Update recipes to pick up IPMI and User management fixes

IPMI: Support for ipmitool lan high level commands
USER: User management fixes

Update openbmc initfs to add temporary run from RAM 

Deleting a variable with a long value exposed a duplicate
openbmcinitdownloadurl variable resulting in two lines in the
url file, and wget was not happy.

The u-boot environment ends with a double NUL character like
many operating environments.  Using strings to separate on the
NUL bytes was loosing this information.

The fw_printenv command does not clear the remainder of the
environment when deleting variables.  Instead it just makes sure
it is terminated with a double NUL byte.

Switch from strings to tr to separate the strings.  Translate NL
to CR to avoid false matches, and use sed to detect a blank line.
Also use tail to skip over the CRC bytes.  We don't have the
config file to know if a flag exists so assume 1 copy for now.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Use commit number instead of autorev for u-boot

Tell systemd the host-ipmid service wants the clear-once service
to be started, and that it wants to run after the clear-once
service.

The new OEM command will use the openbmc init run once variables
set in the u-boot environment.  We want the u-boot variable
cleared before the host can request it be set again.

Tell bitbake to require the clean-once package.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Create a service unit to clear the openbmconce variable in the
the u-boot environment with fw_setenv.

Set the timeout to allow the flash to be written, even though we
currently just update the ram shadow file.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Install the init-option and init-download-url if they exist in
the build directory.

This change to the bitbake recipe allows an override layer to
simply add these files to the SRC_URI variable and then have them
appear in the initramfs.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Add a hook to download a read-only file system image file from
a URL using TFTP, HTTP, or FTP.  The URL is retrieved from a
u-boot environment variable unless the file is already in the
initramfs image.  Only execute this command if the previously
established options file has a keyword trigger.  Do not even
consider the option if a build option flag is not set to y,
and allow each protocol to be disabled by simiar build options.

This allows one to specify at u-boot commands that would download
a read-only file system into memory for execution this boot instead
of needing to create a custom initramfs to netboot or specifying
debug-init-sh, entering the password, and doing the download from
the shell.

Note: Access to set u-boot environment variables implys the
ability to replace the kernel and initramfs session.  Access to
the variables and the serial console likely gives full root access
to the system at this time.  The existing shutdown and update
scripts have paths that expose a root shell to the serial port
without a prior password challenge.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

If the file /init-options exists copy it to the runtime location
/run/initramfs/init-options.

This allows an initramfs image to be built that will not parse
any u-boot or command line variables by adding a file into the
the image.  This can be done either through a recipe overlay or
additonal package today and could also be a cpio merged into the
initrd in the future.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Look in the saved u-boot environment for init options in addition
to the kernel command line.  This allows setting options to run
in the u-boot environment instead of setting bootargs.

Look at specific variables but not the whole environment so that
users can setup variable to run.  Look at two variables so scripts
can automatically clear one on successful boot as one-time options
(defer that to the full filesystem).

Instead of having the full fw_setenv / fw_getenv binaries which
would overflow the existing space for the initramfs, just use the
busybox strings command to extract the variables.  The oldest
variable might get a crc32 character or flag byte if redundant
environment were configured for nand but that is not expected
to be these user defined variables.

[1] The environment consists of a crc32, a flag byte if a
redundant environment is configured, then a series of var=value
strings separated by NUL bytes.  The flag byte is 1 (active) or 0
(obsolete) for NOR flash, or a counter 0-255 in nand, the flag
byte cycles through 0-255.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Add an option to copy files from the rwfs to ram then run in ram.

This allows customizations like user ids and network settings to
be initialized from the read-write filesystem.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Use the copy in /run/initramfs/update to call update to be consistent
with other uses.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

When calling update for save and restore phases be explicitly tell
update to clean saved files when we are done and not bother trying
to save or restore when we know we will do a split save, erase, and
restore sequence.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

If copy-base-filesystem-to-ram is found copy the read-only
filesystem source device to /run/image-rofs.  If the copy fails
then remove the partial copy and invoke debug takeover.

This will allow a new image to be downloaded and flashed while
running from the existing copy for the duration of this boot.

Alternatively with the overlay also in RAM pflash could be used
to update the flash from the host as the BMC would no longer need
the flash or flash controller.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

If overlay-filesystem-in-ram is found set rwfst=none suppressing
the rwfs mount.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Change the u-boot recipes from picking up the most recent
commit to a specific commit (the most current one a of today)
so that development can be done in u-boot without affecting the
stability of the image.

Add inarp to base image

inarp: Add inverse ARP daemon

Add temporary adm1278 hwmon pmbus driver patch

Move up skeleton and host-ipmid to latest

Fixes memory leaks and watchdog timer issues
Signed-off-by: Norman James <nkskjames@gmail.com>

Add the inarp package to the base image. If users later want
to turn it off and not have it be part of the base image,
it can be changed to a distro spec then.

