'setfiles' and others should be installed to $(STAGING_DIR_HOSTPKG)/bin
rather than $(...)/sbin which isn't in PATH.
Also using -Wl,-rpath to set library search location instead of setting
LD_LIBRARY_PATH when calling setfiles in image.mk.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
As the PWM has its own sub-system in the Linux kernel,
I think it should be handled in the same way as GPIO, RTC, PCI...
This patch introduces a specific feature flag "pwm" and the
"leds-pwm" kernel module as the first customer.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The Linksys MR8300 is based on QCA4019 and QCA9888
and provides three, independent radios.
NAND provides two, alternate kernel/firmware images
with fail-over provided by the OEM U-Boot.
Hardware Highlights:
SoC: IPQ4019 at 717 MHz (4 CPUs)
RAM: 512MB RAM
SoC: Qualcomm IPQ4019 at 717 MHz (4 CPUs)
RAM: 512M DDR3
FLASH: 256 MB NAND (Winbond W29N02GV, 8-bit parallel)
ETH: Qualcomm QCA8075 (4x GigE LAN, 1x GigE Internet Ethernet Jacks)
BTN: Reset and WPS
USB: USB3.0, single port on rear with LED
SERIAL: Serial pads internal (unpopulated)
LED: Four status lights on top + USB LED
WIFI1: 2x2:2 QCA4019 2.4 GHz radio on ch. 1-14
WIFI2: 2x2:2 QCA4019 5 GHz radio on ch. 36-64
WIFI3: 2x2:2 QCA9888 5 GHz radio on ch. 100-165
Support is based on the already supported EA8300.
Key differences:
EA8300 has 256MB RAM where MR8300 has 512MB RAM.
MR8300 has a revised top panel LED setup.
Installation:
"Factory" images may be installed directly through the OEM GUI using
URL: https://ip-of-router/fwupdate.html (Typically 192.168.1.1)
Signed-off-by: Hans Geiblinger <cybrnook2002@yahoo.com>
[copied Hardware-highlights from EA8300. Fixed alphabetical order.
fixed commit subject, removed bogus unit-address of keys,
fixed author (used Signed-off-By to From:) ]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Luma Home WRTQ-329ACN, also known as Luma WiFi System, is a dual-band
wireless access point.
Specification
SoC: Qualcomm Atheros IPQ4018
RAM: 256 MB DDR3
Flash: 2 MB SPI NOR
128 MB SPI NAND
WIFI: 2.4 GHz 2T2R integrated
5 GHz 2T2R integrated
Ethernet: 2x 10/100/1000 Mbps QCA8075
USB: 1x 2.0
Bluetooth: 1x 4.0 CSR8510 A10, connected to USB bus
LEDS: 16x multicolor LEDs ring, controlled by MSP430G2403 MCU
Buttons: 1x GPIO controlled
EEPROM: 16 Kbit, compatible with AT24C16
UART: row of 4 holes marked on PCB as J19, starting count from the side
of J19 marking on PCB
1. GND, 2. RX, 3. TX, 4. 3.3V
baud: 115200, parity: none, flow control: none
The device supports OTA or USB flash drive updates, unfotunately they
are signed. Until the signing key is known, the UART access is mandatory
for installation. The difficult part is disassembling the casing, there
are a lot of latches holding it together.
Teardown
Prepare three thin, but sturdy, prying tools. Place the device with back
of it facing upwards. Start with the wall having a small notch. Insert
first tool, until You'll feel resistance and keep it there. Repeat the
procedure for neighbouring walls. With applying a pressure, one edge of
the back cover should pop up. Now carefully slide one of the tools to
free the rest of the latches.
There's no need to solder pins to the UART holes, You can use hook clips,
but wiring them outside the casing, will ease debuging and recovery if
problems occur.
Installation
1. Prepare TFTP server with OpenWrt initramfs image.
2. Connect to UART port (don't connect the voltage pin).
3. Connect to LAN port.
4. Power on the device, carefully observe the console output and when
asked quickly enter the failsafe mode.
5. Invoke 'mount_root'.
6. After the overlayfs is mounted run:
fw_setenv bootdelay 3
This will allow to access U-Boot shell.
7. Reboot the device and when prompted to stop autoboot, hit any key.
8. Adjust "ipaddr" and "serverip" addresses in U-Boot environment, use
'setenv' to do that, then run following commands:
tftpboot 0x84000000 <openwrt_initramfs_image_name>
bootm 0x84000000
and wait till OpenWrt boots.
9. In OpenWrt command line run following commands:
fw_setenv openwrt "setenv mtdids nand1=spi_nand; setenv mtdparts mtdparts=spi_nand:-(ubi); ubi part ubi; ubi read 0x84000000 kernel; bootm 0x84000000"
fw_setenv bootcmd "run openwrt"
10. Transfer OpenWrt sysupgrade image to /tmp directory and flash it
with:
ubirmvol /dev/ubi0 -N ubi_rootfs
sysupgrade -v -n /tmp/<openwrt_sysupgrade_image_name>
11. After flashing, the access point will reboot to OpenWrt, then it's
ready for configuration.
Reverting to OEM firmware
1. Execute installation guide steps: 1, 2, 3, 7, 8.
2. In OpenWrt command line run following commands:
ubirmvol /dev/ubi0 -N rootfs_data
ubirmvol /dev/ubi0 -N rootfs
ubirmvol /dev/ubi0 -N kernel
ubirename /dev/ubi0 kernel1 kernel ubi_rootfs1 ubi_rootfs
ubimkvol /dev/ubi0 -S 34 -N kernel1
ubimkvol /dev/ubi0 -S 320 -N ubi_rootfs1
ubimkvol /dev/ubi0 -S 264 -N rootfs_data
fw_setenv bootcmd bootipq
3. Reboot.
Known issues
The LEDs ring doesn't have any dedicated driver or application to control
it, the only available option atm is to manipulate it with 'i2cset'
command. The default action after applying power to device is spinning
blue light. This light will stay active at all time. To disable it
install 'i2c-tools' with opkg and run:
i2cset -y 2 0x48 3 1 0 0 i
The light will stay off until next cold boot.
Additional information
After completing 5. step from installation guide, one can disable asking
for root password on OEM firmware by running:
sed -e 's/root❌/root::/' -i /etc/passwd
This is useful for investigating the OEM firmware. One can look
at the communication between the stock firmware and the vendor's
cloud servers or as a way of making a backup of both flash chips.
The root password seems to be constant across all sold devices.
