Commit Graph

51966 Commits

Author SHA1 Message Date
Daniel Golle
cc0112d9d7
selinux-policy: update to version 0.9
592ac0f add a note
 4bacd14 sslcertfile: list /etc/ssl
 7bdefa4 example: indicate that skip is an option
 d1e9a85 wifi: sys pipe usage
 eb903e1 README: add note about policycoreutils-setfiles weak dependency
 762e011 ttyd: signull all subjects
 fbfc079 acme: add basic support for acme_cleanup.sh and acme_setup.sh
 9ac7592 acme: transition to sys.subj on generic initscript execution
 f3dd1ba acme: missing rules related to sys.subj trans on file.initscriptfile
 ae273fa odhcp6c/netifd: support drop-in directories
 5fa9b41 subj: do not encourage misconfiguration
 44722b6 blockd, logd, odhcpc6, ubiutil, mtdstordev
 a775d93 21.02 related
 a473691 rcboot runs rcuhttpd which creates /tmp/etc for /tmp/etc/uhttpd
 290e9fb rcuhttpd: related to rcboot and uci-defaults
 3fc0d8b rcuhttpd: lists /etc/uci-defaults
 1f5ef48 removes ubvol.lock policy and adds move mtd/ubi partitions

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-20 01:48:13 +01:00
Daniel Golle
c5616a8ae1
image: fix build with SELinux
The option '-xattr' for mksquashfs4 should be '-xattrs' which lead to
build failure with SELinux enabled. Add the missing 's'.

Fixes: 4baf47b9a8 ("images: squashfs: xattrs should not depend on buld host")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-19 01:37:35 +01:00
Adrian Schmutzler
e826b64294 ath79: convert remaining mtd-mac-address cases to nvmem
Since the nvmem-based approach for retrieving MAC addresses
appears to depend on the addresses being set up after the
partitions, it is no longer possible to keep the MAC address
setup in shared DTSI files while the partitions itself are
set up in DTS files for the individual devices.

In ath79 the firmware partition is typically located somewhere
"in the middle" of the partition table. Thus, it's not trivial
to share the partitions containing MAC address information in
a common DTSI (like we did in some cases on ramips).

In this commit, MAC address setup is thus moved to the relevant
partitions, and in most cases needs to be duplicated. While
the duplication is not really nice, it eventually provides a
cleaner and more tidy setup, making the DTS(I) file
fragmentation a bit more logical. This should also help
with adding new devices, as information is distributed across
less locations.

For consistency, this commit also moves the mtd-cal-data property
"down" together with the MAC address setup, so it's not based
on a partition before the latter is defined either. (This is
only done for those files touched due to nvmem conversion.)

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-08-18 23:46:02 +02:00
Adrian Schmutzler
ba3d92c5a0 ramips: convert most mtd-mac-address cases in DTSI to nvmem
Convert most of the cases from mtd-mac-address to nvmem where
MAC addresses are set in the DTSI, but the partitions are only
located in the device DTS. This posed some problems earlier, since
in these cases we are using partitions before they are defined,
and the nvmem system did not seem to like that.

There have been a few different resolution approaches, based on
the different tradeoffs of deduplication vs. maintainability:

 1. In many cases, the partition tables were identical except for
    the firmware partition size, and the firmware partition was
    the last in the table.
    In these cases, the partition table has been moved to the
    DTSI, and only the firmware partition's "reg" property has
    been kept in the DTS files. So, the updated nvmem definition
    could stay in the DTSI files as well.

 2. For all other cases, splitting up the partition table would
    have introduced additional complexity. Thus, the nodes to be
    converted to nvmem have been moved to the DTS files where the
    partitioning was defined.

 3. For Netgear EX2700 and WN3000RP v3, the remaining DTSI file
    was completely dissolved, as it was quite small and the name
    was not really nice either.

 4. The D-Link DIR-853 A3 was converted to nvmem as well, though
    it is just a plain DTS file not taken care of in the first
    wave.

