When a USB UPS is first configured, the permissions on the device under
`/dev/bus/usb` have not yet been set to allow the nut user access. This
resulted in errors such as:
Fri Feb 13 23:39:01 2026 daemon.debug upsd[3504]: [D1] mainloop: UPS
[eco550ups] is not currently connected, trying to reconnect
Fri Feb 13 23:39:01 2026 daemon.debug upsd[3504]: [D1] mainloop: UPS
[eco550ups] is still not connected (FD -1)
Fri Feb 13 23:39:03 2026 daemon.debug upsd[3504]: [D1] mainloop: UPS
[eco550ups] is not currently connected, trying to reconnect
Fri Feb 13 23:39:03 2026 daemon.debug upsd[3504]: [D1] mainloop: UPS
[eco550ups] is still not connected (FD -1)
or
Fri Feb 13 23:38:44 2026 daemon.err usbhid-ups[3083]: No matching HID
UPS found
Fri Feb 13 23:38:49 2026 daemon.warn procd: failed adding instance
cgroup for nut-server: No error information
Fri Feb 13 23:38:49 2026 daemon.err usbhid-ups[3115]: libusb1: Could not
open any HID devices: insufficient permissions on everything
Fri Feb 13 23:38:49 2026 daemon.err usbhid-ups[3115]: No matching HID
UPS found
Fri Feb 13 23:38:54 2026 daemon.warn procd: failed adding instance
cgroup for nut-server: No error information
and upsd would enter a procd crashloop.
We fix that by looking in `sysfs` (under `/sys/devices`) to find the
correct USB device and set its ownership and permissions to allow acces
to the user the driver is running under.
Copilot complained about a few things
* nut-server.init had potential word-splitting issues in various spots.
* it also had some commands missing an argument
* improved documentation was required to clarify a dependency
* an incorrect sed could mangle names as well as remove the intended
name
Additionally, while fixing those issues the author noticed that the case
of multiple UPS devices with the same vendorid:productid were not
correctly handled. A check of the serial number, if provided, was added
along with a fallback to allowing NUT communications with all UPS
devices with a given vendorid:productid, if no serial number was given.
Improve efficiency and decrease McCabe complexity of
ensure_usb_ups_access, while also fixing Copilot complaints.
$@ in case is a problem, and we only handle the first parameter in any
event, so change $@ to "$1"
Copilot caught a missing 2>&1 and we silence some shellcheck
false positives
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Attempt to de-mystify the nut-server initscript by adding comments
and factoring out some common code that adds to complexity of the
functions of which it is part.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Ensure that when a ups is removed from the configuration that its
driver instance is stopped.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Updated configuration was not being applied after config change. This
was due to the means used to do the daemon reloads.
Closes#28298 "Drivers not restarted on config change"
Enable creating PID files for the server, driver, and monitor daemon
processes. This allows to use NUT's built-in facilities for signalling
the daemon's.
For server, when reloading:
1. Check if upsd is running
1. If not, start it.
2. If it is send reload signal to upsd
2. For each driver:
1. Check if the driver is running
1. If it is, send reload-or-exit signal to driver
2. If driver is not running, start it
3. Attempt to start server (upsd and drivers) if service was stopped.
For server, when stopping:
1. Check if upsd is running
1. If it is send stop signal to upsd
2. Ensure it really is stopped
2. For each driver:
1. Check if the driver is running
1. If it is, send stop signal to driver
2. If driver is still running, stop it.
3. If the server process is active (even with not upsd or drivers),
stop it.
For monitor, send the reload signal on config change, with fallback to
stopping and starting the daemon.
Change the names of variables and functions to make it more clear what
is being acted on, configured, or otherwise touched.
Avoid confusing messages in syslog
* Avoid attempting to remove a procd server instance that does not exist
as doing so results in confusing/scary messages in syslog, such as:
Command failed: ubus call service delete
{ "name": "nut-server", "instance": "upsd" } (Not found)
In NUT some models of UPS use shutdown_delay rather than offdelay, and
yet others use usd for the same purpose. shutdown_delay and usd were
previously not available in the list of available driver options, so
add them.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
shellcheck is a useful linter if a bit pedantic and overzealous so
add overrides to silence false positives
Also, fix issues found by the linting.
* misspelling meant initscript could skip updating configuration in
certain circumstances
* minor: assignment of the result of execution as the time of creating
local. This has been separated.
Fix whitespace and comment typos
Fix typo in Config.in option text
* This is cosmetic, but user-facing (for users building via SDK or
buildroot).
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
As reported in #23410 Network interface reset doesn't work as expected
on a Wireguard VPN interface and in #27927 lt2p interface won't reboot,
and mentioned in #27248, the current implementation of the option to
restart an interface when connectivity check fails for some period does
not result in an interface restart for all interface.
Notably 'virtual' interfaces such as Wireguard and L2TP do not restart.
The solution that works is to use `ifup <interface>` instead of only
changing the link status.
This commit is based on the one in #27248 by @rondoval, who unfortunately
has not updated the commit message as requested for half a year.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Since proto was migrated to ovpnproto to avoid collision
with netifd proto, this shall be handled separately.
Also avoid using uci commands to migrate the config which
requires knowing property types; use awk instead.
follow-up to 2607b76154
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
mdio-netlink is forcing all targets in buildbot to build PHY and MDIO
support. Convert the dependency into the PHYLIB kmod to avoid that.
