Discussion:
[OpenWrt-Devel] How to keep disabled services disabled after sysupgrade
Stefan Tomanek
2015-06-18 11:28:54 UTC
Permalink
Whenever I update my OpenWrt system using sysupgrade, unwanted services
pop up; I am using one of my devices as a simple AP, so it must not start
dnsmasq, odhcpd or the firewall service. Running sysupgrade however reinstates
the links in /etc/rc.d/ removed by '/etc/init.d/foo disable'.

I was thinking about an elegant way to change this behaviour and would like to
request some feedback.

1) do not remove the link, but change it

I tried patching rc.common to change the service link in /etc/rc.d/ to a new
script /etc/init.d/DISABLED that just forwards any call to the real script - except
the start instruction which is disabled.

For example: After running '/etc/init.d/dnsmasq disable', /etc/rc.d/S60dnsmasq
will still be present, but point toward ../init.d/DISABLED which defies service
startup.

While this all works, it doesn't help for sysupgrade purposes: the links in
/etc/rc.d/ are replaced during a sysupgrade.

2) add some flag file for disabled services

I also thought about adding a flagfile like /etc/disable/dnsmasq that get's checked
in /etc/rc.common before running the start command; this however would prevent the
manual startup of a service that is still possible with option 1).

Can anyone supply any different ideas or provide some feedback?
Hannu Nyman
2015-06-18 11:44:23 UTC
Permalink
I first looked into this 4 years ago and finally figured it out 2 years ago ;-)
https://forum.openwrt.org/viewtopic.php?pid=189700#p189700

There is no built-in way to keep those services installed but disabled.
But there is a go-around that is used e.g. by luci-app-miniupnpd for miniupnpd:
https://github.com/openwrt/luci/blob/master/applications/luci-app-upnp/root/etc/uci-defaults/luci-upnp

Create an uci-defaults script in /etc/uci-defaults and disable the unwanted
services there.
Include that script as a custom file in the firmware flash, in
<buildroot>/files/etc/uci-defaults

uci-defaults scripts are run early in the first boot after flash, so the
script will disable the services early.
Normally uci-defaults scripts are deleted after a succesful run, but by
setting a non-zero return value you can preserve the scripts even for further
boots to maintain the disabling behaviour even if the user enables the
service and reboots.

uci-defaults scripts are difficult to see in a live system as the directory
/etc/uci-defaults is empty, but you can find the scripts in
/rom/etc/uci-defaults:
***@OpenWrt:~# ls /etc/uci-defaults/
***@OpenWrt:~# ls /rom/etc/uci-defaults/
00_uhttpd_ubus 10-fstab luci-ddns
01_leds 10_migrate-shadow luci-sqm
...

Docs at: http://wiki.openwrt.org/doc/uci#defaults
Post by Stefan Tomanek
Can anyone supply any different ideas or provide some feedback?
Bastian Bittorf
2015-06-18 15:06:23 UTC
Permalink
Post by Stefan Tomanek
Can anyone supply any different ideas or provide some feedback?
maybe: disabled services are stored during sysupgrade in
e.g. /lib/upgrade/keep.d/services_disabled

and this file will be read line by line during firstboot/uci-defaults
(and services diabled again) and the file is then deleted.

bye, bastian
Stefan Tomanek
2015-06-18 15:17:41 UTC
Permalink
Post by Bastian Bittorf
Post by Stefan Tomanek
Can anyone supply any different ideas or provide some feedback?
maybe: disabled services are stored during sysupgrade in
e.g. /lib/upgrade/keep.d/services_disabled
and this file will be read line by line during firstboot/uci-defaults
(and services diabled again) and the file is then deleted.
Yes, I was thinking in that direction as well - however, /lib/upgrade/keep.d/
seems to contain file locations that should be kept during an upgrade; is there
a safe place where temporary data can be stashed during a sysupgrade? I'd like
to save the list of installed packages as well, since remembering what packages
were installed is often a kind of PITA.
At the moment, I am using these commands, but I'd like to see something like that
integrated into sysupgrade as well:

opkg list_installed > /etc/installed_packages
sysupgrade -c ......

opkg update
opkg install $(awk '{print $1}' /etc/installed_packages}
Etienne Champetier
2015-06-18 15:51:21 UTC
Permalink
Hi guys,

Le 18 juin 2015 17:18, "Stefan Tomanek" <
Post by Stefan Tomanek
Post by Bastian Bittorf
Post by Stefan Tomanek
Can anyone supply any different ideas or provide some feedback?
maybe: disabled services are stored during sysupgrade in
e.g. /lib/upgrade/keep.d/services_disabled
and this file will be read line by line during firstboot/uci-defaults
(and services diabled again) and the file is then deleted.
Yes, I was thinking in that direction as well - however,
/lib/upgrade/keep.d/
Post by Stefan Tomanek
seems to contain file locations that should be kept during an upgrade; is there
a safe place where temporary data can be stashed during a sysupgrade? I'd like
to save the list of installed packages as well, since remembering what packages
were installed is often a kind of PITA.
At the moment, I am using these commands, but I'd like to see something like that
opkg list_installed > /etc/installed_packages
sysupgrade -c ......
opkg update
opkg install $(awk '{print $1}' /etc/installed_packages}
While you're at it, please also handle backup (not only sysupgrade)

Thanks in advance
Etienne
Saso Slavicic
2015-06-18 19:50:37 UTC
Permalink
Post by Stefan Tomanek
Can anyone supply any different ideas or provide some feedback?
I have solved this (or something similar) in my builds with an additional
AUTOENABLE flags in init scripts.

IMHO except for critical services (like network...) other packages should
not be automatically enabled when installed since they probably need to be
configured first anyway.
For instance, installing something like openswan (or including it in
firmware image because ipsec modules are quite large) should not load entire
ipsec stack by default because it might not be configured or used anyway.

The modified init script looks like:

--- a/packages/net/openswan/files/ipsec.init
+++ b/packages/net/openswan/files/ipsec.init
@@ -31,6 +31,7 @@
# KLIPS is the kernel half of it, Pluto is the user-level management
daemon.

START=60
+AUTOENABLE=no
EXTRA_COMMANDS=status
EXTRA_HELP=" status Show the status of the service"

Now, since my list of packages is fairly static, I have only explicitly
disabled AUTOENABLE for services I don't want starting by default (like
ipsec) - AUTOENABLE defaults to 'yes' if not present in the init script.
In contrast, using something like this in OpenWRT, there might be a list of
services that should always be enabled by default with the rest needing to
be manually enabled by the administrator (thus defaulting AUTOENABLE to
'no'). You could build customized images with dropbear and firewall services
having AUTOENABLE=no.

This idea solves:
- no unneeded services started after fresh firmware install (before being
configured)
- backups (every service that has been configured is also explicitly
enabled with symlink in /overlay)
- sysupgrade (if /overlay/etc/rc.d is preserved)

My current patches are against AA, if this idea seems acceptable I can
prepare something for CC or trunk...

Regards,
Saso Slavicic

Loading...