Remove flags from wget and curl instructing them to ignore bad server
certificates. Although other mechanisms can protect against malicious
modifications of downloads, other vectors of attack may be available
to an adversary.
TLS certificate verification can be disabled by turning oof the
"Enable TLS certificate verification during package download" option
enabled by default in the "Global build settings" in "make menuconfig"
Signed-off-by: Josh Roys <roysjosh@gmail.com>
[ add additional info on how to disable this option ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
So it can serve as a standalone drop in replacement for xxd utility used
currently mostly in U-Boot packages with `xxd -i` mode which outputs C
include file style, with aim for byte to byte identical output, so the
eventual difference in the generated output is easily spottable.
Fixes: #10555
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Jo-Philipp Wich <jo@mein.io> [perl-fu]
xxdi.pl is a Perl script that implements vim's 'xxd -i' mode so that
packages do not have to use all of vim just to get this functionality.
References: #10555
Source: 97a6bd5cee/xxdi.pl
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Openwrt now supports only glibc and musl. Add support for musl and
rework the libc check to handle the new config flags and correctly
compile package basend on that.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Openwrt generate info.mk that contains the libc type. For probe_cc check
if the file exist and parse directly it for LIBC type.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Currently we never call probe_cc before config generation, this cause
the script to never actually detect the correct libc type.
Call probe_cc before config generation to correctl set the .config file.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
It can be useful to overwrite an already generated config.
Option are simply added at the end of the config and make defconfig
will overwrite the relevant option with the new one.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The parsed prefix in print_config is wrong and this produce broken
generated .config that won't work with any external toolchain.
Currently the prefix from a CC of
'arm-openwrt-linux-muslgnueabi-gcc-12.1.0'
produce a prefix
'arm-openwrt-linux-muslgnueabi-gcc-'
This is wrong as the real prefix should be
'arm-openwrt-linux-muslgnueabi-'
This is probably caused by a change in how the toolchain is now handled
that now append also the gcc version. Probably in ancient days the
version wasn't part of the name and the prefix generation stripped the
'-gcc' instead of the gcc version.
Fix this and correctly strip the gcc version and the gcc suffix to
correctly call toolchain bins.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Hardware
--------
CPU: Mediatek MT7621
RAM: 256M DDR3
FLASH: 128M NAND
ETH: 1x Gigabit Ethernet
WiFi: Mediatek MT7915 (2.4/5GHz 802.11ax 2x2 DBDC)
BTN: 1x Reset (NWA50AX only)
LED: 1x Multi-Color (NWA50AX only)
UART Console
------------
NWA50AX:
Available below the rubber cover next to the ethernet port.
NWA55AXE:
Available on the board when disassembling the device.
Settings: 115200 8N1
Layout:
<12V> <LAN> GND-RX-TX-VCC
Logic-Level is 3V3. Don't connect VCC to your UART adapter!
Installation Web-UI
-------------------
Upload the Factory image using the devices Web-Interface.
As the device uses a dual-image partition layout, OpenWrt can only
installed on Slot A. This requires the current active image prior
flashing the device to be on Slot B.
If the currently installed image is started from Slot A, the device will
flash OpenWrt to Slot B. OpenWrt will panic upon first boot in this case
and the device will return to the ZyXEL firmware upon next boot.
If this happens, first install a ZyXEL firmware upgrade of any version
and install OpenWrt after that.
Installation TFTP
-----------------
This installation routine is especially useful in case
* unknown device password (NWA55AXE lacks reset button)
* bricked device
Attach to the UART console header of the device. Interrupt the boot
procedure by pressing Enter.
The bootloader has a reduced command-set available from CLI, but more
commands can be executed by abusing the atns command.
Boot a OpenWrt initramfs image available on a TFTP server at
192.168.1.66. Rename the image to owrt.bin
$ atnf owrt.bin
$ atna 192.168.1.88
$ atns "192.168.1.66; tftpboot; bootm"
Upon booting, set the booted image to the correct slot:
$ zyxel-bootconfig /dev/mtd10 get-status
$ zyxel-bootconfig /dev/mtd10 set-image-status 0 valid
$ zyxel-bootconfig /dev/mtd10 set-active-image 0
Copy the OpenWrt ramboot-factory image to the device using scp.
Write the factory image to NAND and reboot the device.
