OpenWrt running on Atheros AR9331 of Arduino Yun, LLC edition OpenWrt-Yun also Linino, is in obsolete (and has security issues) at kernel and various packages. I will try to investigate the upgrade to the latest version of OpenWrt. (With Absolutely NO Warranty)

Prepare for the Security update of OpenWrt-Yun, Arduino Yun Operating System (YunOS). In the IoT ERA, I think it is a very important thing.

OpenWrt-Yun Chaos Calmer 15.05

RedSnake64's implementation found at Arduino Yun forum.

RedSnake64 edition OpenWrt-Yun:

https://github.com/RedSnake64/openwrt-yun/tree/15.05
ChaosCalmer_v1.4

I tried it. 'mDNS' is not active, so I could not be accessed in '.local'.

Grasp that implementation. I decided to make Arduino Yun package that can be used in OpenWrt trunk Bleeding Edge.

NOW Arduino LLC Official edition:

https://github.com/arduino/openwrt-yun-1505

Investigate the Yun Profile of the OpenWrt Project

The OpenWrt Project, already exist a Arduino Yun Profile.

target/linux/ar71xx/generic/profiles/arduino.mk
ar71xx: add Arduino Yun

https://github.com/openwrt/packages/tree/master/utils/yunbridge
yunbridge

Arduino Yun bridge library has been implemented.

OpenWrt snapshot images:

https://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/
https://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/
openwrt-ar71xx-generic-yun-16M-squashfs-sysupgrade.bin

This System Image is corresponding Arduino Yun Hardware. but, of course Arduino Yun own software is not implemented.

Mirror site: http://ftp.stw-bonn.de/pub/openwrt/snapshots/trunk/ar71xx/generic/

OpenWrt Core:

git.openwrt.org Git - openwrt trunk tree
shortlog

OpenWrt Packages:

https://github.com/openwrt/packages
https://github.com/openwrt/luci
https://github.com/openwrt-routing/packages
https://github.com/openwrt/telephony
https://github.com/openwrt/targets
https://github.com/openwrt-management/packages

Optional package of OpenWrt Project is managed on github.

Investigate the OpenWrt-Yun

OpenWrt-Yun arduino packages

LLC edition arduino package:

https://github.com/arduino/openwrt-packages-yun/tree/master/arduino

RedSnake64 edition arduino package:

https://github.com/RedSnake64/openwrt-arduino-packages/tree/for-15.05

Arduino OpenWrt Yún packages:

(y) avrdude *
(y) cpu-mcu-bridge *
(m) cwiid *
(y) luci-app-arduino-webpanel
(m) node *
(m) node-bleno
(m) node-noble
(m) node-serialport *
(m) node-socket.io
(m) node-socket.io-legacy *
(m) node-socket.io-client
(m) node-socket.io-client-legacy *
(m) node-sqlite3
(m) node-ws
(y) rng-tools *
(y) spacebrew
(y) temboo
(y) uSDaemon
(m) v8m-rb *
(y) yun-conf
(y) yun-scripts

1. avrdude: use a OpenWrt package. Configuration for the Arduino Yun should be placed in /etc/avrdude.conf.
2. cpu-mcu-bridge: overlaps with OpenWrt yunbridge package. For compatibility use a Arduino package.
3. cwiid: only RedSnake64 edition. cwiid is Nintendo Wii remote interface package, so should delete.
4. node: If you want to run node.js, Should turn on MIPS FPU EMULATOR kernel config.
5. node, node-serialport: use a OpenWrt package. so should delete.
6. "-legacy" mean that the 0.9.x version.
7. rng-tools: OpenWrt package has a problem. Should be changed START=98 to START=48.
8. v8m-rb: Not required, so should delete.

My new arduino packages here:

https://github.com/nxhack/openwrt-arduino-packages

Arturo Rinaldi edition linino packages:

https://github.com/artynet/openwrt/tree/gcc5-08/package/linino

Important concept of OpenWrt

The Minimized (smaller footprint) is Highest Priority. This is the large difference in policy between PC GNU/Linux and OpenWrt.

Trunk Bleeding Edge version of OpenWrt-Yun package and build environment

https://git.openwrt.org/?p=openwrt.git
https://github.com/nxhack/openwrt-yun-build-extra
https://github.com/nxhack/openwrt-arduino-packages

Setup repos:

mkdir Build_Path_Some_Where
cd Build_Path_Some_Where
git clone --depth=1 https://git.openwrt.org/openwrt.git
#git clone --depth=1 https://git.lede-project.org/source.git
git clone --depth=1 --branch master --single-branch https://github.com/nxhack/openwrt-yun-build-extra.git
cd openwrt
ln -s ../openwrt-yun-build-extra/* .

