the issue linked above. So let's avoid this altogether with the flat
file name.
Pressing power button should not power off a device. Although it is
expected on desktops and laptops, it isn't expected on phones and
tablets. Instead it should just turn off the screen or go into a deep
sleep, but that isn't handled by elogind. So let elogind just ignore the
button altogether.
Also re-order the dependencies alphabetically while we're touching the
package anyway
Only add a comment, do not try to mount the root or boot partitions
anymore. The initramfs is doing this already.
Related: https://postmarketos.org/fstab
Get rid of the "write_unless_modified" code, which was supposed to only
change /etc/fstab, /etc/issue, /etc/motd if the user did not modify it.
This is nice in theory, but we have a bug report where the code did not
do what it should (apk audit possibly failed due to a qemu bug?), and
then it lead to strange bugs related to not having the expected
/etc/fstab installed.
Fixes: #661, #258
These dependencies don't belong here.
- iw: should be installed by the user themselves when wanted
- nano: should be installed by the user themselves when wanted
- pulseaudio: should be installed by the UI meta packages that need it
instead
- pulseaudio-alsa: should automatically be installed when both
PulseAudio and alsa are installed
https://gitlab.alpinelinux.org/alpine/aports/merge_requests/4820
Comment out the initstepslew line in /etc/chrony/chrony.conf.
initstepslew can delay booting while chrony sets the time. The
makestep 1 -1 line in the configuration also causes chrony to step
the time (whenever the offset is greater than 1s), making
initstepslew redundant.
On some devices a getty should run on the serial console.
Configure the getty by setting the deviceinfo_getty variable. The
format is "<port>;<baud rate>". For example, "ttyS0;115200".
A post-installation trigger in postmarketos-base checks
/etc/deviceinfo, and modifies /etc/inittab if the device should run
a getty.
Fix wifi on htc-ace by properly setting nl80211 before wext.
/etc/conf.d/wpa_supplicant is supposed to get modified twice with the
current code in the post-install file. The first one was patched
recently to set nl80211 before wext, but that change does not work in
practice, for two reasons:
1. The code block does not even get executed, because apk reports that
/etc/conf.d/wpa_supplicant was already modified (by a package that
was installed before, in its post-install script? I could not find
out which one does that though).
2. Even if it worked, the second code block would revert the change and
put wext before nl80211 again.
Fix this by removing the first code block, and changing the order in the
second one. Make it easier to catch such errors in the future, by
printing, which files get modified, or get skipped. Set "#!/bin/sh -e",
so the script can not fail silently.
When doing pmbootstrap -y zap and then pmbootstrap install, the output
looks like this:
(141/151) Installing postmarketos-base (3-r26)
Executing postmarketos-base-3-r26.post-install
- Modifying: /etc/fstab
- Modifying: /etc/issue
- Modifying: /etc/motd
- Modifying: /etc/conf.d/syslog
- Modifying: /etc/conf.d/wpa_supplicant
- Modifying: /etc/sudoers
- Modifying: /etc/chrony/chrony.conf
