This script allows image signing indipendend of the actual build
process, to run on a master server after receiving freshly backed
images. Idea is to avoid storying private keys on third party builders
while still beeing to be able to sign packages.
Run ./scripts/sign_images.sh with the following env vars:
* TOP_DIR where to search for sysupgrade.bin images
* BUILD_KEY place of key-build{,.pub,.ucert}
* REMOVE_OTHER_SIGNATURES removes signatures added by e.g. buildbots
Only sysupgrade.bin files are touched as factory.bin signatures wouldn't
be evaluated on stock from.
Signed-off-by: Paul Spooren <mail@aparcar.org>
This separates the options for signature creation and verification
* SIGNED_PACKAGES create Packages.sig
* SIGNED_IMAGES add ucert signature to created images
* CHECK_SIGNATURE add verification capabilities to images
* INSTALL_LOCAL_KEY add local key-build to /etc/opkg/keys
Right now the buildbot.git contains some hacks to create images that
have signature verification capabilities while not storing private keys
on buildbot slaves. This commit allows to disable these steps for the
buildbots and only perform signing on the master.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The ar71xx images for the Ubiquiti NanoStation M (XM) devices use
"nanostation-m" as board name, but the ath79 images are only
compatible with the "nano-m" board name, so sysupgrade complains.
By changing this additional supported device, sysupgrade smoothly
upgrades from ar71xx to ath79.
Ref: openwrt#2418
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
In lantiq, ath9k caldata extraction is implemented to work in two
alternate "modes", the standard one and another one with swapped
byte pairs.
This rearranges the functions so "standard" use is based on the
caldata.sh library, while only a single local function is required
for the special case.
Note that while the parameter for switching between normal and swab
is removed, the size of the caldata is added to the function calls
to stay consistent.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
'append-uImage-fakehdr' can now accept magic number as a second, optional
parameter (passed directly to 'mkimage' command with '-M' option). This
enables construction of proper Netgear-specific fake rootfs images
(required for flashing WNDR4300 for example).
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
Change WAN LED behaviour to be consistent with other Netgear
routers running OpenWrt. Instead of link speed, use amber colour
to indicate link status. Green LED should be used when Internet
connection is up and running.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
GPIO key labels have been changed to standard ones (rfkill, reset, wps).
It does not affect button functionality.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
The code line patching ath9k MAC address for this device contains
a wrong number of arguments including an unset "$mac", which
looks like a typo or copy/paste mistake.
This has been introduced already in the device support commit
745dee11ac ("ath79: add support for WD My Net Wi-Fi Range
Extender").
This patch just removes the "$mac" argument, leaving a formally
valid line. (No on-device test has been performed.)
Cc: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This patch improves ath79 support for Netgear WNR612v2.
Router functionality becomes identical to ar71xx version.
Changes include:
* software control over LAN LEDs via sysfs
* correct MAC addresses for network interfaces
* correct image size in device definition
* dts: 'keys' renamed to 'ath9k-keys'
* dts: 'label-mac-device' set to eth1 (LAN)
* dts: formatting adjustments
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
Currently AR724x pinmux for register 0x18040028 controls only JTAG disable bit.
This patch adds new DTS settings to control LAN LEDs and CLKs that allow
full software control over these diodes - exactly the same is done by ar71xx
target in device setup phase for many routers (WNR2000v3 for example).
'switch_led_disable_pins' clears AR724X_GPIO_FUNC_ETH_SWITCH_LED[0-4]_EN bits.
'clks_disable_pins' clears AR724X_GPIO_FUNC_CLK_OBS[1-5]_EN and
AR724X_GPIO_FUNC_GE0_MII_CLK_EN bits. These all should be used together, along
with 'jtag_disable_pins', to allow OS to control all GPIO-connected LEDs and
buttons on device.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
Sitecom WLR-7100 v1 002 (marketed as X7 AC1200) is a dual band wireless
router.
