Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commit 86c966a8ae caused HOST_LOADLIBES to
include -lncurses. This was added for fixing build issues on macOS.
This introduces issues on Linux when wide-character ncurses is being
used for compiling, but the non-wide-character version is linked in.
Fix this by adding the extra override for HOST_LOADLIBES only on macOS.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This allows packages to use kernel make options without the forced
-C $(LINUX_DIR). It also makes it more clear that it to be called from
kernel module packages directly.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Override {HOST_}QUILT before making decisions based on it, else it will
cause target/linux/refresh to fail on first run.
Fixes: 36ba6237d6 ("build: fix quilt for mixed package/host builds")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
This commit contains the following changes
- Use local shell var where appliable
- The $(sort $$$$$$$$mods) call will have no expected effect
- Avoid EEXIST when creating symlinks in /etc/modules-boot.d/
- Avoid duplicate arguments for insert_modules() in postinst-pkg
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This causes various issues in other places that assume that host
binaries are staged in STAGING_DIR_HOST.
Since all the right places use HOST_BUILD_PREFIX, override that instead.
This fixes some issues with quilt on toolchain dirs
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When using external or git cloned kernels, any kind of modifications
will alter KERNELRELEASE. LEDE still tries to stage modules in
lib/modules/$(LINUX_UNAME_VERSION) and LINUX_UNAME_VERSION is based on
KERNEL_PATCHVER (indirectly) so this does not work, and we lose all
kinds of automatic modules loading.
To remedy that, just cat $(LINUX_DIR)/include/config/kernel.release
which is late enough the kernel has prepared this file, and is correctly
tracking changes done throughout the kernel.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
In case we use external and/or git cloned kernels, let the kernel
determine the appropriate KERNELRELEASE. We cannot used
LINUX_UNAME_VERSION because that one gets determined at a later time,
when the kernel is already built proper.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
This reverts commit 0df2c6563a since it
gets in the way of identifying properly which kernel we are running.
This is particularly important if LEDE is using external kernels/git
cloned kernels. We want to make sure we only load modules from that
specific kernel.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Refresh patches. A number of patches have landed upstream & hence are no
longer required locally:
062-[1-6]-MIPS-* series
042-0004-mtd-bcm47xxpart-fix-parsing-first-block
Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup
as it was incorrectly included upstream thus dropped from LEDE.
As it has now been reverted upstream it needs to be included again for
LEDE.
Run tested ar71xx Archer C7 v2 and lantiq.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[update from 4.4.68 to 4.4.69]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Some files (e.g. /etc/dropbear) need to be owned by root. Add cpio
option to ensure that.
Other image types (at least targz and squashfs) already have this.
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
When running "make {config|defconfig|oldconfig}" with symlinked .config
(e.g. to env/.config) it renames symlink to .config.old, creates new
.config file, and writes the updated configuration into it.
This breaks the desired workflow when changes in the configuration can
be checked using "scripts/env diff" and commited using "scripts/env
save". Since the env/.config file is not updated.
The things become even worse when working with feeds, since feeds script
quite often silently invokes "make {oldconfig|defconfig}" and breaks the
symlink.
Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces
mconf to overwrite the .config content, instead of renaming it and
creating a new file. This variable is set only if .config is a symlink,
otherwise the variable is not exported and the old behaviour is
preserved.
This change uses the same behaviour as "make menucofig", which has
already been fixed in commit 5bf98b1acc.
Also make a tiny cosmetic update to the "make menuconfig" target code
layout to make it look like other config handling targets.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Significantly reduces time spent processing those targets and should
also silence some log clutter which could confuse buildbot
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Otherwise ipkg packages may wrongly take on alternatives specs of
another package sharing the same package Makefile
Fixes FS#753
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
It's a list of specs of the following form seprated by commas to
describe alternatives provided by this package
<prio>:<path>:<altpath>
<path> will be a symbolic link to <altpath> of the highest <prio>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
When running "make menuconfig" with symlinked .config (e.g. to
env/.config) it renames symlink to .config.old, creates new .config file
and writes updated configuration here.
This breaks the desired workflow when changes in the configuration could
be checked using "scripts/env diff" and commited with
"scripts/env save". Since the env/.config file is not updated.
Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces
mconf to overwrite the .config content, instead of renaming it and
creating a new file. This variable is set only if .config is a symlink,
otherwise the variable is not exported and the old behaviour is
preserved.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Not sure since when the issue emerged, but according to the current doc of gcc
and as, armv8-a is intended as argument of -march
The change will affect at the moment arm64 and layerscape/64b
Below is the relevant error messages when building toolchain
Assembler messages:
Error: unknown cpu `armv8-a'
Error: unrecognized option -mcpu=armv8-a
/home/yousong/git-repo/lede-project/lede/build_dir/toolchain-aarch64_armv8-a_gcc-5.4.0_musl/gcc-5.4.0/libgcc/libgcc2.c:1:0: error: unknown value 'armv8-a' for -mcpu
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Recent attempts to use it have shown that it does not work properly
except for a few undocumented cases. It's better to remove this now to
avoid having more people fall into the same trap
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Keeping it in base-files was resulting in adding it to the base-files
package. This file is meant to be included manually for initramfs
images only.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
If someone creates a target and indicates a CPU_TYPE, but there's
no corresponding support for that CPU_TYPE's flags in include/target.mk
then that should probably be indicated rather than silently ignored.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
quilt.mk needs to be included first, to ensure that STAMP_PREPARED does
not include the hash if quilt is used.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This can be used to indicate that a target does not support the optional mips16
extension even when it is a mips32r2 or later CPU.
This will generate a separate toolchain and a separate package folder,
e.g. mips_24kc_nomips16
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
KERNELRELEASE contains a $(shell) call which is evaluated over and over
again.
The call to checksyscalls.sh is unnecessary for LEDE and also takes a
few seconds to complete.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This patch makes specifying NETGEAR_REGION optional, in which case
mkchkimage will default to region 1 (WW).
Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
Bump kernel from 4.4.50 to 4.4.52
Refresh patches
Compile tested all 4.4. targets
Run tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Instead of using a separate .clean stamp file, remove the install info
file on compile, then append the install package list afterwards
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Bump kernel from 4.4.49 to 4.4.50
Compile tested: All targets
Run tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
The @ sign in front of the "mv" command was significantly suppressing
output to stdout. When reviewing the make/build logs it was tricking
me a whole lot and it mad me lose time. Removing the @ sign will get
stdout and logs right about what happened when.
Signed-off-by: Thomas Reifferscheid <thomas@reifferscheid.org>
cmake checks the build system and its variables on its own to detect if
the makefiles need to be regenerated.
Unfortunately this can invalidate overrides passed in the
Build/Configure step. On non-Linux systems this breaks the build when
switching between targets of the same package architecture.
Fix this by forcibly disabling the build system check and relying on the
LEDE build system to take care of these things
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When running "make kernel_menuconfig" in a clean tree, it fails with:
make[1]: *** No rule to make target 'tools/quilt/install'. Stop.
Replacing the dependency with 'tools/quilt/compile' fixes the issue (quilt
and all its prerequisites will be built, and quilt will be installed in
staging_dir).
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
-mXXX option is deprecated already in arc-2016.03 toolchain
and removed completely starting from arc-2016.09.
Direct replacement is -mcpu=XXX which is already supported by
arc-2016.03 used today in Lede.
With that change we'll be ready for ARC toolchain update still
keeping everything working with current tools.
Signed-off-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
Cc: John Crispin <john@phrozen.org>
Refresh patches for all targets that support kernel 4.4.
Compile-tested on all targets that use kernel 4.4 and aren't marked
broken, except arc770 and arch38 due to broken toolchain.
Runtime-tested on ar71xx, octeon, ramips and x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This patch moves the fakeroot code required by some devices to
`image-commands.mk`.
Create the fakeroot on the fly by using the undocumented -s (skip copy)
parameter of mkimage.
Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
[remove unused NETGEAR_KERNEL_MAGIC, remove workarounds to have a dummy
rootfs for mkimage]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Refreshed patches for all supported targets.
Compile-tested on ar71xx, cns3xxx, imx6, mt7621, oxnas and x86/64.
Run-tested on ar71xx, cns3xxx, imx6 and mt7621.
Tested-by: Stijn Segers <francesco.borromini@inventati.org>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Since the main stamp file depends on the _check stampfile, the _check
stampfile needs to be created on the first run as well.
Fixes spurious rebuilds with CONFIG_AUTOREBUILD=y
Signed-off-by: Felix Fietkau <nbd@nbd.name>
some of Buffalo DHP series use slightly different trx magic, buffalo-enc,
buffalo-tag, and factory image begin with 'bgn'.
this patch adds support for building those images.