$ mtd write ramboot-factory.bin firmware
$ reboot
Signed-off-by: David Bauer <mail@david-bauer.net>
Netgear encrypted image is used in various devices including WAX202,
WAX206, and EX6400v3. This image format also requires a dummy squashfs4
image which is added here as well.
References in WAX202 GPL source:
https://www.downloads.netgear.com/files/GPL/WAX202_V1.0.5.1_Source.rar
* openwrt/bootloader/u-boot-mt7621-2018.09-gitb178829-20200526/board/ralink/common/dual_image.c
Bootloader code that verifies the presence of a squashfs4 image, thus
a dummy image is added here.
* openwrt/tools/imgencoder/src/gj_enc.c
Contains code that generates the encrypted image. There is support for
adding an RSA signature, but it does not look like the signature is
verified by the stock firmware or bootloader.
* openwrt/tools/imgencoder/src/imagekey.h
Contains the encryption key and IV. It appears the same key/IV is used
for other Netgear devices including WAX206 and EX6400v3.
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
What should have been only cosmetic changes, ended up in breaking the
script. Rename UIMAGE_CRC_SLICE back to (the original) UIMAGE_CRC_OFF.
Fixes issue #10204 "cameo-tag.py broken"
Reported-by: Markus Stockhausen <markus.stockhausen@gmx.de>
Fixes: f9e840b657 ("scripts: add CAMEO tag generator")
Signed-off-by: Sander Vanheule <sander@svanheule.net>
This script inserts CAMEO tags into an uImage to make U-Boot
of DGS-1210 switches happy.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
Suggested-by: Sander Vanheule <sander@svanheule.net> # Mutual checksum algorithm
[commit title prefix, trailing whitespace, OpenWrt capitalisation, move
CRC calculation comment, use UIMAGE_NAME_*, remove parentheses for
return, use f-string instead of str()]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
The cameo header is a 0x40-byte header used by D-Link DGS 1210 switches
and Apresia ApresiaLightGS series. cameo-imghdr.py is a clean-room
reimplementation of imghdr present in the DGS-1210-28-GPL package.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[fix board_version argument's help text]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
To create packages the `ipkg-build` script is used which double packs
`control.tar.gz` and `data.tar.gz` to a single package. By default it's
using a verbose username instead of a numeric value for files.
Official OpenWrt images (artifacts) are created within docker containers
which do not seem to contain those verbose usernames and instead
defaults to numeric values.
This becomes a problem when rebuilding public artifacts because other
build environments may offer verbose usernames and there the created
packages is different from the official ones.
With this commit `ipkg-build` always uses numeric values for user/group
and thereby making it easier to reproduce official artifacts.
Signed-off-by: Paul Spooren <mail@aparcar.org>
CRC32 is available in a standard library. It seems reasonable
to defer to that rather than run a custom implementation.
Signed-off-by: Doug Kerr <dek3rr@gmail.com>
mtools recursive copy (mcopy -s ...) is using READDIR(3) to iterate
over the directory entries, hence they end up in the FAT filesystem in
traversal order which breaks reproducibility (rather than being added
to the FAT filesystem in a reproducible order). Implement recursive
copy in gen_image_generic.sh in Shell code instead, as in that way we
can force files to be copied in reproducible order.
Fixes: aece8f5ae8 ("scripts/gen_image_generic.sh: generate reproducible EFI filesystem")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Generate FAT filesystem for EFI boot in a reproducible way:
* use '--invariant' option of mkfs.fat
* set timestamps of all files to SOURCE_DATE_EPOCH
* make sure files are ordered locale-independent
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Set LC_ALL=C environment variable when calling 'sort' as the sort
order otherwise depends on the locale set.
Fixes: 56ce110b73 ("scripts: make sure conffiles are sorted")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
It may happen that conffiles are in different order on different builds.
Make sure they have the same order by sorting them.
FIX: #9612
Signed-off-by: Paul Spooren <mail@aparcar.org>
Introduce `sha256_unsigned` which is a checksum of the image _before_ a
signature is attached. This is helpful to compare image reproducibility.
Since the `.sha256sum` file is located in the $(KDIR) folder, switch
$(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR)
itself is not stored inside the resulting JSON file, so it can be
replaced.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Set fixed timestamp for kernel other files in /boot filesystem.
