Initial commit

Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>

.gitignore

@@ -0,0 +1,34 @@
+Makefile
+Makefile.in
+aclocal.m4
+autom4te.cache
+config.log
+config.status
+configure
+install-sh
+missing
+reboot
+scripts/devfs.sh
+scripts/ifcfg.sh
+scripts/ifrename.sh
+scripts/modules_load.sh
+services/devfs
+services/hostapd
+services/ifcfg
+services/ifdown
+services/ifrename
+services/modules
+services/nft
+services/procfs
+services/sigkill
+services/sigterm
+services/sshd
+services/sshd_keygen
+services/swclock
+services/swclocksave
+services/swclocksave.gcron
+services/sysfs
+services/mountusr
+services/ntpsetdate.gcron
+services/tmpfsvar
+.#*

LICENSE

@@ -0,0 +1,13 @@
+Copyright (c) 2018 David Oberhollenzer <david.oberhollenzer@tele2.at>
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

Makefile.am

@@ -0,0 +1,42 @@
+ACLOCAL_AMFLAGS = -I m4
+
+sysconf_DATA = etc/initd.env
+nobase_sysconf_DATA = netcfg/ifrename
+EXTRA_DIST = docs netcfg etc LICENSE README.md
+
+helperdir = @SCRIPTDIR@
+helper_PROGRAMS =
+helper_SCRIPTS =
+
+include scripts/Makemodule.am
+include services/Makemodule.am
+
+install-data-local:
+	$(MKDIR_P) $(DESTDIR)$(SVCDIR)
+	$(LN_S) $(TEMPLATEDIR)/loopback $(DESTDIR)$(SVCDIR)/loopback
+	$(LN_S) $(TEMPLATEDIR)/hostname $(DESTDIR)$(SVCDIR)/hostname
+	$(LN_S) $(TEMPLATEDIR)/sysctl $(DESTDIR)$(SVCDIR)/sysctl
+	$(LN_S) $(TEMPLATEDIR)/sysinit $(DESTDIR)$(SVCDIR)/sysinit
+	$(LN_S) $(TEMPLATEDIR)/procfs $(DESTDIR)$(SVCDIR)/procfs
+	$(LN_S) $(TEMPLATEDIR)/sysfs $(DESTDIR)$(SVCDIR)/sysfs
+	$(LN_S) $(TEMPLATEDIR)/devfs $(DESTDIR)$(SVCDIR)/devfs
+	$(LN_S) $(TEMPLATEDIR)/tmpfs $(DESTDIR)$(SVCDIR)/tmpfs
+	$(LN_S) $(TEMPLATEDIR)/vfs $(DESTDIR)$(SVCDIR)/vfs
+	$(LN_S) $(TEMPLATEDIR)/ifdown $(DESTDIR)$(SVCDIR)/ifdown@shutdown
+	$(LN_S) $(TEMPLATEDIR)/sync $(DESTDIR)$(SVCDIR)/sync@shutdown
+	$(LN_S) $(TEMPLATEDIR)/sigkill $(DESTDIR)$(SVCDIR)/sigkill@shutdown
+	$(LN_S) $(TEMPLATEDIR)/sigterm $(DESTDIR)$(SVCDIR)/sigterm@shutdown
+	$(LN_S) $(TEMPLATEDIR)/sync $(DESTDIR)$(SVCDIR)/sync@reboot
+	$(LN_S) $(TEMPLATEDIR)/sigkill $(DESTDIR)$(SVCDIR)/sigkill@reboot
+	$(LN_S) $(TEMPLATEDIR)/sigterm $(DESTDIR)$(SVCDIR)/sigterm@reboot
+	$(LN_S) $(TEMPLATEDIR)/ifdown $(DESTDIR)$(SVCDIR)/ifdown@reboot
+	$(LN_S) $(TEMPLATEDIR)/ifcfg $(DESTDIR)$(SVCDIR)/ifcfg
+	$(LN_S) $(TEMPLATEDIR)/modules $(DESTDIR)$(SVCDIR)/modules
+	$(LN_S) $(TEMPLATEDIR)/network $(DESTDIR)$(SVCDIR)/network
+	$(LN_S) $(TEMPLATEDIR)/usyslogd $(DESTDIR)$(SVCDIR)/usyslogd
+	$(LN_S) $(TEMPLATEDIR)/klogd $(DESTDIR)$(SVCDIR)/klogd
+	$(LN_S) $(TEMPLATEDIR)/mountusr $(DESTDIR)$(SVCDIR)/mountusr
+	$(LN_S) $(TEMPLATEDIR)/tmpfsrun $(DESTDIR)$(SVCDIR)/tmpfsrun
+	$(LN_S) $(TEMPLATEDIR)/tmpfsvar $(DESTDIR)$(SVCDIR)/tmpfsvar
+	$(MKDIR_P) $(DESTDIR)$(GCRONDIR)
+	$(LN_S) $(TEMPLATEDIR)/gcrond $(DESTDIR)$(SVCDIR)/gcrond