Signed-off-by: FUKAUMI Naoki <naobsd@gmail.com>
Bump kernel to 4.4.44. Compile-tested on ar71xx, ramips/mt7621 and x86/64.
.44 has been run-tested on the 17.01 branch here on ar71xx and mt7621.
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
If the base-files package is not selected, we will fail executing the
very first postinst script:
make[3]: Leaving directory `/local/users/fainelli/openwrt/trunk'
cp -fpR
/local/users/fainelli/openwrt/trunk/build_dir/target-arm_xscale_musl-1.1.15_eabi/root-orion
/local/users/fainelli/openwrt/trunk/build_dir/target-arm_xscale_musl-1.1.15_eabi/root.orig-orion
./usr/lib/opkg/info/busybox.postinst: line 3:
/local/users/fainelli/openwrt/trunk/build_dir/target-arm_xscale_musl-1.1.15_eabi/root-orion/lib/functions.sh:
No such file or directory
./usr/lib/opkg/info/busybox.postinst: line 4: default_postinst: command
not found
postinst script ./usr/lib/opkg/info/busybox.postinst has failed with
exit code 127
make[2]: *** [package/install] Error 1
Check for the existence of lib/functions.sh, and if it does not exist,
just bail out gracefully.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Require-User is handled by /etc/uci-defaults/13_fix_group_user on first
boot, so we need to keep these when removing all opkg data with
CONFIG_CLEAN_IPKG.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
According to some reports, -march=pentium-mmx is a better choice for
older Geode CPUs than -march=geode anyway.
Bump the minimum architecture of the legacy target from i486 to
pentium-mmx. Anything older is not worth supporting anyway.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This avoids repeatedly unpacking and rebuilding packages that are
failing the build. Re-running the failing step should be much faster.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Calling the clean target removes all .ipk files and un-stages the
package. Add a new target just for clearing the build dir and call that
one instead of the full clean target
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This is used to save space on buildbot instances.
If any part of a package needs to be rebuild, the whole package is
rebuilt from scratch. Stamp files are preserved to allow dependency
checks to work
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This makes the build slightly more efficient by avoiding the need to
re-stage packages on every full build run.
It is also necessary for the upcoming CONFIG_AUTOREMOVE feature
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This makes the build slightly more efficient by avoiding the need to
re-stage packages on every full build run.
It is also necessary for the upcoming CONFIG_AUTOREMOVE feature
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The make target does not rewrite the file if the contents didn't
change. This causes make to always consider the target old.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Before SUBDIR was set to $(PATCHVER) which may
or may not include the minor version number of
the linux kernel version. Usually it doesn't.
So the git-clone'd linux kernel was packed without
the minor version number taken into account, which
broke further processing, as it expected the
extracted dir being named linux-$(LINUX_VERSION)
(=with minor version) rather than linux-$(PATCHVER)
(=without minor version).
Changing SUBDIR to $(LINUX_VERSION) creates
consistent behaviour here.
Signed-off-by: Mirko Vogt <mirko-openwrt@nanl.de>
Using a single host package staging dir (and build dir) significantly speeds up
builds when multiple targets are built in succession, especially for large host
packages like NodeJS.
$(STAGING_DIR)/host is kept in addition to $(STAGING_DIR_HOSTPKG) in most
places; it is still used as destination for host files in Build/InstallDev.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Currently system log is always included as a part of ubox. Add logd as a
seperate package and add it to default packages list.
Signed-off-by: Andrej Vlasic <andrej.vlasic@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
Make sure binaries install to STAGING_DIR_HOSTPKG are still found when
this variable is eventually modified.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This reduces the amount of hacks in the makefile code.
Remove the apm821xx code to do the same - it was broken and left both
compressed and uncompressed images in $(BIN_DIR)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The generated 'its' is passed to mkimage which expects linux arch
strings rather than the full arch (e.g. mips not mipsel).
It currently works in some cases where LINUX_KARCH == ARCH but
otherwise you get an unknown arch build error.
Signed-off-by: Ian Pozella <Ian.Pozella@imgtec.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The removal of the ".+Package" pattern in scan.mk also caused the build
system to skip over Makefiles defining only kmods. Adjust the grep pattern
to consider packages with "call KernelPackage" signatures as well.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commit af0b91c "allow scan.mk to find python packages introduced in [8639]"
added some special casing to scan.mk to accomodate some nonstandard python
packages.
