Commit Graph

261 Commits

Author SHA1 Message Date
Xu Wang
2299808c68 base-files: add all buildinfo with INCLUDE_CONFIG
CONFIG_INCLUDE_CONFIG option is helpful for being able to rebuild the
exact same firmware as you see on a live OpenWRT instance, but it's
crucially missing feeds information, so we can't rebuild the exact same
package versions. This commit fixes this by adding the remaining feeds
(and version) buildinfo files to the image.

Signed-off-by: Xu Wang <xwang1498@gmx.com>
2020-02-27 12:14:09 +01:00
Hauke Mehrtens
b951f53fba build: Add additional kernel debug options
Make it possible to activate some additional kernel debug options.
This can be used to debug some problems in kernel drivers.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2020-02-22 16:34:57 +01:00
Hauke Mehrtens
947d2e0a70 build: Add KCOV kernel code coverage for fuzzing
The adds an option to activate KCOV (Code coverage for fuzzing).

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2020-02-22 16:34:57 +01:00
Hauke Mehrtens
431594a978 build: Add option KERNEL_KASAN
The kernel kernel address sanitizer is able to detect some memory
bugs in the kernel like out of range array accesses.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2020-02-22 16:34:57 +01:00
Hauke Mehrtens
d9b043c03c build: Add option KERNEL_UBSAN
The kernel Undefined Behavior Sanitizer is able to detect some memory
bugs in the kernel like out of range array accesses.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2020-02-22 16:34:57 +01:00
Adrian Schmutzler
7d7aa2fd92 brcm2708: rename target to bcm27xx
This change makes the names of Broadcom targets consistent by using
the common notation based on SoC/CPU ID (which is used internally
anyway), bcmXXXX instead of brcmXXXX.
This is even used for target TITLE in make menuconfig already,
only the short target name used brcm so far.

Despite, since subtargets range from bcm2708 to bcm2711, it seems
appropriate to use bcm27xx instead of bcm2708 (again, as already done
for BOARDNAME).

This also renames the packages brcm2708-userland and brcm2708-gpu-fw.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-02-14 14:10:51 +01:00
Hauke Mehrtens
19cbac7d26 buildsystem: Make PIE ASLR option tristate
This tristate choose allows to select to build only some applications
with PIE enabled. On MIPS binaries are getting about 30% bigger when PIE
is activated for the, which is a huge increase.

Network exposed applications like dnsmasq should then be build with PIE
enabled, but some applications which are normally not parsing data from
the network do not have it activated. The regular option should give a
good trade off between extra flash and RAM memory usage and security.

This changes the default from building no applications with PIE to build
some specifically marked applications with PIE enabled. This option is
only activated for targets with bigger flash and RAM to not consume
extra memory on the very small targets. On SDK builds the Regular option
should always be selected, because some tiny targets share the
applications with big targets and only the images for the tiny targets
should contain the none PIE applications, but the images for the normal
targets should use PIE. The shared packages should always use PIE when
it should be normally activated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-01-13 15:34:36 +01:00
Rosen Penev
fb19fb868c libcxx: Depenency fixes
Don't build with uClibc-ng. It's totally unsupported as several functions
are missing.

Make the musl libc support conditional.

Fix hash with make check FIXUP=1. Apparently I based the Makefile off of
libedit and forgot to fix the hash.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Fixes: 856ea2bad3 ("libcxx: Add package")
2019-12-23 12:08:23 +01:00
Rosen Penev
856ea2bad3 libcxx: Add package
Currently in OpenWrt, there are two libc++: libstdcpp and uClibc++. The
former is huge and the latter supports only C++98 with some basic support
for C++11. Those C++ versions seem to be specific to the compiler version

libcxx supports C++11 and above while being much smaller than libstdcpp.
On mt7621, these are the sizes of the ipks that I get:

libstdcpp: 460786
libcxx: 182881
uClibc++:67720

libcxx is faster than uClibc++ and is under active development as part of
the LLVM project while uClibc++ is effectively dead.