This is output of 'led_ctl' from OEM firmware to illustrate
possibilities of LEDs ring:
Usage: led_ctl [status | upgrade | force_upgrade | version]
led_ctl solid COLOR <brightness>
led_ctl single COLOR INDEX <brightness 0 - 15>
led_ctl spinning COLOR <period 1 - 16 (lower = faster)>
led_ctl fill COLOR <period 1 - 16 (lower = faster)>
( default is 5 )
led_ctl flashing COLOR <on dur 1 - 128> <off dur 1 - 128>
(default is 34) ( default is 34 )
led_ctl pulsing COLOR
COLOR: red, green, blue, yellow, purple, cyan, white
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[squash "ipq-wifi: add BDFs for Luma Home WRTQ-329ACN" into commit,
changed ubi volumes for easier integration, slightly reworded
commit message, changed ubi volume layout to use standard names all
around]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
It should return false to indicate that the option should not be ignored
Fixes 064dc1e8 ("dnsmasq: abort when dnssec requested but not
available")
Reported-by: Sami Olmari <sami@olmari.fi>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The TFTP server provided by dnsmasq supports serving a select boot image
based on the client's MAC or IP address. This allows an administrator
to activate this feature in /etc/config/dhcp. Here is an example
/etc/config/dhcp that configures dnsmasq with --tftp-unique-root=mac:
...
config dnsmasq
option enable_tftp 1
option tftp_root /usr/libexec/tftpboot
option tftp_unique_root mac
config boot router
option serveraddress 192.168.1.1
option servername tftp.example.com
option filename openwrt-initramfs-kernel.bin
...
With this configuration, dnsmasq will serve
/usr/libexec/tftpboot/00-11-22-33-44-55/openwrt-initramfs-kernel.bin to
the client with MAC address 00:11:22:33:44:55.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Add config options:
srcportmin/srcportmax : range of port numbers to use as UDP source ports
to communicate to the remote VXLAN tunnel endpoint
ageing : lifetime in seconds of FDB entries learnt by the kernel
maxaddress : maximum number of FDB entries
learning : enable/disable entering unknown source link layer addresses
and IP addresses into the VXLAN device FDB.
rsc : enable/disable route short circuit
proxy : enable/disable ARP proxy
l2miss : enable/disable netlink LLADDR miss notifications
l3miss : enable/disable netlink IP ADDR miss notifications
gbp : enable/disable the Group Policy extension
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This submission relied heavily on the work of
Santiago Rodriguez-Papa <contact at rodsan.dev>
Specifications:
* SoC: MediaTek MT7621A (880 MHz 2c/4t)
* RAM: Winbond W632GG6MB-12 (256M DDR3-1600)
* Flash: Winbond W29N01HVSINA (128M NAND)
* Eth: MediaTek MT7621A (10/100/1000 Mbps x5)
* Radio: MT7603E/MT7615N (2.4 GHz & 5 GHz)
4 antennae: 1 internal and 3 non-deatachable
* USB: 3.0 (x1)
* LEDs:
White (x1 logo)
Green (x6 eth + wps)
Orange (x5, hardware-bound)
* Buttons:
Reset (x1)
WPS (x1)
Installation:
Flash factory image through GUI.
This might fail due to the A/B nature of this device. When flashing, OEM
firmware writes over the non-booted partition. If booted from 'A',
flashing over 'B' won't work. To get around this, you should flash the
OEM image over itself. This will then boot the router from 'B' and
allow you to flash OpenWRT without problems.
Reverting to factory firmware:
Hard-reset the router three times to force it to boot from 'B.' This is
where the stock firmware resides. To remove any traces of OpenWRT from
your router simply flash the OEM image at this point.
Signed-off-by: J. Scott Heppler <shep971@centurylink.net>
Make the BSSID and SSID fields optional when configuring a neighbor
report into hostapd.
Both options can now be an empty string. For the BSSID, the first 6 byte
are copied from the neighbor report. For the SSID, the SSID for the
affected hostapd BSS is used.
Signed-off-by: David Bauer <mail@david-bauer.net>
Rafal Milecki pointed out that ubus events are meant for low-level ubus
events only (e.g. addition or removal of an object). Higher level
events should happen as notifications on the ubus object itself.
Dispatch BSS events on the main hostapd ubus object instead of
publishing them as ubus events.
Signed-off-by: David Bauer <mail@david-bauer.net>
hostapd will emit a ubus event with the eventname hostapd.<ifname>.<event>
when adding, removing or reloading a BSS.
This way, services which install state (for example the RMM neighbor
list) can on-demand reinstall this information for the BSS without
polling this state.
Signed-off-by: David Bauer <mail@david-bauer.net>
UCI defaults scripts are supposed to be numbered, but odhcpd's lacked numbering, which
turned out to mess up my custom scripts numbered 9[0-9]_*. The idea is to have high number
(custom) scripts executed last. Jow confirmed numbering is the default case, not the
exception (thanks).
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Instead of vaguely describing dependencies in the package description
actually split-up into individual packages, each with their
dependencies expressed accurately.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Split utility packages similar to coreutils in packages feed, adding
ALTERNATIVES for those which are also provided by busybox-selinux.
Also add missing license information.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When the nulldata frame was acked, the probe send count needs to be reset,
otherwise it will keep increasing until the connection is considered dead,
even though it fine.
Reported-by: Georgi Valkov <gvalkov@abv.bg>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The required BusyBox applets are enabled by default, so we can rely on them
being present in the system. This way, we make sure there are no conflicts
with less featured variants of these same applets which might also be
present in the system.
Fixes: 0bd7dfa3ed ("zram-swap: enable swap discard")
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[wrap commit description]
Signed-off-by: David Bauer <mail@david-bauer.net>
Some 5GHz wifi interfaces, especially in Tri-band routers, can't use
channel 36. In these cases, the default configuration for 5GHz
interfaces, once enabled, doesn't work.
This patch selects the first non-disabled channel for 5GHz interfaces.
Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
We want to be able to make full system images for this system too, just
as we now can for the MT7623 platforms.
The package directory (mt7623n) is now a bit misnamed as it's overly
specific, but the precise set of platforms which we support this way
is evolving and we'll fix it up when the dust settles and we know what
nomenclature makes most sense.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Update to current head of the branch A3700_utils-armada-18.12-fixed:
0967979 ddr: Add DDR3 2CS layout for EspressoBin v5 2GB board
486523e ddr: fix typo for ESPRESSObin 2GB layout
490b2b3 TBB: Fix building for Crypto++ 6.0 and later
0141dd1 TBB: Split INCDIR from LIBDIR
Signed-off-by: Andre Heider <a.heider@gmail.com>
Lift the dependency on the build order, where flash-image.bin may be missing
from the u-boot dir.
While at it, also install the uart images for rescue purposes.
Signed-off-by: Andre Heider <a.heider@gmail.com>
With global NLS support enabled (CONFIG_BUILD_NLS), the linked libelf.so
and libbfd.so libraries will depend on libintl.so. Import the nls.mk helper
to set library prefixes and flags accordingly, and also conditionally add
"-lintl" as link-time library.
Fix a build error on ppc due to a EDEADLOCK redefinition in errno.h.