README.md

@@ -0,0 +1,9 @@
+# About
+
+This directory contains the basic system configuration for the Pygos system.
+
+See [docs/defconfig.md](docs/defconfig.md) for an overview of the default init
+service configuration and further, available services.
+
+See [docs/network.md](docs/network.md) for a description on how to do static
+network configuration with the provided script and service.

autogen.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+autoreconf --force --install --symlink

configure.ac

@@ -0,0 +1,44 @@
+AC_PREREQ([2.60])
+
+AC_INIT([init-scripts], [1], [david.oberhollenzer@tele2.at], init-scripts)
+AC_CONFIG_MACRO_DIR([m4])
+AM_INIT_AUTOMAKE([foreign subdir-objects dist-xz])
+AM_SILENT_RULES([yes])
+AC_PROG_INSTALL
+AC_PROG_MKDIR_P
+AC_PROG_LN_S
+
+AC_DEFINE_DIR(SVCDIR, sysconfdir/init.d, [Startup service directory])
+AC_DEFINE_DIR(GCRONDIR, sysconfdir/gcron.d, [Cron service directory])
+AC_DEFINE_DIR(TEMPLATEDIR, datadir/init, [Service template directory])
+AC_DEFINE_DIR(SCRIPTDIR, libexecdir/init, [Helper script directory])
+
+AC_DEFINE_DIR(SBINPATH, sbindir, [Fully evaluated sbin directory])
+AC_DEFINE_DIR(ETCPATH, sysconfdir, [Fulle evaluated etc directory])
+AC_DEFINE_DIR(STATEFILESPATH, prefix/var/lib, [Path for persistent state files])
+
+AC_CONFIG_FILES([services/sigkill])
+AC_CONFIG_FILES([services/sigterm])
+AC_CONFIG_FILES([services/sysfs])
+AC_CONFIG_FILES([services/devfs])
+AC_CONFIG_FILES([services/procfs])
+AC_CONFIG_FILES([services/ifrename])
+AC_CONFIG_FILES([services/ifcfg])
+AC_CONFIG_FILES([services/ifdown])
+AC_CONFIG_FILES([services/modules])
+AC_CONFIG_FILES([services/hostapd])
+AC_CONFIG_FILES([services/swclock])
+AC_CONFIG_FILES([services/swclocksave])
+AC_CONFIG_FILES([services/swclocksave.gcron])
+AC_CONFIG_FILES([services/nft])
+AC_CONFIG_FILES([services/sshd])
+AC_CONFIG_FILES([services/sshd_keygen])
+AC_CONFIG_FILES([services/mountusr])
+AC_CONFIG_FILES([services/ntpsetdate.gcron])
+AC_CONFIG_FILES([services/tmpfsvar])
+AC_CONFIG_FILES([scripts/devfs.sh])
+AC_CONFIG_FILES([scripts/ifrename.sh])
+AC_CONFIG_FILES([scripts/ifcfg.sh])
+AC_CONFIG_FILES([scripts/modules_load.sh])
+
+AC_OUTPUT([Makefile])

