Commit Graph

49023 Commits

Author SHA1 Message Date
Adrian Schmutzler
04b99d9539 ramips/mt7628: fix portmap based on board.d port assignment
When comparing to the port assignment in board.d/02_network, a few
devices seem to use the wrong setup of mediatek,portmap.

The corrects the values for mt76x8 subtarget based on the location
of the wan port.

A previous cleanup of obviously wrong values has already been done in
7a387bf9a0 ("ramips: mt76x8: fix bogus mediatek,portmap")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-10 12:33:38 +02:00
Andreas Böhler
ab74def0db ath79: add support for TP-Link TL-WPA8630P v2
The TL-WPA8630P v2 is a HomePlug AV2 compatible device with a QCA9563 SoC
and 2.4GHz and 5GHz WiFi modules.

Specifications
--------------

  - QCA9563 750MHz, 2.4GHz WiFi
  - QCA9888 5GHz WiFi
  - 8MiB SPI Flash
  - 128MiB RAM
  - 3 GBit Ports (QCA8337)
  - PLC (QCA7550)

MAC address assignment
----------------------

WiFi 2.4GHz and LAN share the same MAC address as printed on the label.
5GHz WiFi uses LAN-1, based on assumptions from similar devices.

LAN Port assignment
-------------------

While there are 3 physical LAN ports on the device, there will be 4
visible ports in OpenWrt. The fourth port (internal port 5) is used
by the PowerLine Communication SoC and thus treated like a regular
LAN port.

Versions
--------

Note that both TL-WPA8630 and TL-WPA8630P, as well as the different
country-versions, differ in partitioning, and therefore shouldn't be
cross-flashed.

This adds support for the two known partitioning variants of the
TL-WPA8630P, where the variants can be safely distinguished via the
tplink-safeloader SupportList. For the non-P variants (TL-WPA8630),
at least two additional partitioning schemes exist, and the same
SupportList entry can have different partitioning.
Thus, we don't support those officially (yet).

Also note that the P version for Germany (DE) requires the international
image version, but is properly protected by SupportList.

In any case, please check the OpenWrt Wiki pages for the device
before flashing anything!

Installation
------------

Installation is possible from the OEM web interface. Make sure to
install the latest OEM firmware first, so that the PLC firmware is
at the latest version. However, please also check the Wiki page
for hints according to altered partitioning between OEM firmware
revisions.

Additional thanks to Jon Davies and Joe Mullally for bringing
order into the partitioning mess.

Signed-off-by: Andreas Böhler <dev@aboehler.at>
[minor DTS adjustments, add label-mac-device, drop chosen, move
common partitions to DTSI, rename de to int, add AU support strings,
adjust TPLINK_BOARD_ID, create common node in generic-tp-link.mk,
adjust commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-10 11:48:08 +02:00
Thomas Petazzoni
12178be465 procd: add SELinux support
This commit adds a patch to procd to support loading the SELinux
policy early at boot time, and adjusts the procd package to use this
SELinux support when libselinux is enabled.

The procd patch has been submitted separately [1]: obviously the
intent is to have it merged in the procd Git repository rather than
have it in OpenWrt itself.

[1] http://lists.infradead.org/pipermail/openwrt-devel/2019-November/025791.html

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, add commit message]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
[split commit into openwrt.git and procd.git]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-10 09:54:50 +01:00
Daniel Golle
42abe56f1b kernel: further clean-up options and defaults
Remove `if !SMALL_FLASH` in places which are anyway already augmented
by `if !SMALL_FLASH`.
Always enable CONFIG_BLK_DEV_THROTTLING on !SMALL_FLASH devices rather
than just enabling it on bcm27xx.
Enabled CPU bandwidth provisioning for FAIR_GROUP_SCHED on !SMALL_FLASH
devices as CONFIG_FAIR_GROUP_SCHED is already enabled and becomes more
useful for cgroups with that option enbled as well.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-10 09:54:14 +01:00
Daniel Golle
cfe235c436 kernel: modules: add package kmod-iosched-bfq
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-10 09:52:31 +01:00
Thomas Petazzoni
9e7ef46065 tools: add fakeroot
SELinux support requires setting the appropriate SELinux security context
to files and directories, which needs to happen at build time in order
to support read-only root filesystem scenarios. In order to create these
security contexts, we will have to run some SELinux-specific tools on
the host machine, but that requires root access. This adds support for
fakeroot, which the build process will use to run the SELinux security
context creation and the image creation.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Apply to current master, and adjust commit message