This should help making x86 *combined* images reproducible.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
be64enc, be16dec, and be32dec are declared on FreeBSD 13.0, in
/usr/include/sys/endian.h so we should not declare them.
Fixes the following error during feeds update:
staging_dir/host/bin/mkhash: No such file or directory
gcc scripts/mkhash.c
scripts/mkhash.c:111:1: error: redefinition of 'be64enc'
111 | be64enc(void *buf, uint64_t u)
Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
It seems, that there are currently some unhandled corner cases in which
`.toolchain_build_ver` results in empty file and thus forcing rebuilds,
even if the toolchain was build correctly just a few moments ago. Until
proper fix is found, workaround that by checking for this corner case
and simply populate `.toolchain_build_ver` file.
While at it, improve the UX and display version mismatch, so it's more
clear what has forced the rebuild:
"Toolchain build version changed (11.2.0-1 != ), running make targetclean"
References: https://gitlab.com/ynezz/openwrt/-/jobs/2133332533/raw
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixes following complaints and suggestions:
In scripts/check-toolchain-clean.sh line 2:
eval `grep CONFIG_GCC_VERSION .config`
^-- SC2046 (warning): Quote this to prevent word splitting.
^-- SC2006 (style): Use $(...) notation instead of legacy backticks `...`.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
diffconfig.sh runs ./scripts/config/conf, but it does not get built
with 'make {menu,x,n}config. Call 'make ./scripts/config/conf' to
ensure it's been built before running it, aborting in case of failure.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>[removed Fixes: due revert]
diffconfig.sh runs ./scripts/config/conf, but it does not get built
with 'make {menu,x,n}config. Call 'make ./scripts/config/conf' to
ensure it's been built befpre running it.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Functional Changes
---------- -------
- make 'imply' not impose any restrictions: allow symbols implied by y
to become m
- change "modules" from sub-option to first-level attribute
Bugfixes
--------
- nconf: fix core dump when searching in empty menu
- nconf: stop endless search loops
- xconfig: fix content of the main widget
- xconfig: fix support for the split view mode
Other Changes
----- -------
- highlight xconfig 'comment' lines with '***'
- xconfig: navigate menus on hyperlinks
- xconfig: drop support for Qt4
- improve host ncurses detection
Update the 'option modules' usage to just 'modules' in Config.in.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Both $(AUTORELEASE) and $(PKG_SRC_VERSION) (from luci.git) use the Git
log to determine releases and package timestamps.
Feeds are shallow cloned by default, resulting in an incomplete Git log
and therefore different local package versions than offered upstream.
This commits sets the default feeds to use `src-git-full` to solve that.
Add fixes from "2b1d92f: scripts/feeds: silence git warning by selecting
pull style" to `src-git-full`
Signed-off-by: Paul Spooren <mail@aparcar.org>
The value is retreived from a env variable which defaults to be read as
a string. However the SOURCE_DATE_EPOCH is a unix timestamp aka integer.
Fix this to allow downstream tools to parse the value directly.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Ubuntu started to flag which as deprecated and it
seems which is not really standard and may vary
across Distro.
Drop the use of which and use the standard 'command -v'
for this simple task.
Which is still present in the prereq if some package/script
still use which.
A utility script called command_all.sh is implemented that
will just mimic the output of which -a.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
This commits adds the ability to print Kernel versions of all
targets/subtargets. If a testing Kernel is set print that version as
well.
Example output:
apm821xx/nand 5.10
apm821xx/sata 5.10
arc770/generic 5.4
archs38/generic 5.4
armvirt/32 5.10
armvirt/64 5.10
at91/sam9x 5.10
at91/sama5 5.10
ath25/generic 5.4
ath79/generic 5.4 5.10
ath79/mikrotik 5.4 5.10
--- %< ---
This should help to get a quick update on the state of Kernels.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Adds generic support for sysupgrading on eMMC-based devices.
Provide function emmc_do_upgrade and emmc_copy_config to be used in
/lib/upgrade/platform.sh instead of redundantly implementing the same
logic over and over again.
Similar to generic sysupgrade on NAND, use environment variables
CI_KERNPART, CI_ROOTPART and newly introduce CI_DATAPART to indicate
GPT partition names to be used. On devices with more than one MMC
block device, CI_ROOTDEV can be used to specify the MMC device for
partition name lookups.
