`true` might be a shell built-in, or simply not accessible in the hardcoded locations.
Replace it with a custom script that does nothing.
Signed-off-by: Ilya Katsnelson <me@0upti.me>
Short hashes are not guaranteed to be unambiguous forever and could
collide if the repo grows over time. Git also estimates how many
characters are roughly required to prevent such a collision and slowly
increases the amount of characters beginning from 6, OpenWrt is already
at 8. Lets use the full hash the have a predictable length and keep
hashes unambiguous forever.
Signed-off-by: Sandro Jäckel <sandro.jaeckel@gmail.com>
CycloneDX is an open source standard developed by the OWASP foundation.
It supports a wide range of development ecosystems, a comprehensive set
of use cases, and focuses on automation, ease of adoption, and
progressive enhancement of SBOMs (Software Bill Of Materials) throughout
build pipelines.
So lets add support for CycloneDX SBOM for packages and images
manifests.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
There is no standard for ABI versioning, so its not possible to find out
from `libext2fs2`, `libiwinfo20230701` or `libss2` package names if
thats just package name or package name with ABI version included. To
help with the decision, lets make ABI version aviable in package index.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
In order for the information to be processed further, it should also be
available in JSON package manifests.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Some package may needs to enable compatibility option based on the GCC
version.
Currently the GCC version is set based on the default value and doesn't
actually reflect the real value provided by the external toolchain if
used.
Fix this by correctly detecting the GCC version in the external
toolchain and set the correct value in CONFIG_GCC_VERSION.
A new option is added in menuconfig to manually set the GCC version if
needed.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This script was used to modify the wrong machine type passed
from the boot loader to the kernel. The device tree kernels
does not use the machine type so this script is no longer
needed.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Remove the stale site definitions from @APACHE, KERNEL etc.
* Remove site that had dropped APACHE
* Remove KERNEL site leading to wrong directory
* Remove dead sites
* Convert ftp/http URLs to https, if possible. Remove duplicate
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Remove stale sites from @GNOME alias:
* remove 2 sites that have stale 3 years old content
* remove 2 sites that have dropped GNOME
* convert 2 sites from FTP to HTTP
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
When a dependency is pulled in via conditional depends, and the condition
is already selected earlier in the chain, drop the condition.
This avoids some corner cases that trigger recursive dependencies.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This reverts commit 6c3eff9dd8.
This appears to cause some regressions in generated config.
Will be replaced with a fixed version later
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When a package foo depends on PACKAGE_foo:bar (in order to make build
dependencies conditional), tracking transitive dependencies can fail because
the internal seen flag is checked/set before eliminating the fake conditional
dependency. This can show up as a depends on not properly turned into a
select further down in the dependency chain
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The ide-drive option was renamed to ide-hd in qemu 6.0.
With this change qemu is starting again on Debian 12.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Currently the git protocol downloads all submodules of the target
repository. This can be unwieldy for repositories with a lot of submodules
where only a subset are required in the context of the OpenWrt build.
This change adds a PKG_SOURCE_SUBMODULES variable to configure this
behavior. It takes a space-separated list of submodule paths, or the word
"skip" to disable submodule downloads entirely. The default is to download
all submodules, i.e. preserving current behavior.
Signed-off-by: Karsten Sperling <ksperling@apple.com>
Hardware
--------
CPU: Mediatek MT7981
RAM: 512M DDR4
FLASH: 256M NAND
ETH: MaxLinear GPY211 (2.5GbE N Base-T)
WiFi: Mediatek MT7981 (2.4GHz 2T2R:2 5GHz 3T3R:2 802.11ax)
BTN: 1x Reset
LED: 1x Multi-Color
UART Console
------------
Available below the rubber cover next to the ethernet port.
Settings: 115200 8N1
Layout:
<12V> <LAN> GND-RX-TX-VCC
Logic-Level is 3V3. Don't connect VCC to your UART adapter!
Installation Web-UI
-------------------
Upload the Factory image using the devices Web-Interface.