Nowadays this pattern is not needed anymore and produces false positives
when using the LEDE source repository as feed within the SDK since the
metadata scanning wrongly picks up target/imagebuilder/Makefile as package,
leading to an "ERROR: please fix feeds/base/target/imagebuilder/Makefile"
message.
Remove the now uneeded pattern to fix such stray errors during metadata
scanning.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Instead of passing HOST_CONFIGURE_VARS as arguments to the configure script,
pass it as environment variables which brings the logic in line with the
behaviour of package-defaults.mk.
The change is needed since passing environment variables as configure
parameters only works with GNU autoconf which evaluates command line arguments
looking like variable assignments. Doing the same with non-autoconf configure
scripts is not guaranteed to work since such scripts might terminate due to
unknown argument errors.
One example case is the cmake configure script which bails out when called
as "./configure LDFLAGS=..." but not when called as "LDFLAGS=... ./configure".
Also change the SHELL override to CONFIG_SHELL in the default
HOST_CONFIGURE_VARS as the former is not properly propagated through the
various GNU configure invocations since it gets lost when configure re-
executes itself.
A prior attempt to change the variable placement had to be reverted due to
the missing SHELL -> CONFIG_SHELL change, leading to misgenerated libtool
executables in various packages.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This reverts commit 8395b63aac616f72fd835c59240fc2a4a6b28106.
Various host builds currently rely on the broken behaviour of
HOST_CONFIGURE_VARS so roll back to the previous state.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Ensure that HOST_CONFIGURE_VARS are set before the actual configure command
instead of passing them as configure command arguments.
This change brings host-build.mk in line with package-defaults.mk and makes
host configure environment variables work as expected.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This will be used to simplify the build system code for checking hashes.
Instead of using various variants of md5sum / openssl, use one simple
utility for all of them
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add a call to KernelPackage/$(1)/$(BOARD)/$(SUBTARGET) to the
KernelPackage macro. This allows to add kernel packages for x86/64,
without breaking x86. It's not possible to do this with BOARD, as
BOARD=x86 for x86_64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Looks like this was meant to workaround some limitations with
non-GNU tar variants (like BSD-tar which are present on Mac os BSD hosts).
Though, I cannot find any use of that `+s` option that's mentioned
in the comment.
Last hash of this I found was 24faf55360
In my case, it now this fails for `python-setuptools` on Mac OS X (the host-build with):
```
trapret 2 tar -C <home-dir>/work/sources-work/lede/build_dir/target-i386_pentium4_musl-1.1.15/python-setuptools-27.2.0 --strip-components=1 -xzf <home-dir>/work/sources-work/lede/dl/setuptools-27.2.0.tar.gz
bash: trapret: command not found
```
So, I was thinking maybe it's time to remove this workaround (9 years later).
I could also fix the `python-setuptools` host build. If that's more preferred.
[ Btw, I just recently transitioned to a Mac machine for dev-ing,
so a lot of (this Mac) stuff I'm finding out is new to me too. ]
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This makes it easier to unify versioning of git based package downloads.
PKG_SOURCE_DATE along with an 8-character abbreviation of the git hash
is used as PKG_VERSION, PKG_RELEASE should be used like normal packages.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This adds support for install-overlay define. When used in package it
allows installing files to a special directory that gets copied to the
root when installing it.
It allows overwriting files provided by other packages.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Bump & refresh patches for all 4.4 targets.
Compile & run tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
This will attempt to automatically fix common mistakes like using MD5
instead of SHA256, using the MD5SUM variable instead of HASH, or even a
missing mirror file hash.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This is intended to be used for a wide array of package sanity checks.
The first check that is implemented is for the hash of downloaded files.
It checks:
- Missing hash
- Use of SHA256 instead of MD5
- dl/<file> hash not matching hash in makefile
- deprecated MD5SUM variable
The deprecated MD5SUM variable check is skipped for feeds/ until OpenWrt
is updated as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Since we've switched to preferring SHA256 over MD5, the old variable
name is misleading. Packages using the old name remain compatible.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Calling a build ##.##-CURRENT might mislead users into thinking that this
build is the most current release of a branch.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This will avoid loading it in the default configuration, which reduces
image size a bit, and (more importantly) improves performance by
avoiding some unnecessary netfilter hooks
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The xt_id match was used by the firewall3 package to track its own rules but
the approach has been changed to use xt_comment instead now, so we can drop
this nonstandard extension.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Now that the VERSION_NUMBER variable holds the human friendly name and not
the commit ID anymore, we need to support adding the revision ID as well.