docs/defconfig.md

@@ -0,0 +1,124 @@
+# Default Service Configuration
+
+## Pseudo Services
+
+The default configuration contains a number of "pseudo services" in the boot
+target that don't actually do anything but are merely used as anchors in
+service dependencies, i.e. they indicate that some sort of milestone in the
+boot sequence has been reached. Everything that is part of that milestone
+specifies that it should be run *before* that pseudo service and everything
+that requires that this milestone has been reached, specifies that it wants
+to run afterwards.
+
+The pseudo targets are (in the order that they are executed):
+
+ * vfs
+
+   All services that do mount point setup go before this, all service that
+   depend on the fully mounted rootfs go after this.
+
+ * sysinit
+
+   The system has reached a sane state, i.e. the hostname is set, the system
+   clock has a sane value, modules and kernel parameters are loaded, some
+   very basic, fundamental services are running.
+   Everything that is part of that setup process goes between `vfs` and
+   `sysinit`, everything that requires a sane setup goes *after* `sysinit`.
+
+ * network
+
+   Network configuration is done. All services that do network configuration
+   should position themselves between `sysinit` and `network`. Everything that
+   requires a fully configured networking setup should go *after* `network`.
+
+## Default Bootup Services
+
+This section outlines the services for the boot target that are enabled by
+default.
+
+
+The following services are enabled by default and run *before* the `vfs` target
+for filesystem setup:
+
+ * procfs - mount `procfs` to `/proc` and try to mount additional pseudo
+   filesystems in `/proc` such as `binfmt_misc`
+ * tmpfs - mount a `tmpfs` to `/tmp`
+ * sysfs - mount `sysfs` to `/sys` and try to mount additional pseudo
+   filesystems in `/sys` (e.g. `securityfs`, `configfs`, ...)
+ * devfs - mount `devtmpfs` to `/dev`, try to mount additional pseudo
+   filesystems in `/dev` (e.g. `devpts`, `mqueue`, ...) and try to create
+   some additional device nodes and symlinks.
+ * tmpfsvar - mount a `tmpfs` to `/var` and populate it with a default set
+   of files and directories. Overlay mount `/var/lib` with lower dir on
+   `/cfg/preserve/var_lib/` and upper on `/cfg/overlay/var_lib/`.
+ * tmpfsrun - mount a `tmpfs` to `/run`, symlink `/var/run` to `/run` and
+   `/var/lock` to `/run/lock`.
+ * mountusr - overlay mount setup for `/usr`. Lower dir is on
+   `/cfg/preserve/usr/` and upper on `/cfg/overlay/usr/`.
+
+
+The following services are enabled by default and configured to run *after*
+the `vfs` target and *before* the `sysinit` target:
+
+ * hostname - reload hostname `/etc/hostname`
+ * loopback - bring the loopback device up
+ * modules - iterate over the file `/etc/modules` and try to load each module
+   using modprobe.
+ * sysctl - restore kernel parameters using `sysctl --system`. See `sysctl(8)`
+   for a list of possible locations that the parameters are read from.
+ * usyslogd - Starts and supervises the `usyslogd` syslog implementation.
+ * klogd - Starts and supervises the `klogd` daemon.
+
+
+The following services are enabled by default and configured to run *after*
+the `sysinit` target and *before* the `network` target:
+
+ * ifcfg - static network configuration
+   Does the static network configuration outlined in [network.md](network.md)
+
+
+The following services are enabled by default and configured to run *after*
+the `network` target:
+
+ * gcrond
+
+
+## Default Shutdown and Reboot Services
+
+For the shutdown and reboot targets, the following services are executed:
+
+ * sigterm - send the SIGTERM signal to all processes and wait for 5 seconds
+ * sigkill - send the SIGKILL signal to all remaining processes
+ * ifdown - bring all network interfaces down
+ * sync - run the sync command
+
+
+## Additional Services not Enabled by Default
+
+ * agetty - A parameterizeable, respawn type `agetty` service. The first
+   parameter is the terminal device that the getty should run on.
+ * consolefont - If enabled, run once before sysinit. Sets the console font
+   to the first parameter.
+ * dhcpcdmaster - If one or more network interfaces should be configured using
+   dhcpcd, this service starts a central `dhcpcd` master instance.
+ * dhcpcd - A parameterizeable single shot service that signals the `dhcpcd`
+   master that it should configure a specific interface. The first parameter
+   is the interface that should be configured by `dhcpcd`.
+ * dnsmasq - A respawn type service for the `dnsmasq` DNS and DHCP server.
+ * hostapd - If the system should operate a WIFI access point, this respawn
+   type service can be enabled to manage an instace of the `hostapd` program.
+ * unbound - A respawn type service that manages an instance of the `unbound`
+   name resolver.
+ * hwclock - If the system has a hardware clock, this service can restore the
+   kernels clock from the hardware at bootup, between the `vfs` and `sysinit`
+   targets.
+ * nft - If enabled, restores net filter table rules during boot.
+ * swclock - For systems that don't have a hardware clock, this service
+   restores a somewhat usable time from a file during boot.
+ * swclocksave - For systems that don't have a hardware clock, this service
+   saves the current time to a file during shutdown or reboot.
+ * sshd_keygen - A wait type service that generates host keys for the OpenSSH
+   server and then disables itself.
+ * sshd - Starts an OpenSSH server after the network pseudo service and after
+   the sshd_keygen service.
+ * nginx - Starts the Nginx server after the network pseudo serivce.