As the device uses a dual-image partition layout, OpenWrt can only
installed on Slot A. This requires the current active image prior
flashing the device to be on Slot B.
In case this is not the case, OpenWrt will boot only one time, returning
to the ZyXEL firmware the second boot.
If this happens, first install a ZyXEL firmware upgrade of any version
and install OpenWrt after that.
Installation TFTP / Recovery
----------------------------
This installation routine is especially useful in case of a bricked
device.
Attach to the UART console header of the device. Interrupt the boot
procedure by pressing Enter.
The bootloader has a reduced command-set available from CLI, but more
commands can be executed by abusing the atns command.
Boot a OpenWrt initramfs image available on a TFTP server at
192.168.1.66. Rename the image to nwa50axpro-openwrt-initramfs.bin.
$ atnf nwa50axpro-openwrt-initramfs.bin
$ atna 192.168.1.88
$ atns "192.168.1.66; tftpboot; setenv fdt_high 0xffffffffffffffff;
bootm"
Upon booting, set the booted image to the correct slot:
$ zyxel-bootconfig /dev/mtd9 get-status
$ zyxel-bootconfig /dev/mtd9 set-image-status 0 valid
$ zyxel-bootconfig /dev/mtd9 set-active-image 0
Copy the OpenWrt sysupgrade image to the device using scp.
Write the sysupgrade image to NAND using sysupgrade.
$ sysupgrade -n image.bin
Signed-off-by: David Bauer <mail@david-bauer.net>
Instead of loading the whole image into the memory when generating the
sha256 sum, we load the file in chunks and update the hash incrementally
to avoid MemoryError in python. Also remove a stray empty line.
Fixes: #13056
Signed-off-by: Adones Pitogo <pitogo.adones@gmail.com>
(mention empty line removal, adds Fixes from PR)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
DT overlays do not need relocation in order to be applied, so drop
defining the load address for dtbos.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
U-Boot with enabled secure-boot will not boot images with the
@-character used for hash node-names.
Use the existing separation character configurable for each device.
Signed-off-by: David Bauer <mail@david-bauer.net>
These fields are used for EAX12 and EX6250v2 series, and perhaps other
devices. Compatibility is preserved with the WAX202 and WAX206.
In addition, adds the related vars to DEVICE_VARS so that the variables
work correctly with multiple devices.
References in GPL source:
https://www.downloads.netgear.com/files/GPL/EAX12_EAX11v2_EAX15v2_GPL_V1.0.3.34_src.tar.gz
* tools/imgencoder/src/gj_enc.c
Contains code that generates the encrypted image.
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
Device specifications:
======================
* Qualcomm/Atheros AR9344
* 128 MB of RAM
* 16 MB of SPI NOR flash
* 2x 10/100 Mbps Ethernet
* 2T2R 2.4/5 GHz Wi-Fi
* 4x GPIO-LEDs (1x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* 2x fast ethernet
- lan1
+ builtin switch port 1
+ used as WAN interface
- lan2
+ builtin switch port 2
+ used as LAN interface
* 9-30V DC
* external antennas
Flashing instructions:
======================
Log in to https://192.168.127.253/
Username: admin
Password: moxa
Open Maintenance > Firmware Upgrade and install the factory image.
Serial console access:
======================
Connect a RS232-USB converter to the maintenance port.
Pinout: (reset button left) [GND] [NC] [RX] [TX]
Firmware Recovery:
==================
When the WLAN and SYS LEDs are flashing, the device is in recovery mode.
Serial console access is required to proceed with recovery.
Download the original image from MOXA and rename it to 'awk-1137c.rom'.
Set up a TFTP server at 192.168.127.1 and connect to a lan port.
Follow the instructions on the serial console to start the recovery.
Signed-off-by: Maximilian Martin <mm@simonwunderlich.de>
This improves compatibility with the elder stock firmwares of the
following devices, which have not yet been merged into OpenWrt:
- Beeline SmartBox Pro
- Beeline SmartBox Turbo+
- WiFire S1500.NBN
Without this, OpenWrt factory image installation may fail.