Introduce a new config variable CONFIG_VERSION_CODE_FILENAMES which, if set,
causes the resulting file names to contain a commit ID designation as printed
by scripts/getver.sh.
Also sanitize the input variables to ensure that the resulting strings are
lowercased and no not contain spaces.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Utilize the existing git download logic from include/download.mk and migrate
the kernel download over to it. This avoids repeatedly cloning kernel sources
after a make target/linux/clean for instance.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix build error]
This is going to be used to migrate the hand rolled git clone for the kernel
into using the git download method. The kernel uses custom options that we may
have to pass down.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Move the revision info to the VERSION_CODE variable and default VERSION_NUMBER
to CURRENT for master branch builds.
Also introduce a new menuconfig option CONFIG_VERSION_CODE which allows users
to override the revision value put into VERSION_CODE and adjust the template
files used by the base-files package to accomodate for the changed semantics.
While we're at it, also adjust the various URLs to match the current web site.
After this commit, the relevent files will look like the examples given below:
# cat /etc/openwrt_version
r2398+1
# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='CURRENT'
DISTRIB_REVISION='r2398+1'
DISTRIB_CODENAME='reboot'
DISTRIB_TARGET='x86/64'
DISTRIB_DESCRIPTION='LEDE Reboot CURRENT r2398+1'
DISTRIB_TAINTS='no-all override'
# cat /usr/lib/os-release
NAME="LEDE"
VERSION="CURRENT, Reboot"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Reboot CURRENT"
VERSION_ID="current"
HOME_URL="http://lede-project.org/"
BUG_URL="http://bugs.lede-project.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r2398+1"
LEDE_BOARD="x86/64"
LEDE_TAINTS="no-all override"
LEDE_DEVICE_MANUFACTURER="LEDE"
LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="LEDE Reboot CURRENT r2398+1"
On a release branch, those files would look like:
# cat /etc/openwrt_version
r2399
# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='16.12-CURRENT'
DISTRIB_REVISION='r2399'
DISTRIB_CODENAME='test_release'
DISTRIB_TARGET='x86/64'
DISTRIB_DESCRIPTION='LEDE Test Release 16.12-CURRENT r2399'
DISTRIB_TAINTS='no-all override'
# cat /usr/lib/os-release
NAME="LEDE"
VERSION="16.12-CURRENT, Test Release"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Test Release 16.12-CURRENT"
VERSION_ID="16.12-current"
HOME_URL="http://lede-project.org/"
BUG_URL="http://bugs.lede-project.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r2399"
LEDE_BOARD="x86/64"
LEDE_TAINTS="no-all override"
LEDE_DEVICE_MANUFACTURER="LEDE"
LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="LEDE Test Release 16.12-CURRENT r2399"
On a release tag, those files would look like:
# cat /etc/openwrt_version
r2500
# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='17.02.1'
DISTRIB_REVISION='r2500'
DISTRIB_CODENAME='mighty_unicorn'
DISTRIB_TARGET='x86/64'
DISTRIB_DESCRIPTION='LEDE Mighty Unicorn 17.02.1 r2500'
DISTRIB_TAINTS='no-all override'
# cat /usr/lib/os-release
NAME="LEDE"
VERSION="17.02.1, Mighty Unicorn"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Mighty Unicorn 17.02.1"
VERSION_ID="17.02.1"
HOME_URL="http://lede-project.org/"
BUG_URL="http://bugs.lede-project.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r2500"
LEDE_BOARD="x86/64"
LEDE_TAINTS="no-all override"
LEDE_DEVICE_MANUFACTURER="LEDE"
LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="LEDE Mighty Unicorn 17.02.1 r2500"
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Felix Fietkau <nbd@nbd.name>
The SDK Makefile still trys to copy the docs folder which was removed
with 882f4d2d63. This causes an SDK build
error.
All other removals are just cleanup.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Refresh patches on all 4.4 supported platforms.
077-0005-bgmac-stop-clearing-DMA-receive-control-register-rig.patch
removed as now upstream.
Compile & run tested: ar71xx - Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Targets like malta can have no patches/ directory available and this
commit tries quash "no such file or directory" messages from `find`
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Refresh patches for all targets that support kernel 4.4.
Compile-tested on all targets that use kernel 4.4 and aren't marked broken.