docs/network.md

@@ -0,0 +1,83 @@
+# Static Network Configuration
+
+The default configuration provides multiple services that perform network
+initialization and static configuration using helper scripts that require
+programs from the `iproute2` package.
+
+Configuration files are typically stored in `/etc/netcfg/` (depending on
+configure options).
+
+Please note that the loopback device is treated specially and not included in
+any of the network configuration outlined below. The loopback device is brought
+up and configured by a dedicated service long before the network configuration
+is done.
+
+
+## Interface Renaming
+
+If the `ifrename` service is enabled (it is disabled by default), network
+interfaces are renamed based on a rule set stored in the file `ifrename`.
+The file contains comma separated shell globing patterns for the current
+interface name, MAC address and a prefix for the new interface name.
+
+For each network interface, rules are processed top to bottom. If the first two
+globing patterns apply, the interface is renamed. Interfaces with the same
+prefix are sorted by mac address and a running index is appended to the prefix.
+
+If none of the rules apply, the interface name is left unchanged.
+
+
+The intent is, to provide a way to configure persistent, deterministic names for
+at least all network interfaces that are permanently installed on a board.
+
+Extension cards or external network adapters should be given a different prefix
+to avoid changes in the order as they come and go.
+
+
+## Interface Configuration
+
+After interface renaming, for each network interface, the configuration path is
+scanned for files with the same name as the interface.
+
+Each successfully found configuration file is processed line by line, top to
+bottom. Each line may contain a keyword, followed by multiple arguments.
+
+The following keywords can be used to add IPv4 or IPv6 network addresses to
+an interface:
+
+ * address
+ * addr
+ * ip
+ * ip6
+ * ipv6
+
+Those commands are expected to be followed by an IPv4 or IPv6 address and
+network mask.
+
+
+Furthermore, the following commands can be used for configuring interface
+parameters:
+
+ * `arp {on|off}`
+ * `multicast {on|off}`
+ * `mtu <value>`
+ * `offload [rx {on|off}] [tx {on|off}] [sg {on|off}] [tso {on|off}]`
+ * `offload [gso {on|off}] [gro {on|off}] [lro {on|off}] [rxvlan {on|off}]`
+ * `offload [txvlan {on|off}] [ntuple {on|off}] [rxhash {on|off}]`
+ * `offload [ufo {on|off}]`
+
+
+## Route Configuration
+
+After interface configuration is done, routes and rules are restored from a
+file named `routes` in the same configuration path.
+
+The file may contain lines starting with `route` or `rule`. Everything that
+follows is passed on to `ip route add` or `ip rule add` respectively.
+
+
+## Net Filter Tables
+
+
+An additional service is provided that restores the nft rule set from
+`/etc/nftables.rules`.

etc/initd.env

@@ -0,0 +1 @@
+PATH=/bin

m4/ac_define_dir.m4

@@ -0,0 +1,35 @@
+dnl @synopsis AC_DEFINE_DIR(VARNAME, DIR [, DESCRIPTION])
+dnl
+dnl This macro sets VARNAME to the expansion of the DIR variable,
+dnl taking care of fixing up ${prefix} and such.
+dnl
+dnl VARNAME is then offered as both an output variable and a C
+dnl preprocessor symbol.
+dnl
+dnl Example:
+dnl
+dnl    AC_DEFINE_DIR([DATADIR], [datadir], [Where data are placed to.])
+dnl
+dnl @category Misc
+dnl @author Stepan Kasal <kasal@ucw.cz>
+dnl @author Andreas Schwab <schwab@suse.de>
+dnl @author Guido U. Draheim <guidod@gmx.de>
+dnl @author Alexandre Oliva
+dnl @version 2006-10-13
+dnl @license AllPermissive
+
+AC_DEFUN([AC_DEFINE_DIR], [
+  prefix_NONE=
+  exec_prefix_NONE=
+  test "x$prefix" = xNONE && prefix_NONE=yes && prefix=$ac_default_prefix
+  test "x$exec_prefix" = xNONE && exec_prefix_NONE=yes && exec_prefix=$prefix
+dnl In Autoconf 2.60, ${datadir} refers to ${datarootdir}, which in turn
+dnl refers to ${prefix}.  Thus we have to use `eval' twice.
+  eval ac_define_dir="\"[$]$2\""
+  eval ac_define_dir="\"$ac_define_dir\""
+  AC_SUBST($1, "$ac_define_dir")
+  AC_DEFINE_UNQUOTED($1, "$ac_define_dir", [$3])
+  test "$prefix_NONE" && prefix=NONE
+  test "$exec_prefix_NONE" && exec_prefix=NONE
+])
+

netcfg/ifrename

@@ -0,0 +1,13 @@
+#
+# Interface renaming rules
+#
+# Format: NAME,MAC,NEWNAME
+#
+# NAME and MAC are shell glob patterns. Both must match for a rule to apply.
+# The first matching rule is chosen (top to bottom).
+#
+# Interfaces with the same NEWNAME are sorted by MAC and have a running
+# index appended to their new name.
+#
+# Example: rename all ethernet interfaces to "port<X>"
+# eth*,*,port

scripts/Makemodule.am

@@ -0,0 +1,6 @@
+helper_SCRIPTS += scripts/devfs.sh scripts/trymount.sh scripts/ifrename.sh
+helper_SCRIPTS += scripts/ifcfg.sh scripts/ifdown.sh scripts/modules_load.sh
+helper_SCRIPTS += scripts/setntpdate.sh scripts/overlay.sh
+
+EXTRA_DIST += scripts/trymount.sh scripts/ifdown.sh scripts/setntpdate.sh
+EXTRA_DIST += scripts/overlay.sh