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
Signed-off-by: Maximilian Weinmann <x1@disroot.org>
The armvirt target has been renamed to 'armsr' (Arm SystemReady)
after inclusion of EFI support.
Change references (including subtargets) accordingly.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
Instead of generating full config nodes incl. kernel, generate minimal
config nodes for device tree overlays to be applied to the main config.
In this way, multiple device tree overlays can be applied more easily.
While at it change filenames to upstream style, ie. use dtso and dtbo
suffix for device tree overlays.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The use case for this is to set the kernel partition as the
EFI system partition. Versions of U-Boot with the
EFI boot manager (eficonfig and efidebug commands) will
store their boot order data on the ESP.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
Allow passing in an optional offset (PARTOFFSET) for the first partition.
If not specified this will default to 256K (512 blocks) as it has before.
For example if you want to start partition data at a 16M offset instead
of 256K, specify 'PARTOFFSET=16M'.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Apparently, Sercomm sets 2 padding bytes instead of 1 (ramips).
The HW version is a bit different than the one used for ramips.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Allow passing Sercomm PID from file.
Until now, Sercomm PID could only be passed as an array of hex bytes.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
There is no CONFIG_BINARY_DIR, it's CONFIG_BINARY_FOLDER.
While at it, don't parse the shell compatible .config, eval it.
Signed-off-by: Andre Heider <a.heider@gmail.com>
If CONFIG_BINARY_FOLDER is set in .config, use that instead of "bin" as
the bindir.
That allows to set that config and easily run e.g.
`./scripts/qemustart armvirt 32`.
Signed-off-by: Andre Heider <a.heider@gmail.com>
It's possible to have prebuilt tools already extracted. Add option to
just refresh the timestamps.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Host tools path may be a symbolic link. Use -H with find to follow path
links passed from command line to find command.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Allign dl_github_archieve.py to 8252511dc0
change. On supported system the sigid bit is applied to files and tar
archieve that on tar creation. This cause unreproducible tar for these
system and these bit should be dropped to produce reproducible tar.
Add the missing option following the command options used in other
scripts.
Fixes: 75ab064d2b ("build: download code from github using archive API")
Suggested-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The redundant character '0x0a' after the 192 bytes '0x00' padding broke
the factory image. We need to remove it to make things work again.
Fixes: e6769d11f3 scripts: fix missing character '0' issue in linksys image
Tested-by: Tony Butler <spudz76@gmail.com>
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
The -w|--whitelist and -D|--download-dir arguments pass an additional value,
properly evaluate that.
Also allow to pass the download directory without -D|--download-dir, just as
the usage describes.
Finally fix spitting out the wrong error messages about those args.
Signed-off-by: Andre Heider <a.heider@gmail.com>
BSD wc can output more whitespaces, which breaks the cut usage.
Replace the cut invocation with awk, which is more portable.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Support defining a per-device loadaddress for the DTB. This is required
for devices which to not align the DTB from the bootloader correctly.
Signed-off-by: David Bauer <mail@david-bauer.net>
In the stock firmware of Linksys, there is a '0' after the crc checksum.
Validated on EA6350V3, EA7300 and EA7300V2's stock images.
Fixes: 892d741259 build: add a script for generating Linksys factory images
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
The aria2c command tries to load config from
${XDG_CONFIG_HOME:-${HOME}/.config}/aria2/aria2.conf by default,
which may result unexpected behavior.
As a replacement, people can use environment variable ARIA2C_OPTIONS
to custom arguments passed to aria2c like curl and wget below.
Including --conf-path=/path/to/config.conf in ARIA2C_OPTIONS can
also set a custom config file path easily if needed.
Signed-off-by: Zhang Hua <zhanghuadedn@gmail.com>
Introduce a new option in the "Advanced configuration options" to
configure a custom download tool.
By declaring a string in "Use custom download tool" an user can force
what command to use to download package. With the string empty the
default tool used is curl, with wget as a fallback if not available.
download.pl supports 3 tools officially aria2c, curl and wget.
If one of the tool is used in this config, download.pl will use the
default args to make use of them.