This PR modifies uclibc++.mk to expose the make menuconfig option. Further
cleanup is beyond the scope of this PR. What that means is, this is not
used by default.

A g++-libcxx wrapper based on the uClibc++ one was added. Works the same
way.

Compile tested with all packages that use uclibc++.mk in their Makefiles
under mipsel_24kc. kismet fails compilation but that package needs to be
cleaned up and updated.

Runtime tested with gddrescue, gdisk, dcwapd, bonnie++, and aircrack-ng
on a TP-Link Archer C7v2.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-12-23 00:22:07 +01:00
Stijn Tintel
5f68333952 config: kernel: fix typo in HFSPLUG_FS_POSIX_ACL
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-11-28 02:02:17 +02:00
John Crispin
f4aaee01fa Revert "build: separate signing logic"
This reverts commit 4a45e69d19.

This broke the buildbots

Signed-off-by: John Crispin <john@phrozen.org>
2019-10-21 16:26:24 +02:00
Paul Spooren
4a45e69d19 build: separate signing logic
This separates the options for signature creation and verification

* SIGNED_PACKAGES create Packages.sig
* SIGNED_IMAGES add ucert signature to created images
* CHECK_SIGNATURE add verification capabilities to images
* INSTALL_LOCAL_KEY add local key-build to /etc/opkg/keys

Right now the buildbot.git contains some hacks to create images that
have signature verification capabilities while not storing private keys
on buildbot slaves. This commit allows to disable these steps for the
buildbots and only perform signing on the master.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2019-10-21 14:06:42 +02:00
Paul Spooren
419eff50f9 config: remove unused GCC_VERSION_4_8 config symbols
Lets remove unused GCC_VERSION_4_8 symbol after the series of patches
which has switched to target gcc-8 by default.

Signed-off-by: Paul Spooren <mail@aparcar.org>
[refactored into separate commit]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-10-09 09:13:44 +02:00
Paul Spooren
881ed09ee6 build: create JSON files containing image info
The JSON info files contain details about the created firmware images
per device and are stored next to the created images.

The JSON files are stored as "$(IMAGE_PREFIX).json" and contain some
device/image meta data as well as a list of created firmware images.

An example of openwrt-ramips-rt305x-aztech_hw550-3g.json

    {
      "id": "aztech_hw550-3g",
      "image_prefix": "openwrt-ramips-rt305x-aztech_hw550-3g",
      "images": [
        {
          "name": "openwrt-ramips-rt305x-aztech_hw550-3g-squashfs-sysupgrade.bin",
          "sha256": "db2b34b0ec4a83d9bf612cf66fab0dc3722b191cb9bedf111e5627a4298baf20",
          "type": "sysupgrade"
        }
      ],
      "metadata_version": 1,
      "supported_devices": [
        "aztech,hw550-3g",
        "hw550-3g"
      ],
      "target": "ramips/rt305x",
      "titles": [
        {
          "model": "HW550-3G",
          "vendor": "Aztech"
        },
        {
          "model": "ALL0239-3G",
          "vendor": "Allnet"
        }
      ],
      "version_commit": "r10920+123-0cc87b3bac",
      "version_number": "SNAPSHOT"
    }

Signed-off-by: Paul Spooren <mail@aparcar.org>
2019-09-29 13:51:28 +02:00
Paul Spooren
e78c1baa9f rules: allow arbitrary log destination
Add option BUILD_LOG_DIR to menuconfig to change log destination.

The mix-up of *DIR* and *FOLDER* is confusing however.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2019-09-29 00:08:20 +02:00
Matthias Schiffer
61c57af618
build: set TARGET_ROOTFS_PARTSIZE to make combined image fit in 128MB
Change TARGET_ROOTFS_PARTSIZE from 128 to 104 MiB, so the whole image
(bootloader + boot + root) will fit on a 128MB CF card by default.

