A package may run git as part of its build process, and if the package
source code is not from a git checkout, then git may traverse up the
directory tree to find buildroot's repository directory (.git).
For instance, Poetry Core, a Python build backend, will read the
contents of .gitignore for paths to exclude when creating a Python
package. If it finds buildroot's .gitignore file, then Poetry Core will
exclude all of the package's files[1].
This exports GIT_CEILING_DIRECTORIES for both package and host builds so
that git will not traverse beyond $(BUILD_DIR)/$(BUILD_DIR_HOST).
[1]: https://github.com/python-poetry/poetry/issues/5547
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
OpenSSL fails to compile in Fedora 38 container due to the following:
Can't locate IPC/Cmd.pm in @INC (you may need to install the IPC::Cmd module) (@INC contains: /openwrt/build_dir/target-x86_64_musl/openssl-3.0.8/util/perl /usr/local/lib64/perl5/5.36 /usr/local/share/perl5/5.36 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 /openwrt/build_dir/target-x86_64_musl/openssl-3.0.8/external/perl/Text-Template-1.56/lib) at /openwrt/build_dir/target-x86_64_musl/openssl-3.0.8/util/perl/OpenSSL/config.pm line 19.
BEGIN failed--compilation aborted at /openwrt/build_dir/target-x86_64_musl/openssl-3.0.8/util/perl/OpenSSL/config.pm line 19.
Compilation failed in require at ./Configure line 23.
BEGIN failed--compilation aborted at ./Configure line 23.
Seems like `dnf install -y perl-IPC-Cmd` fixes the issue.
So lets fix it by checking for Perl IPC::Cmd host module availability.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Tony has reported, that CI tools job is failing for him in macOS
container due to prereq check failure for GNU `install` utility.
Michael diagnosed it and from his traces it was clear, that the issue is
caused by a wrong return value in the success check case, so lets fix it
accordingly.
Fixes: f75204036c ("prereq-build: allow host command symlinks to update")
Reported-by: Tony Ambardar <itugrok@yahoo.com>
Diagnosed-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
New kernel version 6.1 introduced new INITRAMFS option. Add them to the
Initramfs functions to correctly compile initramfs images.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This reverts commit 3b68fb57c9.
After refactoring build checks to update old symlinks,
and after a long time of no python 2 support,
this is no longer needed.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
This makes the prereq stage update the symlinks
installed into staging_dir/host/bin
by rearrainging the way they are verified.
Before, seeing or installing a symlink would result in
a successful exit code, and not installing a symlink
would result is a failed exit code. However,
that is not able to account for the difference
between existing good and bad links, or whether
the link would be the same if it was reinstalled,
because the check can match the program to a different path.
Instead, let a success exit code represent
identifying an existing symlink as exactly the same
as what would be installed if it did not exist,
and let a fail exit code represent
needing to install the symlink
or not having a match to the check criteria.
The failing exit code is caught by a new second attempt
for all of the check-* targets which will then indicate
to the user that there was an update by having a success
exit code when the check is run again and the link is the same.
When there is nothing to update, the checks will run only once.
This relies on the ls command to be POSIX-conformant with long format:
"path/to/link -> target/of/link"
Also, make sure the symlink is executable, not just a file,
and the directory only needs to be created once.
Fixes: #12610
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Commit 54070a1 was added to allow building proper SDKs with kernels <
5.10. Now that all targets use at least kernel 5.10 it can be reverted.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Some U-Boot checks for a specified uImage time and refuses to boot if
mismatched. This patch fixes it by recognizing UIMAGE_TIME parameter.
Signed-off-by: David Yang <mmyangfl@gmail.com>
Prevents subshell commands from failing to parse options
when having defined a whitespace in the VERSION_DIST.
As the called resulting images unlikely will handle
whitespace correctly, we replace them by "-".
Signed-off-by: Sven Roederer <S.Roederer@colvistec.de>
Manually adjusted before running quilt due to new location in tree:
backport-5.15/780-v5.16-bus-mhi-pci_generic-Introduce-Sierra-EM919X-support.patch
backport-5.15/781-v6.1-bus-mhi-host-always-print-detected-modem-name.patch
pending-5.15/790-bus-mhi-core-add-SBL-state-callback.patch
All other patches automatically rebased.
Build system: x86_64
Build-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod
Run-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod
Signed-off-by: John Audia <therealgraysky@proton.me>
On each generation of the archive check sum will differ, because when
checking out subversion repository, current date is used for directories
creation. Force tar to assign creation date of the last revision for all
items inside archive.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
All targets are bumped to 5.15. Remove the old 5.10 patches, configs
and files using:
find target/linux -iname '*-5.10' -exec rm -r {} \;
Further, remove the 5.10 include.
Signed-off-by: Nick Hainke <vincent@systemli.org>
This reverts commit 91e3419a33.
Now that squashfs3-lzma generates reproducible output we can drop the
empty binary. Having a binary file in the tree is not nice and we actually
also use squashfs3-lzma for devices which expect the kernel to be loaded
from a squashfs3...
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The filesystem is currently created on every build to trick the boot
loader of some FRITZ! devices into accepting the image. Sadly the
resulting squashfs-lzma filesystem is not reproducible. To fix this,
create a squashfs filesystem once and include it into the repository.
Creation happend as shown below
rm -rf empty_dir
mkdir empty_dir
./staging_dir/host/bin/mksquashfs-lzma \
empty_dir/ empty-squashfs-lzma \
-noappend -root-owned -be -nopad -b 65536 -fixed-time 0
Signed-off-by: Paul Spooren <mail@aparcar.org>
Some uses cases, like with autotools, need a path for 'true'
if we use them to force something to skip.
This will work by default on Linux hosts,
and require MacOS hosts to get coreutils,
which is currently installed in the CI
for 'macos-latest' host.
In the future, prereq stage can be reworked
to search for the actual binary
instead of relying on env.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Requires: tools/libdeflate
fix consistency of executable to use
`$(STAGING_DIR_HOST)/bin/libdeflate-gzip`, and not system-installed ones
from the usual environment `PATH`;
this affects option `CONFIG_KERNEL_INITRAMFS_COMPRESSION_GZIP`
this may have worked in the past but only via side effect of having the
binaries on the host system (and whatever unpredictable version or
patchset those might be), and did not use the improved but totally
compatible libdeflate-gzip
Fixes: 330bd380e8 ("image: allow building FIT and uImage with ramdisk")
Signed-off-by: Tony Butler <spudz76@gmail.com>
Requires: tools/bzip2
fix consistency of executable to use `$(STAGING_DIR_HOST)/bin/bzip2`, and
not system-installed ones from the usual environment `PATH`;
this affects option `CONFIG_KERNEL_INITRAMFS_COMPRESSION_BZIP2`
this may have worked in the past but only via side effect of having the
binaries on the host system (and whatever unpredictable version or
patchset those might be)
Fixes: 330bd380e8 ("image: allow building FIT and uImage with ramdisk")
Signed-off-by: Tony Butler <spudz76@gmail.com>
This reverts commit a33b97dcb1.