Runtime-tested on ar71xx, octeon.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
If a package nonshared status is changed, a stale .ipk file might still
be present in the old package directory. Remove the .ipk file from all
package directories when building a new one (or explicitly running
clean)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Specifying a mtune option with cortex-a53 is also valid for an aarch64
toolchain
Fixes: SVN 48964
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
This patch bumps the 4.4 kernel from .28 to .30 and refreshes the patches.
Compile-tested on ar71xx, x86/64, ramips/mt7621, brcm47xx and kirkwood.
Run-tested on ar71xx & ramips/mt7621, brcm47xx and kirkwood (last two confirmed
by P. Wassi).
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
Right now the $(PKG_INSTALL_STAMP) files are only written if a package is
selected as <*> but never deleted or emptied if the corresponding package
is getting deselected.
For ordinary packages this usually is no problem as the package/install
recipe performs its own check for enabled packages when assembling the
list of install stamp files to consider, but this logic might fail under
certain circumstances for packages providing multiple build variants.
In case of a multi-variant package, the buildroot first checks if any
of the variants is enabled, then resolves all variants of the common
source package and finally processes the corresponding .install stamp
files of all variants, relying on the assumption that only the selected
.install stamp file exists.
When an initially selected variant is getting deselected or changed from
<*> to <m> and another variant is marked as <*> instead, the .install
stamp file of the deselected variant remains unchanged and a second
.install stamp file for the newly selected variant is getting created,
causing the package/install recipe to pick up two .install stamps with
conflicting variants, leading to opkg file clashes.
This issue happens for example if package "ip" is set to <m> and package
"ip-full" to <*> - the install command will eventually fail with:
* check_conflicts_for: The following packages conflict with ip:
* check_conflicts_for: ip-full *
* opkg_install_cmd: Cannot install package ip.
In order to fix the problem, always process the removal requests or the
.install stamp files, even for deselected packages but only write the
package base name into the stamp file if the corresponding package is
marked as builtin.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Instead of hardcoding $(STAGING_DIR)/host, use the new $(STAGING_DIR_HOSTPKG)
variable to refer to the directory.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on ar71xx, brcm47xx, kirkwood.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
There is very little practical use to limit the number of available inodes on
an ext4 filesystem and the make_ext4fs utility is able to calculate useful
defaults by itself.
Drop the option to make resulting ext4 filesystems more flexible by default.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Michael Heimpold <mhei@heimpold.de>
Allow CONFIG_TARGET_EXT4_RESERVED_PCT to be empty as make_ext4fs is usually
able to figure out a suitable default.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Reviewed-by: Michael Heimpold <mhei@heimpold.de>
Refresh patches for all targets supporting 3.18 and not marked broken.
Compile-tested on all targets using 3.18 and not marked broken.
Changes to generic/610-netfilter_match_bypass_default_checks.patch based
on 84d489f64f.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refresh patches for all targets supporting 4.1 and not marked broken.
Compile-tested on all targets using 4.1 and not marked broken.
Changes to generic/610-netfilter_match_bypass_default_checks.patch based
on 84d489f64f.
Changes to generic/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch based
on a90ee92337.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on brcm2708/bcm2710 only.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on cns3xxx & imx6.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
When building packages within the SDK, there is no Git revision history
available so prepopulate SOURCE_DATE_EPOCH in version.mk, similar to
how we handle REVISION already.
Acked-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on cns3xxx & imx6.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The normal Prepare step for a build is unpack, apply patches.
But for certain packages, patches contain whole files, which
would be nice to have separately and copied over as a last step
in the Prepare phase.
We need it for some other packages + patches, but I think
the 'hostapd' package can be used as a test for this.
As a quick note:
the reason the condition is being evaluated as
`[ ! -d ./src/ ] || $(CP) ./src/* $(HOST_BUILD_DIR)`
and not with
`[ -d ./src/ ] && $(CP) ./src/* $(HOST_BUILD_DIR)`
is that the latter would translate in a build failure if the `src`
folder is not present (the exit code would be 1).