With these settings, the generated images (tested on x86-generic and
x86-64) have 126,353,408 bytes; the smallest CF card marketed as "128MB"
that I found a datasheet for (a Transcend TS128MCF80) has 126,959,616
bytes.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2019-09-21 13:48:15 +02:00
Daniel Golle
7cc22d72e9 config: kernel: only enable container features if !SMALL_FLASH
KERNEL_DEVPTS_MULTIPLE_INSTANCES and KERNEL_POSIX_MQUEUE were
previously enabled by default only if KERNEL_LXC_MISC was selected.
KERNEL_LXC_MISC was enabled only if the SMALL_FLASH (anti-)feature
was not selected.
Now that KERNEL_LXC_MISC no longer exists, make sure that those
options are also only enabled by default for !SMALL_FLASH targets.

Fixes: 4f94a331 ("config: kernel: remove KERNEL_LXC_MISC")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-09-12 13:17:24 +02:00
Yousong Zhou
4f94a331e1 config: kernel: remove KERNEL_LXC_MISC
Kernel features are neutral.  The two cascaded features can also be
useful for other container related tools

It's also less error-prone if only kconfig symbols from the kernel are
prefixed KERNEL_

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-09-12 02:30:26 +00:00
Yousong Zhou
083bb9b6a4 config: kernel: add KERNEL_X86_VSYSCALL_EMULATION
Binaries in container images may need this.  E.g. nginx:1.7.9 used in
k8s default deployment manifest file for demostration [1]

 [1] https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#creating-a-deployment

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-09-12 02:30:26 +00:00
Paul Spooren
454021581f build: add buildinfo files for reproducibility
generate feeds.buildinfo and version.buildinfo in build dir after
containing the feed revisions (via ./scripts/feeds list -sf) as well as
the current revision of buildroot (via ./scripts/getver.sh).

With this information it should be possible to reproduce any build,
especially the release builds.

Usage would be to move feeds.buildinfo to feeds.conf and git checkout the
revision hash of version.buildinfo.

Content of feeds.buildinfo would look similar to this:

    src-git routing https://git.openwrt.org/feed/routing.git^bf475d6
    src-git telephony https://git.openwrt.org/feed/telephony.git^470eb8e
    ...

Content of version.buildinfo would look similar to this:

    r10203+1-c12bd3a21b

Without the exact feed revision it is not possible to determine
installed package versions.

Also rename config.seed to config.buildinfo to follow the recommended
style of https://reproducible-builds.org/docs/recording/

Signed-off-by: Paul Spooren <mail@aparcar.org>
2019-08-13 10:40:36 +02:00
Jo-Philipp Wich
f565f276e2 config: introduce separate CONFIG_SIGNATURE_CHECK option
Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value
of CONFIG_SIGNED_PACKAGES and thus is enabled by default.

This option is needed to support building target opkg with enabled
signature verification while having the signed package lists disabled.

Our buildbots currently disable package signing globally in the
buildroot and SDK to avoid the need to ship private signing keys to
the build workers and to prevent the triggering of random key generation
on the worker nodes since package signing happens off-line on the master
nodes.

As unintended side-effect, updated opkg packages will get built with
disabled signature verification, hence the need for a new override option.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-06 21:22:27 +02:00
Álvaro Fernández Rojas
4295485719 brcm2708: add linux 4.19 support
Boot tested on Raspberry Pi B+ (BCM2708) and Raspberry Pi 2 (BCM2709)

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-07-14 12:44:14 +02:00
Alexander Couzens
fdd0a8d491
Make linux kernel builds reproducible when BUILDBOT selected
The linux kernel is not reproducible because the build user
and domain is included into the kernel. Set the build user
to `builder` and build domain to buildhost.