Please modify ./files/etc/opkg/distfeeds.conf

First Time, Setup cross compile build environment (ubuntu 14.04):

./FIRST_SETUP_ubuntu_Trusty_Tahr.sh

Build:

./build.sh

When build succeed, You find openwrt-ar71xx-generic-yun-16M-squashfs-sysupgrade.bin in ./bin/ar71xx directory.

In order to using the packages, You must placed kernel packages and arduino packages to server (or SD card).

Essential items in the kernel configuration

CONFIG_TARGET_ar71xx=y
CONFIG_TARGET_ar71xx_generic=y
CONFIG_TARGET_ar71xx_generic_Yun=y

CONFIG_IMAGEOPT=y
# CONFIG_PREINITOPT is not set
CONFIG_TARGET_PREINIT_SUPPRESS_STDERR=y
CONFIG_TARGET_PREINIT_TIMEOUT=2
# CONFIG_TARGET_PREINIT_SHOW_NETMSG is not set
# CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG is not set
CONFIG_TARGET_PREINIT_IFNAME=""
CONFIG_TARGET_PREINIT_IP="192.168.1.1"
CONFIG_TARGET_PREINIT_NETMASK="255.255.255.0"
CONFIG_TARGET_PREINIT_BROADCAST="192.168.1.255"
# CONFIG_INITOPT is not set
CONFIG_TARGET_INIT_PATH="/usr/sbin:/usr/bin:/sbin:/bin"
CONFIG_TARGET_INIT_ENV=""
CONFIG_TARGET_INIT_CMD="/sbin/init"
CONFIG_TARGET_INIT_SUPPRESS_STDERR=y
CONFIG_VERSIONOPT=y
CONFIG_VERSION_DIST="OpenWrt"
CONFIG_VERSION_NICK="Bleeding Edge"
CONFIG_VERSION_NUMBER=""
CONFIG_VERSION_REPO="http://downloads.openwrt.org/snapshots/trunk/%S/packages"
CONFIG_VERSION_MANUFACTURER="Arduino"
CONFIG_VERSION_MANUFACTURER_URL=""
CONFIG_VERSION_PRODUCT="Arduino Yun"
CONFIG_VERSION_HWREV="1.0"
# CONFIG_VERSION_FILENAMES is not set

CONFIG_PER_FEED_REPO=y
CONFIG_PER_FEED_REPO_ADD_DISABLED=y
CONFIG_PER_FEED_REPO_ADD_COMMENTED=y
CONFIG_FEED_packages=y
CONFIG_FEED_luci=y
CONFIG_FEED_routing=y
CONFIG_FEED_telephony=y
CONFIG_FEED_management=y
CONFIG_FEED_targets=y
CONFIG_FEED_arduino=y
# CONFIG_SMIMEOPT is not set
CONFIG_OPKGSMIME_PASSPHRASE=y

CONFIG_DEFAULT_base-files=y
CONFIG_DEFAULT_busybox=y
CONFIG_DEFAULT_dnsmasq=y
CONFIG_DEFAULT_dropbear=y
CONFIG_DEFAULT_firewall=y
CONFIG_DEFAULT_fstools=y
CONFIG_DEFAULT_ip6tables=y
CONFIG_DEFAULT_iptables=y
CONFIG_DEFAULT_iwinfo=y
CONFIG_DEFAULT_kmod-ath9k=y
CONFIG_DEFAULT_kmod-gpio-button-hotplug=y
CONFIG_DEFAULT_kmod-usb-core=y
CONFIG_DEFAULT_kmod-usb2=y
CONFIG_DEFAULT_libc=y
CONFIG_DEFAULT_libgcc=y
CONFIG_DEFAULT_mtd=y
CONFIG_DEFAULT_netifd=y
CONFIG_DEFAULT_odhcp6c=y
CONFIG_DEFAULT_odhcpd=y
CONFIG_DEFAULT_opkg=y
CONFIG_DEFAULT_ppp=y
CONFIG_DEFAULT_ppp-mod-pppoe=y
CONFIG_DEFAULT_swconfig=y
CONFIG_DEFAULT_uboot-envtools=y
CONFIG_DEFAULT_uci=y
CONFIG_DEFAULT_uclient-fetch=y
CONFIG_DEFAULT_wpad-mini=y

