Until now, this feature was switched on via the kernel configuration
option KERNEL_SECCOMP.
The follwing change a7f794cd2a now requires that
the package procd-seccomp must also enabled for buildinmg.
However, this is not the case we have no dependency and the imagebuilder
cannot build the image, because of the implicit package selection.
This change adds a new configuration option CONFIG_SECCOMP.
The new option has the same behaviour as the configuration
option CONFIG_SELINUX.
If the CONFIG_SECCOMP is selected then the package procd-seccomp and
KERNEL_SECCOMP is enabled for this build.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
While the binary `python3.10` is correctly detected by the build system
the default `python3` binary is currently not detected if pointing to a
Python 3.10 installation.
Fix this by extending the grep regex.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Install ld-preload hooks allowing to add seccomp filters for arbitrary
services if kernel support for seccomp is present.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add procd-ujail to DEFAULT_PACKAGES if not building for
space-constraint (FEATURES:=small_flash) targets.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update install procedure based on upstream feedback. Normally, meson is
to be installed with pip. But as pip is not mandated by the build
system, it cannot be used. Upstream provides a nice script to pack meson
automatically.
Moved src/ to files/. No need to copy to BUILD_DIR.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Fix Fedora 34/35 issue where 'which' detection of 'which' wasn't working
because Fedora use alias and proc
Fixup of fca5ad55d2 prereq-build: fix `which` detection on Fedora
Reported-by: Jani Partanen <rtfm@iki.fi>
Suggest-by: Etienne Champetier <champetier.etienne@gmail.com>
Tested-by: Georgi Valkov <gvalkov@abv.bg>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Fix Fedora 34/35 issue where 'which' detection of 'which' wasn't working
because Fedora use alias and proc
Signed-off-by: Jani Partanen <rtfm@iki.fi>
[fix commit subject and message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Fedora 35 contains Python 3.10 as default version. Make use of it.
Signed-off-by: Marcin Juszkiewicz <marcin@juszkiewicz.com.pl>
[fix commit subject]
Signed-off-by: Paul Spooren <mail@aparcar.org>
commit 5ec60cbe9d ("scripts: mkits.sh: replace @ with - in nodes")
broke support for Meraki MR32 and this patch makes the replacement
configurable allowing for specifying the @ or - or whatever character
that is desired to retain backwards compatibility with existing devices.
For example, this patch includes the fix for the Meraki MR32 in
target/linux/bcm53xx/image for meraki_mr32:
DEVICE_DTS_DELIMITER := @
DEVICE_DTS_CONFIG := config@1
Fixes: 5ec60cbe9d ("scripts: mkits.sh: replace @ with - in nodes")
Signed-off-by: Damien Mascord <tusker@tusker.org>
[Added tags, checkpatch.pl fixes, noted that this is for old stuff]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
meson is a next generation build system designed to have good defaults,
simpler build files, and fast compilation.
It is built upon python and uses ninja for compilation. The latter
provides fast by default (parallel) and problem free compilation.
There are over 40 packages already successfully using meson. The next
commit will convert pkgconf to use meson compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Multiple profiles create artifacts, these should be stored in the JSON
file as well, allowing downstream tooling to show those files, too.
Artifacts don't have specific filesystems so only the fields `name`,
`type` and `sha256` are available.
Rename env variable names from IMAGE_ to FILE_ prefixes to reflect that
images, kernels and artifacts are added with the same command.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The option '-xattr' for mksquashfs4 should be '-xattrs' which lead to
build failure with SELinux enabled. Add the missing 's'.
Fixes: 4baf47b9a8 ("images: squashfs: xattrs should not depend on buld host")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When a target configuration has unser Kconfig symbols, the build will
fail when OpenWrt is compiled with V=s and stdin is connected to a tty.
In case OpenWrt is compiled without either of these preconditions, the
build will uscceed with the symbols in question being unset.
Modify the kernel configuration in a way it fails on unset symbols
regardless of the aformentioned preconditions.
Signed-off-by: David Bauer <mail@david-bauer.net>
Enable xattr for the generated squashfs only if needed for SELinux.
This eliminates warnings during boot on target when building
(non-SELinux) OpenWrt on SELinux-enabled hosts like Fedora.
Reported-by: fda77 <fda77@users.noreply.github.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>