OpenWrt running on Atheros AR9331 of Arduino Yun, LLC edition OpenWrt-Yun also Linino, is in obsolete (and has security issues) at kernel and various packages. I will try to investigate the upgrade to the latest version of OpenWrt. (With Absolutely NO Warranty)

Prepare for the Security update of OpenWrt-Yun, Arduino Yun Operating System (YunOS). In the IoT ERA, I think it is a very important thing.

OpenWrt-Yun Chaos Calmer 15.05

RedSnake64's implementation found at Arduino Yun forum.

RedSnake64 edition OpenWrt-Yun:

https://github.com/RedSnake64/openwrt-yun/tree/15.05
ChaosCalmer_v1.3

I tried it. 'mDNS' is not active, so I could not be accessed in '.local'.

Grasp that implementation. I decided to make Arduino Yun package that can be used in OpenWrt trunk Bleeding Edge.

Investigate the Yun Profile of the OpenWrt Project

The OpenWrt Project, already there is a Arduino Yun Profile.

target/linux/ar71xx/generic/profiles/arduino.mk
ar71xx: add Arduino Yun

https://github.com/openwrt/packages/tree/master/utils/yunbridge
yunbridge

Arduino Yun bridge library has been implemented.

OpenWrt snapshot images:

https://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/
https://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/
openwrt-ar71xx-generic-yun-16M-squashfs-sysupgrade.bin

This System Image is corresponding Arduino Yun Hardware. but, of course Arduino Yun own software is not implemented.

Mirror site: http://ftp.stw-bonn.de/pub/openwrt/snapshots/trunk/ar71xx/generic/

OpenWrt Core:

git.openwrt.org Git - openwrt trunk tree
shortlog

OpenWrt Packages:

https://github.com/openwrt/packages
https://github.com/openwrt/luci
https://github.com/openwrt-routing/packages
https://github.com/openwrt/telephony
https://github.com/openwrt/targets
https://github.com/openwrt-management/packages

Optional package of OpenWrt Project is managed on github.

Investigate the OpenWrt-Yun

OpenWrt-Yun arduino packages

LLC edition arduino package:

https://github.com/arduino/openwrt-packages-yun/tree/master/arduino

RedSnake64 edition arduino package:

https://github.com/RedSnake64/openwrt-arduino-packages/tree/for-15.05

Arduino OpenWrt Yún packages:

(y) avrdude *
(y) cpu-mcu-bridge *
(m) cwiid *
(y) luci-app-arduino-webpanel
(m) node *
(m) node-bleno *
(m) node-noble *
(m) node-serialport *
(m) node-socket.io *
(m) node-socket.io-legacy *
(m) node-socket.io-client *
(m) node-socket.io-client-legacy *
(m) node-sqlite3 *
(m) node-ws *
(y) rng-tools *
(y) spacebrew
(y) temboo
(y) uSDaemon
(m) v8m-rb *
(y) yun-conf
(y) yun-scripts

1. avrdude: use a OpenWrt package. Configuration for the Arduino Yun should be placed in /etc/avrdude.conf.
2. cpu-mcu-bridge: overlaps with OpenWrt yunbridge package. For compatibility use a Arduino package.
3. cwiid: only RedSnake64 edition. cwiid is Nintendo Wii remote interface package, so should delete.
4. node, node-*: Update to v4.4.2. If you want to run node.js, Should turn on MIPS FPU EMULATOR kernel config.
5. "-legacy" mean that the 0.9.x version.
6. rng-tools: OpenWrt package has a problem. Should be changed START=98 to START=48.
7. v8m-rb: node v4.4.2 not depend it, so should delete.

My new arduino packages here:

https://github.com/nxhack/openwrt-arduino-packages

Arturo Rinaldi edition linino packages:

https://github.com/artynet/openwrt/tree/gcc5-07/package/linino

Important concept of OpenWrt

The Minimized (smaller footprint) is Highest Priority. This is the large difference in policy between PC GNU/Linux and OpenWrt.

Trunk Bleeding Edge version of OpenWrt-Yun package and build environment

https://git.openwrt.org/?p=openwrt.git
https://github.com/nxhack/openwrt-yun-build-extra
https://github.com/nxhack/openwrt-arduino-packages

Setup repos:

mkdir Build_Path_Some_Where
cd Build_Path_Some_Where
git clone --depth=1 https://git.openwrt.org/openwrt.git
git clone --depth=1 --branch master --single-branch https://github.com/nxhack/openwrt-yun-build-extra.git
cd openwrt
ln -s ../openwrt-yun-build-extra/* .