A new version of the squashfs4 tool patch reintroduced the -Xe option.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This adapts the engine build infrastructure to allow building providers,
and packages the legacy provider. Providers are the successors of
engines, which have been deprecated.
The legacy provider supplies OpenSSL implementations of algorithms that
have been deemed legacy, including DES, IDEA, MDC2, SEED, and Whirlpool.
Even though these algorithms are implemented in a separate package,
their removal makes the regular library smaller by 3%, so the build
options will remain to allow lean custom builds. Their defaults will
change to 'y' if not bulding for a small flash, so that the regular
legacy package will contain a complete set of algorithms.
The engine build and configuration structure was changed to accomodate
providers, and adapt to the new style of openssl.cnf in version 3.0.
There is not a clean upgrade path for the /etc/ssl/openssl.cnf file,
installed by the openssl-conf package. It is recommended to rename or
remove the old config file when flashing an image with the updated
openssl-conf package, then apply the changes manually.
An old openssl.cnf file will silently work, but new engine or provider
packages will not be enabled. Any remaining engine config files under
/etc/ssl/engines.cnf.d can be removed.
On the build side, the include file used by engine packages was renamed
to openssl-module.mk, so the engine packages in other feeds need to
adapt.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Remove the specialized copy of libtool
which was used for linking to uClibc++, which is now removed.
Also remove references to the deprecated fixup targets
that invoked this specialized libtool, which no package uses.
Ref: 6b2ed6101 ("uclibc++: remove")
Ref: c10515db6 ("re-enable the libtool PKG_BUILD_DEPENDS for PKG_FIXUP")
Ref: 246a5b334 ("More libtool madness")
Signed-off-by: Michael Pratt <mcpratt@pm.me>
This reduces open coding and allows to easily add a knob to enable
it treewide, where chosen packages can still opt-out via "no-lto".
Some packages used LTO, but not the linker plugin. This unifies 'em
all to attempt to produce better code.
Quoting man gcc(1):
"This improves the quality of optimization by exposing more code to the
link-time optimizer."
Also use -flto=auto instead of -flto=jobserver, as it's not guaranteed
that every buildsystem uses +$(MAKE) correctly.
Signed-off-by: Andre Heider <a.heider@gmail.com>
This reduces open coding and allows to easily add a knob to
enable it treewide, where chosen packages can still opt-out via
"no-gc-sections".
Note: libnl, mbedtls and opkg only used the CFLAGS part without the
LDFLAGS counterpart. That doesn't help at all if the goal is to produce
smaller binaries. I consider that an accident, and this fixes it.
Note: there are also packages using only the LDFLAGS part. I didn't
touch those, as gc might have been disabled via CFLAGS intentionally.
Signed-off-by: Andre Heider <a.heider@gmail.com>
PKG_BUILD_FLAGS is a new variable for package Makefiles similar to
PKG_FLAGS. It's a whitespace separated list of flags to control various
aspects of how a package is build.
The build system and/or .config defines the default for each, but
every package has the means to override it. Using $flagname enables
a flag, no-$flagname disables it.
Start with PKG_IREMAP as "iremap". That's easy as no package here
nor in any package feed uses it. The default is unchanged: enabled.
Packages can opt-out via:
PKG_BUILD_FLAGS:=no-iremap
(Not that any should, just to illustrate how to use it)
Signed-off-by: Andre Heider <a.heider@gmail.com>
Manually rebased:
ramips/patches-5.10/810-uvc-add-iPassion-iP2970-support.patch
All other patches automatically rebased.
Signed-off-by: John Audia <therealgraysky@proton.me>
No patches needed to be rebased.
Signed-off-by: John Audia <therealgraysky@proton.me>
Tested-by: Robert Marko <robimarko@gmail.com> #ipq807x/Dynalink WRX36
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> #ipq807x/ax3600, x86_64/FW-7543B, ath79/tl-wdr3600, ipq806x/g10, ipq806x/nbg6817
No patches rebased as a function of this bump.
Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
autoreconf wants to use the gtkdocize tool now if a configure.ac file
defines GTK_DOC_CHECk(). OpenWrt does not ship the gtkdocize tool, just
use true instead. This fixes the build of some applications like guntls.
Fixes: 030447b8f4 ("tools/autoconf: bump to 2.71")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Recent versions of Automake
have changed dependency tracking significantly
(reference commit below)
causing breakage in some package builds
when using newer Automake with packages that need autoreconf
that were bootstrapped with an old version of Automake.
Those changes cause a great inconsistency between packages over time
where some packages may or may not use this feature,
and may or may not update the .ac and .am files
to work with the new methods.
This problem might exist in many packages
where autoreconf is not currently required,
but would cause build failure if autoreconf is used.
Fortunately, this feature is practically useless
for the purposes of Openwrt and the average developer,
so we can disable it.
GNU Automake manual states in part:
"Because dependencies are only computed as a side-effect of compilation...
no dependency information exists the first time a package is built...
dependency tracking is completely useless for one-time builds..."
A nice side-effect is that build times are slightly faster.
Ref: 6a675ef17edf7109da189f5ae70e2dc6b7665896 (automake.git)
Signed-off-by: Michael Pratt <mcpratt@pm.me>
The -Xpreset option changed format and dropped the -Xe and just require
the extreme string to be passed to the -Xpreset option.
Update the LZMA_XZ_OPTIONS to reflect this change.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The name of squashfs is confusing since in reality it's a really old
version using an old lzma library. This tools is used for old ath79
netgear target and to produde a fake squasfs3 image needed for some
specific bootloader from some OEM (AVM for example)
Rename squashfs tool to squasfs3-lzma to better describe it.
Rename the installed bin from mksquashfs-lzma to mksquashfs3-lzma.
Use tar transform to migrate the root directory in tar to the new
naming.
Drop redundant PKG_CAT variable not needed anymore.
Also update any user of this tool.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Packages in general use 4 check to trigger a recompile:
- timestamp for the build_dir
- timestamp for the staging stamp dir
- depends hash for the build_dir prepared file
- presence of package archieve in dl
If host tools are prebuilt and shipped in a container or manually
installed from an archieve, it would be ideal to skip including the
package archieve and just provide the build_dir prepared files and the
staging stamp file (and the actualy prebuilt tools).