If the provided string is different than aria2c, curl or wget, the command
is used as is and the download url will be appended at the end of such command.
While at it also tweak the tool selection logic and chose the tool only
once when the script is called and move aria2c specific variables in the
relevant section.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add a simple script to make it easier to install a prebuilt tools tar.
Currently it will be used by our tools container and kernel workflow on
github.
Simple script that take a tar that contains prebuilt host tools, extract
them and refresh the timestamps to skip recompilation of such host
tools.
By default it refresh timestamps of build_dir/host and
staging_dir/host/stamp.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Generilize download tool check and skip other check if a download tool
has been found.
While at it also reintroduce c836ca84e8
that was previously dropped with aria2c support.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Currently we use /dev/shm to place aria2c tmp file. This is not present
on macos. Use the openwrt tmp directory instead of the linux-only
/dev/shm to save compatibility with more os.
Fixes: d391236269 ("download.pl: add aria2c support")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
With the introduction of aria2c support, curl and wget no longer try to
download the file from mirrors. Fix this regression by emptying the
remaining mirrors list only when aria2c is used.
Fixes: d391236269 ("download.pl: add aria2c support")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Fix whitespace in mirror urls and replace for loop with join+map logic.
Fixes: d391236269 ("download.pl: add aria2c support")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Use aria2c download tool by default on package download if available in
the system.
aria2c permits to use multiple mirrors and may improve download speed on
special context where servers are hard to reach.
Co-authored-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Bradford Zhang <zyc@zyc.name>
[ fix wrong var in the script and improve commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Allow comparing subdirectories exactly like files.
Handle a corner case where the new subdirectory
has the same tarball inside of it
as the one that was downloaded
before a subdirectory for that package was established.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Improve dl_cleanup by adding an option to also clean the build directory
related to the downloaded package.
The script will check every directory in build_dir/ and check if any
old package is present there. If outdated package are found, the old
one are cleared leaving only the last one.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Several users of wget for downloads (curl is not available in the
system) have reported broken download functionality:
wget --tries=5 --timeout=20 --output-document=- https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.142.tar.xz
http://: Invalid host name.
Thats all happening due to '' was passed as an argument, which got later
expanded to http://.
In the context of a list constructor '' is not nothing, it is an empty
string element. So fix it by using () as it will yield "nothing" and
thus not introduce an empty string element.
Fixes: #10692
Fixes: 90c6e3aedf ("scripts: always check certificates")
Signed-off-by: Jo-Philipp Wich <jo@mein.io> [shellwords() -> ()]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
When running build in verbose mode `make V=s` we can see a lot of
following warnings when curl is not available in the system:
Can't exec "curl": No such file or directory at scripts/download.pl line 77.
So lets fix it by redirecting of the stderr to null hole.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Remove flags from wget and curl instructing them to ignore bad server
certificates. Although other mechanisms can protect against malicious
modifications of downloads, other vectors of attack may be available
to an adversary.
TLS certificate verification can be disabled by turning oof the
"Enable TLS certificate verification during package download" option
enabled by default in the "Global build settings" in "make menuconfig"
Signed-off-by: Josh Roys <roysjosh@gmail.com>
[ add additional info on how to disable this option ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
So it can serve as a standalone drop in replacement for xxd utility used
currently mostly in U-Boot packages with `xxd -i` mode which outputs C
include file style, with aim for byte to byte identical output, so the
eventual difference in the generated output is easily spottable.
Fixes: #10555
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Jo-Philipp Wich <jo@mein.io> [perl-fu]
xxdi.pl is a Perl script that implements vim's 'xxd -i' mode so that
packages do not have to use all of vim just to get this functionality.
References: #10555
Source: 97a6bd5cee/xxdi.pl
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Openwrt now supports only glibc and musl. Add support for musl and
rework the libc check to handle the new config flags and correctly
compile package basend on that.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Openwrt generate info.mk that contains the libc type. For probe_cc check
if the file exist and parse directly it for LIBC type.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Currently we never call probe_cc before config generation, this cause
the script to never actually detect the correct libc type.