CONFIG_PACKAGE_python-base=y
CONFIG_PACKAGE_python-light=y

CONFIG_PACKAGE_avrdude=y
CONFIG_PACKAGE_cpu-mcu-bridge=y
CONFIG_PACKAGE_luci-app-arduino-webpanel=y
CONFIG_PACKAGE_node=m
CONFIG_PACKAGE_node-bleno=m
CONFIG_PACKAGE_node-noble=m
# CONFIG_PACKAGE_node-serialport is not set
CONFIG_PACKAGE_node-socket.io=m
CONFIG_PACKAGE_node-socket.io-client=m
CONFIG_PACKAGE_node-socket.io-client-legacy=m
CONFIG_PACKAGE_node-socket.io-legacy=m
CONFIG_PACKAGE_node-sqlite3=m
CONFIG_PACKAGE_node-ws=m
CONFIG_PACKAGE_rng-tools=y
CONFIG_PACKAGE_spacebrew=y
CONFIG_PACKAGE_temboo=y
CONFIG_PACKAGE_uSDaemon=y
CONFIG_PACKAGE_yun-conf=y
CONFIG_PACKAGE_yun-scripts=y

CONFIG_PACKAGE_luci=y
CONFIG_PACKAGE_luci-base=y
CONFIG_LUCI_LANG_en=y
CONFIG_PACKAGE_luci-mod-admin-full=y
CONFIG_PACKAGE_luci-app-arduino-webpanel=y
CONFIG_PACKAGE_luci-app-firewall=y
CONFIG_PACKAGE_luci-theme-bootstrap=y
CONFIG_PACKAGE_luci-theme-openwrt=y
CONFIG_PACKAGE_luci-proto-ipv6=y
CONFIG_PACKAGE_luci-proto-ppp=y
CONFIG_PACKAGE_luci-lib-ip=y
CONFIG_PACKAGE_luci-lib-json=y
CONFIG_PACKAGE_luci-lib-jsonc=y
CONFIG_PACKAGE_luci-lib-nixio=y
CONFIG_PACKAGE_luci-i18n-base-en=y
CONFIG_PACKAGE_luci-i18n-firewall-en=y

CONFIG_PACKAGE_kmod-nls-base=y
CONFIG_PACKAGE_kmod-nls-cp437=y
CONFIG_PACKAGE_kmod-nls-iso8859-1=y
CONFIG_PACKAGE_kmod-nls-utf8=y

# CONFIG_PACKAGE_triggerhappy is not set
CONFIG_PACKAGE_kmod-gpio-button-hotplug=y
CONFIG_PACKAGE_kmod-input-core=m
CONFIG_PACKAGE_kmod-input-evdev=m
CONFIG_PACKAGE_kmod-input-gpio-encoder=m
CONFIG_PACKAGE_kmod-input-gpio-keys=m
CONFIG_PACKAGE_kmod-input-gpio-keys-polled=m
CONFIG_PACKAGE_kmod-input-joydev=m
CONFIG_PACKAGE_kmod-input-matrixkmap=m
CONFIG_PACKAGE_kmod-input-polldev=m
CONFIG_PACKAGE_kmod-input-uinput=m

# CONFIG_PACKAGE_odhcp6c is not set
# CONFIG_PACKAGE_odhcpd is not set
# CONFIG_PACKAGE_dnsmasq is not set
CONFIG_PACKAGE_dnsmasq-dhcpv6=y

# CONFIG_PACKAGE_libavahi-client is not set
# CONFIG_PACKAGE_libavahi-compat-libdnssd is not set
# CONFIG_PACKAGE_libavahi-dbus-support is not set
CONFIG_PACKAGE_libavahi-nodbus-support=y

# CONFIG_PACKAGE_avahi-autoipd is not set
# CONFIG_PACKAGE_avahi-daemon-service-http is not set
# CONFIG_PACKAGE_avahi-daemon-service-ssh is not set
# CONFIG_PACKAGE_avahi-dbus-daemon is not set
CONFIG_PACKAGE_avahi-dnsconfd=y
CONFIG_PACKAGE_avahi-nodbus-daemon=y

CONFIG_PACKAGE_gnupg=y
CONFIG_PACKAGE_libgpg-error=y

CONFIG_PACKAGE_nano=y
CONFIG_PACKAGE_curl=y
CONFIG_PACKAGE_wget=y

openwrt-yun-minimum.config

Difference between the LLC edition

IPv6 stack is enabled.