Add some logic to skip dl download for host tools if AUTOREMOVE is
selected and checks for the presence of staging dir stamp file and build
dir stamp file.
If one of these requirements are not met, the package is redownloaded
and rebuilt.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Starting from version 2.39 binutils now warns about sections with rwx
permissions. While this is generally desirable it breaks building
ARM TrustedFirmware-A bl2 which treats warnings as errors.
Disable the warning/error for now to fix build.
Reference: 0579d9f5bc
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
To download a package the LLVM bins are not strictly needed.
Currently with an example run of make package/bridger/download V=s, the
build fail with
make[2]: Entering directory '/home/ansuel/openwrt-ansuel/openwrt/package/network/services/bridger'
bash: line 1: /home/ansuel/openwrt-ansuel/openwrt/staging_dir/host/llvm-bpf/bin/clang: No such file or directory
bash: line 1: [: : integer expression expected
/home/ansuel/openwrt-ansuel/openwrt/include/bpf.mk:71: *** ERROR: LLVM/clang version too old. Minimum required: 12, found: . Stop.
make[2]: Leaving directory '/home/ansuel/openwrt-ansuel/openwrt/package/network/services/bridger'
time: package/network/services/bridger/download#0.04#0.00#0.06
ERROR: package/network/services/bridger failed to build.
This is wrong since it may be needed to download the required packages
first and then compile them later.
Fix this by ignoring the LLVM bin check on non compile steps.
Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
libdeflate decompresses much faster than gzip.
Example:
~/d/openwrt> time gzip -dc dl/cmake-3.25.1.tar.gz > /dev/null
________________________________________________________
Executed in 1.01 secs fish external
usr time 912.61 millis 1.67 millis 910.94 millis
sys time 32.21 millis 0.25 millis 31.96 millis
~/d/openwrt> time libdeflate-gzip -dc dl/cmake-3.25.1.tar.gz > /dev/null
________________________________________________________
Executed in 523.04 millis fish external
usr time 415.48 millis 1.07 millis 414.41 millis
sys time 107.74 millis 0.15 millis 107.59 millis
~/d/openwrt> time gzip -dc dl/tessdata-4.1.0.tar.gz > /dev/null
________________________________________________________
Executed in 8.99 secs fish external
usr time 8.90 secs 530.00 micros 8.90 secs
sys time 0.07 secs 63.00 micros 0.07 secs
~/d/openwrt> time libdeflate-gzip -dc dl/tessdata-4.1.0.tar.gz > /dev/null
________________________________________________________
Executed in 2.74 secs fish external
usr time 2.38 secs 537.00 micros 2.38 secs
sys time 0.35 secs 66.00 micros 0.35 secs
Place libdeflate into tools-core as it is needed to decompress other
archives.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Requires: tools/lz4, tools/lzop
complete the wiring so that these options work:
* `CONFIG_KERNEL_INITRAMFS_COMPRESSION_LZO`
* `CONFIG_KERNEL_INITRAMFS_COMPRESSION_LZ4`
Signed-off-by: Tony Butler <spudz76@gmail.com>
[remove blocking dependencies for separate ramdisk, fix lzop options]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
FACTORY_SIZE is used as a device recipe variable on both the D-Link
DIR-825-B1 and Trendnet TEW-673GRU, but is not listed as a device
variable, neither globally, nor for ath79. Being assigned the same
value, this probably hasn't caused any issues.
Add FACTORY_SIZE to the global list DEFAULT_DEVICE_VARS, to ensure the
variable is reset for every device, and to allow it to be used outside
of the ath79 target.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
BSD based OS have different fixup and doesn't require these header.
Limit these Header to Linux based OS.
Fixes: 36bc306ae6 ("prereq-build: add extra check for elfutils required header")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
STAGING_DIR may be provided from command line. We currently hardcoded
STAGING_DIR_HOST and STAGING_DIR_HOSTPKG to the default location but we
currently have some relocatable patch that derive the path from
STAGING_DIR.
Fix this and correctly derive STAGING_DIR_HOST and STAGING_DIR_HOSTPKG
from STAGING_DIR.
The intention is to fix inconsistency from the relocatable patch and the
use of STAGING_DIR_HOST that is always hardcoded.
This with a wrong configuration may end up in broken state with some
host tools expecing a PATH from STAGING_DIR and others using library
from the default staging_dir/host path.
To save downstream project the original implementation is saved while
fixing the inconsistency between patch and .mk.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
While testing tools build on an alpine image it was found that with musl
libc some header are missing for elfutils tool.
Add extra prereq-build check to make sure these header are present in
the system to correctly compile host tools.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add RequireCHeader helper that will try to compile a fake c program with
the requested header included.
This is useful to check if a specific header is present in the system
without checking for the specific path.
This is a generilized version of the current ncurses test.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Some vendors use basic gzip metadata (original filename and timestamp)
to verify valid images, along with the size of it's contents.
Also, add a new device profile variable FACTORY_IMG_NAME
which would be ideal to use with this new recipe.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Removed upstreamed:
pending-5.15/101-Use-stddefs.h-instead-of-compiler.h.patch[1]
ipq806x/patches-5.15/122-01-clk-qcom-clk-krait-fix-wrong-div2-functions.patch[2]
bcm27xx/patches-5.15/950-0198-drm-fourcc-Add-packed-10bit-YUV-4-2-0-format.patch[3]
Manually rebased:
ramips/patches-5.15/100-PCI-mt7621-Add-MediaTek-MT7621-PCIe-host-controller-.patch[4]
Added patch/backported:
ramips/patches-5.15/107-PCI-mt7621-Add-sentinel-to-quirks-table.patch[5]
All other patches automatically rebased.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.86&id=c160505c9b574b346031fdf2c649d19e7939ca11
2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.86&id=a051e10bfc6906d29dae7a31f0773f2702edfe1b
3. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.86&id=ec1727f89ecd6f2252c0c75e200058819f7ce47a
4. Quilt gave this output when I applied the patch to rebase it:
% quilt push -f
Applying patch platform/100-PCI-mt7621-Add-MediaTek-MT7621-PCIe-host-controller-.patch
patching file arch/mips/ralink/Kconfig
patching file drivers/pci/controller/Kconfig
patching file drivers/pci/controller/Makefile
patching file drivers/staging/Kconfig
patching file drivers/staging/Makefile
patching file drivers/staging/mt7621-pci/Kconfig
patching file drivers/staging/mt7621-pci/Makefile
patching file drivers/staging/mt7621-pci/TODO
patching file drivers/staging/mt7621-pci/mediatek,mt7621-pci.txt
patching file drivers/staging/mt7621-pci/pci-mt7621.c
Hunk #1 FAILED at 1.