Use upstream stable kernel 5.8.9, and fix overriding of feature detection
to only allow/hide detected features. Also refresh existing patches.
Fixes: 2f0d672088 ("bpftools: add utility and library packages supporting
eBPF usage")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
amd64-microcode (3.20191218.1)
* New microcode update packages from AMD upstream:
+ Removed Microcode updates (known to cause issues):
sig 0x00830f10, patch id 0x08301025, 2019-07-11
* README: update for new release
amd64-microcode (3.20191021.1)
* New microcode update packages from AMD upstream:
+ New Microcodes:
sig 0x00830f10, patch id 0x08301025, 2019-07-11
+ Updated Microcodes:
sig 0x00800f12, patch id 0x08001250, 2019-04-16
sig 0x00800f82, patch id 0x0800820d, 2019-04-16
amd64-microcode (3.20181128.1)
* New microcode update packages from AMD upstream:
+ New Microcodes:
sig 0x00800f82, patch id 0x0800820b, 2018-06-20
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
CONFIG_BMP085* is replaced by CONFIG_BMP280 since 4.9[1] and this package is empty.
OpenWRT also has kmod-iio-bmp280* package and we can drop old packages.
1. [ misc: retire the old BMP085 driver ]
(832c8232dd (diff-5000d544d790c669405eb2a6775e5981))
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
3b946a6dc588 mt76: dma: cache dma map address/len in struct mt76_queue_entry
c4c8b6a20d3b mt76: mt7915: fix HE BSS info
15391c1c947f mt76: fix tx hang on non-AQL frame limit
72c8a81e64e8 mt76: mt7915: fix encap offload multicast traffic with 4-address mode
69b3f868d14b mt76: mt7915: use napi_consume_skb to bulk-free tx skbs
5f080033ec7d mt76: move txwi handling code to dma.c, since it is mmio specific
b1f425686125 mt76: mt7915: fix VHT LDPC capability
8f48855f5d14 mt76: mt7915: simplify mt7915_lmac_mapping
cfaf40858718 mt76: mt7915: fix queue/tid mapping for airtime reporting
115b62efac21 mt76: remove retry_q from struct mt76_txq and related code
e22c65cdc585 mt76: mt7915: simplify checks for the 802.3 offload path
bab866a01e4f mt76: mt7915: fix unexpected firmware mode
0fc3c5eb61d0 mt76: dma: queue more rx frames internally before passing them to the stack
130e5de09364 Revert "mt76: dma: queue more rx frames internally before passing them to the stack"
e3af31409d41 update mt7915 firmware to the latest version
e2b8a4ec9891 mt76: testmode: add a limit for queued tx_frames packets
146488631f7b mt76: mt7615: Remove set but unused variable 'index'
0b7d2b76288e mt76: mt7615: fix VHT LDPC capability
848f4a6334a8 mt76: mt7622: fix fw hang on mt7622
0a955d944bd0 mt76: mt7663s: do not use altx for ctl/mgmt traffic
13b96411513b mt76: mt7663s: split mt7663s_tx_update_sched in mt7663s_tx_{pick,update}_quota
d62ba15b1bbf mt76: mt7663s: introduce __mt7663s_xmit_queue routine
fdf14d1b6aec mt76: move pad estimation out of mt76_skb_adjust_pad
d048f8e87ba0 mt76: mt7663s: fix possible quota leak in mt7663s_refill_sched_quota
979c0fdc5d27 mt76: mt7663s: introduce sdio tx aggregation
56e77a3a3ade mt76: mt7663: check isr read return value in mt7663s_rx_work
f96cffa03e57 mt76: mt7615: unlock dfs bands
1ccd31bbe1f4 mt76: Use fallthrough pseudo-keyword
448cd2d36ee2 mt76: mt76x0: Move tables used only by init.c to their own header file
17ba3432f5af Revert "mt76: mt7615: unlock dfs bands"
fee1f4a8e87f mt76: mt7915: fix possible memory leak in mt7915_mcu_add_beacon
5b78e5292777 mt76: Fix unsigned expressions compared with zero
ec84891a4d23 mt76: mt7915: convert to use le16_add_cpu()
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This is the most popular choice in the linux kernel tree.
Within OpenWrt, this change will establish consistency with ath79
and ramips targets.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[extend commit message, include netgear_dm200, update base-files]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Drop patches as they've been upstreamed:
* 001-Fix-CVE-2020-12762.patch
Refresh patches:
* 000-libm.patch
Add patch to avoid build failure due to missing docs in tarball.
Signed-off-by: David Bauer <mail@david-bauer.net>
On devices with small amounts of RAM, zram-swap fails to initialise due to the
default compression algorithm (lzo-rle). Startup example on an AirGrid M2, with
32 MiB of RAM:
root@airgrid:/etc/config# /etc/init.d/zram start
zram_start: activating '/dev/zram0' for swapping (13 MegaBytes)
zram_reset: enforcing defaults via /sys/block/zram0/reset
sh: write error: Out of memory
mkswap: image is too small
swapon: /dev/zram0: Invalid argument
root@airgrid:/etc/config#
Fix this by defaulting to traditional lzo, which works fine and is always
available.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
flashing the unit
* first update to latest edcore FW as per the PDF instructions
* boot the initramfs
- tftpboot 0x88000000 openwrt-ipq40xx-generic-edgecore_oap100-initramfs-fit-uImage.itb; bootm
* inside the initramfs call the following commiands
- ubiattach -p /dev/mtd0
- ubirmvol /dev/ubi0 -n0
- ubirmvol /dev/ubi0 -n1
- ubirmvol /dev/ubi0 -n2
* scp the sysupgrade image to the board and call
- sysupgrade -n openwrt-ipq40xx-generic-edgecore_oap100-squashfs-nand-sysupgrade.bin
Signed-off-by: John Crispin <john@phrozen.org>
This patch adds support for the Edgecore ECW5211 indoor AP.
Specification:
- SoC: Qualcomm Atheros IPQ4018 ARMv7-A 4x Cortex A-7
- RAM: 256MB DDR3
- NOR Flash: 16MB SPI NOR
- NAND Flash: 128MB MX35LFxGE4AB SPI-NAND
- Ethernet: 2 x 1G via Q8075 PHY connected to ethernet adapter via PSGMII (802.3af POE IN on eth0)
- USB: 1 x USB 3.0 SuperSpeed
- WLAN: Built-in IPQ4018 (2x2 802.11bng, 2x2 802.11 acn)
- CC2540 BLE connected to USB 2.0 port
- Atmel AT97SC3205T I2C TPM
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
This patch adds support for the Edgecore ECW5410 indoor AP.
