base-files: Allow to disable failsafe mode

Signed-off-by: Daniel Dickinson <[email protected]>

package/base-files/Makefile

@@ -18,7 +18,7 @@ PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/
 PKG_BUILD_DEPENDS:=usign/host
 PKG_LICENSE:=GPL-2.0
 
-PKG_CONFIG_DEPENDS := CONFIG_SIGNED_PACKAGES CONFIG_TARGET_INIT_PATH
+PKG_CONFIG_DEPENDS := CONFIG_SIGNED_PACKAGES CONFIG_TARGET_INIT_PATH CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -82,6 +82,7 @@ define ImageConfigOptions
 	echo 'pi_broadcast=$(if $(CONFIG_TARGET_PREINIT_BROADCAST),$(CONFIG_TARGET_PREINIT_BROADCAST),"192.168.1.255")' >>$(1)/lib/preinit/00_preinit.conf
 	echo 'pi_preinit_net_messages="$(CONFIG_TARGET_PREINIT_SHOW_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
 	echo 'pi_preinit_no_failsafe_netmsg="$(CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
+	echo 'pi_preinit_no_failsafe="$(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE)"' >>$(1)/lib/preinit/00_preinit.conf
 endef
 endif
 

package/base-files/files/lib/preinit/10_indicate_failsafe

@@ -9,6 +9,7 @@ indicate_failsafe_led () {
 }
 
 indicate_failsafe() {
+	[ "$pi_preinit_no_failsafe" = "y" ] && return
 	echo "- failsafe -"
 	preinit_net_echo "Entering Failsafe!\n"
 	indicate_failsafe_led

package/base-files/files/lib/preinit/30_failsafe_wait

@@ -39,7 +39,7 @@ fs_wait_for_key () {
 		rm -f $keypress_wait
 	} &
 
-	echo "Press the [$1] key and hit [enter] $2"
+	[ "$pi_preinit_no_failsafe" != "y" ] && echo "Press the [$1] key and hit [enter] $2"
 	echo "Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level"
 	# if we're on the console we wait for input
 	{
@@ -82,6 +82,10 @@ fs_wait_for_key () {
 
 failsafe_wait() {
 	FAILSAFE=
+	[ "$pi_preinit_no_failsafe" == "y" ] && {
+		fs_wait_for_key "" "" $fs_failsafe_wait_timeout
+		return
+	}
 	grep -q 'failsafe=' /proc/cmdline && FAILSAFE=true && export FAILSAFE
 	if [ "$FAILSAFE" != "true" ]; then
 		pi_failsafe_net_message=true

package/base-files/files/lib/preinit/40_run_failsafe_hook

@@ -3,6 +3,7 @@
 # Copyright (C) 2010 Vertical Communications
 
 run_failsafe_hook() {
+    [ "$pi_preinit_no_failsafe" = "y" ] && return
     if [ "$FAILSAFE" = "true" ]; then
 	boot_run_hook failsafe
 	lock -w /tmp/.failsafe

package/base-files/image-config.in

@@ -24,13 +24,24 @@ config TARGET_PREINIT_SUPPRESS_STDERR
 		the ash shell launched by inittab will display stderr).  That's
 		the same behaviour as seen in previous version of OpenWrt.
 
+config TARGET_PREINIT_DISABLE_FAILSAFE
+	bool
+	prompt "Disable failsafe" if PREINITOPT
+	default n
+	help
+		Disable failsafe mode.  While it is very handy while
+		experimenting or developing it really ought to be
+		disabled in production environments as it is a major
+		security loophole.
+
 config TARGET_PREINIT_TIMEOUT
 	int
-	prompt "Failsafe wait timeout" if PREINITOPT
+	prompt "Failsafe/Debug wait timeout" if PREINITOPT
 	default 2
 	help
-		How long to wait for failsafe mode to be entered before
-		continuing with a regular boot if failsafe not selected.
+		How long to wait for failsafe mode to be entered or for
+		a debug option to be pressed before continuing with a
+		regular boot.
 
 config TARGET_PREINIT_SHOW_NETMSG
 	bool
@@ -45,7 +56,7 @@ config TARGET_PREINIT_SHOW_NETMSG
 
 config TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG
 	bool
-	prompt "Suppress network message indicating failsafe" if PREINITOPT
+	prompt "Suppress network message indicating failsafe" if ( PREINITOPT && !TARGET_PREINIT_SHOW_NETMSG && !TARGET_PREINIT_DISABLE_FAILSAFE )
 	default n
 	help
 		If "Show all preinit network messages" above is not set, then