Call probe_cc before config generation to correctl set the .config file.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
It can be useful to overwrite an already generated config.
Option are simply added at the end of the config and make defconfig
will overwrite the relevant option with the new one.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The parsed prefix in print_config is wrong and this produce broken
generated .config that won't work with any external toolchain.
Currently the prefix from a CC of
'arm-openwrt-linux-muslgnueabi-gcc-12.1.0'
produce a prefix
'arm-openwrt-linux-muslgnueabi-gcc-'
This is wrong as the real prefix should be
'arm-openwrt-linux-muslgnueabi-'
This is probably caused by a change in how the toolchain is now handled
that now append also the gcc version. Probably in ancient days the
version wasn't part of the name and the prefix generation stripped the
'-gcc' instead of the gcc version.
Fix this and correctly strip the gcc version and the gcc suffix to
correctly call toolchain bins.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Hardware
--------
CPU: Mediatek MT7621
RAM: 256M DDR3
FLASH: 128M NAND
ETH: 1x Gigabit Ethernet
WiFi: Mediatek MT7915 (2.4/5GHz 802.11ax 2x2 DBDC)
BTN: 1x Reset (NWA50AX only)
LED: 1x Multi-Color (NWA50AX only)
UART Console
------------
NWA50AX:
Available below the rubber cover next to the ethernet port.
NWA55AXE:
Available on the board when disassembling the device.
Settings: 115200 8N1
Layout:
<12V> <LAN> GND-RX-TX-VCC
Logic-Level is 3V3. Don't connect VCC to your UART adapter!
Installation Web-UI
-------------------
Upload the Factory image using the devices Web-Interface.
As the device uses a dual-image partition layout, OpenWrt can only
installed on Slot A. This requires the current active image prior
flashing the device to be on Slot B.
If the currently installed image is started from Slot A, the device will
flash OpenWrt to Slot B. OpenWrt will panic upon first boot in this case
and the device will return to the ZyXEL firmware upon next boot.
If this happens, first install a ZyXEL firmware upgrade of any version
and install OpenWrt after that.
Installation TFTP
-----------------
This installation routine is especially useful in case
* unknown device password (NWA55AXE lacks reset button)
* bricked device
Attach to the UART console header of the device. Interrupt the boot
procedure by pressing Enter.
The bootloader has a reduced command-set available from CLI, but more
commands can be executed by abusing the atns command.
Boot a OpenWrt initramfs image available on a TFTP server at
192.168.1.66. Rename the image to owrt.bin
$ atnf owrt.bin
$ atna 192.168.1.88
$ atns "192.168.1.66; tftpboot; bootm"
Upon booting, set the booted image to the correct slot:
$ zyxel-bootconfig /dev/mtd10 get-status
$ zyxel-bootconfig /dev/mtd10 set-image-status 0 valid
$ zyxel-bootconfig /dev/mtd10 set-active-image 0
Copy the OpenWrt ramboot-factory image to the device using scp.
Write the factory image to NAND and reboot the device.
$ mtd write ramboot-factory.bin firmware
$ reboot
Signed-off-by: David Bauer <mail@david-bauer.net>
Netgear encrypted image is used in various devices including WAX202,
WAX206, and EX6400v3. This image format also requires a dummy squashfs4
image which is added here as well.
References in WAX202 GPL source:
https://www.downloads.netgear.com/files/GPL/WAX202_V1.0.5.1_Source.rar
* openwrt/bootloader/u-boot-mt7621-2018.09-gitb178829-20200526/board/ralink/common/dual_image.c
Bootloader code that verifies the presence of a squashfs4 image, thus
a dummy image is added here.
* openwrt/tools/imgencoder/src/gj_enc.c
Contains code that generates the encrypted image. There is support for
adding an RSA signature, but it does not look like the signature is
verified by the stock firmware or bootloader.
* openwrt/tools/imgencoder/src/imagekey.h
Contains the encryption key and IV. It appears the same key/IV is used
for other Netgear devices including WAX206 and EX6400v3.