Thomas' original work is available at
http://lists.infradead.org/pipermail/openwrt-devel/2019-November/025976.html.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
[add rules.mk FAKEROOT variable]
Signed-off-by: Paul Spooren <mail@aparcar.org>
[update, fix macos build]
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-10 10:09:55 +02:00
Piotr Stefaniak
e27fbae63c tools/cmake: fix typo in parallel make patch
The variable in the case argument was mistyped, so the case always
checked against an empty string and never matched.

Fix the variable name. Add a PKG_RELEASE to Makefile so we can bump it.

Fixes: d6de31310c ("cmake: restore parallel build support for bootstrap")

Signed-off-by: Piotr Stefaniak <pstef@freebsd.org>
[add commit message, add PKG_RELEASE, fix commit title, add Fixes:]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-10 00:01:51 +02:00
Adrian Schmutzler
c25c9e98f5 Revert "build: fix typo in cmake patch"
This reverts commit 685570858d.

The commit had several formal flaws, revert it and hopefully apply
it properly next time.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-09 23:59:20 +02:00
Christoph Krapp
eb95ca3b5c uboot-envtools: ar71xx: add ZyXEL NBG6616 uboot env support
This adds support for ZyXEL NBG6616 uboot-env access

Signed-off-by: Christoph Krapp <achterin@googlemail.com>
[add "ar71xx" to commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-09 23:57:17 +02:00
Christoph Krapp
982c1f6e42 ar71xx: change u-boot-env to read-write for ZyXEL NBG6616
As the ath79 port of this device uses a combined kernel + root
partition the uboot bootcmd variable needs to be changed. As using
cli/luci is more convenient than opening up the case and using a uart
connection, lets unlock the uboot-env partition for write access.

Signed-off-by: Christoph Krapp <achterin@googlemail.com>
2020-08-09 23:57:17 +02:00
Piotr Stefaniak
685570858d build: fix typo in cmake patch
The variable in the case argument was mistyped, so the case always
checked against an empty string and never matched.

Fix the variable name.

Signed-off-by: Piotr Stefaniak <pstef@freebsd.org>
[add commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-09 23:57:17 +02:00
Felix Fietkau
5d8fded26a kernel: add missing config symbols
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-09 14:01:52 +02:00
Felix Fietkau
eff8c76aa0 mac80211: fix spurious disconnect issues with disassoc_low_ack=1 (default)
mac80211 reports a packet loss event to user space when 50 consecutive packets
were not acked. On a high throughput link with long aggregates and sudden
link changes, this can trigger way too easily.
Mitigate false positives by only triggering the event on a packet loss if
no ACK was received for at least a second

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-08-09 14:01:49 +02:00
Adrian Schmutzler
e81e625ca3 treewide: add sysupgrade comment for early DSA-adopters
Add a specific comment for early DSA-adopters that they can keep
their config when prompted due to compat-version increase.

This is a temporary solution, the patch should be simply reverted
before any release.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-08 20:56:12 +02:00
Adrian Schmutzler
372529d311 ath79: add support for TP-Link TL-WA901ND v3
This ports support for the TL-WA901ND v3 from ar71xx to ath79.
Most of the hardware is shared with the TL-WA850/860RE v1 range
extenders. It completes the TL-WA901ND series in ath79.

Specifications:
  Board: AP123 / AR9341
  Flash/RAM: 4/32 MiB
  CPU: 535 MHz
  WiFi: 2.4 GHz b/g/n
  Ethernet: 1 port (100M)

Flashing instructions:
  Upload the factory image via the vendor firmware upgrade option.