Please modify ./files/etc/opkg/distfeeds.conf

First Time, Setup cross compile build environment (ubuntu 14.04):

./FIRST_SETUP_ubuntu_Trusty_Tahr.sh

Build:

./build.sh

When build succeed, You find openwrt-ar71xx-generic-yun-16M-squashfs-sysupgrade.bin in ./bin/ar71xx directory.

In order to using the packages, You must placed kernel packages and arduino packages to server (or SD card).

Essential items in the kernel configuration

CONFIG_TARGET_ar71xx=y
CONFIG_TARGET_ar71xx_generic=y
CONFIG_TARGET_ar71xx_generic_Yun=y

CONFIG_IMAGEOPT=y
# CONFIG_PREINITOPT is not set
CONFIG_TARGET_PREINIT_SUPPRESS_STDERR=y
CONFIG_TARGET_PREINIT_TIMEOUT=2
# CONFIG_TARGET_PREINIT_SHOW_NETMSG is not set
# CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG is not set
CONFIG_TARGET_PREINIT_IFNAME=""
CONFIG_TARGET_PREINIT_IP="192.168.1.1"
CONFIG_TARGET_PREINIT_NETMASK="255.255.255.0"
CONFIG_TARGET_PREINIT_BROADCAST="192.168.1.255"
# CONFIG_INITOPT is not set
CONFIG_TARGET_INIT_PATH="/usr/sbin:/usr/bin:/sbin:/bin"
CONFIG_TARGET_INIT_ENV=""
CONFIG_TARGET_INIT_CMD="/sbin/init"
CONFIG_TARGET_INIT_SUPPRESS_STDERR=y
CONFIG_VERSIONOPT=y
CONFIG_VERSION_DIST="OpenWrt"
CONFIG_VERSION_NICK="Bleeding Edge"
CONFIG_VERSION_NUMBER=""
CONFIG_VERSION_REPO="http://downloads.openwrt.org/snapshots/trunk/%S/packages"
CONFIG_VERSION_MANUFACTURER="Arduino"
CONFIG_VERSION_MANUFACTURER_URL=""
CONFIG_VERSION_PRODUCT="Arduino Yun"
CONFIG_VERSION_HWREV="1.0"
# CONFIG_VERSION_FILENAMES is not set

CONFIG_PER_FEED_REPO=y
CONFIG_PER_FEED_REPO_ADD_DISABLED=y
CONFIG_PER_FEED_REPO_ADD_COMMENTED=y
CONFIG_FEED_packages=y
CONFIG_FEED_luci=y
CONFIG_FEED_routing=y
CONFIG_FEED_telephony=y
CONFIG_FEED_management=y
CONFIG_FEED_targets=y
CONFIG_FEED_arduino=y
# CONFIG_SMIMEOPT is not set
CONFIG_OPKGSMIME_PASSPHRASE=y

CONFIG_DEFAULT_base-files=y
CONFIG_DEFAULT_busybox=y
CONFIG_DEFAULT_dnsmasq=y
CONFIG_DEFAULT_dropbear=y
CONFIG_DEFAULT_firewall=y
CONFIG_DEFAULT_fstools=y
CONFIG_DEFAULT_ip6tables=y
CONFIG_DEFAULT_iptables=y
CONFIG_DEFAULT_iwinfo=y
CONFIG_DEFAULT_kmod-ath9k=y
CONFIG_DEFAULT_kmod-gpio-button-hotplug=y
CONFIG_DEFAULT_kmod-usb-core=y
CONFIG_DEFAULT_kmod-usb2=y
CONFIG_DEFAULT_libc=y
CONFIG_DEFAULT_libgcc=y
CONFIG_DEFAULT_mtd=y
CONFIG_DEFAULT_netifd=y
CONFIG_DEFAULT_odhcp6c=y
CONFIG_DEFAULT_odhcpd=y
CONFIG_DEFAULT_opkg=y
CONFIG_DEFAULT_ppp=y
CONFIG_DEFAULT_ppp-mod-pppoe=y
CONFIG_DEFAULT_swconfig=y
CONFIG_DEFAULT_uboot-envtools=y
CONFIG_DEFAULT_uci=y
CONFIG_DEFAULT_uclient-fetch=y
CONFIG_DEFAULT_wpad-mini=y