scripts/devfs.sh.in

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+mount -t devtmpfs none /dev
+
+[ -c /dev/console ] || mknod -m 600 /dev/console c 5 1
+[ -c /dev/tty ] || mknod -m 666 /dev/tty c 5 0
+[ -c /dev/null ] || mknod -m 666 /dev/null c 1 3
+[ -c /dev/kmsg ] || mknod -m 660 /dev/kmsg c 1 11
+[ -e /dev/fd ] || ln -snf /proc/self/fd /dev/fd
+[ -e /dev/stdin ] || ln -snf /proc/self/fd/0 /dev/stdin
+[ -e /dev/stdout ] || ln -snf /proc/self/fd/1 /dev/stdout
+[ -e /dev/stderr ] || ln -snf /proc/self/fd/2 /dev/stderr
+[ -e /proc/kcore ] && ln -snf /proc/kcore /dev/core
+
+mkdir -p /dev/mqueue -m 1777
+mkdir -p /dev/pts -m 0755
+mkdir -p /dev/shm -m 1777
+
+@SCRIPTDIR@/trymount.sh "/dev/mqueue" "mqueue" "noexec,nosuid,nodev"
+@SCRIPTDIR@/trymount.sh "/dev/pts" "devpts" "noexec,nosuid,gid=5,mode=0620"
+@SCRIPTDIR@/trymount.sh "/dev/shm" "tmpfs" "noexec,nosuid,nodev,mode=1777"

scripts/ifcfg.sh.in

@@ -0,0 +1,71 @@
+#!/bin/sh
+CFGPATH="@ETCPATH@/netcfg"
+
+[ -d "$CFGPATH" ] || exit 0
+
+# configure interfaces
+for IFPATH in /sys/class/net/*; do
+	[ "$IFPATH" == "/sys/class/net/lo" ] && continue
+
+	IF=`basename $IFPATH`
+	CFGFILE="$CFGPATH/$IF"
+
+	[ -f "$CFGFILE" ] || continue
+
+	ip link set dev "$IF" down
+
+	while read LINE;
+	do
+		trimmed=`echo -- $LINE`
+		[ ! -z "$trimmed" ] || continue
+		set $trimmed
+
+		case "$1" in
+		address|addr|ip|ip6|ipv6)
+			shift
+			ip address add $@ dev "$IF"
+			;;
+		arp|multicast|mtu)
+			ip link set dev "$IF" $@
+			;;
+		offload)
+			shift
+			ethtool -K "$IF" $@
+			;;
+		*)
+			;;
+		esac
+	done < "$CFGFILE"
+done
+
+# configure static routs
+if [ -f "$CFGPATH/routes" ]; then
+	while read LINE;
+	do
+		trimmed=`echo -- $LINE`
+		[ ! -z "$trimmed" ] || continue
+		set $trimmed
+
+		case "$1" in
+		route)
+			shift
+			ip route add $@
+			;;
+		rule)
+			shift
+			ip rule add $@
+			;;
+		*)
+			;;
+		esac
+	done < "$CFGFILE"
+fi
+
+# activate interfaces
+for IFPATH in /sys/class/net/*; do
+	[ "$IFPATH" == "/sys/class/net/lo" ] && continue
+
+	IF=`basename $IFPATH`
+
+	[ ! -f "$CFGPATH/$IF" ] || ip link set dev "$IF" up
+done

scripts/ifdown.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+for IFPATH in /sys/class/net/*; do
+	[ "$IFPATH" == "/sys/class/net/lo" ] && continue
+
+	IF=`basename $IFPATH`
+
+	ip link set dev "$IF" down
+done

scripts/ifrename.sh.in

@@ -0,0 +1,47 @@
+#!/bin/sh
+NAMERULES="@ETCPATH@/netcfg/ifrename"
+TMPPATH="/tmp/ifrename"
+
+[ -f "$NAMERULES" ] || exit 0
+
+mkdir -p "$TMPPATH"
+
+for IFPATH in /sys/class/net/*; do
+	[ "$IFPATH" == "/sys/class/net/lo" ] && continue
+
+	IF=`basename $IFPATH`
+	MAC=`cat $IFPATH/address`
+
+	grep "^[^,]\+,[^,]\+,[a-zA-Z0-9]\+$" $NAMERULES | while read LINE;
+	do
+		NAMECMP=$(echo $LINE | cut -d',' -f1)
+		ADDRCMP=$(echo $LINE | cut -d',' -f2)
+		RULE=$(echo $LINE | cut -d',' -f3)
+
+		case $IF in ($NAMECMP) ;; *) continue;; esac
+		case $MAC in ($ADDRCMP) ;; *) continue;; esac
+
+		echo "$MAC,$IF" >> "$TMPPATH/$RULE"
+		break
+	done
+done
+
+for FNAME in $TMPPATH/*; do
+	[ ! -f "$FNAME" ] && break
+
+	IDX=0
+	PREFIX=$(basename $FNAME)
+
+	sort -t',' -k1 -u $FNAME | while read LINE;
+	do
+		OLDNAME=$(echo $LINE | cut -d',' -f2)
+		NEWNAME="$PREFIX$IDX"
+		IDX=`expr $IDX + 1`
+
+		ip link set "$OLDNAME" name "$NEWNAME"
+	done
+
+	rm "$FNAME"
+done
+
+rmdir "$TMPPATH"

