From f6846875916e6e1c6db825685cf4dfa2e9a24749 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Sat, 24 Sep 2022 14:40:35 +0800 Subject: frr: upgrade 8.2.2 -> 8.3.1 Backport patches to fix build error with --disable-ospfapi and CVE-2022-37035. Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --- ...-notify-race-between-io-and-main-pthreads.patch | 151 +++++++++++++++++++++ ...heck-for-readline-function-instead-of-mai.patch | 4 +- ...ing-SUPPORT_OSPF_API-define-in-ospf_spf.c.patch | 48 +++++++ meta-networking/recipes-protocols/frr/frr_8.2.2.bb | 129 ------------------ meta-networking/recipes-protocols/frr/frr_8.3.1.bb | 131 ++++++++++++++++++ 5 files changed, 333 insertions(+), 130 deletions(-) create mode 100644 meta-networking/recipes-protocols/frr/frr/0001-bgpd-avoid-notify-race-between-io-and-main-pthreads.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/0001-ospfd-Adding-SUPPORT_OSPF_API-define-in-ospf_spf.c.patch delete mode 100644 meta-networking/recipes-protocols/frr/frr_8.2.2.bb create mode 100644 meta-networking/recipes-protocols/frr/frr_8.3.1.bb diff --git a/meta-networking/recipes-protocols/frr/frr/0001-bgpd-avoid-notify-race-between-io-and-main-pthreads.patch b/meta-networking/recipes-protocols/frr/frr/0001-bgpd-avoid-notify-race-between-io-and-main-pthreads.patch new file mode 100644 index 0000000000..40284d6f4f --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/0001-bgpd-avoid-notify-race-between-io-and-main-pthreads.patch @@ -0,0 +1,151 @@ +From 71ca5b09bc71e8cbe38177cf41e83fe164e52eee Mon Sep 17 00:00:00 2001 +From: Mark Stapp +Date: Thu, 8 Sep 2022 16:14:36 -0400 +Subject: [PATCH] bgpd: avoid notify race between io and main pthreads + +The "bgp_notify_" apis in bgp_packet.c generate a notification +to a peer, usually during error handling. The io pthread wants +to send notifications in a couple of cases during early +received-packet validation - but the existing api interacts +with the peer struct itself, and that's not safe. + +Add a new api for use by the io pthread, and adjust the main +notify api so that it can avoid touching the peer struct. + +Signed-off-by: Mark Stapp + +CVE: CVE-2022-37035 + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/71ca5b09bc71e8cbe38177cf41e83fe164e52eee] + +Signed-off-by: Yi Zhao +--- + bgpd/bgp_io.c | 17 ++++++++--------- + bgpd/bgp_packet.c | 32 ++++++++++++++++++++++++++++---- + bgpd/bgp_packet.h | 2 ++ + 3 files changed, 38 insertions(+), 13 deletions(-) + +diff --git a/bgpd/bgp_io.c b/bgpd/bgp_io.c +index 7af1fae28..f9bb8d518 100644 +--- a/bgpd/bgp_io.c ++++ b/bgpd/bgp_io.c +@@ -37,7 +37,7 @@ + #include "bgpd/bgp_debug.h" // for bgp_debug_neighbor_events, bgp_type_str + #include "bgpd/bgp_errors.h" // for expanded error reference information + #include "bgpd/bgp_fsm.h" // for BGP_EVENT_ADD, bgp_event +-#include "bgpd/bgp_packet.h" // for bgp_notify_send_with_data, bgp_notify... ++#include "bgpd/bgp_packet.h" // for bgp_notify_io_invalid... + #include "bgpd/bgp_trace.h" // for frrtraces + #include "bgpd/bgpd.h" // for peer, BGP_MARKER_SIZE, bgp_master, bm + /* clang-format on */ +@@ -526,8 +526,8 @@ static bool validate_header(struct peer *peer) + return false; + + if (memcmp(m_correct, m_rx, BGP_MARKER_SIZE) != 