Not deleting file drivers/staging/mt7621-pci/pci-mt7621.c as content differs from patch
1 out of 1 hunk FAILED -- saving rejects to file drivers/staging/mt7621-pci/pci-mt7621.c.rej
patching file drivers/pci/controller/pcie-mt7621.c
Applied patch platform/100-PCI-mt7621-Add-MediaTek-MT7621-PCIe-host-controller-.patch (forced; needs refresh)
Upon inspecting drivers/staging/mt7621-pci/pci-mt7621.c.rej, it seems that
the original patch wants to delete drivers/staging/mt7621-pci/pci-mt7621.c
but upstream's version was not an exact match. I opted to delete that
file.
5. Suggestion by hauke: 19098934f9
"This patch is in upstream kernel, but it was backported to the old
staging driver in kernel 5.15."
Build system: x86_64
Build-tested: bcm2711/RPi4B, filogic/xiaomi_redmi-router-ax6000-ubootmod
Run-tested: bcm2711/RPi4B, filogic/xiaomi_redmi-router-ax6000-ubootmod
Signed-off-by: John Audia <therealgraysky@proton.me>
Several devices provide U-Boot versions with only gzip compressed kernel
support (e.g. Realtek switches). This compression method produces larger
images than lzma. To save space on flash and avoid going the hard way with
lzma-loader we can make use of enhanced gzip tool based on libdeflate
compression library from https://github.com/ebiggers/libdeflate. It
keeps 100% deflate/gzip compatibility while improving compression ratio.
The image can be unpacked by the default inflate routines inside U-Boot.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
[Switched to v1.15 and made it work with cmake]
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Reviewed-by: Rosen Penev <rosenp@gmail.com>
Reviewed-by: Sander Vanheule <sander@svanheule.net>
The libraries libpthread, libdl, libutil, libanl have been integrated
into the libc library in version 2.34. it is not needed to explicitly
link them any more.
Most of the functions have been moved from the librt.so into libc.so
some time ago already.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
There are 2 different CPE IDs on the NVD website:
cpe:/a:arm:trusted_firmware-a
cpe:/o:arm:arm_trusted_firmware
The ID as currently used in trusted-firmware-a.mk does not exist. The
CPE ID using the arm_trusted_firmware product name only lists a few
records for versions 2.2 and 2.3 on the NVD site. The CPE ID using the
trusted_firmware-a product name lists many more records, and actually
has a CVE linked to it. Therefore, use the CPE ID using the
trusted_firmware-a product name.
Fixes: 104d60fe94 ("trusted-firmware-a.mk: add PKG_CPE_ID")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
No patches affected by this update.
Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
Commit a01d23e75 ("image: always rebuild kernel loaders")
is a step in the right direction, but exposed some issues
and regressions in the makefile.
Some of the files made by device specific COMPILE targets
start with an "append" command (i.e. >> instead of > redirection)
and if the file already exists, the target file is the
input to itself before the first recipe-specified input.
Fixes: a01d23e75 ("image: always rebuild kernel loaders")
Fixes: a7fb589e8 ("image: always rebuild kernel loaders")
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Most/all other tools use the staging dir prefix, gzip should as well.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Acked-by: Christian Marangi <ansuelsmth@gmail.com>
KERNEL_MAKEOPTS will get expanded when it is used and not when it is
defined in the kernel.mk file now. This fixes problems finding dependent
kernel modules when it is used by a kernel module package.
Without this change the build of packages which depend on other out of
tree modules failed when they used KERNEL_MAKE because some symbols could
not be found. This happened because KERNEL_MAKE_FLAGS which contains a
"if $(__package_mk)" was evaluated where KERNEL_MAKEOPTS was defined
and not when the KERNEL_MAKE was used. For packages which included
kernel.mk before package.mk we saw this problem. One workaround
was to use the correct include order and the other one was to not
use KERNEL_MAKE_FLAGS, but copy its content.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
Starting from version 2.39 binutils now warns about sections with rwx
permissions. While this is generally desirable it breaks building
ARM TrustedFirmware-A bl2 which treats warnings as errors.
Disable the warning/error for now to fix build.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Call 'mkdir -p $(STAGING_DIR_IMAGE)' before trying to store files in
this potentially non-existing folder.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Manually rebased: ath79/patches-5.10/910-unaligned_access_hacks.patch
All other patches automatically rebased.
Signed-off-by: John Audia <therealgraysky@proton.me>
Instead of manually overriding every cmake package that uses iconv or
gettext's paths, add the prefix in here so that at least FindIconv.cmake
works. Fixes compilation with BUILD_NLS.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Support defining a per-device loadaddress for the DTB. This is required
for devices which to not align the DTB from the bootloader correctly.
Signed-off-by: David Bauer <mail@david-bauer.net>
unetd always includes $(INCLUDE_DIR)/bpf.mk. This file always checks if
the LLVM version is supported in CLANG_VER_VALID. unetd only needs bpf
when UNETD_VXLAN_SUPPORT is set. It fails when UNETD_VXLAN_SUPPORT is
not set and llvm is not installed.
Fix it by only checking the LLVM version when a LLVM toolchain is
available.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Manually rebased:
bcm53xx/patches-5.10/180-usb-xhci-add-support-for-performing-fake-doorbell.patch
All patches automatically rebased.
Signed-off-by: John Audia <therealgraysky@proton.me>
[Move gro_skip in 680-NET-skip-GRO-for-foreign-MAC-addresses.patch to old position]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
c3e31b6a9b and 5f8e587240 disable stack validation when the build
host is not running Linux, as the objtool kernel build tool required for
stack validation is not portable to other build host environments. This
was achieved by setting CONFIG_STACK_VALIDATION= in KERNEL_MAKEOPTS, and
by setting SKIP_STACK_VALIDATION=1 in the environment. KERNEL_MAKEOPTS
only has effect for the kernel build, not for external module builds,
but through kernel 5.14, SKIP_STACK_VALIDATION worked to disable this
feature too, so stack validation was disabled for external module builds
as well. Since kernel 0d989ac2c90b, the kernel build no longer considers
SKIP_STACK_VALIDATION, so the feature will be disabled for the kernel
build, but not for external module builds.
When building OpenWrt on a non-Linux build host targeting x86 (the only
target architecture for which OpenWrt enables the kernel
CONFIG_STACK_VALIDATION) and using kernel 5.15 (such as via
CONFIG_TESTING_KERNEL), this caused a build failure during any external
module build, such as kmod-button-hotplug. This manifested as build
errors such as:
make[4]: *** No rule to make target
'.../build_dir/target-x86_64_musl/linux-x86_64/button-hotplug/button-hotplug.o',
needed by
'.../build_dir/target-x86_64_musl/linux-x86_64/button-hotplug/button-hotplug.mod'.