Signed-off-by: Qingfang Deng <dqfext@gmail.com>
The hotplug script directly invokes /usr/sbin/acpid. If hotplug fires
before procd starts acpid, it cannot stop the procd-managed instance,
resulting in a second unmanaged acpid process running alongside it.
Fix this issue by letting ONLY procd manage the acpi daemon.
Signed-off-by: Oliver Sedlbauer <os@dev.tdt.de>
Gpsd needs some time to create its Unix socket after the process starts.
The hotplug call in service_started() is triggered too early, before the
socket is ready, causing failures in scripts that depend on it.
Additionally, when gpsd crashes and procd respawns it, service_started() is
not called again, so no hotplug event is emitted on respawn. Therefore scripts
listening for gpsd availability miss the STARTED event.
This commit ensures the hotplug call waits for the socket to appear,
so dependent scripts reliably see the STARTED event, even after respawns.
Signed-off-by: Oliver Sedlbauer <os@dev.tdt.de>
bsbf-usb-netdev-autodhcp creates a network with a DHCP client using a newly
created network interface. It uses metric values from 1 to 8.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
This commit updates the mstflint package
to the latest 4.35.0-1 release.
It also includes a patch to fix a build error
that has been merged into their development branch [1]
but is not inside the current release version.
Additionally, the new Python script mstgenerate_pgcb_commands
introduced in 4.35.0 has been added to the package.
Release notes:
https://github.com/Mellanox/mstflint/releases/tag/v4.35.0-1
[1] https://github.com/Mellanox/mstflint/pull/1568
Signed-off-by: Til Kaiser <mail@tk154.de>
* added a new firewall feature: the DNS‑Bridge.
This temporary DNS bridge ensures that an external fallback DNS server
is automatically used during local DNS restarts, providing Zero‑Downtime DNS resolution.
* The debug mode now captures internal error output in a dedicated log file,
located by default in the adblock base directory as /tmp/adb_error.log.
* LuCI: exposed the previously missing adb_cores option (auto‑detected by default).
* LuCI: added support for the new DNS‑Bridge options (Zero‑Downtime during DNS restarts).
Signed-off-by: Dirk Brenken <dev@brenken.org>
Contains a bugfix for cake_mq. Also add 'ip' as a dependency to be able
to create multi-queue ifb devices.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This plugin has not seen updates to keep it synchronised
with recent openvpn, nor any updates in the last several
years. It relies on the SHA1 algo which is deprecated,
and iptables. ovpn has its own management interface.
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
https://github.com/openwrt/packages/pull/28533
openvpn needs a proto handler. Here it is.
Removed all of the up/down scripts from the init handler
and made those entirely optional (with some ucode examples).
The config options have been updated to reflect v 2.6/2.7,
with a 'd' flag to denote deprecated. Deprecated flags are
gated behind an 'allow_deprecated' config flag, which must
be on to use them. Some flags will cease to work in the next
version.
Users should not be using compression. Openvpn has enough
security holes and pitfalls already without using
compression.
Updated the example configs (left in place as legacy
documentation) and removed older cryptos which do not exist
in ovpn any longer.
A migration script is included -x. /etc/config/openvpn
entries become interface entries in /etc/config/network
with proto='openvpn'. The source config is retained.
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
https://github.com/openwrt/packages/pull/28533
With fortify sources libutp fails to compile because the fortify sources
for musl use the GNU extension include_next. Do not fail when the
compiler issues a warning.
Fixes the following compile error:
```
In file included from libutp-2023.02.14~c95738b1/utp_utils.cpp:23:
/include/fortify/stdlib.h:22:2: error: #include_next is a GCC extension [-Werror]
22 | #include_next <stdlib.h>
| ^~~~~~~~~~~~
```
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The big endian patch was replace upstream.
This drops the last downstream patch and should serve as a test version
Signed-off-by: Goetz Goerisch <ggoerisch@gmail.com>
Add opt-in support for waiting for dnsmasq to be fully initialized
before starting LXC containers. This addresses issues where containers
that depend on DNS resolution (e.g., AdGuardHome) start before dnsmasq
has loaded its DHCP lease table, resulting in hostnames not being
resolved to IP addresses.
The feature is controlled by two new optional UCI config options in
/etc/config/lxc-auto whose usage is commented therein.
No new depends are introduced with this change.
Signed-off-by: John Audia <therealgraysky@proton.me>
The log file path is hardcoded as $HOME/.local/state/btop.log, i.e. to the router’s flash storage rather than to tmpfs. This patch sets the log file path to /tmp/log/btop.log
Signed-off-by: XCas13 <xcas13@gmail.com>
- libmptcpd breaking changes: new deny_join_id0 parameter in connection interfaces
- subflow_closed interface has new error parameter
- add support for new 'laminar' in-kernel PM endpoint
- mptcpize now appends LD_PRELOAD instead of overriding
- mptcpize sets GODEBUG=multipathtcp=1 for Go applications
- add musl libc compatibility
-> allows removal of most downstream patches
- support ELL 0.72 API changes
- security: added recommendation against world-writeable plugin directories
Link: https://github.com/intel/mptcpd/releases/tag/v0.14
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
