summaryrefslogtreecommitdiff
path: root/repo/system/openrc
diff options
context:
space:
mode:
Diffstat (limited to 'repo/system/openrc')
-rw-r--r--repo/system/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch25
-rw-r--r--repo/system/openrc/0002-fsck-don-t-add-C0-to-busybox-fsck.patch35
-rw-r--r--repo/system/openrc/0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch70
-rw-r--r--repo/system/openrc/0004-make-consolefont-service-compatible-with-busyboxs-se.patch70
-rw-r--r--repo/system/openrc/0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch31
-rw-r--r--repo/system/openrc/0006-Add-support-for-starting-services-in-a-specified-VRF.patch101
-rw-r--r--repo/system/openrc/0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch47
-rw-r--r--repo/system/openrc/0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch44
-rw-r--r--repo/system/openrc/0009-fix-bootmisc-mv-error.patch27
-rw-r--r--repo/system/openrc/0010-noexec-devfs.patch14
-rw-r--r--repo/system/openrc/firstboot.initd34
-rw-r--r--repo/system/openrc/hostname.initd18
-rw-r--r--repo/system/openrc/hwdrivers.initd32
-rw-r--r--repo/system/openrc/machine-id.initd17
-rw-r--r--repo/system/openrc/modloop.confd6
-rwxr-xr-xrepo/system/openrc/modloop.initd153
-rw-r--r--repo/system/openrc/modules.initd80
-rw-r--r--repo/system/openrc/networking.initd88
-rw-r--r--repo/system/openrc/openrc.logrotate4
-rw-r--r--repo/system/openrc/openrc.post-install38
-rw-r--r--repo/system/openrc/openrc.post-upgrade35
-rw-r--r--repo/system/openrc/openrc.xibuild139
-rw-r--r--repo/system/openrc/rc.conf313
-rw-r--r--repo/system/openrc/seedrng.patch640
-rw-r--r--repo/system/openrc/sysctl.initd87
-rw-r--r--repo/system/openrc/sysfsconf.initd66
-rw-r--r--repo/system/openrc/test-networking.sh65
27 files changed, 2279 insertions, 0 deletions
diff --git a/repo/system/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch b/repo/system/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch
new file mode 100644
index 0000000..3d41060
--- /dev/null
+++ b/repo/system/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch
@@ -0,0 +1,25 @@
+From 78245081fe109ed7777b79ba9c99890d56c21272 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 1 Feb 2017 04:04:52 +0000
+Subject: [PATCH] call /sbin/mkmntdirs in localmount OpenRC service
+
+---
+ init.d/localmount.in | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/init.d/localmount.in b/init.d/localmount.in
+index c571504a..14189396 100644
+--- a/init.d/localmount.in
++++ b/init.d/localmount.in
+@@ -21,6 +21,8 @@ depend()
+
+ start()
+ {
++ [ -x /sbin/mkmntdirs ] && mkmntdirs
++
+ # Mount local filesystems in /etc/fstab.
+ # The types variable must start with no, and must be a type
+ local critical= types="noproc" x= no_netdev= rc=
+--
+2.33.1
+
diff --git a/repo/system/openrc/0002-fsck-don-t-add-C0-to-busybox-fsck.patch b/repo/system/openrc/0002-fsck-don-t-add-C0-to-busybox-fsck.patch
new file mode 100644
index 0000000..1d79818
--- /dev/null
+++ b/repo/system/openrc/0002-fsck-don-t-add-C0-to-busybox-fsck.patch
@@ -0,0 +1,35 @@
+From b143f35a45d59708365a52e329fd8caa6475a9bb Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Tue, 28 Nov 2017 13:35:10 +0100
+Subject: [PATCH] fsck: don't add -C0 to busybox fsck
+
+---
+ init.d/fsck.in | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/init.d/fsck.in b/init.d/fsck.in
+index 7052d808..99a9ae4f 100644
+--- a/init.d/fsck.in
++++ b/init.d/fsck.in
+@@ -82,7 +82,7 @@ start()
+ local skiptypes
+ skiptypes=$(printf 'no%s,' ${net_fs_list} ${extra_net_fs_list})
+ [ "${skiptypes}" = "no," ] && skiptypes=""
+- fsck_opts="$fsck_opts -C0 -T -t ${skiptypes}noopts=_netdev"
++ fsck_opts="$fsck_opts -T -t ${skiptypes}noopts=_netdev"
+ if [ -z "$fsck_passno" -a -z "$fsck_mnt" ]; then
+ fsck_args=${fsck_args:--A -p}
+ if echo 2>/dev/null >/.test.$$; then
+@@ -90,6 +90,9 @@ start()
+ fsck_opts="$fsck_opts -R"
+ fi
+ fi
++ if [ "$(readlink -f $(which fsck))" != "/bin/busybox" ]; then
++ fsck_opts="$fsck_opts -C0"
++ fi
+ fi
+
+ trap : INT QUIT
+--
+2.33.1
+
diff --git a/repo/system/openrc/0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch b/repo/system/openrc/0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch
new file mode 100644
index 0000000..546ccb7
--- /dev/null
+++ b/repo/system/openrc/0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch
@@ -0,0 +1,70 @@
+From 17f33c1968a51484eefdafbfb5b8fef5ac13d215 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 1 Feb 2017 04:17:14 +0000
+Subject: [PATCH] rc: pull in sysinit and boot as stacked levels when needed
+
+We need start services from sysinit and boot runlevel, even if the new
+runlevel is empty.
+
+This fixes problem introduced with commit 7716bf31 (Fix stacked runlevel
+support), at which the start_services list are no longer used to start
+the services.
+
+This also make sure that all services in sysinit and boot runlevels are
+started before switching to next. This was not guaranteed when switching
+to a non-empty runlevel.
+
+Fixes issue #54.
+---
+ src/rc/rc.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/rc/rc.c b/src/rc/rc.c
+index ef46925d..82786074 100644
+--- a/src/rc/rc.c
++++ b/src/rc/rc.c
+@@ -729,6 +729,7 @@ int main(int argc, char **argv)
+ const char *bootlevel = NULL;
+ char *newlevel = NULL;
+ const char *systype = NULL;
++ RC_STRINGLIST *runlevel_chain;
+ RC_STRINGLIST *deporder = NULL;
+ RC_STRINGLIST *tmplist;
+ RC_STRING *service;
+@@ -986,6 +987,7 @@ int main(int argc, char **argv)
+ main_hotplugged_services = rc_services_in_state(RC_SERVICE_HOTPLUGGED);
+ main_start_services = rc_services_in_runlevel_stacked(newlevel ?
+ newlevel : runlevel);
++ runlevel_chain = rc_runlevel_stacks(newlevel ? newlevel : runlevel);
+ if (strcmp(newlevel ? newlevel : runlevel, RC_LEVEL_SHUTDOWN) != 0 &&
+ strcmp(newlevel ? newlevel : runlevel, RC_LEVEL_SYSINIT) != 0)
+ {
+@@ -1003,6 +1005,7 @@ int main(int argc, char **argv)
+ tmplist = rc_services_in_runlevel(bootlevel);
+ TAILQ_CONCAT(main_start_services, tmplist, entries);
+ free(tmplist);
++ rc_stringlist_add(runlevel_chain, bootlevel);
+ }
+ if (main_hotplugged_services) {
+ TAILQ_FOREACH(service, main_hotplugged_services,
+@@ -1011,6 +1014,7 @@ int main(int argc, char **argv)
+ service->value);
+ }
+ }
++ rc_stringlist_add(runlevel_chain, RC_LEVEL_SYSINIT);
+ }
+
+ parallel = rc_conf_yesno("rc_parallel");
+@@ -1067,9 +1071,6 @@ int main(int argc, char **argv)
+
+ /* If we have a list of services to start then... */
+ if (main_start_services) {
+- /* Get a list of the chained runlevels which compose the target runlevel */
+- RC_STRINGLIST *runlevel_chain = rc_runlevel_stacks(runlevel);
+-
+ /* Loop through them in reverse order. */
+ RC_STRING *rlevel;
+ TAILQ_FOREACH_REVERSE(rlevel, runlevel_chain, rc_stringlist, entries)
+--
+2.33.1
+
diff --git a/repo/system/openrc/0004-make-consolefont-service-compatible-with-busyboxs-se.patch b/repo/system/openrc/0004-make-consolefont-service-compatible-with-busyboxs-se.patch
new file mode 100644
index 0000000..b92b5ac
--- /dev/null
+++ b/repo/system/openrc/0004-make-consolefont-service-compatible-with-busyboxs-se.patch
@@ -0,0 +1,70 @@
+From 613fb7f437c42e0ed01b2366b597598235e64a2d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
+Date: Wed, 17 Aug 2016 17:52:58 +0200
+Subject: [PATCH] make consolefont service compatible with busyboxs setfont
+ applet
+
+Compared to kdbs setfont program it doesn't support -O and -m.
+---
+ conf.d/consolefont | 11 ++---------
+ init.d/consolefont.in | 7 ++-----
+ 2 files changed, 4 insertions(+), 14 deletions(-)
+
+diff --git a/conf.d/consolefont b/conf.d/consolefont
+index e01ae842..75544b2f 100644
+--- a/conf.d/consolefont
++++ b/conf.d/consolefont
+@@ -3,16 +3,9 @@
+ #
+ # consolefont specifies the default font that you'd like Linux to use on the
+ # console. You can find a good selection of fonts in /usr/share/consolefonts;
+-# you shouldn't specify the trailing ".psf.gz", just the font name below.
+-# To use the default console font, comment out the CONSOLEFONT setting below.
+-consolefont="default8x16"
++consolefont="default8x16.psf.gz"
+
+ # consoletranslation is the charset map file to use. Leave commented to use
+ # the default one. Have a look in /usr/share/consoletrans for a selection of
+ # map files you can use.
+-#consoletranslation="8859-1_to_uni"
+-
+-# unicodemap is the unicode map file to use. Leave commented to use the
+-# default one. Have a look in /usr/share/unimaps for a selection of map files
+-# you can use.
+-#unicodemap="iso01"
++#consoletranslation="8859-1_to_uni.trans"
+diff --git a/init.d/consolefont.in b/init.d/consolefont.in
+index d65dd14c..ccb6ee87 100644
+--- a/init.d/consolefont.in
++++ b/init.d/consolefont.in
+@@ -22,7 +22,6 @@ start()
+ {
+ ttyn=${rc_tty_number:-${RC_TTY_NUMBER:-12}}
+ consolefont=${consolefont:-${CONSOLEFONT}}
+- unicodemap=${unicodemap:-${UNICODEMAP}}
+ consoletranslation=${consoletranslation:-${CONSOLETRANSLATION}}
+
+ if [ -z "$consolefont" ]; then
+@@ -43,9 +42,6 @@ start()
+ if [ -n "$consoletranslation" ]; then
+ param="$param -m $consoletranslation"
+ fi
+- if [ -n "${unicodemap}" ]; then
+- param="$param -u $unicodemap"
+- fi
+
+ # Set the console font
+ ebegin "Setting console font [$consolefont]"
+@@ -63,7 +59,8 @@ start()
+ # Store the font so we can use it ASAP on boot
+ if [ $retval -eq 0 ] && checkpath -W "$RC_LIBEXECDIR"; then
+ mkdir -p "$RC_LIBEXECDIR"/console
+- setfont -O "$RC_LIBEXECDIR"/console/font
++ zcat "/usr/share/consolefonts/$consolefont" \
++ > "$RC_LIBEXECDIR"/console/font
+ fi
+
+ return $retval
+--
+2.33.1
+
diff --git a/repo/system/openrc/0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch b/repo/system/openrc/0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch
new file mode 100644
index 0000000..f25d984
--- /dev/null
+++ b/repo/system/openrc/0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch
@@ -0,0 +1,31 @@
+From a07970bf087c089f467eefa30c2476f17f6e9536 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
+Date: Thu, 7 Mar 2019 16:55:53 +0100
+Subject: [PATCH] Support early loading of keymap if kbd is installed
+
+Early loading of the keymap with busybox was never supported and would
+require modifying the save-keymaps services as well. Since no one
+complained that it doesn't work with busybox so far just make it work
+with kbd for now.