CONFIG_PACKAGE_python-base=y
CONFIG_PACKAGE_python-light=y

CONFIG_PACKAGE_avrdude=y
CONFIG_PACKAGE_cpu-mcu-bridge=y
CONFIG_PACKAGE_luci-app-arduino-webpanel=y
CONFIG_PACKAGE_node=m
CONFIG_PACKAGE_node-bleno=m
CONFIG_PACKAGE_node-noble=m
# CONFIG_PACKAGE_node-serialport is not set
CONFIG_PACKAGE_node-socket.io=m
CONFIG_PACKAGE_node-socket.io-client=m
CONFIG_PACKAGE_node-socket.io-client-legacy=m
CONFIG_PACKAGE_node-socket.io-legacy=m
CONFIG_PACKAGE_node-sqlite3=m
CONFIG_PACKAGE_node-ws=m
CONFIG_PACKAGE_rng-tools=y
CONFIG_PACKAGE_spacebrew=y
CONFIG_PACKAGE_temboo=y
CONFIG_PACKAGE_uSDaemon=y
CONFIG_PACKAGE_v8m-rb=m
CONFIG_PACKAGE_yun-conf=y
CONFIG_PACKAGE_yun-scripts=y

CONFIG_PACKAGE_luci=y
CONFIG_PACKAGE_luci-base=y
CONFIG_LUCI_LANG_en=y
CONFIG_PACKAGE_luci-mod-admin-full=y
CONFIG_PACKAGE_luci-app-arduino-webpanel=y
CONFIG_PACKAGE_luci-app-firewall=y
CONFIG_PACKAGE_luci-theme-bootstrap=y
CONFIG_PACKAGE_luci-theme-openwrt=y
CONFIG_PACKAGE_luci-proto-ipv6=y
CONFIG_PACKAGE_luci-proto-ppp=y
CONFIG_PACKAGE_luci-lib-ip=y
CONFIG_PACKAGE_luci-lib-json=y
CONFIG_PACKAGE_luci-lib-jsonc=y
CONFIG_PACKAGE_luci-lib-nixio=y
CONFIG_PACKAGE_luci-i18n-base-en=y
CONFIG_PACKAGE_luci-i18n-firewall-en=y

CONFIG_PACKAGE_kmod-nls-base=y
CONFIG_PACKAGE_kmod-nls-cp437=y
CONFIG_PACKAGE_kmod-nls-iso8859-1=y
CONFIG_PACKAGE_kmod-nls-utf8=y

# CONFIG_PACKAGE_triggerhappy is not set
CONFIG_PACKAGE_kmod-gpio-button-hotplug=y
CONFIG_PACKAGE_kmod-input-core=m
CONFIG_PACKAGE_kmod-input-evdev=m
CONFIG_PACKAGE_kmod-input-gpio-encoder=m
CONFIG_PACKAGE_kmod-input-gpio-keys=m
CONFIG_PACKAGE_kmod-input-gpio-keys-polled=m
CONFIG_PACKAGE_kmod-input-joydev=m
CONFIG_PACKAGE_kmod-input-matrixkmap=m
CONFIG_PACKAGE_kmod-input-polldev=m
CONFIG_PACKAGE_kmod-input-uinput=m

# CONFIG_PACKAGE_odhcp6c is not set
# CONFIG_PACKAGE_odhcpd is not set
# CONFIG_PACKAGE_dnsmasq is not set
CONFIG_PACKAGE_dnsmasq-dhcpv6=y

# CONFIG_PACKAGE_libavahi-client is not set
# CONFIG_PACKAGE_libavahi-compat-libdnssd is not set
# CONFIG_PACKAGE_libavahi-dbus-support is not set
CONFIG_PACKAGE_libavahi-nodbus-support=y

# CONFIG_PACKAGE_avahi-autoipd is not set
# CONFIG_PACKAGE_avahi-daemon-service-http is not set
# CONFIG_PACKAGE_avahi-daemon-service-ssh is not set
# CONFIG_PACKAGE_avahi-dbus-daemon is not set
CONFIG_PACKAGE_avahi-dnsconfd=y
CONFIG_PACKAGE_avahi-nodbus-daemon=y

CONFIG_PACKAGE_gnupg=y
CONFIG_PACKAGE_libgpg-error=y

CONFIG_PACKAGE_nano=y
CONFIG_PACKAGE_curl=y
CONFIG_PACKAGE_wget=y

openwrt-yun-minimum.config

Difference between the LLC edition

IPv6 stack is enabled.