The first one, succeeds for both cases (if `src` present or not).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
We have packages with their own parts appended to standard STAMP_CONFIGURED
(mostly with an underscore character). This will render the current
STAMP_CONFIGURED_WILD setting invalid and the build system may miss a rebuild
on config change
1. Build with config A
2. Build with config B, yet .configured_A_xx did not get cleaned
3. Return to config A, but rebuild will not happen because stamp file
of config A still exists
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
0.19.8.1 gettext-full uses "archive-version" of 0.19.8
to replace makros, leading to breakage of PKG_FIXUP:=gettext-version
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
Instead of using TARGET_CFLAGS and EXTRA_CFLAGS in cmake and scons
build use the TARGET_CXXFLAGS and EXTRA_CXXFLAGS like it is done for
normal make and configure. configure used TARGET_CXXFLAGS and
EXTRA_CFLAGS for the CXXFLAGS. The package-default.mk sets
"EXTRA_CXXFLAGS = $(EXTRA_CFLAGS)" so using EXTRA_CXXFLAGS flags should
be save.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Adjust the check for gcp (GNU copy command) to rule out false positives
with "Goffi's CoPier" a python copy command.
Fixes FS#218.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on brcm2708/bcm2710 only.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Package/*/install was using a different PATH than all other steps like
Build/Install, which was confusing and easily led to mistakes.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Having a different PATH in Host/Install than in other steps like Host/Build
is confusing and easily leads to mistakes. Setting all of Host/Exports
makes host builds match target builds (Build/Install is part of
$(STAMP_BUILT), which has Build/Exports set).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
It seems the intention was to add both $(STAGING_DIR_HOST)/... and
$(STAGING_DIR)/host/... instead of passing $(STAGING_DIR_HOST) twice. This
makes the definition match HOST_CPPFLAGS and HOST_LDFLAGS.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Using HOST_BUILD_PREFIX instead of STAGING_DIR_HOST will make the argument
work as expected from packages.
Nothing changes for tools, for which HOST_BUILD_PREFIX and STAGING_DIR_HOST
are equivalent.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Adds a slightly higher compression level to xz by default which roughly raises memory usage from 100MiB to about 200MiB during compression, about 10MiB for decompression. (Source: xz manpage)
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Apply a number of changes to the tarball generation in order to produce
identical files on different systems:
1) Use an explicit `gzip -cn` to avoid storing file mtime in the gzip header
2) Instruct `tar` to unconditionally use uid and gid 0 for archive members
3) Instruct `tar` to sort archive members by file name
4) For SCMs that do not preserve file modification times like Git or Mercurial,
use the date of the last commit to the repository and pass it as `--mtime`
value to `tar`
After these changes, locally produced tarballs generated from SCM checkouts
should be identical on any system, simplifying the mirroring of cache archives.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The build system overrides HOST_LOADLIBES to add the staging dir to the
library search path. menuconfig needs -lncurses, add another override
for it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
For now we only want to ensure that the group permission mask is permissive
enough to not clobber required permissions on the rootfs, so allow less
strict masks as well.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When building LEDE with umask values other than 022, the resulting packages
will embed improper permissions, which may lead to random errors or non-
functional scripts on the target.
In order to make users aware of this problem, add a build-prereq check to
assert a correct umask setting before starting the build.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The nf_reject_* and nf_nat_masquerade_* modules are moved into the
corresponding kmod-nf- packages. Appropriate dependencies are added to the
kmod-nft- packages.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on brcm2708/bcm2710 only.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Forgot to update kernel-version.mk, so updated patch. Compile-tested on x86/64 and ar71xx; run-tested on x86/64 and ar71xx.
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
The Gluon firmware framework [1] uses postinst scripts for sanity checks.
Make the build fail when a postinst script exits with an error to make
these sanity checks effective.
All postinst scripts in packages from the LEDE core and the packages feed
seem to work correctly with this change and will always return 0 unless
something is very broken.
[1] https://github.com/freifunk-gluon/gluon
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Especially --force-overwrite and --force-depends will often lead to broken
images; it's better to fail the build in such cases than to silently ignore
the errors.
Instead, ignore errors in the per-device rootfs opkg remove command, so
the build doesn't break when packages can't be removed because of
dependencies.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Some DEVICE_PACKAGES definitions replace one package variant with another
(e.g. wpad-mini is replaced with wpad). To avoid file conflicts, first
remove, then install packages.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Modifying the file permissions can be harmful, as it would make files
world-readable even if they weren't in the ipk packages. The
Image/mkfs/prepare step is removed completely, as it is redundant now (/tmp
and /overlay are already provided by base-files with the correct
permissions).
