Configurations without shadow passwords have been broken since the removal
of telnet: as the default entry in /etc/passwd is not empty (but rather
unset), there will be no way to log onto such a system by default. As
disabling shadow passwords is not useful anyways, remove this configuration
option.
The config symbol is kept (for a while), as packages from feeds depend on
it.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Added gen_mvebu_sdcard_img.sh to facilitate creating an fixed-size sdcard image,
adding the bootloader and populating it with actual data.
Added the required rules for creating a 4GB sdcard image according to this layout:
p0: boot (fat32)
p1: rootfs (squashfs)
p2: rootfs_data (ext4)
This should be generic to any mvebu boards that can boot from block storage.
Added the new sdcard image to the Clearfog image profile.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
Enable selection of the kernel key retention framework and some of its
additional facilities; see Documentation/security/keys.txt and
security/keys/Kconfig for details
Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
The MR24's u-boot takes it sweet time decompressing the
LZMA-packed initramfs image. A user reported that
compared to the old gzip method in v2: it "takes a ton
longer to decompress like 4\x the old boot time for
decompression".
This patch also fixes a issue with the WNDR4700's initramfs
image getting to big and causing the following u-boot crash
during the decompression:
"Uncompressing Multi-File Image ... Error: inflate() returned -5
out-of-mem or overwrite error - must RESET board to recover"
This patch fixes both issues by reverting the MR24's initramfs
compression method back to gzip. And choosing to compress the
initramfs within the initramfs image as LZMA by default.
Cc: chrisrblake93@gmail.com
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
If jffs2 support was not enabled by the target, jffs2 are quite likely
to be broken, so we shouldn't build them.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Make global options menuconfig cleaner by moving POSIX ACL
and attr support options into a submenu.
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
This adds a configuration options that allows to make filesystem ACL support
the default in the kernel, except for old nfs.
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
Introduce a new symbol ALL_NONSHARED which selects all non-sharable packages
by default. This option is mainly intented for buildbot setups to build the
target dependant software subset only.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Curent ARC toolchain fails to build libstdc++ if -fno-plt is used.
Lots of following error messages appear:
------------------->8------------------
...
staging_dir/toolchain-arc_arc700_gcc-arc-2015.06_uClibc-1.0.9/arc-openwrt-linux-uclibc/bin/ld:
BFD (GNU Binutils) 2.23.2 assertion fail elf32-arc.c:2786
collect2: error: ld returned 1 exit status
------------------->8------------------
In newer binutils (still in development) for ARC rewritten from
scratch this seem to not happen, so once new binutils for ARC hit
the street this patch might be reverted.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Felix Fietkau <nbd@openwrt.org>
Cc: Jo-Philipp Wich <jow@openwrt.org>
Cc: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 48642
Add the basic set of kernel options to allow it from mounting a NFS root
and boot from it.
Signed-off-by: Florian Fainelli <florian@openwrt.org>
SVN-Revision: 48590
These allow the generated kernel's build metadata to be defined explicitly.
This metadata is reported, eg, at boot time and in `uname -a` on running
systems. If the variables aren't configured, the current build system username
and hostname are used as normal.
The motivation for this option is to achive reproducible (bit-for-bit
identical) kernel builds of official openwrt releases.
Signed-off-by: bryan newbold <bnewbold@robocracy.org>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 48541
Revision 46834 changed IPv6 support from a module to builtin. But
since the configuration of the IPv6 kernel options was left in
package/kernel/linux/modules/netsupport.mk, this means that an
empty kmod-ipv6 module was still being generated (not packaged).
This patch moves the configuration of the IPv6 kernel options to
config/Config-kernel.in to remove this last bit of the module.
Note that CONFIG_IPV6_PRIVACY was dropped (enabled by default
since Linux v3.13), so this option is no longer needed.
See 5d9efa7ee9
Signed-off-by: Arjen de Korte <arjen+openwrt@de-korte.org>
SVN-Revision: 48132
When stack protector support is disabled in libc (always the case for
!musl), gcc assumes that it needs to use __stack_chk_guard for the stack
canary.