Device name of the leds has been changed.
ds:green:wlan -> arduino:blue:wlan
ds:green:usb -> arduino:white:usb
target/linux/ar71xx/base-files/etc/uci-defaults/01_leds
https://github.com/nxhack/openwrt-arduino-packages/commit/eb7130ac331ce491765f27372d987d9d7415f6c0

In the original rng-tools has a problem. Should match the init script of the LLC version.
Should be started before the Yun original startup script "S49generate_new_gpg_key".
S98rngd -> S48rngd : START=98 -> START=48

sed -i -e s/^START=98/START=48/ ./feeds/packages/utils/rng-tools/files/rngd.init

BUSYBOX ASH BANNER The date disappear.
https://git.openwrt.org/?p=openwrt.git;a=commit;h=39fabb5068e95ab9c0901dd4f37129111d88ae00

+# don't create a version string containing the actual timestamp
+export KCONFIG_NOTIMESTAMP=1
+

BUSYBOX ASH HELP Banner disappear.
CONFIG_ASH_HELP The default has been changed to 'n'.
https://github.com/openwrt/openwrt/blob/master/package/utils/busybox/Config-defaults.in#L2617

Add a configuration of the AR9331 as AVR writer to the original package.
/etc/avrdude.conf

/etc/avrdude.conf:

programmer
  id    = "linuxgpio";
  desc  = "Use the Linux sysfs interface to bitbang GPIO lines";
  type  = "linuxgpio";
  reset = ~18;
  sck   = 11;
  mosi  = 27;
  miso  = 8;
;

BUSYBOX: telnet is disabled.
nc localhost 6571

PATH has changed.
CONFIG_TARGET_INIT_PATH="/bin:/sbin:/usr/bin:/usr/sbin" to CONFIG_TARGET_INIT_PATH="/usr/sbin:/usr/bin:/sbin:/bin"

uhttpd: SSL is forced.
option redirect_https '1'
/etc/config/uhttpd

uhttpd: Use URL alias handle. Do not apply alias patch.
/etc/config/uhttpd

Add to /etc/config/uhttpd

	list alias '/arduino=/cgi-bin/luci'
	list alias '/data=/cgi-bin/luci'
	list alias '/mailbox=/cgi-bin/luci'

Procd button mechanism exists. triggerhappy is not required.
(triggerhappy use HID button mechanism, It depends on kmod-input-*)
(kmod-gpio-button-hotplug + procd buttons, Of course, smaller footprint)
I sent PR, adding ath79_register_gpio_keys_polled.
https://git.openwrt.org/?p=openwrt.git;a=commit;h=10ae130265302c717b1580514ada28d9a48a2484
/etc/hotplug.d/button/00-button
/etc/config/system

Add button section to /etc/config/system.

config button
        option button  'wps'
        option action  'pressed'
        option handler '/usr/bin/wifi-reset-button-pressed'

config button
        option button  'wps'
        option action  'released'
        option handler '/usr/bin/wifi-reset-button-released'

OR add button section to /etc/config/system.

config button
        option button  'wps'
        option action  'pressed'
        option handler '/usr/bin/blink-start 100'

config button
        option button  'wps'
        option action  'released'
        option handler '/usr/bin/blink-stop'

config button
        option button  'wps'
        option action  'released'
        option min     '5'
        option max     '30'
        option handler '/usr/bin/wifi-reset-and-reboot'

config button
        option button  'wps'
        option action  'released'
        option min     '30'
        option max     '999'
        option handler '/usr/bin/reset-to-factory-anyway'

Definitely enable MIPS_FPU_EMULATOR. (disabled by default config)
For reduce kernel size, change the kernel config.
 1. Limit the target architecture to MIPS 24Kc. AR933X, AR724X
 2. Limit the target board.
 3. Enable PCI. need for making various packages.
MIPS24Kc+PCI+FPU_EMU.patch
TARGET_CPU_TYPE.patch

check fpu emu debugfs

ls -l /sys/kernel/debug/mips/fpuemustats

memo

Arduino IDE Bridge Library

Must apply this patch.

--- a/Bridge/src/Bridge.cpp
+++ b/Bridge/src/Bridge.cpp
@@ -52,7 +52,7 @@
     // Wait for OpenWRT message
     // "Press enter to activate console"
     stream.print(F("run-bridge\n"));
-    delay(500);
+    delay(5000);
     dropAll();

     // Reset the brigde to check if it is running

refresh fstab : uci

uci delete fstab.@mount[0]
uci delete fstab.@mount[0]
uci commit

uci set fstab.automount=global
uci set fstab.automount.from_fstab='1'
uci set fstab.automount.anon_mount='1'
uci commit

extroot

cd /mnt/sda2
rm -rf *
rm -rf .??*
cd /
tar -C /overlay -cvf - . | tar -C /mnt/sda2 -xf -
block detect > /etc/config/fstab ; vi /etc/config/fstab
# edit /etc/config/fstab : Set all enabled '0' → enabled '1'
#      option target '/mnt/sda2' ->  option target '/overlay'
reboot

basic tools setup : opkg

# edit /etc/opkg.conf for extroot
opkg update
opkg list-upgradable
opkg install ca-certificates
opkg install unzip
opkg install screen
opkg install coreutils-ls coreutils-stty
opkg install dropbearconvert
opkg install e2fsprogs mkdosfs fdisk dosfsck
opkg install rsync
opkg install diffutils
opkg install logrotate
opkg install mg
opkg install openssh-client --force-overwrite
opkg install procps-ng procps-ng-ps procps-ng-w procps-ng-vmstat procps-ng-watch
opkg install procps-ng-top --force-overwrite

procps-ng has bug, CPU usage fail.