In addition, some minor rearrangements have been made for tidyness.

Not covered (yet) by this patch are:

 * Various unielec devices
 * The D-Link DIR-8xx family

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-08-18 23:46:02 +02:00
Michael Heimpold
9a79fe20e8 bcm27xx-userland: factor out a -dev package
Installing headers and static libraries to the target system seems
to be not required for most use cases, so let's factor them
out into a dedicated -dev package.

This cuts down to disk usage to around 50% of the original
package to ~ 2MB - not that disk space is an issue normally,
but when using inside an initramfs only project, it counts.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2021-08-18 20:20:13 +02:00
Stijn Tintel
6d0cefcf42 toolchain/gcc: switch to version 10 by default
Runtime-tested on:
* ath79
* bcm27xx/bcm2708
* bcm27xx/bcm2709
* bcm27xx/bcm2711
* mvebu/cortexa53
* octeon
* realtek
* x86/64

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-08-18 20:48:53 +03:00
Stijn Tintel
3f41153b1c toolchain/binutils: switch to version 2.36.1 by default
Runtime-tested on:
* ath79
* bcm27xx/bcm2708
* bcm27xx/bcm2709
* bcm27xx/bcm2711
* mvebu/cortexa53
* octeon
* realtek
* x86/64

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-08-18 20:48:47 +03:00
Stijn Tintel
959838ed03 umbim: bump to git HEAD
de56231 umbim: fix compilation with GCC 10

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-08-18 20:48:42 +03:00
Stijn Tintel
8ae3d5f9ca busybox: fix compilation with GCC 10
When compiling busybox with GCC 10 and CONFIG_PKG_ASLR_PIE_ALL=y, there
are hundreds of errors like:

relocation R_MIPS16_26 against `xzalloc' cannot be used when making a
shared object; recompile with -fPIC

Simply solve this by no longer disabling PKG_ASLR_PIE, so that $(FPIC)
is properly added to the CFLAGS and LDFLAGS.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-08-18 20:48:38 +03:00
Stijn Tintel
a43da1be43 ipq40xx: fix Edgecore ECW5211 boot
The bootloader will look for a configuration section named ap.dk01.1-c2
in the FIT image. If this doesn't exist, the device won't boot.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-08-18 16:11:11 +03:00
David Yang
efca67983d ramips: add WPS button for newifi d1
This device has a WPS button under WiFi antenna cover, add it to dts.

Signed-off-by: David Yang <mmyangfl@gmail.com>
2021-08-17 18:41:17 +02:00
Adrian Schmutzler
ad6b077049 ramips: mt7628: move mtd-eeprom out of root DTSI
The mt76x8 subtarget is the only one in ramips that stores the
mediatek,mtd-eeprom property directly in the "root" mt7628an.dtsi.

This is not optimal for a few different reasons:

 * If you don't really know it or are used to other (sub)targets,
   the property will be set somewhat magically.
 * The property is set based on &factory partition before (if at all)
   this partition is defined.
 * There are several devices that have different offset or even
   different partitions to read from, which will then be overwritten
   in the DTS files. Thus, definitions are scattered between root
   DTSI and individual files.

Based on these circumstances, the "root" definition is removed and
the property is added to the device-based DTS(I) files where needed
and applicable. This should be easier to grasp for unexperienced
developers and will move the property closer to the partition
definitions.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-08-17 18:41:17 +02:00
Rui Salvaterra
9704d25da1 kernel: bump 5.10 to 5.10.59
No deleted or manually refreshed patches.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-08-16 20:37:33 +01:00
Daniel Golle
98bccdafd7
base-files: rename 'sdcard' to 'legacy-sdcard'
While an image layout based on MBR and 'bootfs' partition may be easy
to understand for users who are very used to the IBM PC and always have
the option to access the SD card outside of the device (and hence don't
really depend on other recovery methods or dual-boot), in my opinion
it's a dead end for many desirable features on embedded systems,
especially when managed remotely (and hence without an easy option to
access the SD card using another device in case things go wrong, for
example).