Also allow to select block devices directly using EMMC_KERN_DEV,
EMMC_ROOT_DEV and EMMC_DATA_DEV, as using GPT partition names is not
always an option (e.g. when forced to use MBR).
To easily handle writing kernel and rootfs make use of sysupgrade.tar
format convention which is also already used for generic NAND support.
Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
CC: Li Zhang <li.zhang@gl-inet.com>
CC: TruongSinh Tran-Nguyen <i@truongsinh.pro>
Currently ubinize-image script always expects the
rootfs image to be passed and a volume for it created.
So, to allow only ubinizing a kernel for example which
the MikroTik hAP ac3 and other new NAND devices from
MikroTik require make rootfs an optional parameter like
kernel.
Signed-off-by: Robert Marko <robimarko@gmail.com>
This can be used to ensure that the compiled code is up to date, when
something important changes in the toolchain.
A recent example of this is the gcc 11 fix for a code miscompilation issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Since version 2.28, git has a config option init.defaultBranch to set the name
of the first branch created with git init. The env script expects this name to
be "master". This commit sets the initial branch name to "master"
instead of using the git configured one.
Signed-off-by: Arne Zachlod <arne@nerdkeller.org>
This only affects typos in comments or user-facing output.
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
[only picks changes to scripts, drop "commandline" replacement,
fix case for "arbitrary", improve commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Some packages may require additional group membership for the system
user added by that package. Allow defining additional groups as third
member of the ':'-separated tuple, allowing to specify multiple
','-separated groups with optional GID.
Example:
USERID:=foouser=1000:foogroup=1000:addg1=1001,addg2=1002,addg3
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The new `pkgmanifestjson` call prints all package manifest of a feed in
JSON format. This function can be used to print an overview of packages
information used for downstream tooling.
The script is entirely based on Petrs work on dependency visualisation.
Signed-off-by: Paul Spooren <mail@aparcar.org>
commit 5ec60cbe9d ("scripts: mkits.sh: replace @ with - in nodes")
broke support for Meraki MR32 and this patch makes the replacement
configurable allowing for specifying the @ or - or whatever character
that is desired to retain backwards compatibility with existing devices.
For example, this patch includes the fix for the Meraki MR32 in
target/linux/bcm53xx/image for meraki_mr32:
DEVICE_DTS_DELIMITER := @
DEVICE_DTS_CONFIG := config@1
Fixes: 5ec60cbe9d ("scripts: mkits.sh: replace @ with - in nodes")
Signed-off-by: Damien Mascord <tusker@tusker.org>
[Added tags, checkpatch.pl fixes, noted that this is for old stuff]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Handle gcc and linux with a special regex that set their progname with
their major version. This way every minor version can be cleared. The
build cleanup logic can be tweaked later to clean the entire toolchain
and target dir with a different gcc version.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[reformat commit message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Regex xxx-YYYY-MM-DD-GIT_SHASUM was missing. Add the new regex to improve
and better find outdated package. This also fix a bug where some bug were
incorrectly detected as packagename-yyyy-mm-dd instead of packagename due
to them be parsed by the wrong parser
Example:
openwrt-keyring-2021-02-20-49283916.tar.xz
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[added example in commit message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Multiple profiles create artifacts, these should be stored in the JSON
file as well, allowing downstream tooling to show those files, too.
Artifacts don't have specific filesystems so only the fields `name`,
`type` and `sha256` are available.
Rename env variable names from IMAGE_ to FILE_ prefixes to reflect that
images, kernels and artifacts are added with the same command.
Signed-off-by: Paul Spooren <mail@aparcar.org>
While an image layout based on MBR and 'bootfs' partition may be easy
to understand for users who are very used to the IBM PC and always have
the option to access the SD card outside of the device (and hence don't
really depend on other recovery methods or dual-boot), in my opinion
it's a dead end for many desirable features on embedded systems,
especially when managed remotely (and hence without an easy option to
access the SD card using another device in case things go wrong, for
example).
Let me explain:
* using a MSDOS/VFAT filesystem to store kernel(s) is problematic, as a
single corruption of the bootfs can render the system into a state
that it no longer boots at all. This makes dual-boot useless, or at
least very tedious to setup with then 2 independent boot partitions
to avoid the single point of failure on a "hot" block (the FAT index
of the boot partition, written every time a file is changed in
bootfs). And well: most targets even store the bootloader environment
in a file in that very same FAT filesystem, hence it cannot be used
to script a reliable dual-boot method (as loading the environment
itself will already fail if the filesystem is corrupted).