If images are to be updated before init continue to move them
to /run/initramfs.  However, if they are not to be flashed before
init instead move them to /run.

This will result in the image-rofs being loop mounted for this run,
and all images will be available at runtime for flash update at
runtime.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Allow file system type none for rwfst, which means do not mount a
separate file system but just use the directory in the tmpfs /run.

This will be used to allow the flash controller to not be used by
the running image, allowing flash updates while the BMC is running
the main application.

It could also be used for a file system less prone to corruption
where the read-write overlay is only updated with whitelisted files
at specific points in time with updates to the update script.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Decide lack of fsck is not a problem by the type of the rwfs image
instead of the full name of the fsck command.  This eliminates
duplicates knowledge of how the fsck path is formed.
Suggested-by: Andrew Jeffery <andrew@aj.id.au>
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

If a read-only file system image is in /run, specifically
/run/image-rofs, then mount it instead of the mtd partition.

This will allow running from ram to allow the flash to be updated,
either from a downloaded image, a packaged image, or an image
copied at boot.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Grep options from a file instead of directly from /proc/cmdline
which will allow additonal sources for options.

Initially the options file is just a copy of the kernel command
line, but it may be edited at debug-init-sh or via a later
debug_takeover point or before restarting init.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Note explicitly when an empty image is provided that will not
alter a flash partition.

While using flashcp on an empty file succeeds and does not alter
the flash, it may be confusing to see 0/0 messages for the erase,
write, and verify phases.

These empty files are used to trigger the save and restore phases
and may also be used by developers to cause the update to fail
and break into a shell at shutdown for maintence.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Remove image files as they are flashed so a repeated call to
update does not erase and write the image again.

As we add the ability to call update at runtime repeated calls
are expected.  This both signals successful copy and removes the
need for callers to cleanup.

Also remove commented alternate flash method using eraseall
that was not tested.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Add an option to copy files to the runtime copy-on-write upper
directory from the saved directory to allow init to request the
files for use without knowing the saved files directory.

This will be used to initialize the cow directory from the
persistent rwfs file system when choosing to run in RAM.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Skip mounting and unmounting the read-write file system when
saving files if the upper directory exists.  Instead interpret
this as a sign the system either is or was running from RAM (or
from some future alternative and maybe temporary mounted file
system) and save the files from that upper directory.

It is possible some other filesystem is mounted on the read-write
mountpoint that is not a mtd device, either a tmpfs or some
other future media, so only try to unmount the file system if
this update script mounted it.

Each boot an empty /run filesytem is created and populated by init
with selected directories and mount points for the read-only and
read-write file systems and mounts them on these points.

The upper directory is under the read-write mount point, so if it
exists then either a file system is mounted there or the system
was prepared to run from RAM using the run tmpfs file system and
updates may have been made there.  In either case the files to
be saved exist in that directory.

Background on overlayfs:

The upper directory contains files and directory entries that were
either opened for write or had meta data changed.  Before this
happens the overlayfs copies each file or directory by name into
the work directory then atomically moves it into the corresponding
upper directory.

To form a read-write overlayfs mount, the upper directory must be,
by definition, in a read-write file system along with the work
directory, and both are required to be in the same filesystem.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Use the full /run/initramfs/rw path for the mount point of the
read-write filesystem.

This prevents creating and directories in / when it is invoked
before shutdown.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

This will ensure the cp command always writes to an existing
directory but will also make any future component directories if
the upper directory is later moved from the root of the filesystem.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

This will allow us to restore or check-point the whitelisted files
to the read-write filesystem device without causing confusion by
mounting over the upperdir location while at runtime.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Instead of in saving files in root which is messy and logically
part of the cow space, save the files in a directory under /run
which will be mounted during init, runtime, and shutdown.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Find the whitelist under /run/initramfs directory instead of
looking in root directory.  This results in the whitelist always
existing and being the same instance (copy) in all environments.

Currently the update script is invoked from two places: from
shutdown, where systemd bind-mounted the initramfs directory on
itself and made it root (with its parent /run mounted underneath
it in a twist), and from the initramfs init script where it
copied the files from its root directory into the /run/initramfs
directory for use at shutdown time when the original rootfs is
no longer reachable.

By looking under /run/initramfs we will always look at one copy
of the whitelist.  This will also allow future modes where the
update script can be invoked while running from a copies of
the file systems located in RAM.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Let the copy loop execute zero times instead of checking if
the whitelist is empty.

Suppressing the mount and copying the files can be achieved via
command line options.  This removes a condition and prepares for
splitting the whitelist into component files with support for
commented out lines.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

Allow the save and/or restore of whitelisted files to be
suppressed.

This reduces the noise and possible problems trying to mount the
read-write filesystem read-write when its dirty.  The filesystem
may be cleaned or repaired between the backup and restore.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>

This change adds 'inarp': A small daemon to listen for, and reply to
inverse ARP requests.

This should be started at system init time, so we add a .service file.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>