Let me explain:

* using a MSDOS/VFAT filesystem to store kernel(s) is problematic, as a
  single corruption of the bootfs can render the system into a state
  that it no longer boots at all. This makes dual-boot useless, or at
  least very tedious to setup with then 2 independent boot partitions
  to avoid the single point of failure on a "hot" block (the FAT index
  of the boot partition, written every time a file is changed in
  bootfs). And well: most targets even store the bootloader environment
  in a file in that very same FAT filesystem, hence it cannot be used
  to script a reliable dual-boot method (as loading the environment
  itself will already fail if the filesystem is corrupted).

* loading the kernel uImage from bootfs and using rootfs inside an
  additional partition means the bootloader can only validate the
  kernel -- if rootfs is broken or corrupted, this can lead to a reboot
  loop, which is often a quite costly thing to happen in terms of
  hardware lifetime.

* imitating MBR-boot behavior with a FAT-formatted bootfs partition
  (like IBM PC in the 80s and 90s) is just one of many choices on
  embedded targets. There are much better options with modern U-Boot
  (which is what we use and build from source for all targets booting
  off SD cards), see examples in mediatek/mt7622 and mediatek/mt7623.

Hence rename the 'sdcard' feature to 'legacy-sdcard', and prefix
functions with 'legacy_sdcard_' instead of 'sdcard_'.

Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-16 12:22:17 +01:00
Daniel Golle
5c13177c55
procd: add missing dependency and fix empty mount triggers
procd.sh:
 Instead of triggering on every mount.add event, there should be no
 mount trigger at all in case none of the directories passed to
 procd_add_*_mount_trigger() are located on a mountpoint configured in
 /etc/config/fstab.

uxc:
 add missing dependency on rpcd.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-15 18:08:37 +01:00
Daniel Golle
09fccdb99e
procd: update to git HEAD
040fecc system: fix issues reported by Coverity
 48f481b service: make sure string read is null terminated
 16dbc2a uxc: fix a bunch of issues discovered by Coverity
 ff9002f uxc: fix help output
 104b49d uxc: support config in uvol

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-15 15:44:05 +01:00
Kevin Darbyshire-Bryant
45d2d4e65a firewall: update to git HEAD
40e5f6a ipsets: permit default timeout of 0

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-08-15 10:23:27 +01:00
David Bauer
e68e80ead9 uboot-rockchip: update to v2021.07
Tested on NanoPi R2S

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-08-15 01:23:55 +02:00
John Audia
ed9341dd78 kernel: bump 5.4 to 5.4.140
Removed upstreamed bcm27xx/patches-5.4:
    950-0977-USB-gadget-f_hid-avoid-crashes-and-log-spam.patch
    950-0980-SQUASH-USB-gadget-f_hid-remove-more-spam.patch

All other patches automatically rebased.

Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800

No dmesg regressions, everything functional

Signed-off-by: John Audia <graysky@archlinux.us>
2021-08-14 20:25:25 +02:00
John Audia
02e2723ef3 kernel: bump 5.4 to 5.4.139
All patches automatically rebased.

Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800

No dmesg regressions, everything functional

Signed-off-by: John Audia <graysky@archlinux.us>
2021-08-14 20:25:19 +02:00
Daniel Golle
1235e2ee3b
procd: update to git HEAD
48638ad hotplug-dispatch: yet another rare memory leak disovered by Coverity
 459b3e8 jail: fix several issues discovered by Coverity
 2562e2b ujail-console: add missing error handling discovered by coverity

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-14 19:20:05 +01:00
Daniel Golle
9126c0a59f
fstools: update to git HEAD
629726d blockd: fix resource leak discovered by coverity scan
 68ae639 libubi: fix several issues discovered by Coverity
 a77c4fa ubi: fix resource leak in legacy codepath
 2e3aca2 block: fix two resources leaks discovered by Coverity