Specification:
- SoC: Qualcomm Atheros IPQ8068 ARMv7 2x Cortex A-15
- RAM: 256MB(225 usable) DDR3
- NOR Flash: 16MB SPI NOR
- NAND Flash: 128MB S34MS01G2 Parallel NAND
- Ethernet: 2 x 1G via 2x AR8033 PHY-s connected directly to GMAC2 and GMAC3 via SGMII (802.3af POE IN on eth0)
- USB: 1 x USB 3.0 SuperSpeed
- WLAN: 2x QCA9994 AC Wawe 2 (1x 2GHz bgn, 1x 5GHz acn)
- CC2540 BLE
- UART console on RJ45 next to ethernet ports exposed.
Its Cisco pin compatible, 115200 8n1 baud.
Installation instructions:
Through stock firmware or initramfs.
1.Connect to console
2. Login with root account, if password is unknown then interrupt the boot with f and reset it in failsafe.
3. Transfer factory image
4. Flash the image with ubiformat /dev/mtd1 -y -f <your factory image path>
This will replace the rootfs2 with OpenWrt, if you are currently running from rootfs2 then simply change /dev/mtd1 to /dev/mtd0
Note
Initramfs:
1. Connect to console
2. Transfer the image from TFTP server with tftpboot,
or by using DHCP advertised image with dhcp command.
3. bootm
4. Run ubiformat /dev/mtd1
You need to interrupt the bootloader after rebooting and run:
run altbootcmd
This will switch your active rootfs partition to one you wrote to and boot from it.
So if rootfs1 is active, then it will change it to rootfs2.
This will format the rootfs2 partition, if your active partition is 2 then simply change /dev/mtd1 with /dev/mtd0
If you dont format the partition you will be writing too, then sysupgrade will find existing UBI rootfs and kernel volumes and update those.
This will result in wrong ordering and OpenWrt will panic on boot.
5. Transfer sysupgrade image
6. Flash with sysupgrade -n.
Note that sysupgrade will write the image to rootfs partition that is not currently in use.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
This enables the ipq-wifi package to be used on IPQ806x target.
Its needed for boards using a different BDF than one shipped in the upstream board-2.bin.
Currently needed for Edgecore ECW5410.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
vconfig has been disabled by default since 2015 [1] and there are
no remaining uses in entire OpenWrt trunk. However, we still set up
a specific name_type for it during boot.
While this setup is properly implemented to be only triggered when
vconfig is present, it still seems anachronistic and unnecessary
to set up a standard for a tool that is not used anymore.
Therefore, this removes the set_name_type initialization and leaves
it for those people actually using the tool to configure it as needed.
[1] 899a23227e ("busybox: improve applets & deprecate ifconfig, route")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This target has not been updated to 5.4 yet, and the only person
trying it (Koen) decided to retreat based on the following reasons:
- The target is not DT-aware at all
- The huge amount of effort required
- The SoC itself reached EoL at Cavium for some time now
- Upstream removed some important parts as it's also slowly getting EoL
over there
- The commercial product that used this will fade out shortly
- The amount of download for this binary suggest that the target is not
that popular
Since nobody has picked up the work since then, and this is the last
remaining 4.19-only target, finally drop it now.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
On the Turris Omnia 2019, u-boot environment is located at 0xF0000, instead
of 0xC0000. The switch happened with u-boot-omnia package version 2019-04-2
(May 10, 2019).
Check the installed u-boot release, and set the default accordingly.
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
[bump PKG_RELEASE, use lower case for hex offset]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The RAVPower RP-WD03 is a battery powered router, with an Ethernet and
USB port. Due due a limitation in the vendor supplied U-Boot bootloader,
we cannot exceed a 1.5 MB kernel size, as is the case with recent builds
(i.e. post v19.07). This breaks both factory and sysupgrade images.
To address this, use the lzma loader (loader-okli) to work around this
limitation.
The improvements here also address the "misplaced" U-Boot environment
partition, which is located between the kernel and rootfs in the stock
image / implementation. This is addressed by making use of mtd-concat,
maximizing space available in the booted image.
This will make sysupgrade from earlier versions impossible.
Changes are based on the recently supported HooToo HT-TM05, as the
hardware is almost identical (except for RAM size) and is from the same
vendor (SunValley). While at it, also change the SPI frequency
accordingly.
Installation:
- Download the needed OpenWrt install files, place them in the root
of a clean TFTP server running on your computer. Rename the files as,
- openwrt-ramips-mt7620-ravpower_rp-wd03-squashfs-kernel.bin => kernel
- openwrt-ramips-mt7620-ravpower_rp-wd03-squashfs-rootfs.bin => rootfs
- Plug the router into your computer via Ethernet
- Set your computer to use 10.10.10.254 as its IP address
- With your router shut down, hold down the power button until the first
white LED lights up.
- Push and hold the reset button and release the power button. Continue
holding the reset button for 30 seconds or until it begins searching
for files on your TFTP server, whichever comes first.
- The router (10.10.10.128) will look for your computer at 10.10.10.254
and install the two files. Once it has finished installation, it will
automatically reboot and start up OpenWrt.
- Set your computer to use DHCP for its IP address
Notes:
- U-Boot environment can be modified, u-boot-env is preserved on initial
install or sysupgrade
- mtd-concat functionality is included, to leave a "hole" for u-boot-env,
combining the OEM kernel and rootfs partitions
Most of the changes in this commit are the work of Russell Morris (as
credited below), I only wrapped them up and added compat-version.
Thanks to @mpratt14 and @xabolcs for their help getting the lzma loader
to work!
Fixes: 5ef79af4f8 ("ramips: add support for Ravpower WD03")
Suggested-by: Russell Morris <rmorris@rkmorris.us>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Add support for per-BSS airtime weight configuration. This allows to set
a airtime weight per BSS as well as a ratio limit based on the weight.
Support for this feature is only enabled in the full flavors of hostapd.
Consult the hostapd.conf documentation (Airtime policy configuration)
for more information on the inner workings of the exposed settings.
Signed-off-by: David Bauer <mail@david-bauer.net>
Set the default state for LEDs to off. When a trigger is set, the
trigger will turn the LED automatically on.
Currently LEDs might stay on, e.g. when the LED trigger is set to a
netdev trigger and the interface is never activated or the 'none'
trigger is selected without setting the 'default' option to 0 and it's
set for the LED indicating the system running state.
Using off as a default value is also consistent with the documentation
in the OpenWrt wiki.
Signed-off-by: David Bauer <mail@david-bauer.net>
TITLE is "NFS4 filesystem client support" (Line 428)
but the description is "Kernel module for NFS v4 support" (Line 438).
Use "Kernel module for NFS v4 client support" on line 438.
Signed-off-by: Bob Cai <1119283622@qq.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ipc: split into separate files per-platform
This is in preparation for FreeBSD support, which I had hoped to have this
release, but we're still waiting on some tooling fixes, so hopefully next
wg(8) will support that. Either way, the code base is now a lot more amenable
to adding more kernel platform support.
* man: wg-quick: use syncconf instead of addconf for strip example
Simple documentation fix.