+---
+ sh/init-early.sh.Linux.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/sh/init-early.sh.Linux.in b/sh/init-early.sh.Linux.in
+index f304e924..7571ff3d 100644
+--- a/sh/init-early.sh.Linux.in
++++ b/sh/init-early.sh.Linux.in
+@@ -48,8 +48,8 @@ if service_present "$RC_DEFAULTLEVEL" consolefont ||
+ fi
+
+ # Try and set a keyboard map as early as possible
+-if service_present "$RC_DEFAULTLEVEL" keymaps ||
+- service_present "$RC_BOOTLEVEL" keymaps; then
++if service_present "$RC_DEFAULTLEVEL" loadkeys ||
++ service_present "$RC_BOOTLEVEL" loadkeys; then
+ kbd_mode $kmode -C "$CONSOLE" 2>/dev/null
+ if [ -r "$RC_LIBEXECDIR"/console/keymap ]; then
+ loadkeys -q "$RC_LIBEXECDIR"/console/keymap 2>/dev/null
+--
+2.33.1
+
diff --git a/repo/system/openrc/0006-Add-support-for-starting-services-in-a-specified-VRF.patch b/repo/system/openrc/0006-Add-support-for-starting-services-in-a-specified-VRF.patch
new file mode 100644
index 0000000..6f7ed69
--- /dev/null
+++ b/repo/system/openrc/0006-Add-support-for-starting-services-in-a-specified-VRF.patch
@@ -0,0 +1,101 @@
+From c250503412b061e69a99cfe12514e47fc06b5885 Mon Sep 17 00:00:00 2001
+From: Ariadne Conill <ariadne@dereferenced.org>
+Date: Fri, 14 Feb 2020 16:02:43 +0000
+Subject: [PATCH] Add support for starting services in a specified VRF.
+
+The venerable iproute2 utility has recently introduced support
+for executing programs in specific VRFs which are virtualized
+routing tables. These are typically used to isolate different
+networking planes from each other, for security or flexibility
+reasons.
+
+Services which use the normal supervisor/start-stop-daemon
+pattern can be configured by setting the vrf variable in the
+/etc/conf.d tree for the service.
+
+This allows for things like configuring the sshd service to
+run in a management VRF, which is useful for high assurance
+environments where the management plane is intended to be
+isolated.
+
+Signed-off-by: Ariadne Conill <ariadne@dereferenced.org>
+---
+ sh/openrc-run.sh.in | 6 ++++++
+ sh/runit.sh | 2 +-
+ sh/s6.sh | 2 +-
+ sh/start-stop-daemon.sh | 2 +-
+ sh/supervise-daemon.sh | 2 +-
+ 5 files changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/sh/openrc-run.sh.in b/sh/openrc-run.sh.in
+index 5c84af45..a1f374b0 100644
+--- a/sh/openrc-run.sh.in
++++ b/sh/openrc-run.sh.in
+@@ -236,6 +236,12 @@ if ! sourcex -e "$_conf_d/$RC_SVCNAME.$RC_RUNLEVEL"; then
+ fi
+ unset _conf_d
+
++# If we are configured to run in a VRF, provide a hint for that
++RC_VRF_EXEC=""
++if [ -n "$vrf" ]; then
++ RC_VRF_EXEC="/sbin/ip vrf exec $vrf"
++fi
++
+ # load service supervisor functions
+ sourcex "@LIBEXECDIR@/sh/runit.sh"
+ sourcex "@LIBEXECDIR@/sh/s6.sh"
+diff --git a/sh/runit.sh b/sh/runit.sh
+index 5d82c9f6..c0186a43 100644
+--- a/sh/runit.sh
++++ b/sh/runit.sh
+@@ -23,7 +23,7 @@ runit_start()
+ local i=0 retval=1
+ # it can take upto 5 seconds for runsv to start
+ while [ $i -lt 6 ] ; do
+- if sv start "${service_link}" > /dev/null 2>&1; then
++ if ${RC_VRF_EXEC} sv start "${service_link}" > /dev/null 2>&1; then
+ retval=0
+ break
+ fi
+diff --git a/sh/s6.sh b/sh/s6.sh
+index acbe965b..1f339703 100644
+--- a/sh/s6.sh
++++ b/sh/s6.sh
+@@ -37,7 +37,7 @@ s6_start()
+ ln -sf "${s6_service_path}" "${s6_service_link}"
+ s6-svscanctl -na "${RC_SVCDIR}"/s6-scan
+ sleep 1.5
+- s6-svc -u "${s6_service_link}"
++ ${RC_VRF_EXEC} s6-svc -u "${s6_service_link}"
+ if [ -n "$s6_svwait_options_start" ]; then
+ s6-svwait ${s6_svwait_options_start} "${s6_service_link}"
+ fi
+diff --git a/sh/start-stop-daemon.sh b/sh/start-stop-daemon.sh
+index 2e549ae1..5e7a1b88 100644
+--- a/sh/start-stop-daemon.sh
++++ b/sh/start-stop-daemon.sh
+@@ -45,7 +45,7 @@ ssd_start()
+ #the eval call is necessary for cases like:
+ # command_args="this \"is a\" test"
+ # to work properly.
+- eval start-stop-daemon --start \
++ eval ${RC_VRF_EXEC} start-stop-daemon --start \
+ --exec $command \
+ ${chroot:+--chroot} $chroot \
+ ${directory:+--chdir} $directory \
+diff --git a/sh/supervise-daemon.sh b/sh/supervise-daemon.sh
+index e403a789..259b8166 100644
+--- a/sh/supervise-daemon.sh
++++ b/sh/supervise-daemon.sh
+@@ -24,7 +24,7 @@ supervise_start()
+ # The eval call is necessary for cases like:
+ # command_args="this \"is a\" test"
+ # to work properly.
+- eval supervise-daemon "${RC_SVCNAME}" --start \
++ eval ${RC_VRF_EXEC} supervise-daemon "${RC_SVCNAME}" --start \
+ ${retry:+--retry} $retry \
+ ${directory:+--chdir} $directory \
+ ${chroot:+--chroot} $chroot \
+--
+2.33.1
+
diff --git a/repo/system/openrc/0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch b/repo/system/openrc/0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch
new file mode 100644
index 0000000..34100ef
--- /dev/null
+++ b/repo/system/openrc/0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch
@@ -0,0 +1,47 @@
+From f406231dc9a49b67ca558983de80513f95078309 Mon Sep 17 00:00:00 2001
+From: Ariadne Conill <ariadne@dereferenced.org>
+Date: Wed, 8 Sep 2021 23:51:11 -0600
+Subject: [PATCH] Clean up staticroute config - remove irrelevant parts (for
+ BSD, Hurd) and suggest that route(8) is legacy.
+
+---
+ conf.d/staticroute | 23 +++--------------------
+ 1 file changed, 3 insertions(+), 20 deletions(-)
+
+diff --git a/conf.d/staticroute b/conf.d/staticroute
+index 19d0961f..49d0e0bb 100644
+--- a/conf.d/staticroute
++++ b/conf.d/staticroute
+@@ -1,26 +1,9 @@
+-# Static routes are defined differently depending on your operating
+-# system, so please be sure to use the correct syntax.
+ # Do not use this file to define the default route.
+ # In all settings, multiple routes should be separated using ; or new lines.
+
+-# Define static routes on Linux using route. See route(8) for syntax.
+-#staticroute="net 192.168.0.0 netmask 255.255.255.0 gw 10.73.1.1
+-#net 192.168.1.0 netmask 255.255.255.0 gw 10.73.1.1"
+-
+ # Define static routes on Linux using iproute2. See ip(8) for syntax.
+ #staticiproute="192.168.0.0/24 via 10.73.1.1; 192.168.1.0/24 via 10.73.1.1"
+
+-# Define static routes on GNU/Hurd. See route(8) for syntax.
+-# /etc/route.conf(5) takes precedence over this configuration.
+-# FIXME: "net ..." not supported
+-#staticroute="net 192.168.0.0 -netmask 255.255.255.0 --address 10.73.1.1
+-#net 192.168.1.0 -netmask 255.255.255.0 --address 10.73.1.1"
+-
+-# Define static routes on GNU/KFreeBSD. See route(8) for syntax.
+-#staticroute="net 192.168.0.0 10.73.1.1 netmask 255.255.255.0
+-#net 192.168.1.0 10.73.1.1 netmask 255.255.255.0"
+-
+-# Define static routes on other BSD systems. See route(8) for syntax.
+-# /etc/route.conf(5) takes precedence over this configuration.
+-#staticroute="net 192.168.0.0 -netmask 255.255.255.0 10.73.1.1
+-#net 192.168.1.0 -netmask 255.255.255.0 10.73.1.1"
++# Or define static routes on Linux using route (legacy). See route(8) for syntax.
++#staticroute="net 192.168.0.0 netmask 255.255.255.0 gw 10.73.1.1
++#net 192.168.1.0 netmask 255.255.255.0 gw 10.73.1.1"
+--
+2.33.1
+
diff --git a/repo/system/openrc/0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch b/repo/system/openrc/0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch
new file mode 100644
index 0000000..f498d05
--- /dev/null
+++ b/repo/system/openrc/0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch
@@ -0,0 +1,44 @@
+From a756576ae62e4f24a2ea36e87053187cdfc1be63 Mon Sep 17 00:00:00 2001
+From: Ariadne Conill <ariadne@dereferenced.org>
+Date: Wed, 13 Oct 2021 21:12:10 -0600
+Subject: [PATCH] bootmisc: switch wipe_tmp setting to no by default
+
+When wipe_tmp=yes, an insufficiently bounded rm -rf occurs that,
+under specific unknown circumstances, can escape into other filesystems
+resulting in data loss.
+
+See alpine/aports#13070.
+---
+ conf.d/bootmisc | 2 +-
+ init.d/bootmisc.in | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/conf.d/bootmisc b/conf.d/bootmisc
+index dd5b08e0..5cf18d33 100644
+--- a/conf.d/bootmisc
++++ b/conf.d/bootmisc
+@@ -3,7 +3,7 @@ clean_tmp_dirs="/tmp"
+
+ # Should we wipe the tmp paths completely or just selectively remove known
+ # locks / files / etc... ?
+-wipe_tmp="YES"
++wipe_tmp="NO"
+
+ # Write the initial dmesg log into /var/log/dmesg after boot
+ # This may be useful if you need the kernel boot log afterwards
+diff --git a/init.d/bootmisc.in b/init.d/bootmisc.in
+index b1a849a3..8485110a 100644
+--- a/init.d/bootmisc.in
++++ b/init.d/bootmisc.in
+@@ -17,7 +17,7 @@ depend()
+ keyword -prefix -timeout
+ }
+
+-: ${wipe_tmp:=${WIPE_TMP:-yes}}
++: ${wipe_tmp:=${WIPE_TMP:-no}}
+ : ${log_dmesg:=${LOG_DMESG:-yes}}
+
+ cleanup_tmp_dir()
+--
+2.33.1
+
diff --git a/repo/system/openrc/0009-fix-bootmisc-mv-error.patch b/repo/system/openrc/0009-fix-bootmisc-mv-error.patch
new file mode 100644
index 0000000..e87f9bb
--- /dev/null
+++ b/repo/system/openrc/0009-fix-bootmisc-mv-error.patch
@@ -0,0 +1,27 @@
+From: Dermot Bradley <dermot_bradley@yahoo.com>
+Date: Sat, 29 Jan 2022 19:28 +0000
+Subject: prevent a bootmisc trying to move a nonexistant file
+
+During boot if the "previous_dmesg" setting is enabled in
+/etc/conf.d/bootmisc then during the 1st boot of a machine the
+bootmisc init.d script will attempt to move a nonexistant dmesg
+file, so generating an error on the console.