0) { +- bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR, +- BGP_NOTIFY_HEADER_NOT_SYNC); ++ bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR, ++ BGP_NOTIFY_HEADER_NOT_SYNC, NULL, 0); + return false; + } + +@@ -547,9 +547,8 @@ static bool validate_header(struct peer *peer) + zlog_debug("%s unknown message type 0x%02x", peer->host, + type); + +- bgp_notify_send_with_data(peer, BGP_NOTIFY_HEADER_ERR, +- BGP_NOTIFY_HEADER_BAD_MESTYPE, &type, +- 1); ++ bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR, ++ BGP_NOTIFY_HEADER_BAD_MESTYPE, &type, 1); + return false; + } + +@@ -574,9 +573,9 @@ static bool validate_header(struct peer *peer) + + uint16_t nsize = htons(size); + +- bgp_notify_send_with_data(peer, BGP_NOTIFY_HEADER_ERR, +- BGP_NOTIFY_HEADER_BAD_MESLEN, +- (unsigned char *)&nsize, 2); ++ bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR, ++ BGP_NOTIFY_HEADER_BAD_MESLEN, ++ (unsigned char *)&nsize, 2); + return false; + } + +diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +index 7daac4494..90695219a 100644 +--- a/bgpd/bgp_packet.c ++++ b/bgpd/bgp_packet.c +@@ -871,8 +871,9 @@ bool bgp_notify_received_hard_reset(struct peer *peer, uint8_t code, + * @param data Data portion + * @param datalen length of data portion + */ +-void bgp_notify_send_with_data(struct peer *peer, uint8_t code, +- uint8_t sub_code, uint8_t *data, size_t datalen) ++static void bgp_notify_send_internal(struct peer *peer, uint8_t code, ++ uint8_t sub_code, uint8_t *data, ++ size_t datalen, bool use_curr) + { + struct stream *s; + bool hard_reset = bgp_notify_send_hard_reset(peer, code, sub_code); +@@ -917,8 +918,11 @@ void bgp_notify_send_with_data(struct peer *peer, uint8_t code, + * If possible, store last packet for debugging purposes. This check is + * in place because we are sometimes called with a doppelganger peer, + * who tends to have a plethora of fields nulled out. ++ * ++ * Some callers should not attempt this - the io pthread for example ++ * should not touch internals of the peer struct. + */ +- if (peer->curr) { ++ if (use_curr && peer->curr) { + size_t packetsize = stream_get_endp(peer->curr); + assert(packetsize <= peer->max_packet_size); + memcpy(peer->last_reset_cause, peer->curr->data, packetsize); +@@ -1001,7 +1005,27 @@ void bgp_notify_send_with_data(struct peer *peer, uint8_t code, + */ + void bgp_notify_send(struct peer *peer, uint8_t code, uint8_t sub_code) + { +- bgp_notify_send_with_data(peer, code, sub_code, NULL, 0); ++ bgp_notify_send_internal(peer, code, sub_code, NULL, 0, true); ++} ++ ++/* ++ * Enqueue notification; called from the main pthread, peer object access is ok. ++ */ ++void bgp_notify_send_with_data(struct peer *peer, uint8_t code, ++ uint8_t sub_code, uint8_t *data, size_t datalen) ++{ ++ bgp_notify_send_internal(peer, code, sub_code, data, datalen, true); ++} ++ ++/* ++ * For use by the io pthread, queueing a notification but avoiding access to ++ * the peer object. ++ */ ++void bgp_notify_io_invalid(struct peer *peer, uint8_t code, uint8_t sub_code, ++ uint8_t *data, size_t datalen) ++{ ++ /* Avoid touching the peer object */ ++ bgp_notify_send_internal(peer, code, sub_code, data, datalen, false); + } + + /* +diff --git