* pubkey: isblank is a subset of isspace
* ctype: use non-locale-specific ctype.h
In addition to ensuring that isalpha() and such isn't locale-specific, we also
make these constant time, even though we're never distinguishing between bits
of a secret using them. From that perspective, though, this is markedly better
than the locale-specific table lookups in glibc, even though base64 characters
span two cache lines and valid private keys must hit both. This may be useful
for other projects too: https://git.zx2c4.com/wireguard-tools/tree/src/ctype.h
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Don't use bash syntax, because /bin/sh is used here.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Minor cleanup and code reorganization, along with a change to not disable
offload anymore when a tkip or sw crypto key is added
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* compat: backport kfree_sensitive and switch to it
* netlink: consistently use NLA_POLICY_EXACT_LEN()
* netlink: consistently use NLA_POLICY_MIN_LEN()
* compat: backport NLA policy macros
Backports from upstream changes.
* peerlookup: take lock before checking hash in replace operation
A fix for a race condition caught by syzkaller.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3d9bd73 utils: fix check_pid_path to work with deleted file as well
330f403 vlan: initialize device ifname earlier at creation time
c057e71 device: do not check state from within device_init
cb0c07b system-dummy: fix resolving ifindex
ccd9ddc bridge: add support for turning on vlan_filtering
82bcb64 bridge: add support for adding vlans to a bridge
0e8cea0 bridge: add support for VLAN filtering
6086b63 config: enable bridge vlan filtering by default for bridges that define VLANs
ac0710b device: look up full device name before traversing vlan chain
e32e21e bridge: flush vlan list on bridge free
645ceed interface-ip: clear host bits of the device prefix
d7b614a netifd-wireless: parse 'osen' encryption
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The Ed25519 key pairs are much shorter than RSA pairs and are supported
by default in OpenSSH. Looking at websites explaining how to create new
SSH keys, many suggest using Ed25519 rather than RSA, however consider
the former as not yet widely established. OpenWrt likely has a positive
influence on that development.
As enabling Ed25519 is a compile time option, it is currently not
possible to install the feature via `opkg` nor select that option in an
ImageBuilder.
Due to the size impact of **12kB** the option should only be enabled for
devices with `!SMALL_FLASH`.
This approach seems cleaner than splitting `dropbear` into two packages
like `dropbear` and `dropbear-ed25519`.
Signed-off-by: Paul Spooren <mail@aparcar.org>
When the libmagic from the file package in the packages feed was also
compiled and provided its libmagic.so file, util-linux tried to link
against it. Avoid this by explicitly disable libmagic support.
This fixes the following build error:
Package more is missing dependencies for the following libraries:
libmagic.so.1
Fixes: 36d9ed360a ("util-linux: update to 2.36")
Acked-by: Sebastian Kemper <sebastian_ml@gmx.net>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[Add commit description]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This also sets the ABI_VERSION as this is a versioned shared library.
The ipk sizes for mips_24Kc change like this:
old:
jansson_2.12-1_mips_24kc.ipk 18.692
new:
jansson4_2.13.1-1_mips_24kc.ipk 19.171
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Discussion on the mailing list reveals that this target has active
users. As we are finally able to upgrade this target to kernel 5.4,
add it back to master.
This reverts commit 7d29a55714 ("ath25: drop target") and
immediately moves the relevant files to 5.4, without touching
the content.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The LED's "label" property has been deprecated in upstream by:
|commit c5d18dd6b64e09dd6984bda9bdd55160af537a8c
|Author: Jacek Anaszewski <jacek.anaszewski@gmail.com>
|Date: Sun Jun 9 20:19:04 2019 +0200
|
| dt-bindings: leds: Add properties for LED name construction
|
| Introduce dedicated properties for conveying information about
| LED function and color. Mark old "label" property as deprecated.
|
| Additionally function-enumerator property is being provided
| for the cases when neither function nor color can be used
| for LED differentiation.
in order to be somewhat prepared, this patch adds a fallback
as a last resort to make the current led code work by falling
back to the node-name as the "label".
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
af30be0 Fix setting prefix for IPv6 link-local addresss
0314df4 Disable asking password again when prompt program returns 128
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The HooToo HT-TM05 is a battery powered router, with an Ethernet and USB port.
Vendor U-Boot limited to 1.5 MB kernel size, so use lzma loader (loader-okli).
Specifications:
SOC: MediaTek MT7620N
BATTERY: 10400mAh
WLAN: 802.11bgn
LAN: 1x 10/100 Mbps Ethernet
USB: 1x USB 2.0 (Type-A)
RAM: 64 MB
FLASH: GigaDevice GD25Q64, Serial 8 MB Flash, clocked at 50 MHz
Flash itself specified to 80 MHz, but speed limited by mt7620 SPI
fast-read enabled (m25p)
LED: Status LED (blue after boot, green with WiFi traffic
4 leds to indicate power level of the battery (unable to control)
INPUT: Power, reset button
MAC assignment based on vendor firmware:
2.4 GHz *:b4 (factory 0x04)
LAN/label *:b4 (factory 0x28)
WAN *:b5 (factory 0x2e)
Tested and working:
- Ethernet
- 2.4 GHz WiFi (Correct MAC-address)
- Installation from TFTP (recovery)
- OpenWRT sysupgrade (Preserving and non-preserving), through the usual
ways: command line and LuCI
- LEDs (except as noted above)
- Button (reset)
- I2C, which is needed for reading battery charge status and level
- U-Boot environment / variables (from U-Boot, and OpenWrt)
Installation:
- Download the needed OpenWrt install files, place them in the root
of a clean TFTP server running on your computer. Rename the files as,
- ramips-mt7620-hootoo_tm05-squashfs-kernel.bin => kernel
- ramips-mt7620-hootoo_tm05-squashfs-rootfs.bin => rootfs
- Plug the router into your computer via Ethernet
- Set your computer to use 10.10.10.254 as its IP address
- With your router shut down, hold down the power button until the first
white LED lights up.
- Push and hold the reset button and release the power button. Continue
holding the reset button for 30 seconds or until it begins searching
for files on your TFTP server, whichever comes first.
- The router (10.10.10.128) will look for your computer at 10.10.10.254
and install the two files. Once it has finished installation, it will
automatically reboot and start up OpenWrt.
- Set your computer to use DHCP for its IP address
Notes:
- U-Boot environment can be modified, u-boot-env is preserved on initial
install or sysupgrade
- mtd-concat functionality is included, to leave a "hole" for u-boot-env,
combining the OEM kernel and rootfs partitions
I would like to thank @mpratt14 and @xabolcs for their help getting the
lzma loader to work!
Signed-off-by: Russell Morris <rmorris@rkmorris.us>
[drop changes in image/Makefile, fix indent and PKG_RELEASE in
uboot-envtools, fix LOADER_FLASH_OFFS, minor commit message facelift,
add COMPILE to Device/Default]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This removes switches dependent on kernel version 4.14 as well as
several packages/modules selected only for that version.