+
+Modify the script to only move an existing file.
+
+Upstream has merged this as PR 496 so it will be in the next release.
+
+---
+
+diff -aur a/init.d/bootmisc.in b/init.d/bootmisc.in
+--- a/init.d/bootmisc.in
++++ b/init.d/bootmisc.in
+@@ -226,7 +226,7 @@
+ case "$RC_SYS" in
+ VSERVER|OPENVZ|LXC|SYSTEMD-NSPAWN) ;;
+ *)
+- if yesno ${previous_dmesg:-no}; then
++ if yesno ${previous_dmesg:-no} && [ -e /var/log/dmesg ]; then
+ mv /var/log/dmesg /var/log/dmesg.old
+ fi
+ dmesg > /var/log/dmesg
diff --git a/repo/system/openrc/0010-noexec-devfs.patch b/repo/system/openrc/0010-noexec-devfs.patch
new file mode 100644
index 0000000..9a8928c
--- /dev/null
+++ b/repo/system/openrc/0010-noexec-devfs.patch
@@ -0,0 +1,14 @@
+--- a/init.d/devfs.in
++++ b/init.d/devfs.in
+@@ -24,8 +24,9 @@ mount_dev()
+ action=--mount
+ conf_d_dir="${RC_SERVICE%/*/*}/conf.d"
+ msg=Mounting
+- # Some devices require exec, Bug #92921
+- mountopts="exec,nosuid,mode=0755"
++ # Some devices require exec, https://bugs.gentoo.org/92921
++ # Users with such requirements can use an fstab entry for /dev
++ mountopts="noexec,nosuid,mode=0755"
+ if yesno ${skip_mount_dev:-no} ; then
+ einfo "/dev will not be mounted due to user request"
+ return 0
diff --git a/repo/system/openrc/firstboot.initd b/repo/system/openrc/firstboot.initd
new file mode 100644
index 0000000..eac4ef8
--- /dev/null
+++ b/repo/system/openrc/firstboot.initd
@@ -0,0 +1,34 @@
+#!/sbin/openrc-run
+
+# The first boot init service
+
+# read kernel options
+init_KOPT() {
+ eval "set -- $(cat /proc/cmdline 2>/dev/null)"
+ for opt; do
+ case "$opt" in
+ ssh_*=*)
+ eval "KOPT_${opt%%=*}='${opt#*=}'" ;;
+ esac
+ done
+}
+
+start() {
+ rm -f /etc/runlevels/*/$RC_SVCNAME
+ init_KOPT
+ local rc=0
+ ebegin "Starting ${RC_SVCNAME}"
+ if [ -n "$KOPT_ssh_key" ] && [ ! -f "/root/.ssh/authorized_keys" ]; then
+ einfo "Fetching ssh keys"
+ mkdir -pm 700 /root/.ssh
+ checkpath -fm 0600 /root/.ssh/authorized_keys
+ case "$KOPT_ssh_key" in
+ https://*|ftps://*|http://*)
+ wget -q "$KOPT_ssh_key" -O /root/.ssh/authorized_keys
+ rc=$?;;
+ *) echo "$KOPT_ssh_key" > /root/.ssh/authorized_keys;;
+ esac
+ fi
+ eend $rc
+}
+
diff --git a/repo/system/openrc/hostname.initd b/repo/system/openrc/hostname.initd
new file mode 100644
index 0000000..4581595
--- /dev/null
+++ b/repo/system/openrc/hostname.initd
@@ -0,0 +1,18 @@
+#!/sbin/openrc-run
+
+description="Sets the hostname of the machine."
+
+depend() {
+ keyword -prefix -lxc -docker
+}
+
+start() {
+ if [ -s /etc/hostname ] ; then
+ name=$(cat /etc/hostname)
+ else
+ name="${hostname:-localhost}"
+ fi
+ ebegin "Setting hostname"
+ hostname $name
+ eend $?
+}
diff --git a/repo/system/openrc/hwdrivers.initd b/repo/system/openrc/hwdrivers.initd
new file mode 100644
index 0000000..80184c9
--- /dev/null
+++ b/repo/system/openrc/hwdrivers.initd
@@ -0,0 +1,32 @@
+#!/sbin/openrc-run
+
+depend() {
+ need sysfs dev
+ before checkfs fsck
+ after modloop
+ keyword -vserver -lxc
+}
+
+# Load hardware drivers
+start() {
+ # check for boot option "nocoldplug"
+ if get_bootparam noautodetect; then
+ ewarn "Autodetection of hardware disabled from boot cmdline"
+ return 0
+ fi
+
+ ebegin "Loading hardware drivers"
+ find /sys -name modalias -type f -print0 | xargs -0 sort -u \
+ | xargs modprobe -b -a 2> /dev/null
+ # we run it twice so we detect all devices
+ find /sys -name modalias -type f -print0 | xargs -0 sort -u \
+ | xargs modprobe -b -a 2> /dev/null
+
+ # check if framebuffer drivers got pulled in
+ if [ -e /dev/fb0 ] && ! [ -e /sys/module/fbcon ]; then
+ modprobe -b -q fbcon
+ fi
+
+ eend 0
+}
+
diff --git a/repo/system/openrc/machine-id.initd b/repo/system/openrc/machine-id.initd
new file mode 100644
index 0000000..bdd0698
--- /dev/null
+++ b/repo/system/openrc/machine-id.initd
@@ -0,0 +1,17 @@
+#!/sbin/openrc-run
+
+description="Generate machine-id if needed"
+
+depend() {
+ need root dev
+}
+
+start() {
+ if [ -s /etc/machine-id ] ; then
+ return 0
+ fi
+ ebegin "Generating machine-id"
+ dd if=/dev/urandom status=none bs=16 count=1 \
+ | md5sum | cut -d' ' -f1 > /etc/machine-id
+ eend $?
+}
diff --git a/repo/system/openrc/modloop.confd b/repo/system/openrc/modloop.confd
new file mode 100644
index 0000000..6966429
--- /dev/null
+++ b/repo/system/openrc/modloop.confd
@@ -0,0 +1,6 @@
+# Enable loadable module support when running from RAM
+# when OverlayFS support is available in the kernel.
+# 0 means default tmpfs size (50% of physical RAM).
+# for more information please see kernel documention at:
+# https://www.kernel.org/doc/Documentation/filesystems/tmpfs.txt
+overlay_size=0
diff --git a/repo/system/openrc/modloop.initd b/repo/system/openrc/modloop.initd
new file mode 100755
index 0000000..fb7006c
--- /dev/null
+++ b/repo/system/openrc/modloop.initd
@@ -0,0 +1,153 @@
+#!/sbin/openrc-run
+
+# script that will mount image with modules
+
+depend() {
+ after dev-mount
+ before checkfs fsck hwdrivers modules hwclock dev sysfs
+ keyword -vserver -lxc
+}
+
+# read kernel options
+init_KOPT() {
+ for opt in $(cat /proc/cmdline 2>/dev/null); do
+ case "$opt" in
+ modloop=*|modloop_verify=*)
+ eval "KOPT_${opt%%=*}='${opt#*=}'" ;;
+ esac
+ done
+}
+
+mountdirs() {
+ awk '$2 !~ /^\/(sys|proc|dev|run)/ && $2 != "/" {print $2}' /proc/mounts
+}
+
+find_modloop() {
+ local dir="$1"
+ local kver=$(uname -r)
+ local oifs="$IFS"
+ IFS=$'\n'
+ set -- $(blkid "$dir"/boot/* "$dir"/*)
+ IFS="$oifs"
+ for line; do
+ img=${line%%:*}
+ verify_modloop "$img" || eerror "Failed to verify signature of $img!"
+ mount "$img" -o loop,ro /.modloop || continue
+ if [ -d /.modloop/modules/$kver ]; then
+ return 0
+ fi
+ umount /.modloop
+ done
+ return 1
+}
+
+verify_modloop() {
+ local modloop=$1 key=
+ if ! yesno "${KOPT_modloop_verify:=yes}"; then
+ return 0
+ fi
+ for key in /etc/apk/keys/*.pub; do
+ local sig=/var/cache/misc/${modloop##*/}.SIGN.RSA.${key##*/}
+ if [ -f "$sig" ]; then
+ if ! command -v openssl > /dev/null; then
+ ewarn "Missing openssl. Modloop verification disabled!"
+ return 0
+ fi
+ einfo "Verifying modloop"
+ openssl dgst -sha1 -verify "$key" -signature "$sig" "$modloop" \
+ >/dev/null 2>&1 || return 1
+ fi
+ done
+}
+
+find_backing_file() {
+ local dir="$1"
+ local dev=$(df -P "$dir" | tail -1 | awk '{print $1}')
+ cat /sys/block/${dev#/dev/}/loop/backing_file 2>/dev/null
+}
+
+start() {
+ local modloop= mount_opts= modloop_dldir="/lib"
+ init_KOPT
+
+ case "$KOPT_modloop" in
+ none) return 0;;
+ http://*|https://*|ftp://*)
+ modloop=$modloop_dldir/${KOPT_modloop##*/}
+ if [ ! -f "$modloop" ]; then
+ mkdir -p "$modloop_dldir"
+ wget -P "$modloop_dldir" "$KOPT_modloop" || eend 1
+ fi
+ ;;
+ *)
+ for dir in $(mountdirs); do
+ if [ -f "$dir"/$KOPT_modloop ]; then
+ modloop="$dir/${KOPT_modloop##/}"
+ alpine_mnt="$dir"
+ break
+ fi
+ done
+ ;;
+ esac
+
+ ebegin "Mounting modloop $modloop"
+ mkdir -p /.modloop
+ if [ -n "$modloop" ]; then
+ verify_modloop "$modloop" || eerror "Failed to verify signature of $img!"
+ mount -o loop,ro $modloop /.modloop
+ eend $? || return 1
+ else
+ for dir in $(mountdirs); do
+ if find_modloop "$dir"; then
+ alpine_mnt="$dir"
+ break
+ fi
+ done
+ if [ -d /.modloop/modules/$(uname -r) ]; then
+ eend 0
+ else
+ eend 1 || return 1
+ fi
+ fi
+
+ #use overlayfs if available and configured
+ if grep -q -w "overlay$" /proc/filesystems && [ ! -z ${unionfs_size+x} ]; then
+ ewarn "Use of unionfs_size is deprecated use overlay_size instead"
+ overlay_size="$unionfs_size"
+ fi
+ if grep -q -w "overlay$" /proc/filesystems && [ -n "$overlay_size" ]; then
+ ebegin "OverlayFS detected, mounting modloop rw"
+ [ "$overlay_size" != 0 ] && mount_ops="-o size=$overlay_size"
+ mkdir -p /.modoverlayfs /lib/modules
+ mount -t tmpfs $mount_ops tmpfs /.modoverlayfs
+ mkdir -p /.modoverlayfs/modules /.modoverlayfs/work
+ mount -t overlay -o upperdir=/.modoverlayfs/modules,lowerdir=/lib/modules:/.modloop/modules,workdir=/.modoverlayfs/work overlay /lib/modules
+ depmod -A
+ eend $? || return 1
+ else
+ rm -rf /lib/modules && ln -sf /.modloop/modules /lib/
+ fi
+
+ # copy firmware if there are any
+ if [ -d $alpine_mnt/firmware ]; then
+ ebegin "Copying firmware from $alpine_mnt/firmware"
+ cp -R -a $alpine_mnt/firmware /lib/
+ eend $?
