Commit Graph

371 Commits

Author SHA1 Message Date
Petr Štetiar
d604a07225
build: add CycloneDX SBOM JSON support
CycloneDX is an open source standard developed by the OWASP foundation.
It supports a wide range of development ecosystems, a comprehensive set
of use cases, and focuses on automation, ease of adoption, and
progressive enhancement of SBOMs (Software Bill Of Materials) throughout
build pipelines.

So lets add support for CycloneDX SBOM for packages and images
manifests.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-11-01 11:14:41 +00:00
Wenli Looi
95330a5d60 build: add ALT5 vendor/model/variant
This allows adding another device variant.

Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
2023-07-08 20:19:00 +02:00
Daniel Golle
56f409c4e4 image: introduce DEVICE_DTC_FLAGS and DEVICE_DTCO_FLAGS
Handle compiling device tree overlay blobs separate to allow for
overlays being compiled with different parameters, mostly to safe
space.
Allow defining DEVICE_DTC_FLAGS and DEVICE_DTCO_FLAGS as per-device
parameters to be passed to dtc. Previously some boards directly used
DTC_FLAGS in their build recipe which then also affected other boards.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-06-06 13:09:28 +01:00
Daniel Golle
6b01d40bfe image: improve uImage.FIT device tree overlay support
Instead of generating full config nodes incl. kernel, generate minimal
config nodes for device tree overlays to be applied to the main config.
In this way, multiple device tree overlays can be applied more easily.
While at it change filenames to upstream style, ie. use dtso and dtbo
suffix for device tree overlays.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-06-05 11:36:32 +01:00
David Yang
a8a2a95351
build: Allow specifying uImage time
Some U-Boot checks for a specified uImage time and refuses to boot if
mismatched. This patch fixes it by recognizing UIMAGE_TIME parameter.

Signed-off-by: David Yang <mmyangfl@gmail.com>
2023-05-20 21:29:25 +02:00
Christian Marangi
ee1bfd3034
Revert "image: update LZMA_XZ_OPTIONS with new squashfs4 tool"
This reverts commit a33b97dcb1.

A new version of the squashfs4 tool patch reintroduced the -Xe option.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-04-12 12:25:18 +02:00
Christian Marangi
a33b97dcb1
image: update LZMA_XZ_OPTIONS with new squashfs4 tool
The -Xpreset option changed format and dropped the -Xe and just require
the extreme string to be passed to the -Xpreset option.

Update the LZMA_XZ_OPTIONS to reflect this change.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-02-20 07:34:07 +01:00
Wenli Looi
f0e4595188 build: add ALT3 and ALT4 vendor/model/variant
This is needed for the Netgear EX7300 series v2.

Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
2023-01-25 00:42:52 +01:00
Sander Vanheule
e5fe401908 image: add FACTORY_SIZE to DEFAULT_DEVICE_VARS
FACTORY_SIZE is used as a device recipe variable on both the D-Link
DIR-825-B1 and Trendnet TEW-673GRU, but is not listed as a device
variable, neither globally, nor for ath79. Being assigned the same
value, this probably hasn't caused any issues.

Add FACTORY_SIZE to the global list DEFAULT_DEVICE_VARS, to ensure the
variable is reset for every device, and to allow it to be used outside
of the ath79 target.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2023-01-13 22:22:38 +01:00
Michael Pratt
ee87dbb3fe image: add gzip-filename build recipe
Some vendors use basic gzip metadata (original filename and timestamp)
to verify valid images, along with the size of it's contents.

Also, add a new device profile variable FACTORY_IMG_NAME
which would be ideal to use with this new recipe.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2023-01-06 15:34:07 +01:00
Michael Pratt
1bff0752bd image: fix device profile specific COMPILE targets
Commit a01d23e75 ("image: always rebuild kernel loaders")
is a step in the right direction, but exposed some issues
and regressions in the makefile.

Some of the files made by device specific COMPILE targets
start with an "append" command (i.e. >> instead of > redirection)
and if the file already exists, the target file is the
input to itself before the first recipe-specified input.