a/bgpd/bgp_packet.h b/bgpd/bgp_packet.h +index a0eb579db..9f6d772bc 100644 +--- a/bgpd/bgp_packet.h ++++ b/bgpd/bgp_packet.h +@@ -62,6 +62,8 @@ extern void bgp_open_send(struct peer *); + extern void bgp_notify_send(struct peer *, uint8_t, uint8_t); + extern void bgp_notify_send_with_data(struct peer *, uint8_t, uint8_t, + uint8_t *, size_t); ++void bgp_notify_io_invalid(struct peer *peer, uint8_t code, uint8_t sub_code, ++ uint8_t *data, size_t datalen); + extern void bgp_route_refresh_send(struct peer *peer, afi_t afi, safi_t safi, + uint8_t orf_type, uint8_t when_to_refresh, + int remove, uint8_t subtype); +-- +2.25.1 + diff --git a/meta-networking/recipes-protocols/frr/frr/0001-configure-Check-for-readline-function-instead-of-mai.patch b/meta-networking/recipes-protocols/frr/frr/0001-configure-Check-for-readline-function-instead-of-mai.patch index 4b218a61e8..20e8472233 100644 --- a/meta-networking/recipes-protocols/frr/frr/0001-configure-Check-for-readline-function-instead-of-mai.patch +++ b/meta-networking/recipes-protocols/frr/frr/0001-configure-Check-for-readline-function-instead-of-mai.patch @@ -6,7 +6,9 @@ Subject: [PATCH] configure: Check for readline() function instead of main main is not a function found in libreadline, its better to check for a function thats provided by it. -Upstream-Status: Submitted [https://github.com/FRRouting/frr/pull/11893] +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/9399d58c13257849179d3c2b3698a2b43bc1b2a0] + Signed-off-by: Khem Raj --- configure.ac | 2 +- diff --git a/meta-networking/recipes-protocols/frr/frr/0001-ospfd-Adding-SUPPORT_OSPF_API-define-in-ospf_spf.c.patch b/meta-networking/recipes-protocols/frr/frr/0001-ospfd-Adding-SUPPORT_OSPF_API-define-in-ospf_spf.c.patch new file mode 100644 index 0000000000..09988946b6 --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/0001-ospfd-Adding-SUPPORT_OSPF_API-define-in-ospf_spf.c.patch @@ -0,0 +1,48 @@ +From ec3bb054c331f9d928ac21a1747e0f921b51dfbc Mon Sep 17 00:00:00 2001 +From: Michal Ruprich +Date: Tue, 6 Sep 2022 12:25:01 +0200 +Subject: [PATCH] ospfd: Adding SUPPORT_OSPF_API define in ospf_spf.c + +It is not possible to build ospf_spf.c file with --disable-ospfapi because +ospf_apiserver.c has SUPPORT_OSPF_API around all function definitions and +that results in an undefined reference to the ospf_apiserver_notify_reachable +function error while building. + +Signed-off-by: Michal Ruprich + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/ec3bb054c331f9d928ac21a1747e0f921b51dfbc] + +Signed-off-by: Yi Zhao +--- + ospfd/ospf_spf.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/ospfd/ospf_spf.c b/ospfd/ospf_spf.c +index 46492ff6b..4edc1de81 100644 +--- a/ospfd/ospf_spf.c ++++ b/ospfd/ospf_spf.c +@@ -48,7 +48,10 @@ + #include "ospfd/ospf_sr.h" + #include "ospfd/ospf_ti_lfa.h" + #include "ospfd/ospf_errors.h" ++ ++#ifdef SUPPORT_OSPF_API + #include "ospfd/ospf_apiserver.h" ++#endif + + /* Variables to ensure a SPF scheduled log message is printed only once */ + +@@ -1895,7 +1898,9 @@ static void ospf_spf_calculate_schedule_worker(struct thread *thread) + /* Update all routers routing table */ + ospf->oall_rtrs = ospf->all_rtrs; + ospf->all_rtrs = all_rtrs; ++#ifdef SUPPORT_OSPF_API + ospf_apiserver_notify_reachable(ospf->oall_rtrs, ospf->all_rtrs); ++#endif + + /* Free old ABR/ASBR routing table */ + if (ospf->old_rtrs) +-- +2.25.1 + diff --git a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb deleted file mode 100644 index 607ed8b9dd..0000000000 --- a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb +++ /dev/null @@ -1,129 +0,0 @@ -SUMMARY = "BGP/OSPF/RIP routing daemon" -DESCRIPTION = "FRRouting is a free and open source Internet routing protocol suite for Linux \ -and Unix platforms. It implements BGP, OSPF, RIP, IS-IS, PIM, LDP, BFD, Babel, PBR, OpenFabric \ -and VRRP, with alpha support for EIGRP and NHRP." -HOMEPAGE = "https://frrouting.org/" -SECTION = "net" - -LICENSE = "GPL-2.0-only & LGPL-2.1-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://COPYING-LGPLv2.1;md5=4fbd65380cdd255951079008b364516c" - -SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.2 \ - file://0001-configure-Check-for-readline-function-instead-of-mai.patch \ - file://frr.pam \ - " - -SRCREV = "79188bf710e92acf42fb5b9b0a2e9593a5ee9b05" - -S = "${WORKDIR}/git" - -# Due to libyang not supported on these arches: -COMPATIBLE_HOST:riscv32 = "null" -COMPATIBLE_HOST:riscv64 = "null" -COMPATIBLE_HOST:armv5 = "null" - -# Fail to build on mips64 with error: -# Error: PC-relative reference to a different section -COMPATIBLE_HOST:mips64 = "null" - -inherit autotools-brokensep python3native pkgconfig useradd systemd - -DEPENDS:class-native = "bison-native elfutils-native" -DEPENDS:class-target = "bison-native json-c readline c-ares libyang frr-native" - -RDEPENDS:${PN}:class-target = "iproute2 python3-core bash" - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" -PACKAGECONFIG:class-native = "" - -PACKAGECONFIG[fpm] = "--enable-fpm,--disable-fpm" -PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam" -PACKAGECONFIG[grpc] = "--enable-grpc,--disable-grpc,grpc-native grpc" -PACKAGECONFIG[snmp] = "--enable-snmp,--disable-snmp,net-snmp" -PACKAGECONFIG[zeromq] = "--enable-zeromq,--disable-zeromq,zeromq" -PACKAGECONFIG[protobuf] = "--enable-protobuf,--disable-protobuf,protobuf-c-native protobuf-c" -PACKAGECONFIG[capabilities] = "--enable-capabilities,--disable-capabilities,libcap" -PACKAGECONFIG[cumulus] = "--enable-cumulus,--disable-cumulus" -PACKAGECONFIG[datacenter] = "--enable-datacenter,--disable-datacenter" -PACKAGECONFIG[ospfclient] = "--enable-ospfapi --enable-ospfclient,--disable-ospfapi --disable-ospfclient" - -EXTRA_OECONF:class-native = "--enable-clippy-only" - -EXTRA_OECONF:class-target = "--sbindir=${libdir}/frr \ - --sysconfdir=${sysconfdir}/frr \ - --localstatedir=${localstatedir}/run/frr \ - --enable-vtysh \ - --enable-multipath=64 \ - --enable-user=frr \ - --enable-group=frr \ - --enable-vty-group=frrvty \ - --enable-configfile-mask=0640 \ - --enable-logfile-mask=0640 \ - --disable-doc \ - --with-clippy=${RECIPE_SYSROOT_NATIVE}/usr/lib/clippy \ - " - -CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl'" - -LDFLAGS:append:mips = " -latomic" -LDFLAGS:append:mipsel = " -latomic" -LDFLAGS:append:powerpc = " -latomic" - -SYSTEMD_PACKAGES = "${PN}" -SYSTEMD_SERVICE:${PN} = "frr.service" -SYSTEMD_AUTO_ENABLE = "disable" - -do_compile:prepend () { - sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' \ - -e 's#${RECIPE_SYSROOT}##g' ${S}/lib/version.h -} - -do_compile:class-native () { - oe_runmake clippy-only -} - -do_install:class-native () { - install -d ${D}${libdir} - install -m 755 ${S}/lib/clippy ${D}${libdir}/clippy -} - -do_install:append:class-target () { - install -m 0755 -d ${D}${sysconfdir}/frr - install -m 0640 ${S}/tools/etc/frr/* ${D}${sysconfdir}/frr/ - chown frr:frrvty ${D}${sysconfdir}/frr - chown frr:frr ${D}${sysconfdir}/frr/* - chown frr:frrvty ${D}${sysconfdir}/frr/vtysh.conf - chmod 640 ${D}${sysconfdir}/frr/* - - if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then - install -d ${D}/${sysconfdir}/pam.d - install -m 644 ${WORKDIR}/frr.pam ${D}/${sysconfdir}/pam.d/frr - fi - - if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/init.d - install -m 0755 ${B}/tools/frrinit.sh ${D}${sysconfdir}/init.d/frr - - install -d ${D}${sysconfdir}/default/volatiles - echo "d frr frr 0755 ${localstatedir}/run/frr none" \ - > ${D}${sysconfdir}/default/volatiles/99_frr - fi - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${systemd_system_unitdir} - install -m 0644 ${B}/tools/frr*.service ${D}${systemd_system_unitdir} - - install -d ${D}${sysconfdir}/tmpfiles.d - echo "d /run/frr 0755 frr frr -" \ - > ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf - fi -} - -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM:${PN} = "--system frr ; --system frrvty" -USERADD_PARAM:${PN} = "--system --home ${localstatedir}/run/frr/ -M -g frr -G frrvty --shell /bin/false frr" - -FILES:${PN} += "${datadir}/yang" - -BBCLASSEXTEND = "native" diff --git a/meta-networking/recipes-protocols/frr/frr_8.3.1.bb b/meta-networking/recipes-protocols/frr/frr_8.3.1.bb new file mode 100644 index 0000000000..c69720e6f0 --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr_8.3.1.bb @@ -0,0 +1,131 @@ +SUMMARY = "BGP/OSPF/RIP routing daemon" +DESCRIPTION = "FRRouting is a free and open source Internet routing protocol suite for Linux \ +and Unix platforms. It implements BGP, OSPF, RIP, IS-IS, PIM, LDP, BFD, Babel, PBR, OpenFabric \ +and VRRP, with alpha support for EIGRP and NHRP." +HOMEPAGE = "https://frrouting.org/" +SECTION = "net" + +LICENSE = "GPL-2.0-only & LGPL-2.1-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://COPYING-LGPLv2.1;md5=4fbd65380cdd255951079008b364516c" + +SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.3 \ + file://0001-configure-Check-for-readline-function-instead-of-mai.patch \ + file://0001-ospfd-Adding-SUPPORT_OSPF_API-define-in-ospf_spf.c.patch \ + file://0001-bgpd-avoid-notify-race-between-io-and-main-pthreads.patch \ + file://frr.pam \ + " + +SRCREV = "a74f7a9ad9623e6f9654fe4a7177e5da0b194828" + +S = "${WORKDIR}/git" + +# Due to libyang not supported on these arches: +COMPATIBLE_HOST:riscv32 = "null" +COMPATIBLE_HOST:riscv64 = "null" +COMPATIBLE_HOST:armv5 = "null" + +# Fail to build on mips64 with error: +# Error: PC-relative reference to a different section +COMPATIBLE_HOST:mips64 = "null" + +inherit autotools-brokensep python3native pkgconfig useradd systemd + +DEPENDS:class-native = "bison-native elfutils-native" +DEPENDS:class-target = "bison-native json-c readline c-ares libyang