This has not been tested on device, but port from ar71xx is
straightforward and the device will be disabled by default anyway.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-08 20:40:48 +02:00
Ansuel Smith
df3ad130d5 ipq806x: replace patches with upstream version
Replace all the custom patches with the backported upstream version

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[refresh patches]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-08 18:07:17 +02:00
Adrian Schmutzler
4f1a51f438 ath79: drop redundant kmods-leds-gpio
The ath79 target has CONFIG_LEDS_GPIO=y set in kernel config, so
no need to pull the kmod-leds-gpio module for specific devices.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-08 16:13:51 +02:00
Adrian Schmutzler
1eac573b53 ramips: mt7621: implement compatibility version for DSA migration
This implements the newly introduced compat-version to prevent
broken upgrade between swconfig and DSA for ramips' mt7621 subtarget.

In order to make the situation more transparent for the user, and
to prevent large switch-cases for devices, it is more convenient to
have the entire subtarget 1.1-by-default. This means that new devices
will be added with 1.1 from the start, but in contrast we don't need
to switch them in board.d files. Apart from that, users that manually
backport devices to 19.07 with swconfig will have an equivalent
upgrade experience to officially supported devices.

Since DSA support on mt7621 is out for a while already, this applies
the same uci-defaults workaround for early adopters as already
done for kirkwood and mvebu in previous commits.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-08 16:13:51 +02:00
Adrian Schmutzler
fbd4214bb0 build: improve message for incompatible image on "legacy" devices
It has been reported that the current message displayed during
upgrade with compat_version change is misleading for "legacy"
devices, i.e. those without the "new" fwtool. This is partially
caused by the fact that we need to exploit the supported_devices
string to get some message text displayed for these devices.

This patch modifies the message to make it more helpful and
include additional information, e.g.

  Device linksys,wrt3200acm not supported by this image
  Supported devices: linksys,wrt3200acm linksys-whateverelse - Image
  version mismatch: image 1.1, device 1.0. Please wipe config during
  upgrade (force required) or reinstall. Reason: Config cannot be
  migrated from swconfig to DSA

Note that the line breaks (except the one before Supported devices)
are added manually here, I hesitate to hack \n into the
supported_devices as well. The "Reason:" will only be displayed if
DEVICE_COMPAT_MESSAGE is set for the device, otherwise
"Please check documentation ..." will be shown instead.

While at it, also rearrange the code in image-commands.mk to
make lines shorter and remove the double filter-out command.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-08 16:13:51 +02:00
Adrian Schmutzler
86c89bf5e8 kirkwood: fix sysupgrade experience for early DSA-adopters
Conceptually, the compat-version during sysupgrade is meant to
describe the config. Therefore, if somebody starts with a device on
19.07 and swconfig, and that person does a forceful upgrade into a
DSA-based firmware without wiping his/her config, then the local
compat-version should stay at 1.0 according to the config present
(and not get updated).

However, this poses a problem for those people that early-adopted
DSA in master, as they already have adjusted their config for DSA,
but it still is "1.0" as far as sysupgrade is concerned. This can
be healed by a simple

   uci set system.@system[0].compat_version="1.1"
   uci commit system

But this needs to be applied _after_ the upgrade (as the "old" fwtool
on the old installation does not know about compat_version) and it
requires access via SSH (i.e. no pure GUI solution is available for
this group of people, apart from wiping their config _again_ for
no technical reason). Despite, the situation will not become
obvious to those just upgrading via GUI, they will just have the
experience of a "broken upgrade".

This is a conflict which cannot be resolved by achieving both goals,
we have to decide to either keep the strict concept or improve the
situation for early adopters.

In this patch, we address the issue by providing a uci-defaults
script that will raise the compat_version for _all_ people upgrading
into a 1.1 image, no matter whether they have reset config or not.
The idea is to implement this as a _temporary_ solution, so early
adopters can upgrade into the new mechanism without issues, and
after a few weeks/months we could remove the uci-defaults script
again.

If we e.g. remove the script just before 20.xx.0-rc1, early adopters
should have moved on by then, and existing stable users would still
get the intended experience.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-08 16:13:51 +02:00
Adrian Schmutzler
a9703db720 mvebu: fix sysupgrade experience for early DSA-adopters
Conceptually, the compat-version during sysupgrade is meant to
describe the config. Therefore, if somebody starts with a device on
19.07 and swconfig, and that person does a forceful upgrade into a
DSA-based firmware without wiping his/her config, then the local
compat-version should stay at 1.0 according to the config present
(and not get updated).