This causes kernel build errors, because the kernel is only set up to
handle TLS stack canaries.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 46543
Make musl provide libssp_nonshared.a and make GCC link it unconditionally
if musl is used. This should be a no-op if SSP is disabled and seems to be
the only reliable way of dealing with SSP over all packages due to the mess
that is linkerflags handling in packages.
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46108
Memory Resource Controller no longer depends on Resource counters since
Kernel version 4.0.
3.18 is the only still supported version needing Resource counters for
MEMCG, thus declare the dependency only for that version.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 46024
This changes the x86 image generation to match x86_64, using the PARTUUID for
the rootfs instead of explicitly configuring the device.
It unbreaks KVM with VirtIO, which uses /dev/vda2 instead of /dev/sda2.
Tested in QEMU/KVM with VirtIO, VirtualBox and VMware.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
SVN-Revision: 44966
Split out kmods from ALL to make it easier to create local builds that
are compatible kmod-wise with releases.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 44830
This is needed by many services to function properly and as
all modern distributions got it enabled, it starts to be a
de-facto standard, i.e. user-space starts to silently depend
on it.
This also pulls in EXPORTFS, however, the kernel binary size
increases only a little.
On ARM systems comes down to 800 bytes uncompressed and about
200 bytes compressed size.
On MIPS systems it's about 1.2 kB size increase of the LZMA
compressed kernel.
v2: use menuconfig option instead of just enabling the option
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 44765
It's the eglibc packaging with a bit of spit-polishing. And testing. :-)
[blogic: merged glibc and eglibc into 1 and made eglibc a glibc variant]
Signed-off-by: Jeff Waugh <jdub@bethesignal.org>
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 44701
Introduce configuration options to build an "hardened" OpenWRT.
Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.
uClibc makefile now automatically detects if SSP support is necessary.
hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.
Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.
Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.
Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>
SVN-Revision: 44005
This patch completes missing help text for some options under CONFIG_DEVEL.
Provides help for BINARY_FOLDER and DOWNLOAD_FOLDER, and reduces ambiguity in
the help for BUILD_SUFFIX with an example.
Signed-off-by: Andrew McDonnell <bugs@andrewmcdonnell.net>
SVN-Revision: 42520
Non-functional changes to config/Config-*.in files, including:
* spelling mistakes
* inconsistent terminology
* grammar
* overly long lines in "help" components
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
SVN-Revision: 42519
The idea is still to enable it by default at some point
I've tested all ar71xx packages (except oldpackages) using CONFIG_ALL=y
Failing packages have been marked with PKG_CHECK_FORMAT_SECURITY:=0 for now
I can test more targets but i have no idea which are the most used
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
SVN-Revision: 42282
This allows the selection of a specific branch in the menuconfig
when using a kernel downloaded from GIT.
Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>
SVN-Revision: 40946
The GIT_LOCAL_REPOSITORY option adds the --reference argument to the
git clone kernel command line, if KERNEL_GIT_CLONE_URI is set.
This option is intended to speed-up the repo creation by using local
objets rather than downloading it. However, a local repo can be cloned
much faster by setting GIT_LOCAL_REPOSITORY directly to the local tree.
In that case, git clone will bypass the normal "git aware" transport
mechanism and clone the repository by copying and hardlinking objects
rather than downloading it, resulting in a significant speed increase.
That makes the GIT_LOCAL_REPOSITORY option pretty useless so we'll just
remove it and recommand the usage of KERNEL_GIT_CLONE_URI directly.
Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>
SVN-Revision: 40944
This change does multiple things, all related to enable sparse usage as
a static analysis tool selectable from the OpenWrt configuration:
*add a KERNEL_SPARSE option in the config to add sparse to the kernel
build (through the C=1 option usage)
*add sparse as a new host tools. It will get selected automatically when
the above option will be enabled
Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>
SVN-Revision: 40490
Recent lxc versions are not useful if this option is not enabled. That said,
enable KERNEL_POSIX_MQUEUE by default when KERNEL_LXC_MISC is selected.
Signed-off-by: Luka Perkov <luka@openwrt.org>
SVN-Revision: 39385