+ elif [ -d /lib/modules/firmware ]; then
+ rmdir /lib/firmware 2>/dev/null \
+ && ln -s /lib/modules/firmware /lib/
+ fi
+ return 0
+}
+
+stop() {
+ local ret=0
+ local mnt; for mnt in /lib/modules /.modoverlayfs /.modloop; do
+ if mountinfo --quiet "$mnt"; then
+ ebegin "Unmounting $mnt"
+ umount -d "$mnt" || ret=1
+ fi
+ done
+ eend $ret || return 1
+}
+
diff --git a/repo/system/openrc/modules.initd b/repo/system/openrc/modules.initd
new file mode 100644
index 0000000..3cd141e
--- /dev/null
+++ b/repo/system/openrc/modules.initd
@@ -0,0 +1,80 @@
+#!/sbin/openrc-run
+
+description="Loads a user defined list of kernel modules."
+
+depend()
+{
+ before hwclock hwdrivers
+ keyword -openvz -prefix -vserver -lxc
+}
+
+start() {
+ yesno $rc_verbose && verbose=yes
+
+ ebegin "Loading modules"
+ eindent
+ for f in /lib/modules-load.d/*.conf \
+ /usr/lib/modules-load.d/*.conf; do
+
+ if ! [ -f "$f" ]; then
+ continue
+ fi
+
+ if [ -f /etc/modules-load.d/"${f##*/}" ]; then
+ veinfo "Ignoring $f due to /etc/modules-load.d/${f##*/}"
+ continue
+ fi
+
+ if [ -f /run/modules-load.d/"${f##*/}" ]; then
+ veinfo "Ignoring $f due to /run/modules-load.d/${f##*/}"
+ continue
+ fi
+
+ veinfo "Processing $f"
+ sed -e 's/\#.*//g' -e '/^[[:space:]]*$/d' < "$f" \
+ | while read module args; do
+ modprobe -q $module $args
+ done
+ done
+
+ if [ -f /etc/modules ]; then
+ veinfo "Processing /etc/modules"
+ sed -e 's/\#.*//g' -e '/^[[:space:]]*$/d' < /etc/modules \
+ | while read module args; do
+ modprobe -q $module $args
+ done
+ fi
+
+ for f in /etc/modules-load.d/*.conf; do
+ if [ ! -f "$f" ]; then
+ continue
+ fi
+
+ if [ -f /run/modules-load.d/"${f##*/}" ]; then
+ veinfo "Ignoring $f due to /run/modules-load.d/${f##*/}"
+ continue
+ fi
+
+ veinfo "Processing $f"
+ sed -e 's/\#.*//g' -e '/^[[:space:]]*$/d' < "$f" \
+ | while read module args; do
+ modprobe -q $module $args
+ done
+ done
+
+ for f in /run/modules-load.d/*.conf; do
+ if [ ! -f "$f" ]; then
+ continue
+ fi
+
+ veinfo "Processing $f"
+ sed -e 's/\#.*//g' -e '/^[[:space:]]*$/d' < "$f" \
+ | while read module args; do
+ modprobe -q $module $args
+ done
+ done
+ eoutdent
+
+ eend $?
+}
+
diff --git a/repo/system/openrc/networking.initd b/repo/system/openrc/networking.initd
new file mode 100644
index 0000000..417f4a3
--- /dev/null
+++ b/repo/system/openrc/networking.initd
@@ -0,0 +1,88 @@
+#!/sbin/openrc-run
+
+# note that the spoofprotect, syncoockies and ip_forward options are set in
+# /etc/sysctl.conf
+
+: ${cfgfile:="/etc/network/interfaces"}
+: ${ifquery:="ifquery"}
+: ${ifstate:="/run/ifstate"}
+
+single_iface="${RC_SVCNAME#*.}"
+if [ "$single_iface" = "$RC_SVCNAME" ]; then
+ single_iface=
+fi
+
+depend() {
+ need localmount
+ want dev-settle
+ after bootmisc hwdrivers modules
+ provide net
+ keyword -jail -prefix -vserver -docker
+}
+
+# find interfaces we want to start
+find_ifaces() {
+ if [ -n "$single_iface" ]; then
+ echo $single_iface
+ return 0
+ fi
+
+ if command -v "$ifquery" >/dev/null; then
+ $ifquery -i "$cfgfile" --list --auto
+ return
+ fi
+
+ # fallback in case ifquery does not exist
+ awk '$1 == "auto" {for (i = 2; i <= NF; i = i + 1) printf("%s ", $i)}' "$cfgfile"
+}
+
+# return the list of interfaces we should try stop
+find_running_ifaces() {
+ if [ -n "$single_iface" ]; then
+ echo $single_iface
+ return 0
+ fi
+
+ if command -v "$ifquery" >/dev/null; then
+ $ifquery --state-file $ifstate -i "$cfgfile" --running
+ return
+ fi
+
+ # fallback
+ awk -F= '{print $2}' $ifstate
+}
+
+start() {
+ local iface= ret=1
+ ebegin "Starting networking"
+ eindent
+ for iface in $(find_ifaces); do
+ local r=0
+ ebegin "$iface"
+ if ! ifup -i "$cfgfile" $iface >/dev/null; then
+ ifdown -i "$cfgfile" $iface >/dev/null 2>&1
+ r=1
+ fi
+ # atleast one interface needs to be started for action
+ # to be success
+ eend $r && ret=0
+ done
+ eoutdent
+ return $ret
+}
+
+stop() {
+ local iface=
+ # Don't stop the network at shutdown.
+ yesno ${keep_network:-YES} && yesno $RC_GOINGDOWN && return 0
+
+ ebegin "Stopping networking"
+ eindent
+ for iface in $(find_running_ifaces); do
+ ebegin "$iface"
+ ifdown -i "$cfgfile" -f $iface >/dev/null
+ eend $?
+ done
+ eoutdent
+ return 0
+}
diff --git a/repo/system/openrc/openrc.logrotate b/repo/system/openrc/openrc.logrotate
new file mode 100644
index 0000000..5e5e64b
--- /dev/null
+++ b/repo/system/openrc/openrc.logrotate
@@ -0,0 +1,4 @@
+/var/log/rc.log {
+ missingok
+ notifempty
+}
diff --git a/repo/system/openrc/openrc.post-install b/repo/system/openrc/openrc.post-install
new file mode 100644
index 0000000..1c27350
--- /dev/null
+++ b/repo/system/openrc/openrc.post-install
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+rc_update() {
+ local svc="$1"
+ local level="$2"
+ mkdir -p /etc/runlevels/$level
+ ln -sf /etc/init.d/$svc /etc/runlevels/$level
+}
+
+if [ ! -d etc/rcS.d ] && [ ! -d etc/rcL.d ]; then
+ exit 0
+fi
+
+for i in etc/rc[SL].d/*; do
+ [ -L "$i" ] || continue
+ oldsvc=${i##*/S[0-9][0-9]}
+ # some services are renamed
+ case "$oldsvc" in
+ modutils) svc=modules;;
+ procps) svc=sysctl;;
+ bootmisc.sh) svc=bootmisc;;
+ keymap) svc=keymaps;;
+ rc.local) svc=local;;
+ *) svc=$oldsvc;;
+ esac
+
+ # add the service to correct "runlevel"
+ case "$svc" in
+ syslog|klogd)
+ rc_update $svc sysinit;;
+ hwclock|modules|sysctl|hostname|keymaps|bootmisc)
+ rc_update $svc boot;;
+ *) rc_update $svc default;;
+ esac
+
+ rm $i
+done
+
diff --git a/repo/system/openrc/openrc.post-upgrade b/repo/system/openrc/openrc.post-upgrade
new file mode 100644
index 0000000..8884202
--- /dev/null
+++ b/repo/system/openrc/openrc.post-upgrade
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+# in 0.8.0-r1 the state dir moved from /libexec/rc/init.d to /lib/rc/init.d
+# and with 0.10 it moved to /run/openrc
+
+mkdir -p /run/openrc
+for dir in /libexec /lib; do
+ [ -d $dir/rc/init.d ] || continue
+
+ for i in $dir/rc/init.d/* ; do
+ [ -e "$i" ] || continue
+ if [ -e /run/openrc/${i##*/} ]; then
+ rm -r $i
+ else
+ mv $i /run/openrc/
+ fi
+ done
+
+ rmdir $dir/rc/init.d $dir/rc /libexec 2>/dev/null
+done
+
+# create rc.local compat
+if [ -f /etc/rc.local ]; then
+ cat >/etc/local.d/rc.local-compat.start<<__EOF__
+#!/bin/sh
+
+# this is only here for compatibility reasons
+if [ -f /etc/rc.local ]; then
+ . /etc/rc.local
+fi
+__EOF__
+ chmod +x /etc/local.d/rc.local-compat.start
+fi
+
+exit 0
diff --git a/repo/system/openrc/openrc.xibuild b/repo/system/openrc/openrc.xibuild
new file mode 100644
index 0000000..fb99da4
--- /dev/null
+++ b/repo/system/openrc/openrc.xibuild
@@ -0,0 +1,139 @@
+#!/bin/sh
+
+MAKEDEPS="make "
+DEPS="ifupdown-ng sbase musl"
+
+PKG_VER=0.44.10
+SOURCE=https://github.com/OpenRC/openrc/archive/refs/tags/$PKG_VER.zip
+ADDITIONAL="
+ 0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch
+ 0002-fsck-don-t-add-C0-to-busybox-fsck.patch
+ 0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch
+ 0004-make-consolefont-service-compatible-with-busyboxs-se.patch
+ 0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch
+ 0006-Add-support-for-starting-services-in-a-specified-VRF.patch
+ 0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch
+ 0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch
+ 0009-fix-bootmisc-mv-error.patch
+ 0010-noexec-devfs.patch
+ seedrng.patch
+ openrc.logrotate
+ hostname.initd
+ hwdrivers.initd
+ modules.initd
+ modloop.initd
+ networking.initd
+ modloop.confd
+ sysfsconf.initd
+ firstboot.initd
+ sysctl.initd
+ machine-id.initd
+ test-networking.sh
+ rc.conf
+"
+
+DESC="Dependency based init system that works with sysvinit"
+
+# build borrowed from alpine linux
+prepare () {
+ apply_patches
+ sed -i -e '/^sed/d' pkgconfig/Makefile
+ find ./ -name "Makefile" | xargs sed -i 's/ln -snf/ln -sf/g'
+}
+
+build () {
+ export MKZSHCOMP=yes
+ export MKBASHCOMP=yes
+ make LIBDIR=/lib LIBEXECDIR=/lib/rc MKSYSVINIT=yes
+}
+
+check () {
+ make check
+}
+
+package () {
+ make LIBEXECDIR=/lib/rc DESTDIR="$PKG_DEST/" MKSYSVINIT=yes install
+
+ # remove -n from ln in mtab, devfs
+ sed -i "s/ln -snf/ln -sf/g" $PKG_DEST/etc/init.d/mtab $PKG_DEST/etc/init.d/devfs
+
+ ln -s openrc-init $PKG_DEST/sbin/init
+
+ # we still use our ifup/ifdown based net config
+ #rm -f "$PKG_DEST"/etc/conf.d/network "$PKG_DEST"/etc/init.d/network
+
+ # our hostname init script reads hostname from /etc/hostname
+ rm -f "$pkgdir"/etc/conf.d/hostname
+
+
+ # we override some of the scripts
+ for i in *.initd; do
+ j=${i##*/}
+ install -Dm755 $i "$PKG_DEST"/etc/init.d/${j%.initd}
+ done
+
+ # we override some of the conf.d files
+ for i in *.confd; do
+ j=${i##*/}
+ install -Dm644 $i "$PKG_DEST"/etc/conf.d/${j%.confd}
+ done
+
+ # additional documentation considered useful
+ mkdir -p "$PKG_DEST"/usr/share/doc/openrc/
+ install -m644 ChangeLog ./*.md "$PKG_DEST"/usr/share/doc/openrc/
+
+ # we use a virtual keymaps services to allow users to set their
+ # keymaps either with the OpenRC loadkeys service provided by
+ # the kbd aport or with the loadkmap service provided by the
+ # busybox-initscripts aport.