Fixes: a01d23e75 ("image: always rebuild kernel loaders")
Fixes: a7fb589e8 ("image: always rebuild kernel loaders")
Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-12-19 12:27:35 +00:00
David Bauer
a208f0a9be mkits: support definition of DTB loadaddr
Support defining a per-device loadaddress for the DTB. This is required
for devices which to not align the DTB from the bootloader correctly.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-11-08 12:16:36 +01:00
Matthias Schiffer
a01d23e755 image: always rebuild kernel loaders
Kernel loaders like the lzma-loader currently don't track changes to
their sources. This can lead to an old version of a loader to be used
when a build tree is not clean between builds.

As the loaders are tiny and the build times are insignificant, simply
force rebuilding them on every build to avoid this problem.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2022-10-14 23:13:02 +02:00
Paul Spooren
fee31628c4 imagebuilder: clean KDIR_TMP before building
Building images usally stores them in KDIR_TMP and then copies them over
to BIN_DIR. This is fine as rebuilding of images overwrites existing
images. When using the EXTRA_IMAGE_NAME variable frequently this fills
up the ImageBuilder KDIR_TMP folder since every built image is stored
forever.

This commit clears the KDIR_TMP folder before building a new image.

Below an example how sysupgrade.openwrt.org filled up after the release
of 22.03.0 where every created image contains a hash of the package
selction in the filename:

     aparcar@asu-01:~/asu/worker1/cache/22.03.0$ du -d 1 -h
     400M    ./kirkwood
     260M    ./gemini
     2.0G    ./ipq806x
     1.7G    ./ipq40xx
     8.1G    ./ramips
     4.0K    ./octeon
     495M    ./sunxi
     728M    ./lantiq
     1.8G    ./rockchip
     3.7G    ./mediatek
     4.0K    ./realtek
     5.4G    ./mvebu
     8.9G    ./ath79
     3.0G    ./bcm47xx
     14G     ./bcm27xx
     11G     ./x86
     4.0K    ./bcm63xx
     312M    ./mpc85xx
     600M    ./apm821xx
     5.4G    ./bcm53xx
     66G     .

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-09-10 21:07:24 +02:00
Piotr Dymacz
20ca59ceb7 image: drop unused 'BuildKernel/MkFIT'
The 'MkFIT' recipe is no longer used across whole codebase.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2022-05-12 17:23:18 +02:00
Paul Spooren
8822a8d850 build: store sha256_unsigned in JSON
Introduce `sha256_unsigned` which is a checksum of the image _before_ a
signature is attached. This is helpful to compare image reproducibility.

Since the `.sha256sum` file is located in the $(KDIR) folder, switch
$(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR)
itself is not stored inside the resulting JSON file, so it can be
replaced.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-03-29 21:41:06 +01:00
Stijn Tintel
df2ae8826c image: let mksquashfs4 use all processors
Drop the -processors argument from the mksquashfs4 call, so it will use
all available processors. This dramatically reduces the time to create
squashfs filesystems.

The times below are observed when building an image for my main router,
the WatchGuard Firebox M300 (qoriq target):

Before:
real    4m45,973s

After:
real    0m23,497s

With this commit `mksquashfs` may use more cores than defined via `-j`.
This is the same behaviour as for archive creation of ImageBuilder, SDK
or toolchain. There is no trivial way to limit `mksquashfs` CPU core
usage to the amount of "free" make jobs since two running `mksquashfs`
instances would each run with the total allowed number (-j) of threads.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[extended reasoning in commit message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-03-29 13:32:31 +01:00
Felix Fietkau
ac11f36b33 build: add support for passing C preprocessor flags for DTS builds
Useful for adding #ifdefs based on build system provided definitions, or
for adding extra include paths

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-03-27 21:36:40 +02:00
Christian Lamparter
cb11eaf5dd image: define DEVICE_DTS_DELIMITER as per-device variable
DEVICE_DTS_DELIMITER needs to be in the DEFAULT_DEVICE_VARS
list to work as expected. This was missing from the original
version and got overlooked.