Stop.
Although button-hotplug.c was present, the implicit rule to make
$(obj)/%.o from $(src)/%.c in the kernel's scripts/Makefile.build could
not be satisfied in this case, as it also depends on $(objtool_dep),
non-empty as a result of the failure to propagate disabling of stack
validation to external module builds, in a configuration where it is not
possible to build objtool.
KERNEL_MAKEOPTS is used for just the kernel build itself, while
KERNEL_MAKE_FLAGS is used for both the kernel build and for external
module builds. This restores the ability to build OpenWrt in such
configurations by moving the CONFIG_STACK_VALIDATION= make argument from
KERNEL_MAKEOPTS to KERNEL_MAKE_FLAGS where it is able to affect external
module builds properly.
Note that the kernel's objtool and related configuration have seen a
major overhaul since kernel 5.15, and may need more attention again
after 22922deae13f, in kernel 5.19.
Signed-off-by: Mark Mentovai <mark@mentovai.com>
Introduce a new option in the "Advanced configuration options" to
configure a custom download tool.
By declaring a string in "Use custom download tool" an user can force
what command to use to download package. With the string empty the
default tool used is curl, with wget as a fallback if not available.
download.pl supports 3 tools officially aria2c, curl and wget.
If one of the tool is used in this config, download.pl will use the
default args to make use of them.
If the provided string is different than aria2c, curl or wget, the command
is used as is and the download url will be appended at the end of such command.
While at it also tweak the tool selection logic and chose the tool only
once when the script is called and move aria2c specific variables in the
relevant section.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
To use from the following devices in ath79 target, move edimax-header to
image-commands.mk.
- ELECOM WRC-300GHBK2-I
- ELECOM WRC-1750GHBK2-I/C
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Kernel loaders like the lzma-loader currently don't track changes to
their sources. This can lead to an old version of a loader to be used
when a build tree is not clean between builds.
As the loaders are tiny and the build times are insignificant, simply
force rebuilding them on every build to avoid this problem.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fix syntax error on macos, for substr is undefined results according to
the POSIX standard.
From expr on macos:
According to the POSIX standard, the use of string arguments length,
substr, index, or match produces undefined results. In this version of
expr, these arguments are treated just as their respective string values.
By a simple test Makefile:
define ModelNameLimit16
$(shell expr substr "$(word 2, $(subst _, ,$(1)))" 1 16)
endef
define ModelNameLimit16_2
$(shell printf %.16s "$(word 2, $(subst _, ,$(1)))")
endef
hello:
echo $(call ModelNameLimit16, technicolor_tg582n-telecom-italia)
echo $(call ModelNameLimit16_2, technicolor_tg582n-telecom-italia)
The same output is produced.
echo tg582n-telecom-i
tg582n-telecom-i
echo tg582n-telecom-i
tg582n-telecom-i
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
[ wrap commit description to 80 columns and improve it ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Move DOWNLOAD_CHECK_CERTIFICATE to include/download.mk as it's a better
place than exporting it in the global rules.mk makefile.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
While experimenting with the AUTOREMOVE option in search of a way to use
prebuilt host tools in different buildroot, it was discovered that the
md5 generated by find_md5 in depends.mk is not reproducible.
Currently the hash is generated by the path of the file in addition to
the file mod time. Out of confusion, probably, there was an idea that
such command was used on the package build_dir. Reality is that this
command is run on the package files. (Makefile, patches, src)
This is problematic because the package Makefile (for example) change at
each git clone and base the hash on the Makefile mtime doesn't really
reflect if the Makefile actually changes across a buildroot or not.
A better approach is to generate an hash of each file and then generate
an hash on the sort hash list. This way we remove the problem of git
clone setting a wrong mtime while keeping the integrity of checking if a
file changed for the package as any change will result in a different
hash.
Introduce a new kind of find_md5 function, find_md5_reproducible that
apply this new logic and limit it only with AUTOREMOVE option set to
prevent any kind of slowdown due to additional hash generation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Some OS may have the true bin to a different location than /bin/true.
BSD based system and macos have true on /usr/bin/true.
Fix this by checking both location and take the one available in the
system.
Reported-by: Sergey V. Lobanov <sergey@lobanov.in>
Suggested-by: Huangbin Zhan <zhanhb88@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
When building UML this showed up as of late (2022-09-01):
| Makefile:1335: *** Headers not exportable for UML. Stop.
This message popped up because of an upstream patch that
fixed this error not showing up sooner. For more information see:
<https://lore.kernel.org/lkml/20220901011252.550830-1-masahiroy@kernel.org/T/>
Now, I don't think we can just skip the kernel headers.
Some userspace applications are going to need these. So,
The next best alternative I can think of, is to go with
the headers by the host arch the UML is compiled for.
(Technically, ARCH= should be safe for all other targets
as well... But let's not poke a hornet's nest)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
One way to solve the python3 dependency check is to install
python3-minimal instead of python3 on Debian based systems.
Unfortunately, this results in a fairly unusable python.
Added check for ntpath, which is how the issue originally presented
itself.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Debian and by extension Ubuntu packages distutils in a suboptimal way
where import distutils works but none of the methods do.
This alternative check verifies that distutils is actually usable.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Package with whitespace in their build directory are not correctly
removed when CONFIG_AUTOREMOVE is enabled. This is caused by xargs that
use whitespace as delimiters. To handle this use \0 as the delimiter and
set find to use \0 as the delimiter.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Just like later in the file,
the precursor to <stampfile>_check
<stampfile>_check.1 is supposed to be moved to
<stampfile>_check before it is touched.
This line would error if it was ever run.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Building images usally stores them in KDIR_TMP and then copies them over
to BIN_DIR. This is fine as rebuilding of images overwrites existing
images. When using the EXTRA_IMAGE_NAME variable frequently this fills
up the ImageBuilder KDIR_TMP folder since every built image is stored
forever.
This commit clears the KDIR_TMP folder before building a new image.
Below an example how sysupgrade.openwrt.org filled up after the release
of 22.03.0 where every created image contains a hash of the package
selction in the filename:
aparcar@asu-01:~/asu/worker1/cache/22.03.0$ du -d 1 -h
400M ./kirkwood
260M ./gemini
2.0G ./ipq806x
1.7G ./ipq40xx
8.1G ./ramips
4.0K ./octeon
495M ./sunxi
728M ./lantiq
1.8G ./rockchip
3.7G ./mediatek
4.0K ./realtek
5.4G ./mvebu
8.9G ./ath79
3.0G ./bcm47xx
14G ./bcm27xx
11G ./x86
4.0K ./bcm63xx
312M ./mpc85xx
600M ./apm821xx
5.4G ./bcm53xx
66G .
