My apologies; I should have been more detailed. I am running 22.03 snapshot, on a NanoPi R4S. I didn't have the service problem, just a few weeks ago, on snapshot. However, the sysupgrade issue has existed for a long time and I have encountered it on other devices as well (eg. Netgear GS308T). I never encountered the sysupgrade ubus issue on 19, with an Archer C7, but that had a different problem; the SSH connection would terminate before sysupgrade exited.
Below is an example of the service issue. This was executed in /etc/uci-defaults/01_test
.
+ /etc/init.d/network stop
Command failed: Not found
Command failed: ubus call service delete { "name": "network" } (Not found)
Below is an example of the sysupgrade issue.
Fri Jan 18 08:55:29 UTC 2013 upgrade: Reading partition table from bootdisk...
Fri Jan 18 08:55:29 UTC 2013 upgrade: Reading partition table from image...
Fri Jan 18 08:55:29 UTC 2013 upgrade: Commencing upgrade. Closing all shell sessions.
Command failed: ubus call system sysupgrade { "prefix": "\/tmp\/root", "path": "\/tmp\/sysupgrade-image", "backup": "\/tmp\/sysupgrade.tgz", "command": "\/lib\/upgrade\/do_stage2", "options": { "save_partitions": 1 } } (Connection failed
I did some investigation and it seems like the network is never started, when uci-defaults runs. I could have sworn it wasn't like that in the past, but perhaps my memory is failing me. I added some logging to the boot()
function, in various /etc/init.d
scripts. For example, inside /etc/init.d/boot
, I put the lines below.
echo 'boot boot' >> /test
cat /sys/class/net/eth1/operstate >> /test || echo 'eth1 unavailable' >> /test
sleep 15
echo 'boot continue' >> /order
cat /sys/class/net/eth1/operstate >> /test || echo 'eth1 unavailable' >> /test
Below are the results.
sysfixtime boot
boot boot
eth1 unavailable
boot continue
eth1 unavailable
log boot
dropbear boot
firewall boot
Is it safe to assume that the device cannot be accessed in any way, while uci-defaults are being applied? That would allow me to eliminate all the hacks I've implemented that attempt to make sure the device cannot be compromised, during in-place sysupgrades, due to the vulnerable initial config.
On a separate note, it seems that the firewall is able to start after the network is brought up. Shouldn't it be the other way around, to avoid leaking traffic?