Fixes: fd67908647 ("scripts: mkits.sh: Allow legacy @ mode for dts creation")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-10-24 11:19:58 +02:00
Paul Spooren
5ef4608c02 build: store artifacts in JSON
Multiple profiles create artifacts, these should be stored in the JSON
file as well, allowing downstream tooling to show those files, too.

Artifacts don't have specific filesystems so only the fields `name`,
`type` and `sha256` are available.

Rename env variable names from IMAGE_ to FILE_ prefixes to reflect that
images, kernels and artifacts are added with the same command.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-09-14 10:42:38 -10:00
Daniel Golle
c5616a8ae1
image: fix build with SELinux
The option '-xattr' for mksquashfs4 should be '-xattrs' which lead to
build failure with SELinux enabled. Add the missing 's'.

Fixes: 4baf47b9a8 ("images: squashfs: xattrs should not depend on buld host")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-19 01:37:35 +01:00
Daniel Golle
4baf47b9a8
images: squashfs: xattrs should not depend on buld host
Enable xattr for the generated squashfs only if needed for SELinux.
This eliminates warnings during boot on target when building
(non-SELinux) OpenWrt on SELinux-enabled hosts like Fedora.

Reported-by: fda77 <fda77@users.noreply.github.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-03 18:28:53 +01:00
David Bauer
bb749e49a6 build: fix build for devices without initramfs
Don't attempt to copy initramfs images for devices which do not output
an initramfs image.

This was breaking builds for mpc85xx-p1010 since mid-march.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-06-08 22:53:14 +02:00
Paul Spooren
29c94fe28e build/json: fix DEVICE_PACKAGES
The variable was missing in the definition of DEFAULT_DEVICE_VARS which
caused it to contain wrong values, messing up the resulting JSON files.

This patch adds the variable DEVICE_PACKAGES to DEFAULT_DEVICE_VARS.

Suggested-by: Baptiste Jonglez <git@bitsofnetworks.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-06-02 22:58:13 +02:00
Leonardo Mörlein
b993b68b6c build: introduce $(MKHASH)
Before this commit, it was assumed that mkhash is in the PATH. While
this was fine for the normal build workflow, this led to some issues if

    make TOPDIR="$(pwd)" -C "$pkgdir" compile

was called manually. In most of the cases, I just saw warnings like this:

    make: Entering directory '/home/.../package/gluon-status-page'
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    [...]

While these were only warnings and the package still compiled sucessfully,
I also observed that some package even fail to build because of this.

After applying this commit, the variable $(MKHASH) is introduced. This
variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the
correct path.

Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
2021-05-13 15:13:15 +02:00
Daniel Golle
b6c366efa8
image: fix append-image when building multiple profiles
In case CONFIG_TARGET_MULTI_PROFILE is set, IMG_PREFIX cannot be
expanded. Use DEVICE_IMG_PREFIX instead and make sure it's defined.

Fixes: 8f89b1ab0f ("image: add 'append-image' build command")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-24 22:55:16 +00:00
Oskari Lemmela
ca2ef4a79f
build: artifacts: add dependency for built images
Add possibility to use images and initramfs in artifacts.

Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-24 15:27:29 +00:00
Daniel Golle
6890f6fe13 include/image*: add support for device-tree overlays
Add new target feature 'dt-overlay' which makes DTC keep the symbol
names in the generated dtb.
Make sure additional DT overlay sources specified by the new device
variable DEVICE_DTS_OVERLAY get compiled together with the main DTS
(currently overlays got to be in the same folder). Let Build/fit pass
the generated DT overlay blobs to mkits.sh.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-17 17:45:34 +00:00
Robert Marko
9f714398e0 build: use config-1 instead of config@1 as default
U-boot will reject all nodes with @ since commit:
79af75f777

This will cause the OpenWrt images to fail booting,
to rectify use the config-1 as default.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2021-03-05 15:45:33 +00:00
Felix Fietkau
785ab2b62c build: use numeric uid/gid on cpio calls
There are systems that don't have the 'root' group, so don't rely on host
specific user/group names