+ rm -f "$PKG_DEST/etc/init.d/keymaps" \
+ "$PKG_DEST/etc/conf.d/keymaps"
+
+ install -Dm644 openrc.logrotate $PKG_DEST/etc/logrotate.d/openrc
+ install -d "$PKG_DEST"/etc/local.d "$PKG_DEST"/run
+
+ # openrc upstream removed service(8) for whatever reason, put it back
+ ln -s /sbin/rc-service $PKG_DEST/sbin/service
+
+ # remove deprecated /sbin/runscript to avoid conflict with minicom
+ rm $PKG_DEST/sbin/runscript
+
+ #spawn ttys
+ for x in tty1 tty2 tty3 tty4 tty5 tty6; do
+ ln -sf agetty $PKG_DEST/etc/init.d/agetty.$x
+ done
+
+ rm $PKG_DEST/etc/rc.conf
+ install -m644 rc.conf $PKG_DEST/etc/rc.conf
+}
+
+postinstall () {
+ mkdir -p /run/openrc
+ for dir in /libexec /lib; do
+ [ -d $dir/rc/init.d ] || continue
+
+ for i in $dir/rc/init.d/* ; do
+ [ -e "$i" ] || continue
+ if [ -e /run/openrc/${i##*/} ]; then
+ rm -r $i
+ else
+ mv $i /run/openrc/
+ fi
+ done
+
+ rmdir $dir/rc/init.d $dir/rc /libexec 2>/dev/null
+ done
+
+ # create rc.local compat
+ if [ -f /etc/rc.local ]; then
+ cat >/etc/local.d/rc.local-compat.start<< EOF
+#!/bin/sh
+
+# this is only here for compatibility reasons
+if [ -f /etc/rc.local ]; then
+ . /etc/rc.local
+fi
+EOF
+ chmod +x /etc/local.d/rc.local-compat.start
+ fi
+}
diff --git a/repo/system/openrc/rc.conf b/repo/system/openrc/rc.conf
new file mode 100644
index 0000000..fdeb653
--- /dev/null
+++ b/repo/system/openrc/rc.conf
@@ -0,0 +1,313 @@
+# Global OpenRC configuration settings
+
+# Set to "YES" if you want the rc system to try and start services
+# in parallel for a slight speed improvement. When running in parallel we
+# prefix the service output with its name as the output will get
+# jumbled up.
+# WARNING: whilst we have improved parallel, it can still potentially lock
+# the boot process. Don't file bugs about this unless you can supply
+# patches that fix it without breaking other things!
+rc_parallel="YES"
+
+# Set rc_interactive to "YES" and you'll be able to press the I key during
+# boot so you can choose to start specific services. Set to "NO" to disable
+# this feature. This feature is automatically disabled if rc_parallel is
+# set to YES.
+#rc_interactive="YES"
+
+# If we need to drop to a shell, you can specify it here.
+# If not specified we use $SHELL, otherwise the one specified in /etc/passwd,
+# otherwise /bin/sh
+# Linux users could specify /sbin/sulogin
+rc_shell=/bin/sh
+
+# Do we allow any started service in the runlevel to satisfy the dependency
+# or do we want all of them regardless of state? For example, if net.eth0
+# and net.eth1 are in the default runlevel then with rc_depend_strict="NO"
+# both will be started, but services that depend on 'net' will work if either
+# one comes up. With rc_depend_strict="YES" we would require them both to
+# come up.
+#rc_depend_strict="YES"
+
+# rc_hotplug controls which services we allow to be hotplugged.
+# A hotplugged service is one started by a dynamic dev manager when a matching
+# hardware device is found.
+# Hotplugged services appear in the "hotplugged" runlevel.
+# If rc_hotplug is set to any value, we compare the name of this service
+# to every pattern in the value, from left to right, and we allow the
+# service to be hotplugged if it matches a pattern, or if it matches no
+# patterns. Patterns can include shell wildcards.
+# To disable services from being hotplugged, prefix patterns with "!".
+#If rc_hotplug is not set or is empty, all hotplugging is disabled.
+# Example - rc_hotplug="net.wlan !net.*"
+# This allows net.wlan and any service not matching net.* to be hotplugged.
+# Example - rc_hotplug="!net.*"
+# This allows services that do not match "net.*" to be hotplugged.
+
+# rc_logger launches a logging daemon to log the entire rc process to
+# /var/log/rc.log
+# NOTE: Linux systems require the devfs service to be started before
+# logging can take place and as such cannot log the sysinit runlevel.
+#rc_logger="NO"
+
+# Through rc_log_path you can specify a custom log file.
+# The default value is: /var/log/rc.log
+#rc_log_path="/var/log/rc.log"
+
+# If you want verbose output for OpenRC, set this to yes. If you want
+# verbose output for service foo only, set it to yes in /etc/conf.d/foo.
+#rc_verbose=no
+
+# By default we filter the environment for our running scripts. To allow other
+# variables through, add them here. Use a * to allow all variables through.
+#rc_env_allow="VAR1 VAR2"
+
+# By default we assume that all daemons will start correctly.
+# However, some do not - a classic example is that they fork and return 0 AND
+# then child barfs on a configuration error. Or the daemon has a bug and the
+# child crashes. You can set the number of milliseconds start-stop-daemon
+# waits to check that the daemon is still running after starting here.
+# The default is 0 - no checking.
+#rc_start_wait=100
+
+# rc_nostop is a list of services which will not stop when changing runlevels.
+# This still allows the service itself to be stopped when called directly.
+#rc_nostop=""
+
+# rc will attempt to start crashed services by default.
+# However, it will not stop them by default as that could bring down other
+# critical services.
+#rc_crashed_stop=NO
+#rc_crashed_start=YES
+
+# Set rc_nocolor to yes if you do not want colors displayed in OpenRC
+# output.
+#rc_nocolor=NO
+
+##############################################################################
+# MISC CONFIGURATION VARIABLES
+# There variables are shared between many init scripts
+
+# Set unicode to YES to turn on unicode support for keyboards and screens.
+unicode="YES"
+
+# This is how long fuser should wait for a remote server to respond. The
+# default is 60 seconds, but it can be adjusted here.
+#rc_fuser_timeout=60
+
+# Below is the default list of network fstypes.
+#
+# afs ceph cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs
+# nfs nfs4 ocfs2 shfs smbfs
+#
+# If you would like to add to this list, you can do so by adding your
+# own fstypes to the following variable.
+#extra_net_fs_list=""
+
+##############################################################################
+# SERVICE CONFIGURATION VARIABLES
+# These variables are documented here, but should be configured in
+# /etc/conf.d/foo for service foo and NOT enabled here unless you
+# really want them to work on a global basis.
+# If your service has characters in its name which are not legal in
+# shell variable names and you configure the variables for it in this
+# file, those characters should be replaced with underscores in the
+# variable names as shown below.
+
+# Some daemons are started and stopped via start-stop-daemon.
+# We can set some things on a per service basis, like the nicelevel.
+#SSD_NICELEVEL="-19"
+# Or the ionice level. The format is class[:data] , just like the
+# --ionice start-stop-daemon parameter.
+#SSD_IONICELEVEL="2:2"
+
+# Pass ulimit parameters
+# If you are using bash in POSIX mode for your shell, note that the
+# ulimit command uses a block size of 512 bytes for the -c and -f
+# options
+#rc_ulimit="-u 30"
+
+# It's possible to define extra dependencies for services like so
+#rc_config="/etc/foo"
+#rc_need="openvpn"
+#rc_use="net.eth0"
+#rc_after="clock"
+#rc_before="local"
+#rc_provide="!net"
+
+# You can also enable the above commands here for each service. Below is an
+# example for service foo.
+#rc_foo_config="/etc/foo"
+#rc_foo_need="openvpn"
+#rc_foo_after="clock"
+
+# Below is an example for service foo-bar. Note that the '-' is illegal
+# in a shell variable name, so we convert it to an underscore.
+# example for service foo-bar.
+#rc_foo_bar_config="/etc/foo-bar"
+#rc_foo_bar_need="openvpn"
+#rc_foo_bar_after="clock"
+
+# You can also remove dependencies.
+# This is mainly used for saying which services do NOT provide net.
+#rc_net_tap0_provide="!net"
+
+# This is the subsystem type.
+# It is used to match against keywords set by the keyword call in the
+# depend function of service scripts.
+#
+# It should be set to the value representing the environment this file is
+# PRESENTLY in, not the virtualization the environment is capable of.
+# If it is commented out, automatic detection will be used.
+#
+# The list below shows all possible settings as well as the host
+# operating systems where they can be used and autodetected.
+#
+# "" - nothing special
+# "docker" - Docker container manager (Linux)
+# "jail" - Jail (DragonflyBSD or FreeBSD)
+# "lxc" - Linux Containers
+# "openvz" - Linux OpenVZ
+# "prefix" - Prefix
+# "rkt" - CoreOS container management system (Linux)
+# "subhurd" - Hurd subhurds (to be checked)
+# "systemd-nspawn" - Container created by systemd-nspawn (Linux)
+# "uml" - Usermode Linux
+# "vserver" - Linux vserver
+# "xen0" - Xen0 Domain (Linux and NetBSD)
+# "xenU" - XenU Domain (Linux and NetBSD)
+#rc_sys=""
+
+# if you use openrc-init, which is currently only available on Linux,
+# this is the default runlevel to activate after "sysinit" and "boot"
+# when booting.
+#rc_default_runlevel="default"
+
+# on Linux and Hurd, this is the number of ttys allocated for logins
+# It is used in the consolefont, keymaps, numlock and termencoding
+# service scripts.
+rc_tty_number=12
+
+##############################################################################
+# LINUX CGROUPS RESOURCE MANAGEMENT
+
+# This sets the mode used to mount cgroups.
+# "hybrid" mounts cgroups version 2 on /sys/fs/cgroup/unified and
+# cgroups version 1 on /sys/fs/cgroup.
+# "legacy" mounts cgroups version 1 on /sys/fs/cgroup
+# "unified" mounts cgroups version 2 on /sys/fs/cgroup
+#rc_cgroup_mode="hybrid"
+
+# This is a list of controllers which should be enabled for cgroups version 2
+# when hybrid mode is being used.
+# Controllers listed here will not be available for cgroups version 1.
+#rc_cgroup_controllers=""
+
+# This variable contains the cgroups version 2 settings for your services.
+# If this is set in this file, the settings will apply to all services.
+# If you want different settings for each service, place the settings in
+# /etc/conf.d/foo for service foo.
+# The format is to specify the setting and value followed by a newline.
+# Multiple settings and values can be specified.
+# For example, you would use this to set the maximum memory and maximum
+# number of pids for a service.
+#rc_cgroup_settings="
+#memory.max 10485760
+#pids.max max
+#"
+#
+# For more information about the adjustments that can be made with
+# cgroups version 2, see Documentation/cgroups-v2.txt in the linux kernel
+# source tree.
+#rc_cgroup_settings=""
+
+# This switch controls whether or not cgroups version 1 controllers are
+# individually mounted under
+# /sys/fs/cgroup in hybrid or legacy mode.
+#rc_controller_cgroups="YES"
+
+# The following setting turns on the memory.use_hierarchy setting in the
+# root memory cgroup for cgroups v1.
+# It must be set to yes in this file if you want this functionality.