It's also possible to build reproducible builds by setting
KERNEL_BUILD_USER KERNEL_BUILD_DOMAIN to static values.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-07-02 16:32:47 +02:00
Petr Štetiar
9c8e0b0e8a build: enable gzipped images for armvirt and malta
As we're now going to pad all images by default to 128MiB let's enable
compression of the images for armvirt and malta in order to save some
space and bandwidth.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-25 14:12:22 +00:00
Petr Štetiar
469ba337a7 build: make TARGET_ROOTFS_PARTSIZE 128MiB by default
As we're now going to pad all images by default, lets decrease the
default rootfs partition size from 256MiB to 128MiB in order to save
some space.

I'm keeping it above 100MiB in order to keep current behavior, where
overlay filesystem is using F2FS.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-25 14:12:21 +00:00
Petr Štetiar
d03ef97c1b build: remove TARGET_IMAGES_PAD option
It's being used only in x86 target to produce combined images, where
it's mandatory to have padded images in order to produce working
squashfs combined images usable in QEMU.

Currently we're producing unusable x86 combined squashfs images
(18.06.1, 18.06.2 and snapshots) as we don't enable TARGET_IMAGES_PAD,
thus providing very small space for the overlay filesystem, leading to
the following with OpenWrt 18.06.1 r7258-5eb055306f images on x86 QEMU:

 root@(none):/# mount | egrep 'root|overlay'
  /dev/root on /rom type squashfs
  /dev/loop0 on /overlay type ext4
  overlayfs:/overlay on / type overlay

 root@(none):/# df -h | egrep 'root|overlay|Size'
  Filesystem                Size      Used Available Use% Mounted on
  /dev/root                 2.5M      2.5M         0 100% /rom
  /dev/loop0              113.0K      8.0K     97.0K   8% /overlay
  overlayfs:/overlay      113.0K      8.0K     97.0K   8% /

So we should rather ensure proper image padding in image generation code
and we shouldn't rely on config options in order to generate usable
images.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-25 14:12:21 +00:00
Daniel Golle
fcb41decf6 config: enable some useful features on !SMALL_FLASH devices
enable kernel features needed for procd-ujail, procd-seccomp, lxc and
more on devices with big enough flash. Those packages are currently
useless in binary builds due to missing kernel features.
Enable the features on devices which can bare with the extra space
consumption.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-06-12 23:33:45 +02:00
Stijn Segers
5cd49395d3 lantiq/xrx200: enable initramfs images
Commit eae6cac6a3 ("lantiq: add support for AVM FRITZ!Box 7362 SL"), but
one needs an initramfs image to flash OpenWrt from stock firmware (as
described in the commit log). This patch has the initramfs image built
by default.

Thanks to blogic (for pointing to the FEATURES declaration in the target
Makefiles) and Musashino on the forum for suggesting
config/Config-images.in needed editing too. While at it, reorder the
TARGET_INITRAMFS_COMPRESSION_LZMA declarations alphabetically.

This patch will result in initramfs images for all lantiq subtargets
that have the ramdisk flag set. I tested on the falcon and ase
subtargets, which lack that flag, to confirm they don't produce any
initramfs images with this patch - which they do not.

Given the limited scope of the lantiq (sub)target(s), blogic indicated
this should be OK.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[fixed the wrong reference to eae6cac6a3 commit]
2019-05-15 13:34:23 +02:00
Felix Fietkau
85017c40f4 build: add a config option for enabling a testing version of the target kernel
If the target supports a newer kernel version that is not used by default
yet, it can be enabled with this option

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-05-11 11:37:10 +02:00
Petr Štetiar
97d3f800a8 config: kernel: Add KPROBE_EVENTS config option
Upstream has renamed KPROBE_EVENT to KPROBE_EVENTS in the following
commit:

 commit 6b0b7551428e4caae1e2c023a529465a9a9ae2d4
 Author: Anton Blanchard <anton@samba.org>
 Date:   Thu Feb 16 17:00:50 2017 +1100

     perf/core: Rename CONFIG_[UK]PROBE_EVENT to CONFIG_[UK]PROBE_EVENTS

     We have uses of CONFIG_UPROBE_EVENT and CONFIG_KPROBE_EVENT as
     well as CONFIG_UPROBE_EVENTS and CONFIG_KPROBE_EVENTS.