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-03-03 16:09:59 +01:00
David Bauer
dc5328e7e9 include: use cpio from staging dir
As we built our own CPIO now, use this version instead of whatever the
host may or may not provide.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-28 00:09:09 +00:00
Adrian Schmutzler
ef2cb8572b treewide: rename IMAGE_PREFIX/IMAGE_NAME to DEVICE_IMG_*
We so far had two variables IMG_PREFIX and IMAGE_PREFIX with
different content. Since these names are obviously quite
confusing, this patch renames the latter to DEVICE_IMG_PREFIX,
as it's a device-dependent variable, while IMG_PREFIX is only
(sub)target-dependent.

For consistency, also rename IMAGE_NAME to DEVICE_IMG_NAME, as
that's a device-dependent variable as well.

Cc: Paul Spooren <mail@aparcar.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-25 18:11:06 +01:00
David Bauer
512229ce49 build: avoid generating JSON info on missing image
Previously, build would fail for targets containing devices with not
initramfs image (such as mpc85xx-p1010). Only generate the JSON image
info for the initramfs image when we have one to avoid breaking the
builds.

Fixes commit d3140d0529 ("build/json: generate json file for initramfs")

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-24 22:28:45 +01:00
Moritz Warning
d3140d0529 build/json: generate json file for initramfs
The initramfs images are missing from the profiles.json files.

Signed-off-by: Moritz Warning <moritzwarning@web.de>
[fix code by exporting device variables]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-02-21 09:56:05 -10:00
Daniel Golle
e3b8849088
mediatek: more clean solution for out-of-tree DTS
Use approach suggested by Adrian Schmutzler instead of introducing
another device variable.
Also revert the unnecessary white-space changes accidentally introduced
by the previous commit.

Fixed: c067b1e79b ("mediatek: move out-of-tree DTS files to dedicated dts folder")
Suggested-by: Adrian Schmutzler <mail@adrianschmutzler.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-19 01:25:49 +00:00
Daniel Golle
c067b1e79b
mediatek: move out-of-tree DTS files to dedicated dts folder
Use dedicated dts folder like on ramips to store device tree source
files for boards not already supported in vanilla Linux.
Doing so instead of having them in files-* has several advantages:
 * we don't need to duplicate them for several kernel versions
 * changes to a device tree don't trigger a complete kernel rebuild
 * the files are more obvious to find

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-19 00:05:53 +00:00
Paul Spooren
a17b8eaa2e build: use SPDX license tags
The license folder is a core part of OpenWrt and all GPL-2.0 licensed.
Use SPDX license tags to allow machines to check licenses.

Signed-off-by: Paul Spooren <mail@aparcar.org>
[rebase, keep some Copyright lines, sharpen commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-05 14:54:47 +01:00
Adrian Schmutzler
f52081bcf9 treewide: provide global default for SUPPORTED_DEVICES
The majority of our targets provide a default value for the variable
SUPPORTED_DEVICES, which is used in images to check against the
compatible on a running device:

  SUPPORTED_DEVICES := $(subst _,$(comma),$(1))

At the moment, this is implemented in the Device/Default block of
the individual targets or even subtargets. However, since we
standardized device names and compatible in the recent past, almost
all targets are following the same scheme now:

  device/image name:  vendor_model
  compatible:         vendor,model

The equal redundant definitions are a symptom of this process.

Consequently, this patch moves the definition to image.mk making it
a global default. For the few targets not using the scheme above,
SUPPORTED_DEVICES will be defined to a different value in
Device/Default anyway, overwriting the default. In other words:
This change is supposed to be cosmetic.

This can be used as a global measure to get the current compatible
with: $(firstword $(SUPPORTED_DEVICES))
(Though this is not precisely an achievement of this commit.)