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
What should have been only cosmetic changes, ended up in breaking the
script. Rename UIMAGE_CRC_SLICE back to (the original) UIMAGE_CRC_OFF.
Fixes issue #10204 "cameo-tag.py broken"
Reported-by: Markus Stockhausen <markus.stockhausen@gmx.de>
Fixes: f9e840b657 ("scripts: add CAMEO tag generator")
Signed-off-by: Sander Vanheule <sander@svanheule.net>
This script inserts CAMEO tags into an uImage to make U-Boot
of DGS-1210 switches happy.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
Suggested-by: Sander Vanheule <sander@svanheule.net> # Mutual checksum algorithm
[commit title prefix, trailing whitespace, OpenWrt capitalisation, move
CRC calculation comment, use UIMAGE_NAME_*, remove parentheses for
return, use f-string instead of str()]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
The cameo header is a 0x40-byte header used by D-Link DGS 1210 switches
and Apresia ApresiaLightGS series. cameo-imghdr.py is a clean-room
reimplementation of imghdr present in the DGS-1210-28-GPL package.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[fix board_version argument's help text]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
To create packages the `ipkg-build` script is used which double packs
`control.tar.gz` and `data.tar.gz` to a single package. By default it's
using a verbose username instead of a numeric value for files.
Official OpenWrt images (artifacts) are created within docker containers
which do not seem to contain those verbose usernames and instead
defaults to numeric values.
This becomes a problem when rebuilding public artifacts because other
build environments may offer verbose usernames and there the created
packages is different from the official ones.
With this commit `ipkg-build` always uses numeric values for user/group
and thereby making it easier to reproduce official artifacts.
Signed-off-by: Paul Spooren <mail@aparcar.org>
CRC32 is available in a standard library. It seems reasonable
to defer to that rather than run a custom implementation.
Signed-off-by: Doug Kerr <dek3rr@gmail.com>
mtools recursive copy (mcopy -s ...) is using READDIR(3) to iterate
over the directory entries, hence they end up in the FAT filesystem in
traversal order which breaks reproducibility (rather than being added
to the FAT filesystem in a reproducible order). Implement recursive
copy in gen_image_generic.sh in Shell code instead, as in that way we
can force files to be copied in reproducible order.
Fixes: aece8f5ae8 ("scripts/gen_image_generic.sh: generate reproducible EFI filesystem")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Generate FAT filesystem for EFI boot in a reproducible way:
* use '--invariant' option of mkfs.fat
* set timestamps of all files to SOURCE_DATE_EPOCH
* make sure files are ordered locale-independent
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Set LC_ALL=C environment variable when calling 'sort' as the sort
order otherwise depends on the locale set.
Fixes: 56ce110b73 ("scripts: make sure conffiles are sorted")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
It may happen that conffiles are in different order on different builds.
Make sure they have the same order by sorting them.
FIX: #9612
Signed-off-by: Paul Spooren <mail@aparcar.org>
Introduce `sha256_unsigned` which is a checksum of the image _before_ a
signature is attached. This is helpful to compare image reproducibility.
Since the `.sha256sum` file is located in the $(KDIR) folder, switch
$(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR)
itself is not stored inside the resulting JSON file, so it can be
replaced.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Set fixed timestamp for kernel other files in /boot filesystem.
This should help making x86 *combined* images reproducible.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
be64enc, be16dec, and be32dec are declared on FreeBSD 13.0, in
/usr/include/sys/endian.h so we should not declare them.
Fixes the following error during feeds update:
staging_dir/host/bin/mkhash: No such file or directory
gcc scripts/mkhash.c
scripts/mkhash.c:111:1: error: redefinition of 'be64enc'
111 | be64enc(void *buf, uint64_t u)
Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
It seems, that there are currently some unhandled corner cases in which
`.toolchain_build_ver` results in empty file and thus forcing rebuilds,
even if the toolchain was build correctly just a few moments ago. Until
proper fix is found, workaround that by checking for this corner case
and simply populate `.toolchain_build_ver` file.