This also removes sched-cake-virtual, which is not required anymore
now that we have only one variant of cake.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This target is still on kernel 4.14, and no attempt has been made to
update it to a newer kernel. Since we already are two LTS versions ahead
of that the target is dropped, as the chance of somebody bumping it will
only decrease with time.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This target still only works with kernel 4.14, and not so recent
attempts of getting newer kernel versions supported did not lead
to success. Therefore, drop the target, as we are already two
LTS kernel versions ahead and it does not seem like anybody will
pick up the work.
Patchwork series:
https://patchwork.ozlabs.org/project/openwrt/list/?series=169991&state=*
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues and the most notable of them
are described in more detail in the security advisories.
* Local side channel attack on RSA and static Diffie-Hellman
* Local side channel attack on classical CBC decryption in (D)TLS
* When checking X.509 CRLs, a certificate was only considered as revoked
if its revocationDate was in the past according to the local clock if
available.
Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Fix typo in comment.
Signed-off-by: Walter Sonius <walterav1984@gmail.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Drop init script from libaudit package. It will be added to the
'audit' package in the packages feed.
Fixes: efdf619f21 ("audit: build only libaudit")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The key folder is used by `opkg` and `usign` to store and retrieve
trusted public keys. Using `opkg-key` outside a running device is
unfeasible as the key folder is hard coded to `/etc/opkg/keys`.
This commit adds a variable OPKG_KEYS which defaults to `/etc/opkg/keys`
if unset, however allows set arbitrary key folder locations.
Arbitrary key folder locations are useful to add signature verification
to the ImageBuilders.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Deactivate multiple personalities support, because this causes compile
problems at least on the x86/64 target. As OpenWrt compiles all
binaries itself all binaries will use the native personality which is
also used by strace. This change will make it impossible to debug i386
binaries on x86_64 OpenWrt targets for example.
Just deactivate it for ARM64 too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
hwclock was fixed to work with musl.
Unfortunately, the fix breaks under musl 1.2.x. Backported patch to fix
that.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Switched to upstream tarballs.
Switched to libcxxabi as using libsupc++ is quite wonky.
Fixed description.
Removed patches. The fixes are cosmetic.
Added ssp patch. This one is needed for i386 and powerpc under musl.
Compile tested every C++ package in the tree with the exception of
several boost packages. There's something broken with boost.
Ran tested with gerbera.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This will be used for libcxx.
libcxxabi is needed as libsupc++ is not good enough for libcxx. It uses
GCC specific stuff which causes failed compilation for some packages.
There are also runtime issues, most notably with cxxopts where the
program just crashes.
Reference: https://github.com/gerbera/gerbera/issues/795
Added patch to fix ARM compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Static libraries and headers of libselinux and libsepol are required
for checkpolicy to build.
Fixes error:
policy_parse.y:45:10: fatal error: sepol/policydb/expand.h: No such file or directory
#include <sepol/policydb/expand.h>
^~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fixes build error:
load_policy.c:11:10: fatal error: libintl.h: No such file or directory
#include <libintl.h> /* for gettext() */
^~~~~~~~~~~
compilation terminated.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
FCC ID: U2M-ENH200
Engenius ENH202 is an outdoor wireless access point with 2 10/100 ports,
built-in ethernet switch, internal antenna plates and proprietery PoE.
Specification:
- Qualcomm/Atheros AR7240 rev 2
- 40 MHz reference clock
- 8 MB FLASH ST25P64V6P (aka ST M25P64)
- 32 MB RAM
- UART at J3 (populated)
- 2x 10/100 Mbps Ethernet (built-in switch at gmac1)
- 2.4 GHz, 2x2, 29dBm (Atheros AR9280 rev 2)
- internal antenna plates (10 dbi, semi-directional)
- 5 LEDs, 1 button (LAN, WAN, RSSI) (Reset)
Known Issues:
- Sysupgrade from ar71xx no longer possible
- Power LED not controllable, or unknown gpio
MAC addresses:
eth0/eth1 *:11 art 0x0/0x6
wlan *:10 art 0x120c
The device label lists both addresses, WLAN MAC and ETH MAC,
in that order.
Since 0x0 and 0x6 have the same content, it cannot be
determined which is eth0 and eth1, so we chose 0x0 for both.
Installation:
2 ways to flash factory.bin from OEM:
- Connect ethernet directly to board (the non POE port)
this is LAN for all images
- if you get Failsafe Mode from failed flash:
only use it to flash Original firmware from Engenius
or risk kernel loop or halt which requires serial cable
Method 1: Firmware upgrade page:
OEM webpage at 192.168.1.1
username and password "admin"
In upper right select Reset
"Restore to factory default settings"
Wait for reboot and login again
Navigate to "Firmware Upgrade" page from left pane
Click Browse and select the factory.bin image
Upload and verify checksum
Click Continue to confirm and wait 3 minutes
Method 2: Serial to load Failsafe webpage:
After connecting to serial console and rebooting...
Interrupt boot with any key pressed rapidly
execute `run failsafe_boot` OR `bootm 0x9f670000`
wait a minute
connect to ethernet and navigate to
"192.168.1.1/index.htm"
Select the factory.bin image and upload
wait about 3 minutes
Return to OEM:
If you have a serial cable, see Serial Failsafe instructions
*DISCLAIMER*
The Failsafe image is unique to Engenius boards.
If the failsafe image is missing or damaged this will not work
DO NOT downgrade to ar71xx this way, can cause kernel loop or halt
The easiest way to return to the OEM software is the Failsafe image
If you dont have a serial cable, you can ssh into openwrt and run
`mtd -r erase fakeroot`
Wait 3 minutes
connect to ethernet and navigate to 192.168.1.1/index.htm
select OEM firmware image from Engenius and click upgrade
Format of OEM firmware image:
The OEM software of ENH202 is a heavily modified version
of Openwrt Kamikaze bleeding-edge. One of the many modifications
is to the sysupgrade program. Image verification is performed
simply by the successful ungzip and untar of the supplied file
and name check and header verification of the resulting contents.
To form a factory.bin that is accepted by OEM Openwrt build,
the kernel and rootfs must have specific names...
openwrt-senao-enh202-uImage-lzma.bin
openwrt-senao-enh202-root.squashfs
and begin with the respective headers (uImage, squashfs).
Then the files must be tarballed and gzipped.
The resulting binary is actually a tar.gz file in disguise.
This can be verified by using binwalk on the OEM firmware images,
ungzipping then untaring, and by swapping headers to see
what the OEM upgrade utility accepts and rejects.
OKLI kernel loader is required because the OEM firmware
expects the kernel to be no greater than 1024k
and the factory.bin upgrade procedure would otherwise
overwrite part of the kernel when writing rootfs.