Signed-off-by: Paul Spooren <mail@aparcar.org>
Dependency on xxd was added in commit c4dd2441e7 ("tools: add xxd
(from vim)") as U-Boot requires xxd to create the default environment
from an external file.
Later in commit 2b94aac7a1 ("tools: xxd: use more convenient source
tarball"), xxd from another source was used instead, but that source is
currently unavailable, so let's fix it by using simple xxdi.pl Perl
script instead.
Fixes: #10555
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Instead of relying on dtc being provided by the build host use the
dtc from $(LINUX_DIR) similar to how it's done also in u-boot.mk.
For this to work kernel.mk now needs to be included before
trusted-firmware-a.mk, add this include to all affected packages.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Removed following upstreamed patch:
* bcm53xx: 081-next-ARM_dts_BCM53015-add-mr26.patch
All other patches automagically rebased.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
python3.11 beta is out but fails to run the makefile currently
this supports python versions from 3.6 to 3.99 with the python3 binary
it also checks specifically for 3.11 as it is the latest version out
Signed-off-by: Oscar Molnar <oscar@tymscar.com>
The ulog iptables target was removed with kernel 3.17, remove the kernel
and also the iptables package in OpenWrt too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The nft NAT packages for IPv4 and IPv6 were merged into the common
packages with kernel 5.1. The kmod-nft-nat6 package was empty in our
build, remove it.
Multiple kernel configuration options were also removed, remove them
from our generic kernel configuration too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Netgear encrypted image is used in various devices including WAX202,
WAX206, and EX6400v3. This image format also requires a dummy squashfs4
image which is added here as well.
References in WAX202 GPL source:
https://www.downloads.netgear.com/files/GPL/WAX202_V1.0.5.1_Source.rar
* openwrt/bootloader/u-boot-mt7621-2018.09-gitb178829-20200526/board/ralink/common/dual_image.c
Bootloader code that verifies the presence of a squashfs4 image, thus
a dummy image is added here.
* openwrt/tools/imgencoder/src/gj_enc.c
Contains code that generates the encrypted image. There is support for
adding an RSA signature, but it does not look like the signature is
verified by the stock firmware or bootloader.
* openwrt/tools/imgencoder/src/imagekey.h
Contains the encryption key and IV. It appears the same key/IV is used
for other Netgear devices including WAX206 and EX6400v3.
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
gettext (libintl-stub) was removed in commit [1], so the libintl-stub
lib and include directories aren't existing anymore. This commit cleans
up the INTL flags for the BUILD_NLS=n case.
[1] e6f569406f
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Reviewed-by: Rosen Penev <rosenp@gmail.com>
Manual rebase by Marty Jones:
bcm27xx/patches-5.15/950-0078-BCM2708-Add-core-Device-Tree-support.patch
All other patches automatically rebased.
Signed-off-by: John Audia <therealgraysky@proton.me>
Signed-off-by: Marty Jones <mj8263788@gmail.com>
[Apply same changes to new dts entry in modified file]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The ImageBuilder does not need git or rsync since it only glues files
together, packages are downloaded via wget and not rsync.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[ solve conflict with additional git prereq test ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This avoids a dangling symlink to self when reinstalling the toolchain:
./staging_dir/toolchain-mips_24kc_gcc-9.3.0_musl/lib/lib -> lib
This is caused by the fact that in the toolchain dir we have
'lib64 -> lib'
and on executing
'ln lib ./staging_dir/toolchain-mips_24kc_gcc-9.3.0_musl/lib64'
ln dereference the symbolic link 'lib64' to 'lib' so the REAL command is
'ln lib ./staging_dir/toolchain-mips_24kc_gcc-9.3.0_musl/lib'
this results in the dangling symlink to self.
Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
[ add more details to the commit description and fix title ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
No patches rebased, just checksum update for this refresh.
Build system: x86_64
Build-tested: ipq806x/R7800
Signed-off-by: John Audia <therealgraysky@proton.me>
No patches required a rebase, just updated checksum.
Build system: x86_64
Build-tested: ipq806x/R7800
Signed-off-by: John Audia <therealgraysky@proton.me>
This updates prereq-build.mk to find a suitable realpath utility, and
adds another place to look for a suitable getopt utility.
realpath has been used most notably by scripts/ipkg-build since
commit bb95be9265 ("scripts,ipkg-build: use realpath for pkg_dir")
and there are assorted other uses of it during a build.
It is ordinarily provided by GNU coreutils. This adds a SetupHostCommand
to locate it either under its own name or under grealpath, the name that
it will be available as under MacPorts or Homebrew, which use
--program-prefix=g.
Similarly, update the SetupHostCommand for getopt to be able to locate a
util-linux getopt at the default path used by MacPorts, in the same
fashion that
commit cc16f5d73e ("build: try to find getopt in macOS homebrew's standard location")'
did for Homebrew. As there is no standard alternative --program-prefix
for util-linux utilities in the way that GNU packages often use a "g"
prefix, this path-based approach is required in case a non-util-linux
getopt (such as one provided by an OS) shadows the util-linux getopt
in the PATH.
Signed-off-by: Mark Mentovai <mark@moxienet.com>
Compiler option -no-plt will break kernel builds on some architectures
eg. (x86) Filter this option from the recently introduced handling of
KCFLAGS vs EXTRA_OPTIMISATION
Fixes: 1d42af720c ("kernel: use KCFLAGS for passing EXTRA_OPTIMIZATION flags")
Suggested-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This uses kernel's generic variable and doesn't require patching it with
a custom Makefile change. It's expected *not* to change any behaviour.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
With some OS (Guix) the git submodule command is wrapped in
a script. Current logic parse the git submodule script directly.
If it's wrapped the prereq check wrongly fails while 'git submodule
--recursive' is actually available.
Add an additional check that try to directly use the 'git submodule'
command to check if the prereq is satisfied.
Fixes: #9986
Reported-by: Attila Lendvai <attila@lendvai.name>
Suggested-by: Attila Lendvai <attila@lendvai.name>
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
Delete the crypto-lib-blake2s kmod package, as BLAKE2s is now built-in.
Patches automatically rebased.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Delete the crypto-lib-blake2s kmod package, as BLAKE2s is now built-in.
Patches automatically rebased.