* loading the kernel uImage from bootfs and using rootfs inside an
additional partition means the bootloader can only validate the
kernel -- if rootfs is broken or corrupted, this can lead to a reboot
loop, which is often a quite costly thing to happen in terms of
hardware lifetime.
* imitating MBR-boot behavior with a FAT-formatted bootfs partition
(like IBM PC in the 80s and 90s) is just one of many choices on
embedded targets. There are much better options with modern U-Boot
(which is what we use and build from source for all targets booting
off SD cards), see examples in mediatek/mt7622 and mediatek/mt7623.
Hence rename the 'sdcard' feature to 'legacy-sdcard', and prefix
functions with 'legacy_sdcard_' instead of 'sdcard_'.
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add a generic sdcard upgrade method instead of duplicating code in yet
another target, and add a feature flag to only install this upgrade
method in targets that set this flag. Copied from mvebu.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The mkits.sh script help message states hash algorithm can be
specified using the -H command-line option, but it does not work
currently due to a bug in the script.
This patch fixes this problem by changing the option from -S to
-H and specify getopts parameter after it
Signed-off-by: Yonghyu Ban <yonghyu@empo.im>
If the image generation doesn't add any profiles to the output the
*profile merge* will fail. To avoid that set an empty profile as
fallback.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Keep other profiles.json content if the data belongs to the current
build version.
Also useful for the ImageBuilder, which builds for a single model each
time. Without this commit the profiles.json would only contain the
latest build profile information.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
[improve commit message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
This separates index update from feed update. The result is that all
requested feeds are first updated and only then indexed.
The reason for this change is to prevent errors being reported and
potentially invalid index being generated thanks to cross feeds
dependency.
The feeds script pulls in default all feeds as they come and on install
prefers packages from first feeds (unless special feed is requested).
Thus order of feeds in some way specifies preferences. This is handy for
downstream distributions as they can simply override any package from
upstream feeds by placing their feed before them. This removes need to
patch or fork upstream feeds.
The problem is that such feed most likely depends in some way also on
subsequent feeds. The most likely feeds are 'packages' or 'luci'. The
example would be Python package that needs 'python.mk' from 'packages'
feed. Ordering custom feed after dependent feeds is sometimes just not
possible because of preference requirement described before.
The solution is to just first pull all feeds and generate indexes only
after that. In the end this ensures that index is generated correctly at
first try without any error.
In terms of code this removes 'perform_update' argument from
'update_feed' as with index update removal the update is the only action
performed in that subroutine. Thus this moves condition to 'update'
subroutine.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
This script hasn't seen an update in multiple years, update it to the
latest version provided upstream. Both `config.guess` and `config.sub`
are copied from upstream[1] and not modified.
The full changelog is available within the upstream repository[1].
[1]: https://git.savannah.gnu.org/git/config.git
Signed-off-by: Paul Spooren <mail@aparcar.org>
Before this commit, it was assumed that mkhash is in the PATH. While
this was fine for the normal build workflow, this led to some issues if
make TOPDIR="$(pwd)" -C "$pkgdir" compile
was called manually. In most of the cases, I just saw warnings like this:
make: Entering directory '/home/.../package/gluon-status-page'
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
[...]
While these were only warnings and the package still compiled sucessfully,
I also observed that some package even fail to build because of this.
After applying this commit, the variable $(MKHASH) is introduced. This
variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the
correct path.
Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
This became a bit of a tragedy, caused by a corner cases which wasn't
put into account during testing. DEFAULT_PACKAGES are defined in
target/linux/<target>/Makefile but also in
target/linux/<target>/<subtarget>/target.mk.
The latter was no longer imported when using DUMP=1, however not using
DUMP=1 while running the Makefile in target/linux/<target>/ caused duplicate
packages in the list.