Note on built-in switch:
ENH202 is originally configured to be an access point,
but with two ethernet ports, both WAN and LAN is possible.
the POE port is gmac0 which is preferred to be
the port for WAN because it gives link status
where swconfig does not.
Signed-off-by: Michael Pratt <mpratt51@gmail.com>
[assign label_mac in 02_network, use ucidef_set_interface_wan,
use common device definition, some reordering]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Engenius ENS202EXT v1 is an outdoor wireless access point with 2 10/100 ports,
with built-in ethernet switch, detachable antennas and proprietery PoE.
FCC ID: A8J-ENS202
Specification:
- Qualcomm/Atheros AR9341 v1
- 535/400/200/40 MHz (CPU/DDR/AHB/REF)
- 64 MB of RAM
- 16 MB of FLASH MX25L12835F(MI-10G)
- UART (J1) header on PCB (unpopulated)
- 2x 10/100 Mbps Ethernet (built-in switch Atheros AR8229)
- 2.4 GHz, up to 27dBm (Atheros AR9340)
- 2x external, detachable antennas
- 7x LED (5 programmable in ath79), 1x GPIO button (Reset)
Known Issues:
- Sysupgrade from ar71xx no longer possible
- Ethernet LEDs stay on solid when connected, not programmable
MAC addresses:
eth0/eth1 *:7b art 0x0/0x6
wlan *:7a art 0x1002
The device label lists both addresses, WLAN MAC and ETH MAC,
in that order.
Since 0x0 and 0x6 have the same content, it cannot be
determined which is eth0 and eth1, so we chose 0x0 for both.
Installation:
2 ways to flash factory.bin from OEM:
- Connect ethernet directly to board (the non POE port)
this is LAN for all images
- if you get Failsafe Mode from failed flash:
only use it to flash Original firmware from Engenius
or risk kernel loop which requires serial cable
Method 1: Firmware upgrade page:
OEM webpage at 192.168.1.1
username and password "admin"
In upper right select Reset
"Restore to factory default settings"
Wait for reboot and login again
Navigate to "Firmware Upgrade" page from left pane
Click Browse and select the factory.bin image
Upload and verify checksum
Click Continue to confirm and wait 3 minutes
Method 2: Serial to load Failsafe webpage:
After connecting to serial console and rebooting...
Interrupt boot with any key pressed rapidly
execute `run failsafe_boot` OR `bootm 0x9fdf0000`
wait a minute
connect to ethernet and navigate to
"192.168.1.1/index.htm"
Select the factory.bin image and upload
wait about 3 minutes
*If you are unable to get network/LuCI after flashing*
You must perform another factory reset:
After waiting 3 minutes or when Power LED stop blinking:
Hold Reset button for 15 seconds while powered on
or until Power LED blinks very fast
release and wait 2 minutes
Return to OEM:
If you have a serial cable, see Serial Failsafe instructions
*DISCLAIMER*
The Failsafe image is unique to this model.
The following directions are unique to this model.
DO NOT downgrade to ar71xx this way, can cause kernel loop
The easiest way to return to the OEM software is the Failsafe image
If you dont have a serial cable, you can ssh into openwrt and run
`mtd -r erase fakeroot`
Wait 3 minutes
connect to ethernet and navigate to 192.168.1.1/index.htm
select OEM firmware image from Engenius and click upgrade
TFTP Recovery:
For some reason, TFTP is not reliable on this board.
Takes many attempts, many timeouts before it fully transfers.
Starting with an initramfs.bin:
Connect to ethernet
set IP address and TFTP server to 192.168.1.101
set up infinite ping to 192.168.1.1
rename the initramfs.bin to "vmlinux-art-ramdisk" and host on TFTP server
disconnect power to the board
hold reset button while powering on board for 8 seconds
Wait a minute, power LED should blink eventually if successful
and a minute after that the pings should get replies
You have now loaded a temporary Openwrt with default settings temporarily.
You can use that image to sysupgrade another image to overwrite flash.
Format of OEM firmware image:
The OEM software of ENS202EXT is a heavily modified version
of Openwrt Kamikaze bleeding-edge. One of the many modifications
is to the sysupgrade program. Image verification is performed
simply by the successful ungzip and untar of the supplied file
and name check and header verification of the resulting contents.
To form a factory.bin that is accepted by OEM Openwrt build,
the kernel and rootfs must have specific names...
openwrt-senao-ens202ext-uImage-lzma.bin
openwrt-senao-ens202ext-root.squashfs
and begin with the respective headers (uImage, squashfs).
Then the files must be tarballed and gzipped.
The resulting binary is actually a tar.gz file in disguise.
This can be verified by using binwalk on the OEM firmware images,
ungzipping then untaring, and by swapping headers to see
what the OEM upgrade utility accepts and rejects.
Note on the factory.bin:
The newest kernel is too large to be in the kernel partition
the new ath79 kernel is beyond 1592k
Even ath79-tiny is 1580k
Checksum fails at boot because the bootloader (modified uboot)
expects kernel to be 1536k. If the kernel is larger, it gets
overwritten when rootfs is flashed, causing a broken image.
The mtdparts variable is part of the build and saving a new
uboot environment will not persist after flashing.
OEM version might interact with uboot or with the custom
OEM partition at 0x9f050000.
Failed checksums at boot cause failsafe image to launch,
allowing any image to be flashed again.
HOWEVER: one should not install older Openwrt from failsafe
because it can cause rootfs to be unmountable,
causing kernel loop after successful checksum.
The only way to rescue after that is with a serial cable.
For these reasons, a fake kernel (OKLI kernel loader)
and fake squashfs rootfs is implemented to take care of
the OEM firmware image verification and checksums at boot.
The OEM only verifies the checksum of the first image
of each partition respectively, which is the loader
and the fake squashfs. This completely frees
the "firmware" partition from all checks.
virtual_flash is implemented to make use of the wasted space.
this leaves only 2 erase blocks actually wasted.
The loader and fakeroot partitions must remain intact, otherwise
the next boot will fail, redirecting to the Failsafe image.
Because the partition table required is so different
than the OEM partition table and ar71xx partition table,
sysupgrades are not possible until one switches to ath79 kernel.
Note on sysupgrade.tgz:
To make things even more complicated, another change is needed to
fix an issue where network does not work after flashing from either
OEM software or Failsafe image, which implants the OEM (Openwrt Kamikaze)
configuration into the jffs2 /overlay when writing rootfs from factory.bin.