Specification
SoC: Atheros AR1022
RAM: 64 MB DDR2
Flash: 8 MB SPI NOR
WIFI: 2.4 GHz 2T2R integrated
5 GHz 2T2R QCA9882 integrated (connected to PCIe lane)
Ethernet: 5x 10/100/1000 Mbps QCA8337N
USB: 1x 2.0
LEDS: 4x GPIO controlled, 5x switch
Buttons: 2x GPIO controlled
UART: row of 4 unpopulated holes near USB port, starting count from
white triangle on PCB
1. VCC 3.3V, 2. GND, 3. TX, 4. RX
baud: 115200, parity: none, flow control: none
Installation
1. Connect to one of LAN (yellow) ethernet ports,
2. Open router configuration interface,
3. Go to Toolbox > Firmware,
4. Browse for OpenWrt factory image with dlf extension and hit Apply,
5. Wait few minutes, after the Power LED will stop blinking, the router
is ready for configuration.
Known issues
5GHz LED doesn't work
Additional information
When TX line on UART is connected, and board is switched on from power
off state, the DDR memory training may fail.
If connected to UART, when prompted for number on boot, one can enter
number 4 to open bootloader (U-Boot) command line.
OEM firmware shell password is: SitecomSenao
useful for creating backup of original firmware.
There is also another revision of this device (v1 001), which may or may
not work with introduced images.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Erasesize doesn't belong in the u-boot env config for block devices as it is
known to be 512 byte aligned.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
This commit adds support for the 32MB storage/512MB RAM version of the U4019
IPQ4019-based board from Unielec. The board has the following specifications:
* Qualcomm IPQ4019 (running at 717MHz)
* 512MB DDR3 RAM (optional 256MB/1GB)
* 32MB SPI NOR (optional 8/16MB or NAND)
* Five gigabit ports (Qualcomm QCA8075)
* 1x 2.4 GHz wifi (QCA4019 hw1.0)
* 1x 5 Ghz wifi (QCA4019 hw1.0)
* 1x mini-PCIe slot (only USB-pins connected)
* 1x SIM slot (mini-SIM)
* 1x USB2.0 port
* 1x button
* 1x controllable LED
* 1x micro SD-card reader
Working:
* Ethernet
* Wifi
* USB-port
* mini-PCIe slot + SIM slot
* Button
* Sysupgrade
Not working:
* SD card slot (no upstream support)
Installation instructions:
In order to install OpenWRT on the U4019, you need to go via the
initramfs-image. The installation steps are as follows:
* Connect to board via serial (header exposed and clearly marked).
* Interrupt bootloader by pressing a button.
* Copy the initramfs-image to your tftp folder, call the file C0A80079.img.
* Give the network interface connected to the U4019 the address
192.168.0.156/24.
* Start your tftp-server and run tftpboot on the board.
* Run bootm when the file has been transferred, to boot OpenWRT.
* Once OpenWRT has booted, copy the sysupgrade-image to the device and run
sysupgrade to install OpenWRT on the U4019.
Notes:
- Since IPQ4019 has been moved to 4.19, I have not added support for kernel
4.14.
- There is a bug with hardware encryption on IPQ4019, causing poor performance
with TCP and ipsec (see for example FS#2355). In order to improve performance,
I have disabled hardware encryption in the DTS. We can enable hw. enc. once/if
bug is fixed.
- In order for Ethernet to work, the phy has to be reset by setting gpio 47
low/high. Adding support for phy reset via gpio required patching the
mdio-driver, and the code added comes from the vendor driver. I do not know if
patching the driver is an acceptable approach or not.
v1->v2:
* Do not use wildcard as identifier in the board.d-scripts (thanks
Adrian Schmutzler).
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
The device did not appear to be reachable unless the connection were
forced to 100Mb or lower. Revert to previously working pll-data.
Also fix the phy-mode to represent the actual state needed for ethernet
to function.