mkdir -p -m 1777 /usr/local/var/tmp
export TMPDIR=/usr/local/var/tmp
opkg install python-pip
opkg install python-six
# Edit /etc/pip.conf
#   cache-dir=/usr/local/var/tmp/.cache
#   log-file=/usr/local/var/tmp/pip-log.txt
# pip install --upgrade pip
pip install requests
pip install pika
pip install conf-d
pip install glob2
pip install paho-mqtt
pip install msgpack-pure
pip install redis
pip install boto
pip install kafka-python
pip install lockfile
pip install python-daemon
pip install beaver==36.2.0
pip install supervisor

If OOM occurs, re-run pip.

dosfsck

cd /
umount /mnt/sda1
dosfsck -y -v -w /dev/sda1
#dosfsck -y -v -t -w /dev/sda1
mount /dev/sda1 /mnt/sda1

drop caches

echo 3 > /proc/sys/vm/drop_caches

network

eth1 -> wan
wlan0 -> lan

/etc/config/network
/etc/config/firewall
/etc/config/dhcp

Secure

Secure your router's access

Dropbear Security

revision check

./scripts/getver.sh

Bricked

My Yún doesn't boot anymore! How can I restore it?

Load YunSerialTerminal to enable serial console. Unplug SD card . Press 'YUN RST' button.

1. If the prompt is out && if the OS can operable.
   1. Enabling the network.

      ifconfig IF IP
      route add default gw somewhere
      

      Edit /etc/resolv.conf

   2. Bring the official sysupgrade image via SD card.

      mkdir /mnt/sda1
      mount -t vfat /dev/sda1 /mnt/sda1
      

2. If you can operate the u-boot via YunSerialTerminal.
   1. https://www.arduino.cc/en/Tutorial/YunUBootReflash

TO DO

1. uboot-linino

   Once the bootloader rewrite fails, I am afraid that completely become brick...

2. extroot

   https://wiki.openwrt.org/doc/howto/extroot

   A partitioned and formatted media that was created in this operation,

   cd /mnt/sda2
   rm -rf *
   rm -rf .??*
   cd /
   tar -C /overlay -cvf - . | tar -C /mnt/sda2 -xf -
   block detect > /etc/config/fstab ; vi /etc/config/fstab
   # edit /etc/config/fstab : Set all enabled '0' → enabled '1'
   #      option target '/mnt/sda2' ->  option target '/overlay'
   reboot
   

   If you want to restore, restart press the eject the SD card and poweroff 'YUN RST'. Modify the then /etc/config/fstab.

   config global 'automount'
   	option from_fstab '1'
   	option anon_mount '1'
   

3. /etc/opkg.conf, /etc/opkg/distfeeds.conf, /etc/opkg/customfeeds.conf

   Since the strange message came out, modified distfeeds.conf, It is correct to modify opkg.conf.

   • opkg_conf_parse_file: Duplicate src declaration

   https://wiki.openwrt.org/doc/techref/opkg

   https://wiki.openwrt.org/doc/packages

   Specification seems not yet settled.

4. OOM

   (extroot environment)

   /etc/opkg/distfeeds.conf : Limit repositories.

   /etc/opkg.conf : lists_dir ext /var/opkg-lists place not tmpfs. ex. lists_dir ext /usr/local/var/opkg-lists

   /etc/opkg.conf : Add 'option force_space'

   lists_dir ext /usr/local/var/opkg-lists
   option tmp_dir /usr/local/var/tmp
   option force_space
   

   Anyway, Do not place any objects to /tmp and /var (symlink of /tmp).

5. sysupgrade with ExtRoot

   sysupgrade with ExtRoot :: wiki.mbirth.de

   sysupgrade ...
   # reboot...
   rm /mnt/sda2/etc/.extroot-uuid
   reboot
   #...
   opkg update
   opkg upgrade $(opkg list-upgradable | awk '($1 !~ "^kmod|Multiple") {print $1}')
   

6. LEDE Project

   https://www.lede-project.org/