It has been verified that this change does not affect any permissions of
files in the default package set except /etc/ppp/chap-secrets, which was
world-readable before. All packages not in the default set are more likely
to be installed via opkg than being part of a base image and thus were
usually not affected by the permission modification anyways.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Running prepare_rootfs on TARGET_DIR deletes the opkg state when
CONFIG_CLEAN_IPKG is enabled, making the per-device rootfs package install
fail.
To avoid this, create a copy of the TARGET_DIR before prepare_rootfs is run
and use this as basis for per-device rootfs generation.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Add a new option to each device in multi-profile mode, allowing to provide
a list of packages to add or remove. In case of added packages, the user
must take care that these are selected to be built.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
opkg's -l option is always interpreted relative to the installation root.
This leads to very weird paths inside the rootfs (containing the whole path
to the LEDE tree on the build machine) and causes the subsequent deletion
of the list directory to fail (cluttering the resulting images).
Instead, use the default list directory and remove its contents in
prepare_rootfs.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Using pad-to instead of passing the optional padding to append-kernel
or append-rootfs. It could be that the value of a variable is passed.
In case the variable is empty no error is thrown.
Furthermore the purpose of the extra parameter is hard to get without
reading the code.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Only add them where they are actually required.
Should help with compatibility issues with stock U-Boot images that
access UBI
Signed-off-by: Felix Fietkau <nbd@nbd.name>
At the moment the padding steps are hardcoded. Especially images for
devices with a 4K sector size can be unnecessarily bloated using the
hardcoded padding steps.
It has been observed that 192Kb of padding was added to the image of a
4MB device, albeit due to the 4K sector size the minimum required extra
padding for the jffs2 rootfs_data is 20Kb.
In worst case it means that the image-size check could fail albeit
there is enough space for all selected packages
For device build code not exposing the blocksize, use the hardcoded
padding further on.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Allows to use the same unit for all definitions of the blocksize to be
consistent regardless of the used filesystem.
Signed-off-by: Mathias Kresin <dev@kresin.me>
A few linux BSP's create a manifest file of installed packages for a given
target in order to help them understand exactly what's on their images. Create
one here as well as a build artifact since many users have an affinity to
prune down on packages to save valuable flash space.
Signed-off-by: Pushpal Sidhu <psidhu@gateworks.com>
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
1004kc is just a SMP capable 34kc, and GCC treats 24kc and 34kc exactly
the same and will generate identical code, so there is no need to tune
to 1004kc instead of 24kc.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Refresh patches for all targets that support kernel 4.4.
Compile-tested on all targets that use kernel 4.4 and aren't marked broken.
Runtime-tested on ar71xx, octeon and x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Pass KERNEL_FILE_DEPENDS to rdep instead of PKG_FILE_DEPENDS, which is
empty. Also don't pass $(CURDIR) as the directory to timestamp, as it
would also pick up non kernel related changes like image building code.
Should fix kernel being rebuild for unrelated changes, as well as not
being rebuild for changes in target/linux/generic.
Fixes: 22ef1c83b3 ("kernel: make the kernel build auto-clean the build dir like package build")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
When the kernel build picks up a localversion file in the source tree,
that string is unconditionally appended to LOCALVERSION and affects the
uname string.
Make sure to delete any such file.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
When building the kernel from a git repository, the kernel build appends
either a + or a short commit hash to localversion.
This behaviour can be prevented by passing the empty LOCALVERSION variable
to make.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
Similar how we fix the file times in the filesystems, fix the build time
of the kernel, and make the build number static. This should allow the
kernel build to be reproducable when combined with setting the
KERNEL_BUILD_USER and _DOMAIN in case of different machines.
The reproducability only applies to non-initramfs kernels, those still
require additional changes.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
9pfs is used by kvm to share files between host and guest,
add proper config option to enable it.
Signed-off-by: Matteo Croce <matteo.croce@canonical.com>
Since the only difference between 24Kec and 24Kc is the addition of DSP
ASE support, and we don't use it anymore, there is no need to keep 24Kec
as a separate cpu type.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
There does not seem to be any meaningful difference in generated code.
This will save some time and space on snapshot builds
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Now that we globally calculate sha256sums over the bin/ directory we can remove
the target image specific checksum handling.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Some packages need out of source tree building with cmake, for example
when building kernel modules.
See an example here:
https://sourceforge.net/p/accel-ppp/code/ci/master/tree/README
Signed-off-by: Luke McKee <hojuruku@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup, rework]
Now that the "sysupgrade-nand" step is used by non-NAND targets as well,
rename it to "sysupgrade-tar" to make it more generic.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>