Build system: x86_64
Build-tested: ipq806x/R7800, x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
If you change SCAN_EXTRA variable with "-path target/linux/xxxx" in
include/toplevel.mk for speed up scan, find will warn with:
find: warning: you have specified the global option -maxdepth after
the argument -path, but global options are not positional, i.e.,
-maxdepth affects tests specified before it as well as those specified
after it. Please specify global options before other arguments.
The find option -mindepth -maxdepth are global options and must be
before any path option. Change order of $(SCAN_EXTRA) after -mindepth
and -maxdepth to fix this.
Signed-off-by: Leo Chung <gewalalb@gmail.com>
[capitalize Description, Author and Sob and minor description tweak]
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
According to the GNU make manual, specifying library paths should be
done in LDFLAGS rather than LDLIBS. Replace KBUILD_HOSTLDLIBS with
KBUILD_HOSTLDFLAGS to pass the host lib directory.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
HOST_LOADLIBES was renamed to KBUILD_HOSTLDLIBS in kernel 4.19. As the
oldest kernel version we support is 5.10, cleanup HOST_LOADLIBES use.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Image metadata and signature is of no use for images which are included
inside other artifacts (like an SD-card image). Strip them off before
using images in artifacts or stashing them for the ImageBuilder as the
contained signature breaks reproducibility.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Make it clear, that for `make kernel_{menu,old}config` it's possible to
use only following values for CONFIG_TARGET variable:
* env
* target
* subtarget
* subtarget_target
This should prevent misuse like `make kernel_menuconfig
CONFIG_TARGET=bcm2710` etc.
Keep support for obsolete `platform` and `subtarget_platform` targets
with deprecation notice so this compat stuff could be removed in the
future.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Acked-by: Piotr Dymacz <pepe2k@gmail.com>
Both legacy iptables and nftables require nf-log modules for rule logging,
so move them into a separate package both firewall implementations can
depend on.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
ARM Trusted Firmware builds do not depend on any target libraries as
they are bare-metal builds. However, the compiler aborts due to
-Werror=missing-include-dirs if the include dir doesn't exists and this
can happen when building with parallelisation as that makes it likely
for arm-trusted-firmware-* to be build very early before any of the
libraries which would implicitely create the directory.
Fix this by making sure the include dir exists before building.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Make sure the timestamp of the root directory of the initramfs is set
to SOURCE_DATE_EPOCH as well.
Fixes: 29d7461d11 ("kernel: set options to make external initramfs reproducible")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Introduce `sha256_unsigned` which is a checksum of the image _before_ a
signature is attached. This is helpful to compare image reproducibility.
Since the `.sha256sum` file is located in the $(KDIR) folder, switch
$(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR)
itself is not stored inside the resulting JSON file, so it can be
replaced.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Make sure xz uses at least 2 threads so compression always runs in
multi-threaded mode as the resulting file in single-threaded mode
differs.
Fixes: 29d7461d11 ("kernel: set options to make external initramfs reproducible")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Drop the -processors argument from the mksquashfs4 call, so it will use
all available processors. This dramatically reduces the time to create
squashfs filesystems.
The times below are observed when building an image for my main router,
the WatchGuard Firebox M300 (qoriq target):
Before:
real 4m45,973s
After:
real 0m23,497s
With this commit `mksquashfs` may use more cores than defined via `-j`.
This is the same behaviour as for archive creation of ImageBuilder, SDK
or toolchain. There is no trivial way to limit `mksquashfs` CPU core
usage to the amount of "free" make jobs since two running `mksquashfs`
instances would each run with the total allowed number (-j) of threads.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[extended reasoning in commit message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
the cache directory should be autom4te.cache in all $(PKG_AUTOMAKE_PATHS)
rather than $(PKG_BUILD_DIR)/autom4te.cache only
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
Add new module require in 5.15
- Changes in block module
- Changes in netfilter module (log module unified)
- Changes in fs module (mainly new depends for cifs and new ntfs3 module)
- Changes in lib add shared lib now used by more than 1 kmod
- Changes in crypto, dropped one crypto algo added arm crypto accellerator
- Changes in other, add zram default compressor choice and missing lib
by tpm module
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
engine.mk is supposed to be included by engine packages, but it will not
be present in the SDK in the same place as in the main repository.
Move it to include/openssl-engine.mk to avoid this.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
As the upcoming release will be based on Linux 5.10 only, remove all
kernel configuration as well as patches for Linux 5.4.
There were no targets still actively using Linux 5.4.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
HOST_PATCH_DIR is used for host patches, not PATCH_DIR.
Fixes refreshing patches with a custom HOST_PATCH_DIR.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Remove "--mtime" option introduced in commit 18c9faa032 ("tools: zip:
add option for reproducible archives") and instead fetch SOURCE_DATE_EPOCH
environment variable directly in the code.
Ref: https://sourceforge.net/p/infozip/patches/25/
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Zip uses DOS timestamp for mtime which is stored in local time and hence
depends on the timezone of the build system. Force zip to use UTC timezone
to make image builds more reproducible.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
For debugging purposes, we need to know if users are using modified
U-boot versions or not. Currently, the U-boot version is somehow
stripped. This is a little bit problematic when there are
backported/wip/to-upstream patches.
To make it more confusing, there was (before this commit) two U-boot
versioning. U-boot compiled by OpenWrt build bots are missing ``Build:``
This is also the case when the U-boot is compiled locally.
Example:
```
U-Boot SPL 2022.01 (Jan 27 2022 - 00:24:34 +0000)
U-Boot 2022.01 (Jan 27 2022 - 00:24:34 +0000)
```
On the other hand, if you run full build, you can at least see, where it
was compiled. Notice added ``Build:``.
Example:
```
U-Boot 2022.01 (Jan 27 2022 - 00:24:34 +0000), Build: jenkins-turris-os-packages-burstlab-omnia-216
```
In both cases, it is not clear to U-boot developers if it is an unmodified
build. This is also caused that there is a missing ``.git`` file from
U-boot folder, and so there is no history. It leads to that it can not
contain suffix ``-dirty`` (uncommitted modifications) or even something
else like number of commits, etc. [1]
When U-boot is compiled as it should be, the version should look like
this: ``U-Boot 2022.04-rc1-01173-g278195ea1f (Feb 11 2022 - 14:46:50 +0100)``
The date is not changed daily when there are new OpenWrt builds.
This commit adds OpenWrt specific version, which could be verified by
using strings.