Device name of the leds has been changed.
ds:green:wlan -> arduino:blue:wlan
ds:green:usb -> arduino:white:usb
target/linux/ar71xx/base-files/etc/uci-defaults/01_leds
https://github.com/nxhack/openwrt-arduino-packages/commit/eb7130ac331ce491765f27372d987d9d7415f6c0

In the original rng-tools has a problem. Should match the init script of the LLC version.
Should be started before the Yun original startup script "S49generate_new_gpg_key".
S98rngd -> S48rngd : START=98 -> START=48

 sed -i -e s/^START=98/START=48/ ./feeds/packages/utils/rng-tools/files/rngd.init

BUSYBOX ASH BANNER The date disappear.
https://git.openwrt.org/?p=openwrt.git;a=commit;h=39fabb5068e95ab9c0901dd4f37129111d88ae00

+# don't create a version string containing the actual timestamp
+export KCONFIG_NOTIMESTAMP=1
+

BUSYBOX ASH HELP Banner disappear.
CONFIG_ASH_HELP The default has been changed to 'n'.
https://github.com/openwrt/openwrt/blob/master/package/utils/busybox/Config-defaults.in#L2617

Add a configuration of the AR9331 as AVR writer to the original package.
/etc/avrdude.conf

/etc/avrdude.conf:

programmer
  id    = "linuxgpio";
  desc  = "Use the Linux sysfs interface to bitbang GPIO lines";
  type  = "linuxgpio";
  reset = ~18;
  sck   = 11;
  mosi  = 27;
  miso  = 8;
;

BUSYBOX: telnet is disabled.
nc localhost 6571

PATH has changed.
CONFIG_TARGET_INIT_PATH="/bin:/sbin:/usr/bin:/usr/sbin" to CONFIG_TARGET_INIT_PATH="/usr/sbin:/usr/bin:/sbin:/bin"

uhttpd: SSL is forced.
option redirect_https '1'
/etc/config/uhttpd

uhttpd: Use URL alias handle. Do not apply alias patch.
/etc/config/uhttpd

Add to /etc/config/uhttpd

	list alias '/arduino=/cgi-bin/luci'
	list alias '/data=/cgi-bin/luci'
	list alias '/mailbox=/cgi-bin/luci'

Procd button mechanism exists. triggerhappy is not required.
(triggerhappy use HID button mechanism, It depends on kmod-input-*)
(kmod-gpio-button-hotplug + procd buttons, Of course, smaller footprint)
I was send PR, adding ath79_register_gpio_keys_polled.
https://git.openwrt.org/?p=openwrt.git;a=commit;h=10ae130265302c717b1580514ada28d9a48a2484
/etc/hotplug.d/button/00-button
/etc/config/system

Add button section to /etc/config/system.

config button
        option button 'wps'
        option action 'pressed'
        option handler '/usr/bin/wifi-reset-button-pressed'

config button
        option button 'wps'
        option action 'released'
        option handler '/usr/bin/wifi-reset-button-released'

Enable MIPS FPU Emulator (If you want to run Node.js)
For reduce kernel size, change the kernel config.
 1. Limit the target architecture to MIPS 24Kc. AR933X, AR724X
 2. Limit the target board.
 3. Enable PCI. need for making various packages.
MIPS24Kc+PCI+FPU_EMU.patch

check fpu emu debugfs

ls -l /sys/kernel/debug/mips/fpuemustats

TO DO

1. uboot-linino 検証する。

   ブートローダの書き換え失敗したら完全に文鎮になるので検証はこわくてできない。

2. extroot

   https://wiki.openwrt.org/doc/howto/extroot

   この作業を前提でパーティションとフォーマット済みのメディアがあるとして、

   cd /mnt/sda2
   rm -rf *
   rm -rf .??*
   cd /
   tar -C /overlay -cvf - . | tar -C /mnt/sda2 -xf -
   block detect > /etc/config/fstab ; vi /etc/config/fstab
   # edit /etc/config/fstab : Set all enabled '0' → enabled '1'
   #      option target '/mnt/sda2' ->  option target '/overlay'
   reboot
   

   戻す場合は、poweroff して SD card を取り出し 'YUN RST' を押し再起動。その後 /etc/config/fstab を修正。

   config global 'automount'
   	option from_fstab '1'
   	option anon_mount '1'
   

3. /etc/opkg.conf と /etc/opkg/distfeeds.conf や /etc/opkg/customfeeds.conf の切り分けを調査する。

   なんか変なメッセージがでたので根元の　distfeeds.conf を書き換えたのだが、opkg.conf をユーザが書き換えるのが本筋。調査する。

   • opkg_conf_parse_file: Duplicate src declaration

   https://wiki.openwrt.org/doc/techref/opkg

   https://wiki.openwrt.org/doc/packages

   仕様がまだ定まってないようだ。

4. OOM

   (もちろん extroot 環境で)

   /etc/opkg/distfeeds.conf で本当に必要なレポジトリのみにする。

   /etc/opkg.conf の lists_dir ext /var/opkg-lists を tmpfs 以外の場所にする ex. lists_dir ext /usr/local/var/opkg-lists

   /etc/opkg.conf に option force_space を追加する

   lists_dir ext /usr/local/var/opkg-lists
   option tmp_dir /usr/local/var/tmp
   option force_space
   

   Anyway, Do not place any objects to /tmp and /var (symlink of /tmp).