However, this poses a problem for those people that early-adopted
DSA in master, as they already have adjusted their config for DSA,
but it still is "1.0" as far as sysupgrade is concerned. This can
be healed by a simple

   uci set system.@system[0].compat_version="1.1"
   uci commit system

But this needs to be applied _after_ the upgrade (as the "old" fwtool
on the old installation does not know about compat_version) and it
requires access via SSH (i.e. no pure GUI solution is available for
this group of people, apart from wiping their config _again_ for
no technical reason). Despite, the situation will not become
obvious to those just upgrading via GUI, they will just have the
experience of a "broken upgrade".

This is a conflict which cannot be resolved by achieving both goals,
we have to decide to either keep the strict concept or improve the
situation for early adopters.

In this patch, we address the issue by providing a uci-defaults
script that will raise the compat_version for _all_ people upgrading
into a 1.1 image, no matter whether they have reset config or not.
The idea is to implement this as a _temporary_ solution, so early
adopters can upgrade into the new mechanism without issues, and
after a few weeks/months we could remove the uci-defaults script
again.

If we e.g. remove the script just before 20.xx.0-rc1, early adopters
should have moved on by then, and existing stable users would still
get the intended experience.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-08 16:13:51 +02:00
Sungbo Eo
de78747de1 ramips: use lzma-loader for RT5350F-OLinuXino devices
The bootloader fails to extract a big kernel, e.g. v5.4 kernel image
with ALL_KMODS enabled. This can be fixed by using lzma-loader.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-08-08 16:13:51 +02:00
Sungbo Eo
a40ddc2195 ramips: adjust LZMA_TEXT_START for 32MB RAM devices
Currently the lzma-loader is placed in RAM at 32MB offset, which does not
make sense for devices with only 32MB RAM. If we adjust LZMA_TEXT_START to
24MB offset, then the lzma-loader can be used on those devices and still
about 24MB memory will be available for uncompressed image, which should be
enough for most use cases.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-08-08 16:13:51 +02:00
David Bauer
1bfba18a36 mac80211: exchange mesh 6GHz IE patch for upstream accepted
Exchange the patch fixing the kernel ringbuffer WARNING flood for the
one accepted upstream.

Fixes commit a956c14d6a ("mac80211: util: don't warn on missing sband
iftype data")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-08-08 10:31:57 +02:00
Jo-Philipp Wich
bc1c9fdc20 hostapd: recognize option "key" as alias for "auth_secret"
The hostapd configuration logic is supposed to accept "option key" as
legacy alias for "option auth_secret". This particular fallback option
failed to work though because "key" was not a registered configuration
variable.

Fix this issue by registering the "key" option as well, similar to the
existing "server" nad "port" options.

Ref: https://github.com/openwrt/openwrt/pull/3282
Suggested-by: Michael Jones <mike@meshplusplus.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-07 21:19:29 +02:00
Jo-Philipp Wich
321503dbf3 hostapd: make "key" option optional if "wpa_psk_file" is provided
If an existing "wpa_psk_file" is passed to hostapd, the "key" option may
be omitted.

While we're at it, also improve the passphrase length checking to ensure
that it is either exactly 64 bytes or 8 to 63 bytes.

Fixes: FS#2689
Ref: https://github.com/openwrt/openwrt/pull/3283
Suggested-by: Michael Jones <mike@meshplusplus.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-07 21:04:02 +02:00
David Bauer
a4e72013e7 exfat: add dependency on nls-base
Add a dependency on kmod-nls-base for the new exfat driver. Otherwise
the build fails on ramips and ath79 on kernel 5.4:

Package kmod-fs-exfat is missing dependencies for the following libraries:
nls_base.ko

Fixes commit cd41234d2f ("exfat: add out of tree module")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-08-07 16:51:58 +02:00
Adrian Schmutzler
1d5b08ca51 om-watchdog: fix board name for teltonika,rut5xx
The board name is equivalent to the compatible, not the device
definition. Fix it.