scripts/modules_load.sh.in

@@ -0,0 +1,21 @@
+#!/bin/sh
+MODLIST="@ETCPATH@/modules"
+
+if [ ! -f "$MODLIST" ]; then
+	exit 0
+fi
+
+while read LINE;
+do
+	trimmed=`echo -- $LINE`
+	[ ! -z "$trimmed" ] || continue
+	set $trimmed
+
+	case "$1" in
+	\#*)
+		;;
+	*)
+		modprobe "$1"
+		;;
+	esac
+done < "$MODLIST"

scripts/overlay.sh

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+lower=/cfg/preserve/${1}
+upper=/cfg/overlay/${1}
+work=/cfg/overlay/${1}_work
+target=${2}
+
+if [ ! -d "$target" ]; then
+	exit
+fi
+
+if [ -d "$lower" ]; then
+	if [ -d "$upper" ]; then
+		mkdir -p "$work"
+		mount -t overlay overlay \
+			-olowerdir=${lower},upperdir=${upper},workdir=${work} \
+			${target}
+	else
+		mount --bind "$lower" "$target"
+	fi
+fi

scripts/setntpdate.sh

@@ -0,0 +1,49 @@
+#!/bin/sh
+
+resolve() {
+	local domain="$1"
+	local server="$2"
+
+	if [ -x "$(command -v dig)" ]; then
+		if [ -z "$server" ]; then
+			dig +short "$domain"
+		else
+			dig +short "@$server" "$domain"
+		fi
+		return $?
+	fi
+
+	if [ -x "$(command -v drill)" ]; then
+		if [ -z "$server" ]; then
+			drill "$domain" | grep "^${domain}." | cut -d$'\t' -f5
+		else
+			drill "@$server" "$domain" | grep "^${domain}." |\
+				cut -d$'\t' -f5
+		fi
+		return $?
+	fi
+	exit 1
+}
+
+try_update() {
+	while read ip; do
+		if ntpdate -bu "$ip"; then
+			return 0
+		fi
+	done
+
+	return 1
+}
+
+pool="pool.ntp.org"
+dns="1.1.1.1"
+
+# try default DNS server first
+resolve "$pool" "" | try_update
+[ $? -eq 0 ] && exit 0
+
+# try fallback public dns server
+ping -q -c 1 "$dns" || exit 1
+
+resolve "$pool" "$dns" | try_update
+exit $?

scripts/trymount.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ -d "$1" ]; then
+	if grep -qsE "[[:space:]]+$2$" "/proc/filesystems"; then
+		mount -n -t "$2" -o "$3" "$2" "$1"
+	fi
+fi

services/Makemodule.am

@@ -0,0 +1,23 @@
+initdir = @TEMPLATEDIR@
+init_DATA = services/agetty services/hostname services/loopback
+init_DATA += services/sysctl services/hwclock services/sysinit
+init_DATA += services/sigterm services/sync services/devfs
+init_DATA += services/sysfs services/procfs services/tmpfs
+init_DATA += services/vfs services/ifrename services/ifcfg
+init_DATA += services/dhcpcd services/dhcpcdmaster services/unbound
+init_DATA += services/dnsmasq services/ifdown services/modules
+init_DATA += services/network services/hostapd services/swclock
+init_DATA += services/swclocksave services/nft services/sigkill
+init_DATA += services/sshd services/sshd_keygen services/consolefont
+init_DATA += services/nginx services/usyslogd services/klogd
+init_DATA += services/swclocksave.gcron services/gcrond
+init_DATA += services/mountusr services/ntpsetdate.gcron
+init_DATA += services/tmpfsrun services/tmpfsvar
+
+EXTRA_DIST += services/sysinit services/vfs services/agetty services/hostname
+EXTRA_DIST += services/hwclock services/loopback services/klogd
+EXTRA_DIST += services/sync services/sysctl services/tmpfs
+EXTRA_DIST += services/dhcpcd services/dhcpcdmaster services/unbound
+EXTRA_DIST += services/usyslogd services/dnsmasq services/network
+EXTRA_DIST += services/consolefont services/gcrond services/nginx
+EXTRA_DIST += services/tmpfsrun