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-14 19:19:58 +01:00
Rui Salvaterra
6ec859d231 kernel: bump 5.10 to 5.10.58
No deleted or manually refreshed patches.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-08-14 16:32:34 +01:00
Rui Salvaterra
ce2f31254a kernel: bump 5.10 to 5.10.57
No deleted or manually refreshed patches.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-08-14 16:32:34 +01:00
David Bauer
4d81f08771 ipq40xx: ar40xx: reset port status register
This resolves incosnsitencies of the configured RX / TX flow control
modes between different boards or bootloaders.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-08-14 14:48:07 +02:00
David Bauer
685c790e9f ipq40xx: ar40xx: use FIELD_GET macro
This improves code readability.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-08-14 14:47:51 +02:00
David Bauer
b9162a9c85 ipq40xx: increase EX6150v2 SPI frequency
The chip supports clock speeds up to 50 MHz, however it won't even read
the chip-id correctly at this frequency.

45 MHz however works reliable.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-08-14 14:47:34 +02:00
Daniel Golle
5181af5585
procd: update to git HEAD
9f233f5 system: make rootfs type accessible through board call

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-13 04:46:29 +01:00
David Bauer
0f3f5d47d3 bcm4908: add missing config symbol
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-08-13 00:52:35 +02:00
David Bauer
101c0c00a7 mediatek: add missing config symbols
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-08-13 00:52:30 +02:00
David Bauer
1d344c801a tegra: add missing Kconfig symbol
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-08-13 00:51:38 +02:00
David Bauer
cbb42a44ca rockchip: add missing Kconfig symbols
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-08-13 00:51:30 +02:00
Ansuel Smith
0530c490ee 6in4: delete tunnel on interface teardown
Delete tunnel on 6in4 interface teardown.
Should solve problem related to tunnel stuck on restart loop
with "Unknown Command" on tunnel restart due to wan connection drop.
Fixes: FS#3690

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2021-08-12 20:00:31 +01:00
Felix Fietkau
8b7517465b hostapd: fix broken check in radar detection notification
This check was accidentally left in after reworking the code,
causing a segfault

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-08-11 19:01:09 +02:00
David Bauer
5c88bf896e generic: add missing config symbol
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-08-11 02:15:22 +02:00
David Bauer
4c2a8b00fe mediatek: add missing config symbol
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-08-11 02:15:13 +02:00
David Bauer
1c9a9f7c7a treewide: add various missing config symbols
Fixes commit 91a52f22a1 ("treewide: backport support for nvmem on non platform devices")

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-08-10 20:22:59 +02:00
David Bauer
eaa9c94c75 generic: Kconfig: exit on unset symbol
When a target configuration has unser Kconfig symbols, the build will
fail when OpenWrt is compiled with V=s and stdin is connected to a tty.

In case OpenWrt is compiled without either of these preconditions, the
build will uscceed with the symbols in question being unset.

Modify the kernel configuration in a way it fails on unset symbols
regardless of the aformentioned preconditions.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-08-10 13:14:52 +02:00
David Bauer
29a3967e61 generic: fix kernel panic on existing mac-address node
Calling free for the OF property can result in a kernel panic, as the
buffer in question might be referenced elsewhere. Also, it is not
removed from the tree.

Always allocate a new property and updating the tree with it fixes both
issues.

Fixes commit 91a52f22a1 ("treewide: backport support for nvmem on non platform devices")

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-08-10 13:13:01 +02:00
Rafał Miłecki
5ecd99f7d2 firmware-utils: nand_ecc: replace GPL boilerplate with SPDX
Cc: yajin <yajin@vm-kernel.org>
Cc: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-08-09 16:08:59 +02:00
Rafał Miłecki
0e85dc0e91 firmware-utils: trx: replace GPL-2.0-or-later boilerplate with SPDX
This was missed because scancode license scanner was confused by
comments about crc32buf().

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-08-09 16:08:59 +02:00
Rafał Miłecki
cc8bc2168d firmware-utils: osbridge-crc: replace GPL-2.0-only boilerplate with SPDX
This was missed because scancode license scanner was confused by
comments about crc32buf().