```
$ strings bin/targets/mvebu/cortexa9/u-boot-omnia/u-boot-spl.kwb | grep -E "OpenWrt*"
U-Boot SPL 2022.01-OpenWrt-r18942+54-cbfce92367 (Feb 21 2022 - 13:17:34 +0000)
arm-openwrt-linux-muslgnueabi-gcc (OpenWrt GCC 11.2.0 r18942+54-cbfce92367) 11.2.0
2022.01-OpenWrt-r18942+54-cbfce92367
U-Boot 2022.01-OpenWrt-r18942+54-cbfce92367 (Feb 21 2022 - 13:17:34 +0000)
```
[1] https://u-boot.readthedocs.io/en/latest/develop/version.html
Reported-by: Pali Rohár <pali@kernel.org>
Suggested-by: Karel Kočí <karel.koci@nic.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
If a image is bigger than the device can handle, an error message is
printed. This is usually silenced and silently ignored, making it harder
to debug. While it's possible to run the build in verbose mode (via
`make V=s`) and grep for *is too big*, it's more intuitive to print the
error message directly. For that use the newly unlocked `$(call
ERROR_MESSAGE,...)` definition which now also print in non-verbose mode.
Fixes: FS#50 (aka #7604)
Signed-off-by: Paul Spooren <mail@aparcar.org>
Using `make -j9` only prints a subset of messages to follow the build
process progressing. However this silently skips over errors which might
be of interested. Using `make V=s` easily floods the terminal making it
hard to find error messages between the lines.
A compromise is the usage of `$(call ERROR_MESSAGE,...)` which prints a
message in red. This function is silenced in the non-verbose mode, even
if only used at a single place in `package/Makefile` where it notifies
about a OPKG corner case.
This commit moves the `ERROR_MESSAGE` definition outside of the
`OPENWRT_VERBOSE` condition and print error messages in every mode.
With this in place further error messages are possible.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Toplevel Make is not aware about changes in the `scripts/config/*conf`
targets and this is causing issues for during update to that part of
build tree, where one needs to handle this manually by either force
rebuilding the targets or running `make config-clean`. Fix this by
forcing the rebuild if necessary.
Fixes: #9297
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Had to update generic defconfig (make kernel_menuconfig CONFIG_TARGET=generic)
for this bump, but since that only modifies the target defined in .config,
and since that target also needed to be updated for unrelated reasons, manually
propagated the newly added symbol to the generic config.
Removed upstreamed:
pending-5.10/860-Revert-ASoC-mediatek-Check-for-error-clk-pointer.patch[1]
All other patches automatically rebased.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.99&id=080f371d984e8039c66db87f3c54804b0d172329
Build system: x86_64
Build-tested: bcm2711/RPi4B, mt7622/RT3200
Run-tested: bcm2711/RPi4B, mt7622/RT3200
Signed-off-by: John Audia <graysky@archlinux.us>
ipTIME AX2004M is an 802.11ax (Wi-Fi 6) router, based on MediaTek
MT7621A.
Specifications:
* SoC: MT7621A
* RAM: 256 MiB
* Flash: NAND 128 MiB
* Wi-Fi:
* MT7915D: 2.4/5 GHz (DBDC)
* Ethernet: 5x 1GbE
* Switch: SoC built-in
* USB: 1x 3.0
* UART: J4 (115200 baud)
* Pinout: [3V3] (TXD) (RXD) (GND)
MAC addresses:
| interface | MAC address | source | comment
|-----------|-------------------|----------------|---------
| LAN | 58:xx:xx:00:xx:9B | | [1]
| WAN | 58:xx:xx:00:xx:99 | |
| WLAN 2G | 58:xx:xx:00:xx:98 | factory 0x4 |
| WLAN 5G | 5A:xx:xx:40:xx:98 | |
| | 58:xx:xx:00:xx:98 | config ethaddr |
[1] Used in this patch as WLAN 5G MAC address with the local bit set
Load addresses:
* stock
* 0x80010000: FIT image
* 0x81001000: kernel image -> entry
* OpenWrt
* 0x80010000: FIT image
* 0x82000000: uncompressed kernel+relocate image
* 0x80001000: relocated kernel image -> entry
Notes:
* This device has a dual-boot partition scheme, but this firmware works
only on boot partition 1. The stock web interface will flash only on the
inactive boot partition, but the recovery web page will always flash on
boot partition 1.
Installation via recovery mode:
1. Press reset button, power up the device, wait >10s for CPU LED
to stop blinking.
2. Upload recovery image through the recovery web page at 192.168.0.1.
Revert to stock firmware:
1. Install stock image via recovery mode.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
When using a non default MESON_HOST_BUILD_DIR, HOST_BUILD_DIR is not
appropriate to use. This change matches the target configure section.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Commit f4a79148f8 ("ramips: add support for ipTIME AX2004M") seems to
leak KERNEL_LOADADDR 0x82000000 to other devices, causing the to no
longer boot. The leak is visible in u-boot:
Using 'config-1' configuration
Trying 'kernel-1' kernel subimage
Description: MIPS OpenWrt Linux-5.10.92
Type: Kernel Image
Compression: lzma compressed
Data Start: 0x840000e4
Data Size: 10750165 Bytes = 10.3 MiB
Architecture: MIPS
OS: Linux
Load Address: 0x82000000
Entry Point: 0x82000000
Normally, it should look like this:
Using 'config-1' configuration
Trying 'kernel-1' kernel subimage
Description: MIPS OpenWrt Linux-5.10.92
Type: Kernel Image
Compression: lzma compressed
Data Start: 0xbfca00e4
Data Size: 2652547 Bytes = 2.5 MiB
Architecture: MIPS
OS: Linux
Load Address: 0x80001000
Entry Point: 0x80001000
Revert the commit to avoid more people soft-bricking their devices.
This reverts commit f4a79148f8.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
ipTIME NAS1 is a 1-bay NAS, based on Marvell Kirkwood SoC.
Specifications:
* SoC: 88F6281
* RAM: 256 MiB
* Flash: SPI NOR 16 MiB
* SATA: 1x 3Gb/s
* Ethernet: 1x 1GbE
* USB: 1x 2.0
* Fan: 2 speed level
* UART: JP1 (115200 8N1)
* Pinout: [3V3] (TXD) (RXD) (GND)
Notes:
* There are several variants of the model name: "NAS-I", "NASI", "NAS1".
Here "NAS1" is adopted for consistent naming scheme.
* The reset button is also a USB copy button in stock FW,
but in this patch the former is the only default behavior.
Installation via web interface:
1. Flash sysupgrade image through the stock web interface.
Revert to stock firmware:
1. Perform sysupgrade with stock image.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
This allows to implement statefull bridge filtering
As the uncompressed size is only 7.6k (arm64), just add
nf_conntrack_bridge.ko to kmod-nft-bridge package
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>