Fixes: b4588c8538 ("kernel/om-watchdog: Apply device renames from ramips")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-07 16:30:55 +02:00
Adrian Schmutzler
1634461bd2 ramips: switch rt288x subtarget to kernel 5.4
The sbutarget has testing support for kernel 5.4 for quite a while
and builds fine, however, only one devices there is > 4 MiB.

Since it's unlikely to get a Tested-by for that device, and the other
ralink subtargets appear to be working with 5.4 so far, let's set
this target to 5.4 by default as well.

That way, even if the device happens to break, we'll still have at
least usable SDK and IB for people to use.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-07 14:51:20 +02:00
Hans Dedecker
f74edb3e95 nat46: update to latest git HEAD
71e9f09 nat46-core: fix compilation with kernel 5.4

Remove 100-kernel-5.4-compat patch as upstream accepted

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-07 13:40:26 +02:00
Adrian Schmutzler
7c07a0f4c3 ramips/mt7620: fix portmap based on board.d port assignment
When comparing to the port assignment in board.d/02_network, many
devices seem to use the wrong setup of mediatek,portmap.

The corrects the values for mt7620 subtarget based on the location
of the wan port.

A previous cleanup of obviously wrong values has already been done in
d3c0a94405 ("ramips: mt7620/mt7621: remove invalid mediatek,portmap")

Cc: Sungbo Eo <mans0n@gorani.run>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-07 13:01:18 +02:00
Petr Štetiar
c487cf8e94 hostapd: add wpad-basic-wolfssl variant
Add package which provides size optimized wpad with support for just
WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
[adapt to recent changes, add dependency for WPA_WOLFSSL config]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-07 12:02:19 +02:00
Adrian Schmutzler
121c021989 ramips: invert wpad selection for mt7621
For ramips/mt7621, the wpad-basic package is not selected by default,
but added for every device individually as needed.

While this might be technically correct if the SoC does not come with
a Wifi module, only 18 of 97 devices for that platform are set up
_without_ wpad-basic currently.

Therefore, it seems more convenient to add wpad-basic by default for
the subtarget and then just remove it for the 18 mentioned devices,
instead of having to add it for about 60 times instead.

This would also match the behavior of the 5 other subtargets, where
wpad-basic/wpad-mini is added by default as well, and thus be more
obvious to developers without detailed SoC knowledge.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-07 12:02:19 +02:00
Álvaro Fernández Rojas
24f7ae814a bcm63xx: add missing endif board comnents
This provides better context for board patches.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-08-07 11:09:06 +02:00
Jo-Philipp Wich
4a6795409d base-files: functions.sh: fix config_get() on invalid identifiers
When passing a section or option value to config_get() which contains
characters that happen to be valid variable interpolation expressions,
the function returns a nonsensical expression result instead of the
expected empty string.

When the passed section or option name contains other characters which
are not valid within a shell variable name, a substitution error is
occuring instead.

The issue can be easily reproduced by one of the following examples:

    root@OpenWrt:~# . /lib/functions.sh
    root@OpenWrt:~# config load system
    root@OpenWrt:~# config_get variable invalid-section option
    root@OpenWrt:~# echo "$variable"
    section_option:-

    root@OpenWrt:~# . /lib/functions.sh
    root@OpenWrt:~# config load system
    root@OpenWrt:~# config_get variable section invalid-option
    root@OpenWrt:~# echo "$variable"
    option:-

    root@OpenWrt:~# . /lib/functions.sh
    root@OpenWrt:~# config load system
    root@OpenWrt:~# config_get variable section invalid@option
    -ash: eval: syntax error: bad substitution