services/agetty

@@ -0,0 +1,6 @@
+description agetty on %0
+exec agetty %0 linux
+type respawn
+target boot
+after network
+tty "/dev/%0"

services/consolefont

@@ -0,0 +1,6 @@
+description set console font
+type once
+target boot
+before sysinit
+after vfs
+exec setfont %0

services/devfs.in

@@ -0,0 +1,6 @@
+description "mount /dev"
+type wait
+target boot
+after procfs sysfs
+before vfs
+exec "@SCRIPTDIR@/devfs.sh"

services/dhcpcd

@@ -0,0 +1,7 @@
+description "DHCP client on %0"
+type once
+target boot
+after dhcpcdmaster network
+
+tty /dev/null
+exec dhcpcd -n %0

services/dhcpcdmaster

@@ -0,0 +1,10 @@
+description "DHCP client - master service"
+type wait
+target boot
+after network
+tty /dev/null
+
+exec {
+	mkdir -p /var/db/dhcpcd
+	dhcpcd --inactive
+}

services/dnsmasq

@@ -0,0 +1,6 @@
+description "dnsmasq DNS & DHCP server"
+type respawn limit 5
+target boot
+after network unbound
+
+exec dnsmasq -k

services/gcrond

@@ -0,0 +1,5 @@
+description start gcron daemon
+exec gcrond
+type respawn
+target boot
+after network

services/hostapd.in

@@ -0,0 +1,7 @@
+description "WIFI access point daemon"
+type respawn limit 10
+target boot
+after sysinit ifrename
+before network ifcfg
+
+exec hostapd "@ETCPATH@/hostapd.conf"

services/hostname

@@ -0,0 +1,6 @@
+description reload hostname
+exec hostname --file /etc/hostname
+type wait
+target boot
+before sysinit
+after hwclock vfs

services/hwclock

@@ -0,0 +1,6 @@
+description restore time from RTC
+exec hwclock --hctosys --utc
+type wait
+target boot
+before sysinit
+after vfs modules

services/ifcfg.in

@@ -0,0 +1,7 @@
+description "static network configuration"
+type wait
+target boot
+after sysinit ifrename
+before network
+
+exec "@SCRIPTDIR@/ifcfg.sh"

services/ifdown.in

@@ -0,0 +1,7 @@
+description "stop all network interfaces"
+type wait
+target %0
+after sigkill sigterm
+before sync
+
+exec "@SCRIPTDIR@/ifdown.sh"

services/ifrename.in

@@ -0,0 +1,7 @@
+description "rename network interfaces"
+type wait
+target boot
+after sysinit
+before network
+
+exec "@SCRIPTDIR@/ifrename.sh"

services/klogd

@@ -0,0 +1,6 @@
+description "starting uklogd"
+exec klogd
+type respawn limit 5
+target boot
+after usyslogd
+before sysinit

services/loopback

@@ -0,0 +1,10 @@
+description configure network loopback device
+type wait
+target boot
+before sysinit
+after hostname vfs
+
+exec {
+	ip addr add 127.0.0.1/8 dev lo brd +
+	ip link set lo up
+}

services/modules.in

@@ -0,0 +1,7 @@
+description "load kernel modules"
+type wait
+target boot
+after vfs usyslogd
+before sysinit
+
+exec "@SCRIPTDIR@/modules_load.sh"

services/mountusr.in

@@ -0,0 +1,5 @@
+description "mount /usr"
+type wait
+target boot
+before vfs
+exec "@SCRIPTDIR@/overlay.sh" usr /usr

services/network

@@ -0,0 +1,4 @@
+description "static network configuration completed"
+type wait
+target boot
+after sysinit

services/nft.in

@@ -0,0 +1,7 @@
+description "restore netfilter rule set"
+type wait
+target boot
+after sysinit ifrename
+before network ifcfg
+
+exec nft -f "@ETCPATH@/nftables.rules"

services/nginx

@@ -0,0 +1,6 @@
+description "start nginx web server"
+type once
+target boot
+after network
+tty /dev/null
+exec nginx

services/ntpsetdate.gcron.in

@@ -0,0 +1,7 @@
+hour */4
+minute 5
+dayofmonth *
+dayofweek *
+month *
+tty /dev/null
+exec "@SCRIPTDIR@/setntpdate.sh"

services/procfs.in

@@ -0,0 +1,9 @@
+description "mount /proc"
+type wait
+target boot
+before vfs
+
+exec {
+	mount -t proc proc /proc
+	"@SCRIPTDIR@/trymount.sh" /proc/sys/fs/binfmt_misc binfmt_misc nodev,noexec,nosuid
+}