frr-native" + +RDEPENDS:${PN}:class-target = "iproute2 python3-core bash" + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" +PACKAGECONFIG:class-native = "" + +PACKAGECONFIG[fpm] = "--enable-fpm,--disable-fpm" +PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam" +PACKAGECONFIG[grpc] = "--enable-grpc,--disable-grpc,grpc-native grpc" +PACKAGECONFIG[snmp] = "--enable-snmp,--disable-snmp,net-snmp" +PACKAGECONFIG[zeromq] = "--enable-zeromq,--disable-zeromq,zeromq" +PACKAGECONFIG[protobuf] = "--enable-protobuf,--disable-protobuf,protobuf-c-native protobuf-c" +PACKAGECONFIG[capabilities] = "--enable-capabilities,--disable-capabilities,libcap" +PACKAGECONFIG[cumulus] = "--enable-cumulus,--disable-cumulus" +PACKAGECONFIG[datacenter] = "--enable-datacenter,--disable-datacenter" +PACKAGECONFIG[ospfclient] = "--enable-ospfapi --enable-ospfclient,--disable-ospfapi --disable-ospfclient" + +EXTRA_OECONF:class-native = "--enable-clippy-only" + +EXTRA_OECONF:class-target = "--sbindir=${libdir}/frr \ + --sysconfdir=${sysconfdir}/frr \ + --localstatedir=${localstatedir}/run/frr \ + --enable-vtysh \ + --enable-multipath=64 \ + --enable-user=frr \ + --enable-group=frr \ + --enable-vty-group=frrvty \ + --enable-configfile-mask=0640 \ + --enable-logfile-mask=0640 \ + --disable-doc \ + --with-clippy=${RECIPE_SYSROOT_NATIVE}/usr/lib/clippy \ + " + +CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl'" + +LDFLAGS:append:mips = " -latomic" +LDFLAGS:append:mipsel = " -latomic" +LDFLAGS:append:powerpc = " -latomic" + +SYSTEMD_PACKAGES = "${PN}" +SYSTEMD_SERVICE:${PN} = "frr.service" +SYSTEMD_AUTO_ENABLE = "disable" + +do_compile:prepend () { + sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' \ + -e 's#${RECIPE_SYSROOT}##g' ${S}/lib/version.h +} + +do_compile:class-native () { + oe_runmake clippy-only +} + +do_install:class-native () { + install -d ${D}${libdir} + install -m 755 ${S}/lib/clippy ${D}${libdir}/clippy +} + +do_install:append:class-target () { + install -m 0755 -d ${D}${sysconfdir}/frr + install -m 0640 ${S}/tools/etc/frr/* ${D}${sysconfdir}/frr/ + chown frr:frrvty ${D}${sysconfdir}/frr + chown frr:frr ${D}${sysconfdir}/frr/* + chown frr:frrvty ${D}${sysconfdir}/frr/vtysh.conf + chmod 640 ${D}${sysconfdir}/frr/* + + if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then + install -d ${D}/${sysconfdir}/pam.d + install -m 644 ${WORKDIR}/frr.pam ${D}/${sysconfdir}/pam.d/frr + fi + + if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${B}/tools/frrinit.sh ${D}${sysconfdir}/init.d/frr + + install -d ${D}${sysconfdir}/default/volatiles + echo "d frr frr 0755 ${localstatedir}/run/frr none" \ + > ${D}${sysconfdir}/default/volatiles/99_frr + fi + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${B}/tools/frr*.service ${D}${systemd_system_unitdir} + + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d /run/frr 0755 frr frr -" \ + > ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf + fi +} + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "--system frr ; --system frrvty" +USERADD_PARAM:${PN} = "--system --home ${localstatedir}/run/frr/ -M -g frr -G frrvty --shell /bin/false frr" + +FILES:${PN} += "${datadir}/yang" + +BBCLASSEXTEND = "native" -- cgit 1.2.3-korg