Fix this issue by only performing interpolations when the given section
and option arguments are free of illegal characters.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-07 11:05:16 +02:00
Álvaro Fernández Rojas
0c109df7f0 bcm63xx: merge RTA770BW and RTA770W board patches
The only difference between both boards is the DSL annex.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-08-07 10:34:31 +02:00
Álvaro Fernández Rojas
eddf863650 bcm63xx: add missing fallback SPROMs
A couple of SPROM IDs are missing.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-08-07 10:34:31 +02:00
Álvaro Fernández Rojas
fb589b6142 bcm63xx: add missing OHCI nodes
All boards with EHCI enabled should also have OHCI enabled.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-08-07 10:34:31 +02:00
Álvaro Fernández Rojas
440d5996ef bcm63xx: remove invalid EHCI nodes
There's no EHCI controller on BCM6348.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-08-07 10:34:31 +02:00
Álvaro Fernández Rojas
81fdb4235e bcm63xx: refactor board patches
Current board patches format is crazy.
Let's try to put some order.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-08-07 10:34:31 +02:00
Yousong Zhou
064dc1e81b dnsmasq: abort when dnssec requested but not available
Before this commit, if uci option "dnssec" was set, we pass "--dnssec"
and friends to dnsmasq, let it start and decide whether to quit and
whether to emit message for diagnosis

  # dnsmasq --dnssec; echo $?
  dnsmasq: DNSSEC not available: set HAVE_DNSSEC in src/config.h
  1

DNSSEC as a feature is different from others like dhcp, tftp in that
it's a security feature.  Better be explicit.  With this change
committed, we make it so by not allowing it in the first in the
initscript, should dnsmasq later decides to not quit (not likely) or
quit without above explicit error (unlikely but less so ;)

So this is just being proactive.  on/off choices with uci option
"dnssec" are still available like before

Link: https://github.com/openwrt/openwrt/pull/3265#issuecomment-667795302
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-08-07 15:56:30 +08:00
Sander Vanheule
34271d38ae tools/firmware-utils: use UTC for image timestamps
By using localtime() to determine the timestamp that goes into factory
images, the resulting image depends on the timezone of the build system.
Use gmtime() instead, which results in more reproducible images.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2020-08-07 09:48:33 +02:00
Adrian Schmutzler
7673df7994 ramips: switch rt3883 subtarget to kernel 5.4
The target has testing support for kernel 5.4 for quite a while,
compiles fine for all devices, and has been run-tested on Asus
RT-N56U successfully.

Let's set it to kernel 5.4 by default to increase the audience
before an 20.xx stable branch.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Eneas U de Queiroz <cotequeiroz@gmail.com> [Asus RT-N56U]
2020-08-06 23:52:57 +02:00
Álvaro Fernández Rojas
92727a1228 bcm63xx: switch to upstream CFE version detection patch
The patch improving CFE version detection has been merged (linux 5.9).

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-08-06 23:06:12 +02:00
Álvaro Fernández Rojas
f41a40001a bcm63xx: switch to upstream endif comments patch
This allows better context for board patches and we no longer need a
downstream patch for that.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-08-06 23:06:12 +02:00
Álvaro Fernández Rojas
9fb1d4ce8a bcm63xx: switch to upstream LED patch
The patch adding support for the second LED HW blinking interval has been
merged (linux 5.9).

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-08-06 23:06:12 +02:00
Jo-Philipp Wich
11ea7ba698 Revert "dsaconfig: introduce package for UCI configuration of VLAN filter rules"
This reverts commit 96b87196b0.

This commit was not meant to go into master.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-06 19:13:43 +02:00
Jo-Philipp Wich
f85bc0d77d Revert "add vfconfig"
This reverts commit 34553e8cc9.

This commit was not meant to go into master.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-08-06 19:13:21 +02:00
Daniel Golle
48f2596e78 procd: update to git HEAD
47a9f0d service: add method to query available container features
 afbaba9 initd: attempt to mount cgroup2
 ead60fe jail: use pidns semantics also for timens
 759e9f8 jail: make use of BLOBMSG_CAST_INT64 for OCI rlimits
 83053b6 instance: add instances into unified cgroup hierarchy
 16159bb jail: parse OCI cgroups resources
 282ff0c jail: only free cgroups if they were allocated
 ab55357 jail: fix freeing cgroups avl

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-06 16:17:37 +01:00
Daniel Golle
728a0c68d1 Revert "procd: update to git HEAD"
This reverts commit e0e607f0d0.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-06 16:17:37 +01:00