services/sigkill.in

@@ -0,0 +1,6 @@
+description send SIGKILL to remaining processes
+exec "@SCRIPTDIR@/killall5" 9
+type wait
+target %0
+after sigterm
+before sync shutdown reboot

services/sigterm.in

@@ -0,0 +1,9 @@
+description send SIGTERM to all processes
+type wait
+target %0
+before sigkill sync reboot shutdown
+
+exec {
+	"@SCRIPTDIR@/killall5" 15
+	sleep 5
+}

services/sshd.in

@@ -0,0 +1,5 @@
+description "OpenSSH server"
+type respawn limit 5
+target boot
+after network sshd_keygen
+exec "@SBINPATH@/sshd" -D

services/sshd_keygen.in

@@ -0,0 +1,14 @@
+description "OpenSSH server - generate host keys"
+type wait
+target boot
+after network
+tty /dev/null
+exec {
+	mkdir -p "@ETCPATH@/ssh/"
+
+	ssh-keygen -f "@ETCPATH@/ssh/host_rsa_key" -N "" -t rsa
+	ssh-keygen -f "@ETCPATH@/ssh/host_ecdsa_key" -N "" -t ecdsa
+	ssh-keygen -f "@ETCPATH@/ssh/host_ed25519_key" -N "" -t ed25519
+
+	service disable sshd_keygen
+}

services/swclock.in

@@ -0,0 +1,6 @@
+description restore saved time from last shutdown
+type wait
+target boot
+before sysinit
+after vfs modules
+exec xargs -a @STATEFILESPATH@/swclock date --utc

services/swclocksave.gcron.in

@@ -0,0 +1,3 @@
+interval hourly
+tty truncate @STATEFILESPATH@/swclock
+exec date --utc +%%m%%d%%H%%M%%Y.%%S

services/swclocksave.in

@@ -0,0 +1,7 @@
+description write current time to backup file
+type wait
+target %0
+after sigkill
+before sync
+tty truncate @STATEFILESPATH@/swclock
+exec date --utc +%%m%%d%%H%%M%%Y.%%S

services/sync

@@ -0,0 +1,6 @@
+description sync
+exec sync
+type wait
+target %0
+after sigkill sigterm
+before reboot shutdown

services/sysctl

@@ -0,0 +1,7 @@
+description configure kernel paramters
+tty /dev/null
+exec sysctl --system
+type wait
+target boot
+before sysinit
+after vfs loopback

services/sysfs.in

@@ -0,0 +1,13 @@
+description "mount /sys"
+type wait
+target boot
+after procfs
+before vfs
+
+exec {
+	mount -t sysfs sysfs /sys
+	"@SCRIPTDIR@/trymount.sh" /sys/kernel/security securityfs nodev,noexec,nosuid
+	"@SCRIPTDIR@/trymount.sh" /sys/kernel/config configfs nodev,noexec,nosuid
+	"@SCRIPTDIR@/trymount.sh" /sys/fs/fuse/connections fusectl nodev,noexec,nosuid
+	"@SCRIPTDIR@/trymount.sh" /sys/firmware/efi/efivars efivarfs ro
+}

services/sysinit

@@ -0,0 +1,5 @@
+description basic system initialization
+type wait
+target boot
+after vfs
+before network

services/tmpfs

@@ -0,0 +1,5 @@
+description "mount /tmp"
+type wait
+target boot
+before vfs
+exec mount -t tmpfs none /tmp

services/tmpfsrun

@@ -0,0 +1,11 @@
+description "mount /run"
+type wait
+target boot
+before vfs
+after tmpfsvar
+exec {
+	mount -t tmpfs none /run
+	mkdir /run/lock -m 0755
+	ln -s /run /var/run
+	ln -s /run/lock /var/lock
+}

services/tmpfsvar.in

@@ -0,0 +1,16 @@
+description "mount /var"
+type wait
+target boot
+before vfs
+exec {
+	mount -t tmpfs none /var
+	mkdir /var/log -m 0755
+	mkdir /var/spool -m 0755
+	mkdir /var/lib -m 0755
+	mkdir /var/tmp -m 0755
+	mkdir /var/nginx -m 0755
+	touch /var/log/lastlog
+	touch /var/log/faillog
+	touch /var/log/sulog
+	"@SCRIPTDIR@/overlay.sh" var_lib /var/lib
+}

services/unbound

@@ -0,0 +1,6 @@
+description "Unbound resolver"
+type respawn limit 5
+target boot
+after network
+
+exec unbound -d

services/usyslogd

@@ -0,0 +1,6 @@
+description "starting usyslogd"
+exec usyslogd --chroot --rotate-replace --max-size 8192
+type respawn limit 5
+target boot
+after vfs
+before sysinit

services/vfs

@@ -0,0 +1,4 @@
+description VFS setup done
+type wait
+target boot
+before sysinit