mikrotik-tailscale/busybox-applets.config

# Curated busybox applet set for a Tailscale-on-MikroTik debug shell.
#
# This file is consumed by the Dockerfile's busybox build stage. It starts
# from `make allnoconfig` (everything OFF) and turns ON only the symbols
# listed here, keeping the binary small (~420 kB static vs ~1.24 MB for the
# full official busybox).
#
# Format: one CONFIG symbol per line (without the CONFIG_ prefix or =y).
# Lines starting with # and blank lines are ignored.
#
# IMPORTANT: this busybox is intentionally NOT UPX-compressed. UPX breaks
# busybox's internal applet dispatch from the ash shell — typed commands
# fall through to a $PATH lookup instead of running the built-in applet.
# See https://github.com/upx/upx/issues/248 (closed as "invalid"; it is a
# busybox/UPX interaction the UPX project will not fix). A custom static
# build is both smaller than a UPX'd full busybox AND avoids this entirely.

# --- Static build (runs anywhere, no dynamic loader) ---
STATIC

# --- Large File Support (64-bit off_t) ---
# musl (Alpine) always uses a 64-bit off_t. Without LFS, busybox's off_t size
# self-check (BUG_off_t_size_is_misdetected) fails to compile on 32-bit targets
# such as arm/v7 — especially under QEMU emulation. Enabling LFS is correct for
# musl on every architecture, so we set it unconditionally.
LFS

# --- Shell: ash, standalone mode so typed commands resolve to applets ---
ASH
SH_IS_ASH
ASH_INTERNAL_GLOB
ASH_BASH_COMPAT
ASH_JOB_CONTROL
ASH_ALIAS
ASH_GETOPTS
ASH_CMDCMD
ASH_ECHO
ASH_PRINTF
ASH_TEST
ASH_HELP
ASH_OPTIMIZE_FOR_SIZE
# NOTE: FEATURE_SH_STANDALONE, FEATURE_PREFER_APPLETS and FEATURE_SH_NOFORK
# are intentionally LEFT OFF (they are off by default in allnoconfig).
#
# Those features make the shell run applets internally by re-exec'ing
# /proc/self/exe instead of doing a normal PATH lookup. That /proc/self/exe
# path is exactly what UPX breaks (https://github.com/upx/upx/issues/248):
# under UPX the shell fails to find its own applets and falls through to a
# (nonexistent) PATH binary.
#
# By leaving them off, typed commands resolve via the ordinary PATH ->
# /bin/<applet> symlink -> busybox argv[0] dispatch, which works correctly
# even when the busybox binary IS UPX-compressed. This lets us UPX busybox
# (~424 kB -> ~230 kB on-disk) without breaking the shell. The cost is a
# fork+exec per command instead of a nofork internal call, which is fine
# for an occasional debug shell.
FEATURE_EDITING
FEATURE_EDITING_HISTORY
FEATURE_TAB_COMPLETION
FEATURE_SUID
LONG_OPTS

# --- Coreutils ---
LS
FEATURE_LS_FILETYPES
FEATURE_LS_SORTFILES
FEATURE_LS_TIMESTAMPS
FEATURE_LS_USERNAME
FEATURE_LS_COLOR
CAT
ECHO
PRINTF
PWD
TRUE
FALSE
TEST
MKDIR
RMDIR
RM
MV
CP
LN
TOUCH
STAT
READLINK
REALPATH
BASENAME
DIRNAME
CHMOD
CHOWN
CHGRP
HEAD
FEATURE_FANCY_HEAD
TAIL
FEATURE_FANCY_TAIL
WC
SORT
FEATURE_SORT_BIG
UNIQ
CUT
TR
EXPR
SEQ
SLEEP
YES
ENV
PRINTENV
WHICH
WHOAMI
ID
DATE
HOSTNAME
UNAME
MKTEMP

# --- Process / system inspection ---
PS
FEATURE_PS_WIDE
DESKTOP
TOP
FEATURE_TOP_INTERACTIVE
FEATURE_TOP_CPU_USAGE_PERCENTAGE
KILL
KILLALL
PIDOF
PGREP
PKILL
FREE
UPTIME
NPROC
DMESG
WATCH

# --- Text tools ---
GREP
FEATURE_GREP_CONTEXT
FEATURE_GREP_EGREP_ALIAS
EGREP
FGREP
SED
AWK
FIND
FEATURE_FIND_TYPE
FEATURE_FIND_PERM
FEATURE_FIND_MTIME
FEATURE_FIND_NEWER
FEATURE_FIND_EXEC
XARGS
HEXDUMP
OD
STRINGS
LESS
MORE
CMP
DIFF
VI

# --- Networking (ip is the one command Tailscale shells out to) ---
IP
FEATURE_IP_ADDRESS
FEATURE_IP_LINK
FEATURE_IP_ROUTE
FEATURE_IP_NEIGH
FEATURE_IP_RULE
FEATURE_IP_TUNNEL
IPADDR
IPLINK
IPROUTE
IPNEIGH
IPRULE
PING
PING6
FEATURE_FANCY_PING
NSLOOKUP
NETSTAT
ARP
ARPING
WGET
TRACEROUTE
FEATURE_IPV6

# --- Filesystem ---
MOUNT
UMOUNT
DF
DU
SYNC
LSOF
TAR
GZIP
GUNZIP
ZCAT
FEATURE_SEAMLESS_GZ

# --- Misc shell conveniences ---
CLEAR
RESET
TTY
SETSID
NOHUP
TIMEOUT
FLOCK