5. node

   LLC版では swap 張っていない場合はメモリーを制限するオプション付きで起動させている。

   LLC版 node 起動スクリプト改 (mv /usr/bin/node /usr/bin/nodejs)

   #!/bin/sh
   
   SWAPS=`swapon -s | grep -c "file\|partition"`
   
   if [ $SWAPS -gt 0 ]
   then
   	NODE_PATH=/usr/lib/node /usr/bin/nodejs $@
   else
   	NODE_PATH=/usr/lib/node /usr/bin/nodejs --optimize_for_size --stack_size=1024 --max_old_space_size=20 --max_executable_size=5 --gc_global --gc_interval=100 $@
   fi
   

memo

Arduino IDE Bridge Library

Must apply this patch.

--- a/Bridge/src/Bridge.cpp
+++ b/Bridge/src/Bridge.cpp
@@ -52,7 +52,7 @@
     // Wait for OpenWRT message
     // "Press enter to activate console"
     stream.print(F("run-bridge\n"));
-    delay(500);
+    delay(5000);
     dropAll();

     // Reset the brigde to check if it is running

refresh fstab : uci

uci delete fstab.@mount[0]
uci delete fstab.@mount[0]
uci commit

uci set fstab.automount=global
uci set fstab.automount.from_fstab='1'
uci set fstab.automount.anon_mount='1'
uci commit

extroot

cd /mnt/sda2
rm -rf *
rm -rf .??*
cd /
tar -C /overlay -cvf - . | tar -C /mnt/sda2 -xf -
block detect > /etc/config/fstab ; vi /etc/config/fstab
# edit /etc/config/fstab : Set all enabled '0' → enabled '1'
#      option target '/mnt/sda2' ->  option target '/overlay'
reboot

basic tools setup : opkg

# edit /etc/opkg.conf for extroot
opkg update
opkg list-upgradable
opkg install ca-certificates
opkg install unzip
opkg install screen
opkg install procps-ng procps-ng-ps procps-ng-w procps-ng-vmstat procps-ng-watch
opkg install procps-ng-top --force-overwrite
opkg install coreutils-ls coreutils-stty
opkg install dropbearconvert
opkg install e2fsprogs mkdosfs fdisk dosfsck
opkg install rsync
opkg install diffutils
opkg install logrotate
opkg install mg
opkg install openssh-client --force-overwrite

procps-ng has bug, CPU usage fail.

mkdir -p -m 1777 /usr/local/var/tmp
export TMPDIR=/usr/local/var/tmp
opkg install python-pip
opkg install python-six
# Edit /etc/pip.conf
#   cache-dir=/usr/local/var/tmp/.cache
# pip install --upgrade pip
pip install beaver==36.2.0
pip install supervisor

If OOM occurs, re-run pip.

dosfsck

cd /
umount /mnt/sda1
dosfsck -y -v -w /dev/sda1
#dosfsck -y -v -t -w /dev/sda1
mount /dev/sda1 /mnt/sda1

drop caches

echo 3 > /proc/sys/vm/drop_caches

network

eth1 -> wan
wlan0 -> lan

/etc/config/network
/etc/config/firewall
/etc/config/dhcp

Secure

Secure your router's access

Dropbear Security

Bricked

My Yún doesn't boot anymore! How can I restore it?

YunSerialTerminal をロードしてシリアルコンソールを有効にする。SDカードは抜いておく事。YUN RST ボタンをおす。

1. YunSerialTerminal で prompt が出て OS の操作ができる場合。
   1. なんとかして network を生かす。

      ifconfig インターフェース IPアドレス
      route add default gw どこか
      

      /etc/resolv.conf を編集。

   2. SD card で正常な sysupgrade のイメージをもってくる。

      mkdir /mnt/sda1
      mount -t vfat /dev/sda1 /mnt/sda1
      

2. YunSerialTerminal で u-boot を操作できる場合。
   1. https://www.arduino.cc/en/Tutorial/YunUBootReflash