Reported-by: Moritz Schreiber <moritz@mosos.de>
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
[add remark about phy-mode property]
Signed-off-by: David Bauer <mail@david-bauer.net>
The main motivation is to drop and stop maintaining
"100-debian_shared_lib.patch". It lacks the logic to include custom
implementation of several functions like pcap_strlcpy() which can cause
build failures when glibc is used [2]
CAN and CAN-USB support related symbols are now handled by general linux
support, see [1]
"-ffunction-sections -fdata-sections" were removed as they should help
much for shared libraries
Size comparison before and after the change
-rw-r--r-- 1 yunion yunion 238042 Oct 18 11:42 ipkg-x86_64/libpcap/usr/lib/libpcap.so.1
lrwxrwxrwx 1 yunion yunion 16 Oct 18 13:03 ipkg-x86_64/libpcap/usr/lib/libpcap.so.1 -> libpcap.so.1.9.1
-rwxr-xr-x 1 yunion yunion 229867 Oct 18 13:03 ipkg-x86_64/libpcap/usr/lib/libpcap.so.1.9.1
[1] On Linux, handle all CAN captures with pcap-linux.c, in cooked mode,
93ca5ff703
[2] https://github.com/openwrt/packages/issues/10270
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This patch contains updated driver for Atheros NAND Flash Controller
written originally by Gabor Juhos for ar71xx (aka 'ar934x-nfc').
ath79 version has adapted to work with kernel 4.19 and Device Tree.
It has also been renamed to 'ar934x-nand' to avoid confusion with
Near-Field Communication technology.
Controller is present on Atheros AR934x SoCs and required for accessing
internal flash storage on routers like Netgear WNDR4300.
This port preserves all NAND programming code while moving platform
configuration to Device Tree and replacing some kernel functions marked
for retirement by 4.19.
Suitable definition is included in 'ar934x.dtsi' ('nand@1b000200' section).
Most important changes to ar71xx version are:
* old kernel sections of code removed
* 'bool swap_dma' provided by platform data is now set by boolean DT
property 'qca,nand-swap-dma'
* board-supplied (mach-*.c code) platform data removed - its elements
become either unused, redundant or replaced by DT methods (like reset)
* IRQ is reserved by devm_request_irq() so free_irq() is not needed anymore
* calls to deprecated nand_scan_ident() + nand_scan_tail() function pair
replaced by using recommended nand_scan() with attach_chip() callback
* ECC is set to hardware by default, can be overriden by standard DT
'nand-ecc-*' properties (software Hamming or BCH are other options)
This driver has been successfully tested on Netgear WNDR4300 running
experimental ath79 OpenWrt master branch.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
[add reset control]
Signed-off-by: David Bauer <mail@david-bauer.net>
edma_read_append_stats() gets called from two places in the driver.
The first place is the kernel timer that periodically updates
the statistics, so nothing gets lost due to overflows.
The second one it's part of the userspace ethtool ioctl handler
to provide up-to-date values.
For this configuration, the use of spin_lock() is not sufficient
and as per:
<https://mirrors.edge.kernel.org/pub/linux/kernel/people/rusty/kernel-locking/c214.html>
the locking has to be upgraded to spin_lock_bh().
Signed-off-by: Masafumi UTSUGI <mutsugi@allied-telesis.co.jp>
[folded patch into 710-, rewrote message]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Modify GL-AR300M-Lite and GL-AR300M (NOR):
* Include qca9531_glinet_gl-ar300m.dtsi directly
rather than qca9531_glinet_gl-ar300m-nor.dts
* Remove redundant inclusion of gpio.h and input.h
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This adds engine configuration sections to openssl.cnf, with a commented
list of engines. To enable an engine, all you have to do is uncomment
the engine line.
It also adds some useful comments to the devcrypto engine configuration
section. Other engines currently don't have configuration commands.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Makefile changes:
- moves PKG_MAINTAINER above PKG_LICENSE
- Change PKG_LICENSE to LGPL-2.1-or-later and correct PKG_LICENSE_FILES
- changes URL to a more appropriate one, which uses HTTPS
- adds 2 spaces as an indentation in description
Compile and run tested on Turris Omnia, mvebu
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This patch fixes the build of gdb and strace on arm64 targets with
kernel 4.19.
Without this patch asm/ptrace.h is including asm/sigcontext.h and this
file defines some structures which are also defined in musl header file
arch/aarch64/bits/signal.h. These two definitions then conflict with
each other and make the build fail.