Cc: Gabor Juhos <juhosg@openwrt.org>
Cc: Gabor Juhos <juhosg@freemail.hu>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-08-09 16:08:59 +02:00
Rafał Miłecki
f2e86d54c4 firmware-utils: mkmylofw: replace GPL-2.0-or-later boilerplate with SPDX
This was missed because scancode license scanner was confused by a
comment about (no) copyrights in the init_crc_table().

Cc: Gabor Juhos <juhosg@openwrt.org>
Cc: Gabor Juhos <juhosg@freemail.hu>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-08-09 16:08:59 +02:00
Rafał Miłecki
fe54c3a0db firmware-utils: mkmerakifw-old: replace GPL-2.0-only boilerplate with SPDX
This was missed because scancode license scanner was confused by a
comment about Cisco's GPL code github repository.

Cc: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Christian Lamparter <chunkeey@gmail.com>
2021-08-09 16:08:59 +02:00
Hauke Mehrtens
7057e05485 omap: Remove EXT2 and EXT3 driver config
The EXT4 driver also takes care of EXT2 and EXT3 file systems.
Activating the EXT2 driver kernel config options unlocked some other
ext2 driver related options which OpenWrt did not take care of.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-08-09 01:17:06 +02:00
Hauke Mehrtens
8d143784cb uboot-layerscape: fix dtc compilation on host gcc 10
Backport a patch from upstream U-Boot to fix the compile with host GCC 10.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-08-09 01:17:04 +02:00
Hauke Mehrtens
e06544bdbe layerscape: Fix multiple bugs in of_get_mac_address() changes
The change which backported the of_get_mac_address() change broke some
patches in the layerscape target so the patches did not apply any more.

This commit makes them apply again and also fixes some other problems
related to this change.

Fixes commit 91a52f22a1 ("treewide: backport support for nvmem on non platform devices")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-08-09 01:16:48 +02:00
Hauke Mehrtens
4e57f83659 kernel: Apply change to of_get_mac_address() to ks8851 too
The code from ks8851.c was moved to ks8851_common.c, so it was not
backported. This broke the compile of the omap target which uses this
driver.

Fixes commit 91a52f22a1 ("treewide: backport support for nvmem on non platform devices")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-08-09 01:16:48 +02:00
Josef Schlehofer
4b2dc4dbbf mvebu: armada-37xx: add patch to forbid cpufreq for 1.2 GHz
This patch is backported from linux-arm-kernel [1] to improve situation, when
it was reported that 1.2 GHz variant is unstable with DFS.
It waits to be accepted upstream, however, it waits for Marvell people to respond.

[1] https://patchwork.kernel.org/project/linux-arm-kernel/patch/20210630225601.6372-1-kabel@kernel.org/

Fixes: 7b868fe04a ("Revert "mvebu: 5.4 fix DVFS caused random boot crashes"")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2021-08-08 20:42:01 +02:00
Josef Schlehofer
0dcb03dc63 Revert "mvebu: 5.10 fix DVFS caused random boot crashes"
Based on the discussion on the mailing list [1], the patch which was
reverted, it reverts only one patch without the subsequent ones.

This leads to the SoC scaling issue not using a CPU parent clock, but
it uses DDR clock. This is done for all variants, and it's wrong because
commits (hacks) that were using the DDR clock are no longer in the mainline kernel.

If someone has stability issues on 1.2 GHz, it should not affect all
routers (1 GHz, 800 MHz) and it should be rather consulted with guys, who are trying to
improve the situation in the kernel and not making the situation worse.

There are two solutions in cases of instability:
a) disable cpufreq
b) underclock it up to 1 GHz

This reverts commit 080a0b74e3.

[1] https://lists.openwrt.org/pipermail/openwrt-devel/2021-June/035702.html

Fixes: d379476817 ("mvebu: armada-37xx: add patch to forbid cpufreq for 1.2 GHz")
CC: Pali Rohár <pali@kernel.org>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2021-08-08 20:42:01 +02:00