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-23 12:45:21 +01:00
Paul Spooren
bc0ffff36a build/json: add filesystem information
Some images are created using different filesystems, most popular
squashfs and ext4. To allow downstream projects to distinguesh between
those, add the `filesystem` information to created json files.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-12-13 22:07:52 -10:00
Sander Vanheule
c20b8d690b build: add UIMAGE_MAGIC to device variables
Allow a device recipe to specify a custom UIMAGE_MAGIC value, as used by
OpenWrt's -M flag for mkimage. This allows to automatically customize
the magic bytes in all calls to Build/uImage for this device, similar to
the behaviour of UIMAGE_NAME. Since the -M argument is inserted before
the user arguments, it can be overriden.

The following example would use 0x87654321 for the KERNEL image, but
0x12345678 for the KERNEL_INITRAMFS image:

  define Device/MyDevice
    UIMAGE_MAGIC := 0x87654321
    KERNEL := ... | uImage lzma
    KERNEL_INITRAMFS := ... | uImage lzma -M 0x12345678
    ...
  endef

Fixes: df8e6be59a ("rtl838x: add new architecture")
[UIMAGE_MAGIC was not declared as a device variable]

Signed-off-by: Sander Vanheule <sander@svanheule.net>
[rebase, improve formatting of "Fixes"]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-11-25 15:55:26 +01:00
Paul Spooren
165f0b00cd build: store SOURCE_DATE_EPOCH in JSON info files
The source date epoch is the only reproducible date close to the actual
build date. It can be used for tooling like the firmware wizard to show
the image age.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-11-12 18:19:44 +01:00
Adrian Schmutzler
ac5671f46c kernel: remove obsolete kernel version switches for 4.19
This removes switches dependent on kernel version 4.19 as well as
several packages/modules selected only for that version.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-30 19:44:41 +01:00
Adrian Schmutzler
1f4e8d3c9e image: drop obsolete legacy image recipes
LegacyDevice is not used anymore in our tree, so let's drop it
together with the relevant definitions and recipes.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-30 19:23:24 +01:00
Adrian Schmutzler
846e661533 image: drop unused legacy NAND build recipes
This drops unused legacy recipes Image/Build/SysupgradeNAND and
Image/Build/UbinizeImage.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-30 19:19:57 +01:00
Daniel Golle
26aa7952d5 image.mk: evaluate /etc/selinux/config to choose SELinux policy
Instead of hardcoding 'targeted' policy, evaluate /etc/selinux/config
in rootfs to choose according to which policy files in the rootfs got
to be labeled.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-29 01:48:27 +01:00
Paul Spooren
96d1dc5ebf policycoreutils: install to host/bin not hostpkg
By installing policycoreutils to host/bin it is also available within
the ImageBuilder and SDK, allowing to correctly label both filesystems
and packages.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-09-29 00:06:32 +01:00
Daniel Golle
e8b34880f9 policycoreutils: fix host utils rpath and bin directory
'setfiles' and others should be installed to $(STAGING_DIR_HOSTPKG)/bin
rather than $(...)/sbin which isn't in PATH.
Also using -Wl,-rpath to set library search location instead of setting
LD_LIBRARY_PATH when calling setfiles in image.mk.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-27 17:22:01 +01:00
Christian Lamparter
fed1788689 scripts: mkits.sh make it possible to specify fdt@#
Some bootloaders are really keen on just one special
fdt in a multi-image fit image. This is a problem, because
currently this is fixed to "fdt@1".

This patch introduces a new device variable:
DEVICE_FDT_NUM that allows to specify the right
fdt number.

If the value is absent "1" will be chosen.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-09-25 19:32:33 +02:00
Daniel Golle
729a75c3b2 build: unbreak fakeroot in SDK
Using fakeroot without passing the paths to libfakeroot.sh and faked
causes havoc. Use the $(FAKEROOT) Make variable which includes them.

Fixes: 353ce2e521 ("build: ipkg-build use fakeroot with PKG_FILE_MODES")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 04:10:41 +01:00
Thomas Petazzoni
aee58d52ce build: add support for SELinux to include/image.mk
This allows the build process to prepare a squashfs filesystem for use
with SELinux.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, add commit message]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 01:15:41 +01:00