This was seen locally and also by the build bot. The struct sigcontext,
struct sve_context and some others were defined twice. It looks like
this problem was introduced between 4.14 and 4.19 and it was fixed in
5.0. I already requested to backport this patch to kernel 4.19.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes a compilation error as follows:
drivers/staging/fsl_qbman/qman_config.c:815:29: error: bitwise comparison
always evaluates to false [-Werror=tautological-compare]
if ((qman_ip_rev & 0xFF00) == QMAN_REV31) {
Signed-off-by: Biwen Li <biwen.li@nxp.com>
if gcc not linker whith this LDFLAGS, "file libbz2.so.1.0.8" will
recognize as pie executable ELF file ( which should be shared object).
this because the file command version before 5.36 not recognize
correctly.
Signed-off-by: leo chung <gewalalb@gmail.com>
This updates mac80211 to backports based on kernel 5.4-rc2
ath10k-ct was updated to match the API changes and iw now uses the new
nl80211.h header file.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch fixes what seems to be a simple copy & paste
error with the unit-address of the BOOTCONFIG partition.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Problem found on alpine linux when trying to `./scripts/feeds update -a`,
which results in `Build dependency: Missing seq command`.
Ref: https://github.com/openwrt/openwrt/pull/1926
Suggested-by: imShara <shara@protonmail.com>
[reworded commit and turned faulty Sob into Suggested-by]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
If system has more then one and different wwan interface (modem). Then the
wwan protohandler will always take the modem which is discovered first.
The protohandler will always setup the same interface. To fix this add a
new usb "bus" option which is associated with wwan device and so will set
the specified interface up. With this change more then one interface
could be mananged by the wwan protohandler.
If the "bus" option is not set in the uci network config then the protohandler
behaves as before the change. The protohanldler will take the first
interface which he founds.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
service_running() implementation in /etc/rc.common use it.
It is preferable to use wildcard than assuming the instance
name is the default one.
jsonfilter returns all matches when wildcards are used, hence
the -l 1 argument used to limit output to only one value.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
This is a precursor to adding proper support for multiple
6in4 tunnels with the already programmed tunlink parameter.
This is an essential sanity check so as to not break existing
and working behind NAT setups.
Signed-off-by: Sean Kenny <skenny@wfap.ca>
6in4: add myip he.net api parameter logic
This is to add proper support for multiple 6in4 tunnels
with the already programmed tunlink parameter.
As it stands before this commit, if there is a multi wan setup that
consists of dynamic ips, there is no way to use the
dynamic update feature as the he.net api is implicitly using
the ip address of the caller. This will explicitly use the
ipaddr specified in the interface config OR the ip of the
tunlink interface specified in the dynamic update api call instead
ONLY if the final resolved ipaddr variable is not an rfc1918 address.
Signed-off-by: Sean Kenny <skenny@wfap.ca>
The destination buffer size `d_len` is passed to `lzma_inflate` as a
pointer. Therefore, it needs to be dereferenced to compare its content.
Signed-off-by: Christian Franke <nobody@nowhere.ws>
The fwutil command will interpret the final 16 byte of a given firmware
image files as "struct fwimage_trailer".
In case these bytes do look like a valid trailer, we must ensure that we
print them out along with the remainder of the image to not accidentally
truncate non-trailer-images by 16 bytes when they're piped through fwtool,
e.g. as part of an image verification command sequence.
Some command sequences pipe images through fwtool in order to strip any
possible metadata, certificate or signature trailers and do not expect
bare images without any of that metadata to get truncated as other non-
fwtool specific metadata is expected at the end of the file, e.g. an
information block with an md5sum in case of the combined image format.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The prepare target was added some 11 years ago to build tools and
toolchain and was recently extended to create buildinfo files for
reproducibility, meaning {feeds,version,config}.buildinfo.
As the buildbot workflow is more complex than the single prepare (kmod
feed insertion), prepare is only used to create those buildinfo files.
Running prepare however runs `target/compile` as well, taking time even
everything is already compiled.
Splitting this allows the buildbot to run only the `buildinfo` target
while others can still use the convenience feature `prepare`.
Signed-off-by: Paul Spooren <mail@aparcar.org>