The upgrade script has this:
mtd -j "/tmp/_sys/sysupgrade.tgz" write "${rootfs}" "rootfs"
However, it also accepts scripts before and after:
before_local="/etc/before-upgradelocal.sh"
after_local="/etc/after-upgradelocal.sh"
before="before-upgrade.sh"
after="after-upgrade.sh"
Thus, we can solve the issue by making the .tgz an empty file
by making a before-upgrade.sh in the factory.bin
Note on built-in switch:
There is two ports on the board, POE through the power supply brick,
the other is on the board. For whatever reason, in the ar71xx target,
both ports were on the built-in switch on eth1. In order to make use
of a port for WAN or a different LAN, one has to set up VLANs.
In ath79, eth0 and eth1 is defined in the DTS so that the
built-in switch is seen as eth0, but only for 1 port
the other port is on eth1 without a built-in switch.
eth0: switch0
CPU is port 0
board port is port 1
eth1: POE port on the power brick
Since there is two physical ports,
it can be configured as a full router,
with LAN for both wired and wireless.
According to the Datasheet, the port that is not on the switch
is connected to gmac0. It is preferred that gmac0 is chosen as WAN
over a port on an internal switch, so that link status can pass
to the kernel immediately which is more important for WAN connections.
Signed-off-by: Michael Pratt <mpratt51@gmail.com>
[apply sorting in 01_leds, make factory recipe more generic, create common
device node, move label-mac to 02_network, add MAC addresses to commit
message, remove kmod-leds-gpio, use gzip directly]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
[removed python part for inclusion in core]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[fix build with GCC 10 and disable MIPS16 as build emits sync instruction]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Add support for building bpftool and libbpf from the latest 5.8.3 kernel
sources, ensuring up-to-date functionality and fixes. Both are written to
be backwards compatible, which simplfies build and usage across different
OpenWRT image kernels.
'bpftool' is the primary userspace tool widely used for introspection and
manipulation of eBPF programs and maps. Two variants are built: a 'full'
version which supports object disassembly and depends on libbfd/libopcodes
(total ~500KB); and a 'minimal' version without disassembly functions and
dependencies. The default 'minimal' variant is otherwise fully functional,
and both are compiled using LTO for further (~30KB) size reductions.
'libbpf' provides shared/static libraries and dev files needed for building
userspace programs that perform eBPF interaction.
Several cross-compilation and build-failure problems are addressed by new
patches and ones backported from farther upstream:
* 001-libbpf-ensure-no-local-symbols-counted-in-ABI-check.patch
* 002-libbpf-fix-build-failure-from-uninitialized-variable.patch
* 003-bpftool-allow-passing-BPFTOOL_VERSION-to-make.patch
* 004-v5.9-bpftool-use-only-ftw-for-file-tree-parsing.patch
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
The variable VERSION_REPO is used by opkg to download package(list)s.
Now that the default installation support encrypted HTTP opkg should
make use of it.
Suggested-by: Petr Štetiar <ynezz@true.cz>
Suggested-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Instead of using http and https for source downloads from
downloads.openwrt.org, always use https for it's better security.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The usage of granular `SOURCE_DATE_EPOCH` for packages is an
incrementing integer which could be useful for downstream tooling,
therefore add it to the packages manifest.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Instead of using INSTALL_SUID use the more flexible PKG_FILE_MODES
variable withn the Makefile to set the SUID bit.
Signed-off-by: Paul Spooren <mail@aparcar.org>
4318ab1 opkg: allow to configure the path to the signature verification script
cf44c2f libopkg: fix compiler warning
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Two versions of `px5g` exists without sharing code. For clarification
rename the previously existing MbedTLS based version to `px5g-mbedtls`
to exists next to `px5g-wolfssl`.
Rename code file of MbedTLS from `px5g.c` to `px5g-mbedtls.c`.
Signed-off-by: Paul Spooren <mail@aparcar.org>
This package creates certificates and private keys, just like `px5g`
does. Hower it uses WolfSSL rather than MbedTLS.
Signed-off-by: Paul Spooren <mail@aparcar.org>
As the package curl has been moved to packages.git and only libcurl
depends on libnghttps move it as well to packages.git.
This is based on the Hamburg 2019 decision that non essential packages
should move outside base.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 2.20200229, adjust Makefile, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1, make use of Python 3, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1, make use of Python 3, use ALTERNATIVES, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
This target has been mostly replaced by ath79 and won't be included
in the upcoming release anymore. Finally put it to rest.
This also removes all references in packages, tools, etc. as well as
the uboot-ar71xx and vsc73x5-ucode packages.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
In a multi-wan setup, netifd may need guidance on which wan device to
use to create the route to the remote peer.
This commit adds a 'tunlink' option similar to other tunneling interfaces
such as 6in4, 6rd, gre, etc.
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
curl is replaced by uclient-fetch within the OpenWrt build system and we
can therefore move curl to packages.git. This is based on the Hamburg
2019 decision that non essential packages should move outside base.
Signed-off-by: Paul Spooren <mail@aparcar.org>
This fixes the following compile errors after the wolfssl 4.5.0 update:
LD wpa_cli
../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject':
../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
type = GEN_EMAIL;
^~~~~~~~~
ENAVAIL
../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is reported only once for each function it appears in
../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first use in this function)
type = GEN_DNS;
^~~~~~~
../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first use in this function)
type = GEN_URI;
^~~~~~~
../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event':
../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
if (gen->type != GEN_EMAIL &&
^~~~~~~~~
ENAVAIL
../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first use in this function)
gen->type != GEN_DNS &&
^~~~~~~
../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first use in this function)
gen->type != GEN_URI)
^~~~~~~
Makefile:2029: recipe for target '../src/crypto/tls_wolfssl.o' failed
Fixes: 00722a720c ("wolfssl: Update to version 4.5.0")
Reported-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The release notes says this:
As already said, the changes since 2.1.1 are primarily bug fixes, addressing
compiler warnings and issues reported by diagnostic tools, but also build
failures for some configurations.
https://lists.infradead.org/pipermail/linux-mtd/2020-July/081299.html
The size of the ubi-utils ipk increases on mips BE by 0.2%
old:
ubi-utils_2.1.1-1_mips_24kc.ipk: 70992
new:
ubi-utils_2.1.2-1_mips_24kc.ipk: 71109
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
channel attacks are present.
* Leak of private key in the case that PEM format private keys are
bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
processed and returned to the application.
Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/
Fix a build error on big endian systems by backporting a pull request:
https://github.com/wolfSSL/wolfssl/pull/3255
The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk: 386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk: 391528
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Instead of using mbedtls by default use wolfssl. We now integrate
wolfssl in the default build so use it also as default ssl library for
curl.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Backport a commit from upstream curl to fix a problem in configure with
wolfssl.
checking size of time_t... configure: error: cannot determine a size for time_t
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This introduces the vendor_model scheme to this target in order to
harmonize device names within the target and with the rest of
OpenWrt. In addition, custom board names are dropped in favor
of the generic script which takes the compatible.
Use the SUPPORTED_DEVICES variable to store the compatible where it
deviates from the device name, so we can use it in build recipes.
While at it, harmonize a few indents as well.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>