As a solution, which should have been used from day 0, `make` runs in
target/linux/ without DUMP=1, resulting in no duplicate packages and all
inclusions from include/target.mk, linux/target/<target>/{Makefile,
<subtarget>/target.mk}
While at it, sort the list of default packages.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The commit "1bf2b3fe90 build,json: fixup missing arch_packages" fixes
the missing package architecture locally but runs $(TOPDIR)/Makefile
rather than a target specific one. While this works on local builds just
fine, it causes the buildbots to add garbage to the `arch_packages`
variable:
cd \"/builder/shared-workdir/build\"; git log --format=%h -1
toolchain > /builder/shared-workdir/build/tmp/.ver_check\ncmp -s
/builder/shared-workdir/build/tmp/.ver_check
/builder/shared-workdir/build/staging_dir/toolchain-x86_64_gcc-8.4.0_musl/stamp/.ver_check
|| { \\\n\trm -rf
/builder/shared-workdir/build/build_dir/target-x86_64_musl
/builder/shared-workdir/build/staging_dir/target-x86_64_musl
/builder/shared-workdir/build/staging_dir/toolchain-x86_64_gcc-8.4.0_musl
/builder/shared-workdir/build/build_dir/toolchain-x86_64_gcc-8.4.0_musl;
\\\n\tmkdir -p
/builder/shared-workdir/build/staging_dir/toolchain-x86_64_gcc-8.4.0_musl/stamp;
\\\n\tmv /builder/shared-workdir/build/tmp/.ver_check
/builder/shared-workdir/build/staging_dir/toolchain-x86_64_gcc-8.4.0_musl/stamp/.ver_check;
\\\n}\nx86_64
Only the last line contains the desired string.
Future investigation should check why the build system prints this to
stdout rather than stderr.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Fix 7f4c2b1 "build,json: fix duplicates in default_packages" which
removed duplicate default packages but also removed the package
architecture from the profiles.json.
If DUMP=1 is set, the `ARCH_PACKAGES` is no longer exported and
therefore empty. Fix this by running make twice, once with DUMP=1 and
once without.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Calling without the DUMP=1 argument causes the target specific Makefile
to be "included" again which adds the target specific packages twice,
once on the actual run and once included from `include/target.mk`.
This led to duplicate package entries, causing confusion in downstream
projects using the generated JSON files.
While at it, apply `black` style to Python script.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Add new target feature 'dt-overlay' which makes DTC keep the symbol
names in the generated dtb.
Make sure additional DT overlay sources specified by the new device
variable DEVICE_DTS_OVERLAY get compiled together with the main DTS
(currently overlays got to be in the same folder). Let Build/fit pass
the generated DT overlay blobs to mkits.sh.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Allow adding multiple device tree overlay blobs to an image and
generate configurations for each of them.
This is useful on boards with modern U-Boot which allow e.g. user-
configurable peripherals ("shields") in that way.
Note that currently, each generated configuration adds exactly one
overlay on top of the base image, ie. adding multiple overlays at the
same time is not yet supported.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This commit cleans the `ipkg-build` script via changes suggested by
shellcheck. These are mostly word splitting issues.
Remove the definition of GZIP, this adds three "lookups" of the `gzip`
binary but the rest of the build system doesn't seem to use such
improvements neither.
Signed-off-by: Paul Spooren <mail@aparcar.org>
U-boot will reject the nodes with @ for the address since
commit:
79af75f777
This in turn will cause the failure to boot with OpenWrt
generated images.
So, to rectify that simply replace @ with -.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cover also newly added rootfs@1 and initrd@1 nodes)
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
We so far had two variables IMG_PREFIX and IMAGE_PREFIX with
different content. Since these names are obviously quite
confusing, this patch renames the latter to DEVICE_IMG_PREFIX,
as it's a device-dependent variable, while IMG_PREFIX is only
(sub)target-dependent.
For consistency, also rename IMAGE_NAME to DEVICE_IMG_NAME, as
that's a device-dependent variable as well.
Cc: Paul Spooren <mail@aparcar.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Instead of embedding the initrd cpio archive into the kernel, allow
for having an external ramdisk added to the FIT or uImage.
This is useful to overcome kernel size limitations present in many
stock bootloaders, as the ramdisk is then loaded seperately and doesn't
add to the kernel size. Hence we can have larger ramdisks to host ie.
installers with all binaries to flash included (or a web-based
firmware selector).
In terms of performance and total size the differences are neglectible.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Allow for single (external-data) FIT image to hold kernel, dtb and
squashfs. In that way, the bootloader verifies the system integrity
including the rootfs, because what's the point of checking that the
hash of the kernel is correct if it won't boot in case of squashfs
being corrupted? Better allow bootloader to check everything needed
to make it at least up to failsafe mode. As a positive side effect
this change also makes the sysupgrade process on nand potentially
much easier as it is now.