While at it, improve the UX and display version mismatch, so it's more
clear what has forced the rebuild:
"Toolchain build version changed (11.2.0-1 != ), running make targetclean"
References: https://gitlab.com/ynezz/openwrt/-/jobs/2133332533/raw
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixes following complaints and suggestions:
In scripts/check-toolchain-clean.sh line 2:
eval `grep CONFIG_GCC_VERSION .config`
^-- SC2046 (warning): Quote this to prevent word splitting.
^-- SC2006 (style): Use $(...) notation instead of legacy backticks `...`.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
diffconfig.sh runs ./scripts/config/conf, but it does not get built
with 'make {menu,x,n}config. Call 'make ./scripts/config/conf' to
ensure it's been built before running it, aborting in case of failure.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>[removed Fixes: due revert]
diffconfig.sh runs ./scripts/config/conf, but it does not get built
with 'make {menu,x,n}config. Call 'make ./scripts/config/conf' to
ensure it's been built befpre running it.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Functional Changes
---------- -------
- make 'imply' not impose any restrictions: allow symbols implied by y
to become m
- change "modules" from sub-option to first-level attribute
Bugfixes
--------
- nconf: fix core dump when searching in empty menu
- nconf: stop endless search loops
- xconfig: fix content of the main widget
- xconfig: fix support for the split view mode
Other Changes
----- -------
- highlight xconfig 'comment' lines with '***'
- xconfig: navigate menus on hyperlinks
- xconfig: drop support for Qt4
- improve host ncurses detection
Update the 'option modules' usage to just 'modules' in Config.in.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Both $(AUTORELEASE) and $(PKG_SRC_VERSION) (from luci.git) use the Git
log to determine releases and package timestamps.
Feeds are shallow cloned by default, resulting in an incomplete Git log
and therefore different local package versions than offered upstream.
This commits sets the default feeds to use `src-git-full` to solve that.
Add fixes from "2b1d92f: scripts/feeds: silence git warning by selecting
pull style" to `src-git-full`
Signed-off-by: Paul Spooren <mail@aparcar.org>
The value is retreived from a env variable which defaults to be read as
a string. However the SOURCE_DATE_EPOCH is a unix timestamp aka integer.
Fix this to allow downstream tools to parse the value directly.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Ubuntu started to flag which as deprecated and it
seems which is not really standard and may vary
across Distro.
Drop the use of which and use the standard 'command -v'
for this simple task.
Which is still present in the prereq if some package/script
still use which.
A utility script called command_all.sh is implemented that
will just mimic the output of which -a.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
This commits adds the ability to print Kernel versions of all
targets/subtargets. If a testing Kernel is set print that version as
well.
Example output:
apm821xx/nand 5.10
apm821xx/sata 5.10
arc770/generic 5.4
archs38/generic 5.4
armvirt/32 5.10
armvirt/64 5.10
at91/sam9x 5.10
at91/sama5 5.10
ath25/generic 5.4
ath79/generic 5.4 5.10
ath79/mikrotik 5.4 5.10
--- %< ---
This should help to get a quick update on the state of Kernels.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Adds generic support for sysupgrading on eMMC-based devices.
Provide function emmc_do_upgrade and emmc_copy_config to be used in
/lib/upgrade/platform.sh instead of redundantly implementing the same
logic over and over again.
Similar to generic sysupgrade on NAND, use environment variables
CI_KERNPART, CI_ROOTPART and newly introduce CI_DATAPART to indicate
GPT partition names to be used. On devices with more than one MMC
block device, CI_ROOTDEV can be used to specify the MMC device for
partition name lookups.
Also allow to select block devices directly using EMMC_KERN_DEV,
EMMC_ROOT_DEV and EMMC_DATA_DEV, as using GPT partition names is not
always an option (e.g. when forced to use MBR).
To easily handle writing kernel and rootfs make use of sysupgrade.tar
format convention which is also already used for generic NAND support.
Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
CC: Li Zhang <li.zhang@gl-inet.com>
CC: TruongSinh Tran-Nguyen <i@truongsinh.pro>