+#rc_cgroup_memory_use_hierarchy="NO"
+
+# The following settings allow you to set up values for the cgroups version 1
+# controllers for your services.
+# They can be set in this file;, however, if you do this, the settings
+# will apply to all of your services.
+# If you want different settings for each service, place the settings in
+# /etc/conf.d/foo for service foo.
+# The format is to specify the names of the settings followed by their
+# values. Each variable can hold multiple settings.
+# For example, you would use this to set the cpu.shares setting in the
+# cpu controller to 512 for your service.
+# rc_cgroup_cpu="
+# cpu.shares 512
+# "
+#
+# For more information about the adjustments that can be made with
+# cgroups version 1, see Documentation/cgroups-v1/* in the linux kernel
+# source tree.
+
+# Set the blkio controller settings for this service.
+#rc_cgroup_blkio=""
+
+# Set the cpu controller settings for this service.
+#rc_cgroup_cpu=""
+
+# Add this service to the cpuacct controller (any value means yes).
+#rc_cgroup_cpuacct=""
+
+# Set the cpuset controller settings for this service.
+#rc_cgroup_cpuset=""
+
+# Set the devices controller settings for this service.
+#rc_cgroup_devices=""
+
+# Set the hugetlb controller settings for this service.
+#rc_cgroup_hugetlb=""
+
+# Set the memory controller settings for this service.
+#rc_cgroup_memory=""
+
+# Set the net_cls controller settings for this service.
+#rc_cgroup_net_cls=""
+
+# Set the net_prio controller settings for this service.
+#rc_cgroup_net_prio=""
+
+# Set the pids controller settings for this service.
+#rc_cgroup_pids=""
+
+# Set this to YES if you want all of the processes in a service's cgroup
+# killed when the service is stopped or restarted.
+# Be aware that setting this to yes means all of a service's
+# child processes will be killed. Keep this in mind if you set this to
+# yes here instead of for the individual services in
+# /etc/conf.d/<service>.
+# To perform this cleanup manually for a stopped service, you can
+# execute cgroup_cleanup with /etc/init.d/<service> cgroup_cleanup or
+# rc-service <service> cgroup_cleanup.
+# The process followed in this cleanup is the following:
+# 1. send stopsig (sigterm if it isn't set) to all processes left in the
+# cgroup immediately followed by sigcont.
+# 2. Send sighup to all processes in the cgroup if rc_send_sighup is
+# yes.
+# 3. delay for rc_timeout_stopsec seconds.
+# 4. send sigkill to all processes in the cgroup unless disabled by
+# setting rc_send_sigkill to no.
+# rc_cgroup_cleanup="NO"
+
+# If this is yes, we will send sighup to the processes in the cgroup
+# immediately after stopsig and sigcont.
+#rc_send_sighup="NO"
+
+# This is the amount of time in seconds that we delay after sending sigcont
+# and optionally sighup, before we optionally send sigkill to all
+# processes in the # cgroup.
+# The default is 90 seconds.
+#rc_timeout_stopsec="90"
+
+# If this is set to no, we do not send sigkill to all processes in the
+# cgroup.
+#rc_send_sigkill="YES"
diff --git a/repo/system/openrc/seedrng.patch b/repo/system/openrc/seedrng.patch
new file mode 100644
index 0000000..ff61d81
--- /dev/null
+++ b/repo/system/openrc/seedrng.patch
@@ -0,0 +1,640 @@
+From 076c2552aeff88a27fe275dfaae61dedf4bb4bd5 Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Thu, 24 Mar 2022 22:07:16 -0600
+Subject: [PATCH] Use seedrng for seeding the random number generator
+
+The RNG can't actually be seeded from a shell script, due to the
+reliance on ioctls. For this reason, the seedrng project provides a
+basic script meant to be copy and pasted into projects like OpenRC and
+tweaked as needed: https://git.zx2c4.com/seedrng/about/
+
+This commit imports it into OpenRC and wires up /etc/init.d/urandom to
+call it. It shouldn't be called by other things on the system, so it
+lives in rc_sbindir.
+
+Closes #506.
+Closes #507.
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+---
+ AUTHORS | 1 +
+ conf.d/urandom | 9 +-
+ init.d/urandom.in | 41 ++--
+ src/rc/Makefile | 6 +-
+ src/rc/meson.build | 10 +-
+ src/rc/seedrng.c | 453 +++++++++++++++++++++++++++++++++++++++++++++
+ 6 files changed, 499 insertions(+), 21 deletions(-)
+ create mode 100644 src/rc/seedrng.c
+
+diff --git a/AUTHORS b/AUTHORS
+index 0616d5175..ede0f471b 100644
+--- a/AUTHORS
++++ b/AUTHORS
+@@ -43,6 +43,7 @@ Ian Stakenvicius <axs@gentoo.org>
+ Jakob Drexel <jake42@rommel.stw.uni-erlangen.de>
+ James Le Cuirot <chewi@aura-online.co.uk>
+ Jan Psota <jasiu@belsznica.pl>
++Jason A. Donenfeld <Jason@zx2c4.com>
+ Jason Zaman <jason@perfinion.com>
+ Joe Harvell <jharvell@dogpad.net>
+ Joe M <joe9mail@gmail.com>
+diff --git a/conf.d/urandom b/conf.d/urandom
+index f721a2491..744e4f702 100644
+--- a/conf.d/urandom
++++ b/conf.d/urandom
+@@ -2,4 +2,11 @@
+ # (say for crypt swap), so you will need to customize this
+ # behavior. If you have /var on a separate partition, then
+ # make sure this path lives on your root device somewhere.
+-urandom_seed="/var/lib/misc/random-seed"
++seed_dir="/var/lib/seedrng"
++lock_file="/var/run/seedrng.lock"
++
++# Set this to true if you do not want seed files to actually
++# credit the RNG. Set this if you plan to replicate this
++# file system image and do not have the wherewithal to first
++# delete the contents of /var/lib/seedrng.
++skip_credit="false"
+diff --git a/init.d/urandom.in b/init.d/urandom.in
+index 0d6ab66e0..cda431fdb 100644
+--- a/init.d/urandom.in
++++ b/init.d/urandom.in
+@@ -1,5 +1,5 @@
+ #!@SBINDIR@/openrc-run
+-# Copyright (c) 2007-2015 The OpenRC Authors.
++# Copyright (c) 2007-2022 The OpenRC Authors.
+ # See the Authors file at the top-level directory of this distribution and
+ # https://github.com/OpenRC/openrc/blob/HEAD/AUTHORS
+ #
+@@ -9,7 +9,10 @@
+ # This file may not be copied, modified, propagated, or distributed
+ # except according to the terms contained in the LICENSE file.
+
+-: ${urandom_seed:=${URANDOM_SEED:-/var/lib/misc/random-seed}}
++export SEEDRNG_SEED_DIR="${seed_dir:-/var/lib/seedrng}"
++export SEEDRNG_LOCK_FILE="${lock_file:-/var/run/seedrng.lock}"
++export SEEDRNG_SKIP_CREDIT="${skip_credit:-false}"
++: ${urandom_seed:=${SEEDRNG_SEED_DIR}/../misc/random-seed}
+ description="Initializes the random number generator."
+
+ depend()
+@@ -21,33 +24,35 @@ depend()
+
+ save_seed()
+ {
+- local psz=1
+-
+- if [ -e /proc/sys/kernel/random/poolsize ]; then
+- : $(( psz = $(cat /proc/sys/kernel/random/poolsize) / 4096 ))
+- fi
+-
+ ( # sub shell to prevent umask pollution
+ umask 077
+- dd if=/dev/urandom of="$urandom_seed" count=${psz} 2>/dev/null
++ dd if=/dev/urandom of="$urandom_seed" count=1 2>/dev/null
+ )
+ }
+
+ start()
+ {
+- [ -c /dev/urandom ] || return
+- if [ -f "$urandom_seed" ]; then
+- ebegin "Initializing random number generator"
+- cat "$urandom_seed" > /dev/urandom
+- eend $? "Error initializing random number generator"
++ if [ "$RC_UNAME" = Linux ]; then
++ seedrng
++ else
++ [ -c /dev/urandom ] || return
++ if [ -f "$urandom_seed" ]; then
++ ebegin "Initializing random number generator"
++ cat "$urandom_seed" > /dev/urandom
++ eend $? "Error initializing random number generator"
++ fi
++ rm -f "$urandom_seed" && save_seed
+ fi
+- rm -f "$urandom_seed" && save_seed
+ return 0
+ }
+
+ stop()
+ {
+- ebegin "Saving random seed"
+- save_seed
+- eend $? "Failed to save random seed"
++ if [ "$RC_UNAME" = Linux ]; then
++ seedrng
++ else
++ ebegin "Saving random seed"
++ save_seed
++ eend $? "Failed to save random seed"
++ fi
+ }
+diff --git a/src/rc/Makefile b/src/rc/Makefile
+index fd796d920..62539f134 100644
+--- a/src/rc/Makefile
++++ b/src/rc/Makefile
+@@ -15,7 +15,7 @@ endif
+
+ ifeq (${OS},Linux)
+ SRCS+= kill_all.c openrc-init.c openrc-shutdown.c rc-sysvinit.c broadcast.c \
+- rc-wtmp.c
++ rc-wtmp.c seedrng.c
+ endif
+
+ CLEANFILES= version.h rc-selinux.o
+@@ -47,6 +47,7 @@ RC_SBINPROGS= mark_service_starting mark_service_started \
+
+ ifeq (${OS},Linux)
+ RC_BINPROGS+= kill_all
++RC_SBINPROGS+= seedrng
+ SBINPROGS+= openrc-init openrc-shutdown
+ endif
+
+@@ -180,3 +181,6 @@ shell_var: shell_var.o
+
+ swclock: swclock.o _usage.o rc-misc.o
+ ${CC} ${LOCAL_CFLAGS} ${LOCAL_LDFLAGS} ${CFLAGS} ${LDFLAGS} -o $@ $^ ${LDADD}
++
++seedrng: seedrng.o
++ ${CC} ${LOCAL_CFLAGS} ${LOCAL_LDFLAGS} ${CFLAGS} ${LDFLAGS} -o $@ $^ ${LDADD}
+diff --git a/src/rc/meson.build b/src/rc/meson.build
+index 8fdf3ac3b..b724c51f2 100644
+--- a/src/rc/meson.build
++++ b/src/rc/meson.build
+@@ -268,7 +268,15 @@ if os == 'Linux'
+ link_with: [libeinfo,librc],
+ install: true,
+ install_dir: rc_bindir)
+- endif
++
++ executable('seedrng',
++ ['seedrng.c'],
++ c_args : cc_branding_flags,
++ include_directories: [incdir, einfo_incdir, rc_incdir],
++ link_with: [libeinfo, librc],
++ install: true,
++ install_dir: rc_sbindir)
++endif
+
+ executable('shell_var',
+ ['shell_var.c'],
+diff --git a/src/rc/seedrng.c b/src/rc/seedrng.c
+new file mode 100644
+index 000000000..c1f941457
+--- /dev/null
++++ b/src/rc/seedrng.c
+@@ -0,0 +1,453 @@
++/*
++ * seedrng.c
++ * Seed kernel RNG from seed file, based on code from:
++ * https://git.zx2c4.com/seedrng/about/
++ */
++
++/*
++ * Copyright (c) 2022 The OpenRC Authors.
++ * See the Authors file at the top-level directory of this distribution and
++ * https://github.com/OpenRC/openrc/blob/HEAD/AUTHORS
++ *
++ * This file is part of OpenRC. It is subject to the license terms in
++ * the LICENSE file found in the top-level directory of this
++ * distribution and at https://github.com/OpenRC/openrc/blob/HEAD/LICENSE
++ * This file may not be copied, modified, propagated, or distributed
++ * except according to the terms contained in the LICENSE file.