In short: mkimage has a parameter '-E' which allows generating FIT
images with 'external' data rather than embedding the data into the
device-tree blob itself. In this way, the FIT structure itself remains
small and can be parsed easily (rather than having to page around
megabytes of image content). This patch makes use of that and adds
support for adding sub-images of type 'filesystem' which are used to
store the squashfs. Now U-Boot can verify the whole OS and the new
partition parsers added in the Linux kernel can detect the filesystem
sub-images, create partitions for them, and select the active rootfs
volume based on the configuration in FIT (passing configuration via
device tree could be implemented easily at a later stage).
This new FIT partition parser works for NOR flash (on top of mtdblock),
NAND flash (on top of ubiblock) as well as classic block devices
(ie. eMMC, SDcard, SATA, NVME, ...).
It could even be used to mount such FIT images via `losetup -P` on a
user PC if this patch gets included in Linux upstream one day ;)
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This reverts commit b12288fa69.
The patchelf approach is too fragile, and the only users of this have been
converted to make patching unnecessary
Leave the abi_version_str variable in place in rules.mk
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Preparation for supporting dynamic ABI versions that depend on the runtime
configuration. Read the suffix from the staging dir pkginfo version files.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This makes it possible to declare a package ABI_VERSION independent from the
upstream soname by setting PKG_ABI_VERSION in the package makefile.
The library filename is fixed up for files installed to packages and to the
staging dir. References to the original from executables within the same
package are also fixed up
Signed-off-by: Felix Fietkau <nbd@nbd.name>
As multiple LICENSES are shipped and no longer just LICENSE, modify the
OpenWrt tree detection in checkpatch.pl.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Multiple sources are hosted on OpenWrts source server only. The source
URLs to point to the server vary based on different epochs in OpenWrts
history.
Replace all by @OPENWRT which is an "empty" mirror, therefore using the
fallback servers sources.cdn.openwrt.org and sources.openwrt.org.
Signed-off-by: Paul Spooren <mail@aparcar.org>
In case the default sources for a package fail use the CDN rather than
our own mirror. In case the CDN fails, fallback to our mirror.
Also remove mirror1 which isn't available anymore.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Since 4ee3cf2b5a profiles with alternative vendor names may appear
multiple times in `tmp/.targetinfo` or `.targetinfo` (for
ImageBuilders).
The `target-metadata.pl` script adds these profiles then twice to
`PROFILE_NAMES` and the ImageBuilder show the profile twice when running
`make info`.
This patch removes duplicate profile IDs and only adds them once to
`.profiles.mk`.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The recent 7f285d "scripts/feeds: warn when skipping core package
override" floods SDK output with warning of overwriting "linux" and
"toolchain" core packages. This should be ignored as these are not
regular packages added via feeds.
While at it slightly improve the warning string.
Signed-off-by: Paul Spooren <mail@aparcar.org>
clang's gcc emulation does the right thing with -print-file-name now,
drop the wrapper
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The qemustart script currently picks the ext4 filesystem rather than
squashfs, while the latter is default for nearly all OpenWrt targets.
Change the default behaviour of qemustart to be in line with the rest.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Device specifications:
* QCA IPQ4019
* 256 MB of RAM
* 32 MB of SPI NOR flash (w25q256)
- 2x 15 MB available; but one of the 15 MB regions is the recovery image
* 2T2R 2.4 GHz
- QCA4019 hw1.0 (SoC)
- requires special BDF in QCA4019/hw1.0/board-2.bin with
bus=ahb,bmi-chip-id=0,bmi-board-id=20,variant=PlasmaCloud-PA2200
* 2T2R 5 GHz (channel 36-64)
- QCA9888 hw2.0 (PCI)
- requires special BDF in QCA9888/hw2.0/board-2.bin
bus=pci,bmi-chip-id=0,bmi-board-id=16,variant=PlasmaCloud-PA2200
* 2T2R 5 GHz (channel 100-165)
- QCA4019 hw1.0 (SoC)
- requires special BDF in QCA4019/hw1.0/board-2.bin with
bus=ahb,bmi-chip-id=0,bmi-board-id=21,variant=PlasmaCloud-PA2200
* GPIO-LEDs for 2.4GHz, 5GHz-SoC and 5GHz-PCIE
* GPIO-LEDs for power (orange) and status (blue)
* 1x GPIO-button (reset)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x gigabit ethernet
- phy@mdio3:
+ Label: Ethernet 1
+ gmac0 (ethaddr) in original firmware
+ used as LAN interface
- phy@mdio4:
+ Label: Ethernet 2
+ gmac1 (eth1addr) in original firmware
+ 802.3at POE+
+ used as WAN interface
* 12V 2A DC
Flashing instructions:
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.
