# Curated busybox applet set for a Tailscale-on-MikroTik debug shell. # # This file is consumed by the Dockerfile's busybox build stage. It starts # from `make allnoconfig` (everything OFF) and turns ON only the symbols # listed here, keeping the binary small (~420 kB static vs ~1.24 MB for the # full official busybox). # # Format: one CONFIG symbol per line (without the CONFIG_ prefix or =y). # Lines starting with # and blank lines are ignored. # # IMPORTANT: this busybox is intentionally NOT UPX-compressed. UPX breaks # busybox's internal applet dispatch from the ash shell — typed commands # fall through to a $PATH lookup instead of running the built-in applet. # See https://github.com/upx/upx/issues/248 (closed as "invalid"; it is a # busybox/UPX interaction the UPX project will not fix). A custom static # build is both smaller than a UPX'd full busybox AND avoids this entirely. # --- Static build (runs anywhere, no dynamic loader) --- STATIC # --- Large File Support (64-bit off_t) --- # musl (Alpine) always uses a 64-bit off_t. Without LFS, busybox's off_t size # self-check (BUG_off_t_size_is_misdetected) fails to compile on 32-bit targets # such as arm/v7 — especially under QEMU emulation. Enabling LFS is correct for # musl on every architecture, so we set it unconditionally. LFS # --- Shell: ash, standalone mode so typed commands resolve to applets --- ASH SH_IS_ASH ASH_INTERNAL_GLOB ASH_BASH_COMPAT ASH_JOB_CONTROL ASH_ALIAS ASH_GETOPTS ASH_CMDCMD ASH_ECHO ASH_PRINTF ASH_TEST ASH_HELP ASH_OPTIMIZE_FOR_SIZE # NOTE: FEATURE_SH_STANDALONE, FEATURE_PREFER_APPLETS and FEATURE_SH_NOFORK # are intentionally LEFT OFF (they are off by default in allnoconfig). # # Those features make the shell run applets internally by re-exec'ing # /proc/self/exe instead of doing a normal PATH lookup. That /proc/self/exe # path is exactly what UPX breaks (https://github.com/upx/upx/issues/248): # under UPX the shell fails to find its own applets and falls through to a # (nonexistent) PATH binary. # # By leaving them off, typed commands resolve via the ordinary PATH -> # /bin/ symlink -> busybox argv[0] dispatch, which works correctly # even when the busybox binary IS UPX-compressed. This lets us UPX busybox # (~424 kB -> ~230 kB on-disk) without breaking the shell. The cost is a # fork+exec per command instead of a nofork internal call, which is fine # for an occasional debug shell. FEATURE_EDITING FEATURE_EDITING_HISTORY FEATURE_TAB_COMPLETION FEATURE_SUID LONG_OPTS # --- Coreutils --- LS FEATURE_LS_FILETYPES FEATURE_LS_SORTFILES FEATURE_LS_TIMESTAMPS FEATURE_LS_USERNAME FEATURE_LS_COLOR CAT ECHO PRINTF PWD TRUE FALSE TEST MKDIR RMDIR RM MV CP LN TOUCH STAT READLINK REALPATH BASENAME DIRNAME CHMOD CHOWN CHGRP HEAD FEATURE_FANCY_HEAD TAIL FEATURE_FANCY_TAIL WC SORT FEATURE_SORT_BIG UNIQ CUT TR EXPR SEQ SLEEP YES ENV PRINTENV WHICH WHOAMI ID DATE HOSTNAME UNAME MKTEMP # --- Process / system inspection --- PS FEATURE_PS_WIDE DESKTOP TOP FEATURE_TOP_INTERACTIVE FEATURE_TOP_CPU_USAGE_PERCENTAGE KILL KILLALL PIDOF PGREP PKILL FREE UPTIME NPROC DMESG WATCH # --- Text tools --- GREP FEATURE_GREP_CONTEXT FEATURE_GREP_EGREP_ALIAS EGREP FGREP SED AWK FIND FEATURE_FIND_TYPE FEATURE_FIND_PERM FEATURE_FIND_MTIME FEATURE_FIND_NEWER FEATURE_FIND_EXEC XARGS HEXDUMP OD STRINGS LESS MORE CMP DIFF VI # --- Networking (ip is the one command Tailscale shells out to) --- IP FEATURE_IP_ADDRESS FEATURE_IP_LINK FEATURE_IP_ROUTE FEATURE_IP_NEIGH FEATURE_IP_RULE FEATURE_IP_TUNNEL IPADDR IPLINK IPROUTE IPNEIGH IPRULE PING PING6 FEATURE_FANCY_PING NSLOOKUP NETSTAT ARP ARPING WGET TRACEROUTE FEATURE_IPV6 # --- Filesystem --- MOUNT UMOUNT DF DU SYNC LSOF TAR GZIP GUNZIP ZCAT FEATURE_SEAMLESS_GZ # --- Misc shell conveniences --- CLEAR RESET TTY SETSID NOHUP TIMEOUT FLOCK