++ */
++
++#include <linux/random.h>
++#include <sys/random.h>
++#include <sys/ioctl.h>
++#include <sys/file.h>
++#include <sys/stat.h>
++#include <sys/types.h>
++#include <fcntl.h>
++#include <poll.h>
++#include <unistd.h>
++#include <time.h>
++#include <errno.h>
++#include <endian.h>
++#include <stdbool.h>
++#include <stdint.h>
++#include <string.h>
++#include <stdio.h>
++#include <stdlib.h>
++
++#include "rc.h"
++#include "einfo.h"
++#include "helpers.h"
++
++#ifndef GRND_INSECURE
++#define GRND_INSECURE 0x0004 /* Apparently some headers don't ship with this yet. */
++#endif
++
++static const char *SEED_DIR;
++static const char *LOCK_FILE;
++static char *CREDITABLE_SEED;
++static char *NON_CREDITABLE_SEED;
++
++enum blake2s_lengths {
++ BLAKE2S_BLOCK_LEN = 64,
++ BLAKE2S_HASH_LEN = 32,
++ BLAKE2S_KEY_LEN = 32
++};
++
++enum seedrng_lengths {
++ MAX_SEED_LEN = 512,
++ MIN_SEED_LEN = BLAKE2S_HASH_LEN
++};
++
++struct blake2s_state {
++ uint32_t h[8];
++ uint32_t t[2];
++ uint32_t f[2];
++ uint8_t buf[BLAKE2S_BLOCK_LEN];
++ unsigned int buflen;
++ unsigned int outlen;
++};
++
++#define le32_to_cpup(a) le32toh(*(a))
++#define cpu_to_le32(a) htole32(a)
++#ifndef ARRAY_SIZE
++#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
++#endif
++#ifndef DIV_ROUND_UP
++#define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d))
++#endif
++
++static inline void cpu_to_le32_array(uint32_t *buf, unsigned int words)
++{
++ while (words--) {
++ *buf = cpu_to_le32(*buf);
++ ++buf;
++ }
++}
++
++static inline void le32_to_cpu_array(uint32_t *buf, unsigned int words)
++{
++ while (words--) {
++ *buf = le32_to_cpup(buf);
++ ++buf;
++ }
++}
++
++static inline uint32_t ror32(uint32_t word, unsigned int shift)
++{
++ return (word >> (shift & 31)) | (word << ((-shift) & 31));
++}
++
++static const uint32_t blake2s_iv[8] = {
++ 0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL,
++ 0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL
++};
++
++static const uint8_t blake2s_sigma[10][16] = {
++ { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 },
++ { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 },
++ { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 },
++ { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 },
++ { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 },
++ { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 },
++ { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 },
++ { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 },
++ { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 },
++ { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 },
++};
++
++static void blake2s_set_lastblock(struct blake2s_state *state)
++{
++ state->f[0] = -1;
++}
++
++static void blake2s_increment_counter(struct blake2s_state *state, const uint32_t inc)
++{
++ state->t[0] += inc;
++ state->t[1] += (state->t[0] < inc);
++}
++
++static void blake2s_init_param(struct blake2s_state *state, const uint32_t param)
++{
++ int i;
++
++ memset(state, 0, sizeof(*state));
++ for (i = 0; i < 8; ++i)
++ state->h[i] = blake2s_iv[i];
++ state->h[0] ^= param;
++}
++
++static void blake2s_init(struct blake2s_state *state, const size_t outlen)
++{
++ blake2s_init_param(state, 0x01010000 | outlen);
++ state->outlen = outlen;
++}
++
++static void blake2s_compress(struct blake2s_state *state, const uint8_t *block, size_t nblocks, const uint32_t inc)
++{
++ uint32_t m[16];
++ uint32_t v[16];
++ int i;
++
++ while (nblocks > 0) {
++ blake2s_increment_counter(state, inc);
++ memcpy(m, block, BLAKE2S_BLOCK_LEN);
++ le32_to_cpu_array(m, ARRAY_SIZE(m));
++ memcpy(v, state->h, 32);
++ v[ 8] = blake2s_iv[0];
++ v[ 9] = blake2s_iv[1];
++ v[10] = blake2s_iv[2];
++ v[11] = blake2s_iv[3];
++ v[12] = blake2s_iv[4] ^ state->t[0];
++ v[13] = blake2s_iv[5] ^ state->t[1];
++ v[14] = blake2s_iv[6] ^ state->f[0];
++ v[15] = blake2s_iv[7] ^ state->f[1];
++
++#define G(r, i, a, b, c, d) do { \
++ a += b + m[blake2s_sigma[r][2 * i + 0]]; \
++ d = ror32(d ^ a, 16); \
++ c += d; \
++ b = ror32(b ^ c, 12); \
++ a += b + m[blake2s_sigma[r][2 * i + 1]]; \
++ d = ror32(d ^ a, 8); \
++ c += d; \
++ b = ror32(b ^ c, 7); \
++} while (0)
++
++#define ROUND(r) do { \
++ G(r, 0, v[0], v[ 4], v[ 8], v[12]); \
++ G(r, 1, v[1], v[ 5], v[ 9], v[13]); \
++ G(r, 2, v[2], v[ 6], v[10], v[14]); \
++ G(r, 3, v[3], v[ 7], v[11], v[15]); \
++ G(r, 4, v[0], v[ 5], v[10], v[15]); \
++ G(r, 5, v[1], v[ 6], v[11], v[12]); \
++ G(r, 6, v[2], v[ 7], v[ 8], v[13]); \
++ G(r, 7, v[3], v[ 4], v[ 9], v[14]); \
++} while (0)
++ ROUND(0);
++ ROUND(1);
++ ROUND(2);
++ ROUND(3);
++ ROUND(4);
++ ROUND(5);
++ ROUND(6);
++ ROUND(7);
++ ROUND(8);
++ ROUND(9);
++
++#undef G
++#undef ROUND
++
++ for (i = 0; i < 8; ++i)
++ state->h[i] ^= v[i] ^ v[i + 8];
++
++ block += BLAKE2S_BLOCK_LEN;
++ --nblocks;
++ }
++}
++
++static void blake2s_update(struct blake2s_state *state, const void *inp, size_t inlen)
++{
++ const size_t fill = BLAKE2S_BLOCK_LEN - state->buflen;
++ const uint8_t *in = inp;
++
++ if (!inlen)
++ return;
++ if (inlen > fill) {
++ memcpy(state->buf + state->buflen, in, fill);
++ blake2s_compress(state, state->buf, 1, BLAKE2S_BLOCK_LEN);
++ state->buflen = 0;
++ in += fill;
++ inlen -= fill;
++ }
++ if (inlen > BLAKE2S_BLOCK_LEN) {
++ const size_t nblocks = DIV_ROUND_UP(inlen, BLAKE2S_BLOCK_LEN);
++ blake2s_compress(state, in, nblocks - 1, BLAKE2S_BLOCK_LEN);
++ in += BLAKE2S_BLOCK_LEN * (nblocks - 1);
++ inlen -= BLAKE2S_BLOCK_LEN * (nblocks - 1);
++ }
++ memcpy(state->buf + state->buflen, in, inlen);
++ state->buflen += inlen;
++}
++
++static void blake2s_final(struct blake2s_state *state, uint8_t *out)
++{
++ blake2s_set_lastblock(state);
++ memset(state->buf + state->buflen, 0, BLAKE2S_BLOCK_LEN - state->buflen);
++ blake2s_compress(state, state->buf, 1, state->buflen);
++ cpu_to_le32_array(state->h, ARRAY_SIZE(state->h));
++ memcpy(out, state->h, state->outlen);
++}
++
++static size_t determine_optimal_seed_len(void)
++{
++ size_t ret = 0;
++ char poolsize_str[11] = { 0 };
++ int fd = open("/proc/sys/kernel/random/poolsize", O_RDONLY);
++
++ if (fd < 0 || read(fd, poolsize_str, sizeof(poolsize_str) - 1) < 0) {
++ ewarn("Unable to determine pool size, falling back to %u bits: %s", MIN_SEED_LEN * 8, strerror(errno));
++ ret = MIN_SEED_LEN;
++ } else
++ ret = DIV_ROUND_UP(strtoul(poolsize_str, NULL, 10), 8);
++ if (fd >= 0)
++ close(fd);
++ if (ret < MIN_SEED_LEN)
++ ret = MIN_SEED_LEN;
++ else if (ret > MAX_SEED_LEN)
++ ret = MAX_SEED_LEN;
++ return ret;
++}
++
++static int read_new_seed(uint8_t *seed, size_t len, bool *is_creditable)
++{
++ ssize_t ret;
++ int urandom_fd;
++
++ *is_creditable = false;
++ ret = getrandom(seed, len, GRND_NONBLOCK);
++ if (ret == (ssize_t)len) {
++ *is_creditable = true;
++ return 0;
++ }
++ if (ret == -1 && errno == ENOSYS) {
++ struct pollfd random_fd = {
++ .fd = open("/dev/random", O_RDONLY),
++ .events = POLLIN
++ };
++ if (random_fd.fd < 0)
++ return -errno;
++ *is_creditable = poll(&random_fd, 1, 0) == 1;
++ close(random_fd.fd);
++ } else if (getrandom(seed, len, GRND_INSECURE) == (ssize_t)len)
++ return 0;
++ urandom_fd = open("/dev/urandom", O_RDONLY);
++ if (urandom_fd < 0)
++ return -errno;
++ ret = read(urandom_fd, seed, len);
++ if (ret == (ssize_t)len)
++ ret = 0;
++ else
++ ret = -errno ? -errno : -EIO;
++ close(urandom_fd);
++ return ret;
++}
++
++static int seed_rng(uint8_t *seed, size_t len, bool credit)
++{
++ struct {
++ int entropy_count;
++ int buf_size;
++ uint8_t buffer[MAX_SEED_LEN];
++ } req = {
++ .entropy_count = credit ? len * 8 : 0,
++ .buf_size = len
++ };
++ int random_fd, ret;
++
++ if (len > sizeof(req.buffer))
++ return -EFBIG;
++ memcpy(req.buffer, seed, len);
++
++ random_fd = open("/dev/random", O_RDWR);
++ if (random_fd < 0)
++ return -errno;
++ ret = ioctl(random_fd, RNDADDENTROPY, &req);
++ if (ret)
++ ret = -errno ? -errno : -EIO;
++ close(random_fd);
++ return ret;
++}
++
++static int seed_from_file_if_exists(const char *filename, bool credit, struct blake2s_state *hash)
++{
++ uint8_t seed[MAX_SEED_LEN];
++ ssize_t seed_len;
++ int fd, dfd, ret = 0;
++
++ fd = open(filename, O_RDONLY);
++ if (fd < 0 && errno == ENOENT)
++ return 0;
++ else if (fd < 0) {
++ ret = -errno;
++ eerror("Unable to open seed file: %s", strerror(errno));
++ return ret;
++ }
++ dfd = open(SEED_DIR, O_DIRECTORY | O_RDONLY);
++ if (dfd < 0) {
++ ret = -errno;
++ close(fd);
++ eerror("Unable to open seed directory: %s", strerror(errno));
++ return ret;
++ }
++ seed_len = read(fd, seed, sizeof(seed));
++ if (seed_len < 0) {
++ ret = -errno;
++ eerror("Unable to read seed file: %s", strerror(errno));
++ }
++ close(fd);
++ if (ret) {
++ close(dfd);
++ return ret;
++ }