Signed-off-by: Marek Lindner <marek.lindner@kaiwoo.ai>
[sven@narfation.org: prepare commit message, rebase, use all LEDs, switch
to dualboot_datachk upgrade script, use eth1 as designated WAN interface]
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Device specifications:
* QCA IPQ4018
* 256 MB of RAM
* 32 MB of SPI NOR flash (w25q256)
- 2x 15 MB available; but one of the 15 MB regions is the recovery image
* 2T2R 2.4 GHz
- QCA4019 hw1.0 (SoC)
- requires special BDF in QCA4019/hw1.0/board-2.bin with
bus=ahb,bmi-chip-id=0,bmi-board-id=16,variant=PlasmaCloud-PA1200
* 2T2R 5 GHz
- QCA4019 hw1.0 (SoC)
- requires special BDF in QCA4019/hw1.0/board-2.bin with
bus=ahb,bmi-chip-id=0,bmi-board-id=17,variant=PlasmaCloud-PA1200
* 3x GPIO-LEDs for status (cyan, purple, yellow)
* 1x GPIO-button (reset)
* 1x USB (xHCI)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x gigabit ethernet
- phy@mdio4:
+ Label: Ethernet 1
+ gmac0 (ethaddr) in original firmware
+ used as LAN interface
- phy@mdio3:
+ Label: Ethernet 2
+ gmac1 (eth1addr) in original firmware
+ 802.3af/at POE(+)
+ used as WAN interface
* 12V/24V 1A DC
Flashing instructions:
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.
Signed-off-by: Marek Lindner <marek.lindner@kaiwoo.ai>
[sven@narfation.org: prepare commit message, rebase, use all LEDs, switch
to dualboot_datachk upgrade script, use eth1 as designated WAN interface]
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Device specifications:
* Qualcomm/Atheros QCA9533 v2
* 650/600/217 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash (mx25l12805d)
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 2T2R 2.4 GHz Wi-Fi
* multi-color LED (controlled via red/green/blue GPIOs)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
- eth0
+ Label: Ethernet 1
+ 24V passive POE (mode B)
+ used as WAN interface
- eth1
+ Label: Ethernet 2
+ 802.3af POE
+ builtin switch port 2
+ used as LAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The NOR flash rootfs images stored in a sysupgrade.tar must end with the
JFFS2 marker. Otherwise, devices like OpenMesh A42/A62 are not able to
calculate the md5sum of the fixed squashfs part and store it inside the
u-boot-env.
But the commit ee76bd11bb ("images: fix boot failures on NAND with small
sub pages") adds up to 1020 0x00 bytes after the 0xdead0de EOF marker. The
calculated md5sum will be wrong due do this change and u-boot will fail to
boot the newly flashed device with a message like:
Validating MD5Sum of 'vmlinux'...
Passed!
Validating MD5Sum of 'rootfs'...
Failed!
583a1b7b54b8601efa64ade42742459b != 8850ee812dfd7638e94083329d5d2781
Data validation failed!
and boot the old image again.
Since the original change should not change the behavior of NOR images,
just check for the deadc0de marker at the end of the squashfs-jffs2 image
do avoid the problematic behavior for these images.
Fixes: ee76bd11bb ("images: fix boot failures on NAND with small sub pages")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The rootfs is padded to the full block size by padjffs2 and a 4 byte magic
value ("deadc0de") is added to the end. On first boot, the JFFS2 is
replacing the "deadc0de" marker when the rootfs_data is initialized.
The static part of the rootfs is therefore $rootfs_size - 4 and not
$rootfs_size - 262144 - 4.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The padding and block alignment is handled by the image build script and
doesn't need to be duplicated in the fwupgrade.cfg build script.
Signed-off-by: Sven Eckelmann <sven@narfation.org>