++ if ((unlink(filename) < 0 || fsync(dfd) < 0) && seed_len) {
++ ret = -errno;
++ eerror("Unable to remove seed after reading, so not seeding: %s", strerror(errno));
++ }
++ close(dfd);
++ if (ret)
++ return ret;
++ if (!seed_len)
++ return 0;
++
++ blake2s_update(hash, &seed_len, sizeof(seed_len));
++ blake2s_update(hash, seed, seed_len);
++
++ einfo("Seeding %zd bits %s crediting", seed_len * 8, credit ? "and" : "without");
++ ret = seed_rng(seed, seed_len, credit);
++ if (ret < 0)
++ eerror("Unable to seed: %s", strerror(-ret));
++ return ret;
++}
++
++static void populate_global_paths(void)
++{
++ SEED_DIR = getenv("SEEDRNG_SEED_DIR");
++ if (!SEED_DIR || !*SEED_DIR)
++ SEED_DIR = "/var/lib/seedrng";
++ LOCK_FILE = getenv("SEEDRNG_LOCK_FILE");
++ if (!LOCK_FILE || !*LOCK_FILE)
++ LOCK_FILE = "/var/run/seedrng.lock";
++ xasprintf(&CREDITABLE_SEED, "%s/seed.credit", SEED_DIR);
++ xasprintf(&NON_CREDITABLE_SEED, "%s/seed.no-credit", SEED_DIR);
++}
++
++int main(int argc _unused, char *argv[] _unused)
++{
++ static const char seedrng_prefix[] = "SeedRNG v1 Old+New Prefix";
++ static const char seedrng_failure[] = "SeedRNG v1 No New Seed Failure";
++ int ret, fd, lock, program_ret = 0;
++ uint8_t new_seed[MAX_SEED_LEN];
++ size_t new_seed_len;
++ bool new_seed_creditable;
++ struct timespec realtime = { 0 }, boottime = { 0 };
++ struct blake2s_state hash;
++
++ umask(0077);
++ if (getuid())
++ eerrorx("This rc helper program requires root");
++
++ populate_global_paths();
++ blake2s_init(&hash, BLAKE2S_HASH_LEN);
++ blake2s_update(&hash, seedrng_prefix, strlen(seedrng_prefix));
++ clock_gettime(CLOCK_REALTIME, &realtime);
++ clock_gettime(CLOCK_BOOTTIME, &boottime);
++ blake2s_update(&hash, &realtime, sizeof(realtime));
++ blake2s_update(&hash, &boottime, sizeof(boottime));
++
++ if (mkdir(SEED_DIR, 0700) < 0 && errno != EEXIST)
++ eerrorx("Unable to create \"%s\" directory: %s", SEED_DIR, strerror(errno));
++
++ lock = open(LOCK_FILE, O_WRONLY | O_CREAT, 0000);
++ if (lock < 0 || flock(lock, LOCK_EX) < 0)
++ eerrorx("Unable to open lock file: %s", strerror(errno));
++
++ ret = seed_from_file_if_exists(NON_CREDITABLE_SEED, false, &hash);
++ if (ret < 0)
++ program_ret |= 1 << 1;
++ ret = seed_from_file_if_exists(CREDITABLE_SEED, !rc_yesno(getenv("SEEDRNG_SKIP_CREDIT")), &hash);
++ if (ret < 0)
++ program_ret |= 1 << 2;
++
++ new_seed_len = determine_optimal_seed_len();
++ ret = read_new_seed(new_seed, new_seed_len, &new_seed_creditable);
++ if (ret < 0) {
++ eerror("Unable to read new seed: %s", strerror(-ret));
++ new_seed_len = BLAKE2S_HASH_LEN;
++ strncpy((char *)new_seed, seedrng_failure, new_seed_len);
++ program_ret |= 1 << 3;
++ }
++ blake2s_update(&hash, &new_seed_len, sizeof(new_seed_len));
++ blake2s_update(&hash, new_seed, new_seed_len);
++ blake2s_final(&hash, new_seed + new_seed_len - BLAKE2S_HASH_LEN);
++
++ einfo("Saving %zu bits of %s seed for next boot", new_seed_len * 8, new_seed_creditable ? "creditable" : "non-creditable");
++ fd = open(NON_CREDITABLE_SEED, O_WRONLY | O_CREAT | O_TRUNC, 0400);
++ if (fd < 0) {
++ eerror("Unable to open seed file for writing: %s", strerror(errno));
++ program_ret |= 1 << 4;
++ goto out;
++ }
++ if (write(fd, new_seed, new_seed_len) != (ssize_t)new_seed_len || fsync(fd) < 0) {
++ eerror("Unable to write seed file: %s", strerror(errno));
++ program_ret |= 1 << 5;
++ goto out;
++ }
++ if (new_seed_creditable && rename(NON_CREDITABLE_SEED, CREDITABLE_SEED) < 0) {
++ ewarn("Unable to make new seed creditable: %s", strerror(errno));
++ program_ret |= 1 << 6;
++ }
++out:
++ close(fd);
++ close(lock);
++ return program_ret;
++}
diff --git a/repo/system/openrc/sysctl.initd b/repo/system/openrc/sysctl.initd
new file mode 100644
index 0000000..befdb91
--- /dev/null
+++ b/repo/system/openrc/sysctl.initd
@@ -0,0 +1,87 @@
+#!/sbin/openrc-run
+
+depend()
+{
+ after clock
+ before bootmisc logger
+ keyword -prefix -systemd-nspawn -vserver
+}
+
+start()
+{
+ local quiet retval=0 status
+ ebegin "Configuring kernel parameters"
+
+ yesno $rc_verbose || quiet=-q
+
+ eindent
+
+ for f in /lib/sysctl.d/*.conf \
+ /usr/lib/sysctl.d/*.conf; do
+
+ if [ -f /etc/sysctl.d/"${f##*/}" ]; then
+ veinfo "Ignoring $f due to /etc/sysctl.d/${f##*/}"
+ continue
+ fi
+
+ if [ -f /run/sysctl.d/"${f##*/}" ]; then
+ veinfo "Ignoring $f due to /run/sysctl.d/${f##*/}"
+ continue
+ fi
+
+ if [ -f "$f" ]; then
+ vebegin "applying $f"
+ sysctl $quiet -p "$f"
+ status=$?
+ if [ $status -gt 0 ]; then
+ # Don't change retval= since we expect some package/distro provided
+ # sysctl configurations to break, so just warn when the user wants
+ # verbose messages
+ vewarn "Unable to configure kernel parameters from $f"
+ fi
+ fi
+ done
+
+ for f in /etc/sysctl.d/*.conf; do
+
+ if [ -f /run/sysctl.d/"${f##*/}" ]; then
+ veinfo "Ignoring $f due to /run/sysctl.d/${f##*/}"
+ continue
+ fi
+
+ if [ -f "$f" ]; then
+ vebegin "applying $f"
+ sysctl $quiet -p "$f"
+ status=$?
+ if [ $status -gt 0 ]; then
+ retval=$(( $retval + $status ))
+ eerror "Unable to configure kernel parameters from $f"
+ fi
+ fi
+ done
+
+ if [ -f /etc/sysctl.conf ]; then
+ vebegin "applying /etc/sysctl.conf"
+ sysctl $quiet -p /etc/sysctl.conf
+ status=$?
+ if [ $status -gt 0 ]; then
+ retval=$(( $retval + $status ))
+ eerror "Unable to configure kernel parameters from /etc/sysctl.conf"
+ fi
+ fi
+
+ for f in /run/sysctl.d/*.conf; do
+ if [ -f "$f" ]; then
+ vebegin "applying $f"
+ sysctl $quiet -p "$f"
+ status=$?
+ if [ $status -gt 0 ]; then
+ retval=$(( $retval + $status ))
+ eerror "Unable to configure kernel parameters from $f"
+ fi
+ fi
+ done
+ eoutdent
+
+ eend $retval
+}
diff --git a/repo/system/openrc/sysfsconf.initd b/repo/system/openrc/sysfsconf.initd
new file mode 100644
index 0000000..433e51d
--- /dev/null
+++ b/repo/system/openrc/sysfsconf.initd
@@ -0,0 +1,66 @@
+#!/sbin/openrc-run
+
+description="Set sysfs variables from /etc/sysfs.conf and /etc/sysfs.d/*.conf"
+conffile=/etc/sysfs.conf
+confdir=/etc/sysfs.d
+
+depend() {
+ need sysfs
+}
+
+setval() {
+ local value="$1" attrib="$2"
+ # Some fields need a terminating newline, others
+ # need the terminating newline to be absent :-(
+ echo -n "$value" > "$attrib" 2>/dev/null \
+ || echo "$value" > "$attrib"
+}
+
+load_conffile() {
+ local file="$1"
+ while read line; do
+ local line=${line%%#*}
+ local cmd= attrib= value=
+ set -- $line
+ if [ $# -eq 0 ]; then
+ continue
+ fi
+ case "$1$3" in
+ mode=) cmd=chmod
+ attrib="$2"
+ value="$4"
+ ;;
+ owner=) cmd=chown
+ attrib="$2"
+ value="$4"
+ ;;
+ *) if [ "$2" = "=" ]; then
+ cmd=setval
+ attrib="$1"
+ value="$3"
+ fi
+ ;;
+ esac
+ if ! [ -e "/sys/$attrib" ]; then
+ eerror "$attrib: unknown attribute"
+ continue
+ fi
+ if [ -z "$attrib" ] || [ -z "$value" ]; then
+ eerror "syntax error in $file: '$line'"
+ continue
+ fi
+ $cmd "$value" "/sys/$attrib"
+ done < "$file"
+}
+
+start() {
+ [ -r "$conffile" -o -d "$confdir" ] || return 0
+ ebegin "Setting sysfs variables"
+ for file in $confdir/*.conf $conffile; do
+ [ -r "$file" ] || continue
+ load_conffile "$file" || return 1
+ done
+ eend 0
+
+}
+
diff --git a/repo/system/openrc/test-networking.sh b/repo/system/openrc/test-networking.sh
new file mode 100644
index 0000000..5e5f70b
--- /dev/null
+++ b/repo/system/openrc/test-networking.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+# unit tests for find_ifaces and find_running_ifaces in networking.initd
+
+cfgfile=/tmp/openrc-test-network.$$
+sourcefile=$cfgfile.source
+sourcedir=$cfgfile.d
+ifstate=$cfgfile.state
+
+cat >$cfgfile<<EOF
+auto eth0
+iface eth0 inet dhcp
+
+source $sourcefile
+
+source-directory $sourcedir
+EOF
+
+cat >$sourcefile<<EOF
+auto eth1
+iface eth1 inet dhcp
+EOF
+
+mkdir -p $sourcedir
+cat >$sourcedir/a<<EOF
+auto eth2
+iface eth2 inet dhcp
+EOF
+
+cat >$ifstate<<EOF
+eth4=eth4 1
+EOF
+
+errors=0
+fail() {
+ echo "$@"
+ errors=$(( $errors + 1))
+}
+
+# test fallback, when ifquery does not exist
+ifquery=does-not-exist
+. ./networking.initd
+
+find_ifaces | grep -q -w eth0 || fail "Did not find eth0"
+find_ifaces | grep -q -E '(eth1|eth2)' && fail "Unexpectedly found eth1 or eth2"
+
+# test that ifquery finds source and source-directory
+unset ifquery
+. ./networking.initd
+for i in eth0 eth1 eth2; do
+ find_ifaces | grep -q -w "$i" || fail "Did not find $i"
+done
+
+# test that ifquery picks up the running state file
+find_running_ifaces | grep -q -w "eth4" || fail "Did not detect eth4 running"
+
+
+# test /etc/init.d/net.eth5
+RC_SVCNAME=net.eth5
+. ./networking.initd
+find_ifaces | grep -q -w "eth5" || fail "Did not detect eth5"
+find_running_ifaces | grep -q -w "eth5" || fail "Did not detect eth5 running"
+
+rm -rf $cfgfile $sourcefile $sourcedir $ifstate
+exit $errors