     Consistently use the plurals.

So I'm adding this plural option in order to make kconfig happy and stop
asking about it if kernel is compiled with verbose logging:

  Enable kprobes-based dynamic events (KPROBE_EVENTS) [Y/n/?] (NEW)

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-05 14:41:49 +02:00
Tomasz Maciej Nowak
910eb994eb mvebu: make bootfs size for sdcard image configurable
Let's take this oportunity to implement boot-part and rootfs-part feature
flags.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 16:31:10 +02:00
Tomasz Maciej Nowak
bb0e4f9fb0 build: remove leftovers from previous x86 commits
VBoxManage is not used and the image is created with proper permisions:
0f5d0f6  image: use internal qemu-img for vmdk and vdi images drop host
         dependencies on qemu-utils and VirtualBox

Unreachable config symbols:
9e0759e  x86: merge all geode based subtargets into one

No need to define those symbols since x86_64 is subtarget of x86:
196fb76  x86: make x86_64 a subtarget instead of a standalone target

Unreachable config symbols, so remove GRUB_ROOT:
371b382  x86: remove the xen_domu subtarget

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-02-17 18:22:40 +01:00
Daniel F. Dickinson
da50f027f0 config: kernel: Fix missing symbol on brcm2708 with CGROUPS
When CGROUP block io is enabled a new symbol is exposed and needs to
be set or unset else kernel oldconfig hangs waiting for input during
normal OpenWrt builds.  Therefore add sane defaults for this symbol
in that case.  Also, the defaults brcm2708 are different than generic
defaults because the platform's defconfig enables BLK_DEV_THROTTLING
by default (in defconfig config from the patches used to match
upstream's kernel, not in OpenWrt config-4.xx).

Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
[make KERNEL_BLK_DEV_THROTTLING_LOW depend on KERNEL_BLK_DEV_THROTTLING]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-02-17 18:22:40 +01:00
Andre Heider
d5829f4183 omap: fix build without ext4 rootfs
Same fix as 7b76219e, just for omap.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2019-01-31 14:06:43 +01:00
Christian Lamparter
1aa00f9d13 brcm2708: boot-part feature integration
This patch adds the boot-part feature which enables the brcm2708
target move from the custom boot partition size config option to
the generic CONFIG_TARGET_KERNEL_PARTSIZE.

Note:
For people using custom images: Just like with
CONFIG_TARGET_ROOTFS_PARTSIZE changing the value
can cause sysupgrade to repartition the device!
Make sure to have a backup in this case.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-01-24 15:53:02 +01:00
Michal Hrusecky
74450124f6 build: Optionally provide file checksums in package metadata
This may be useful if you don't entirely trust your flash and want to be able
to check for corruptions.

Signed-off-by: Michal Hrusecky <Michal@Hrusecky.net>
2019-01-22 09:22:25 +01:00
Christian Lamparter
257de1b01f apm821xx: sata: boot-part feature integration
This patch adds the boot-part feature to the apm82181 sata target.
This makes it possible to configure the boot partition size with
the generic CONFIG_TARGET_KERNEL_PARTSIZE symbol.

Please note: For people using custom images: Just like with
CONFIG_TARGET_ROOTFS_PARTSIZE changing the value can cause
sysupgrade to repartition the device!

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-01-01 16:39:59 +01:00
Hauke Mehrtens
e790227553 kernel: Fix KERNEL_STACKPROTECTOR on kernel 4.19
The configuration option was renamed with kernel 4.19 from
CONFIG_CC_STACKPROTECTOR to CONFIG_STACKPROTECTOR adapt the code to set
both options.

CONFIG_STACKPROTECTOR now sets the regular stack protector and
CONFIG_STACKPROTECTOR_STRONG activates the additional protection of more
functions.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-26 17:32:48 +01:00
Andre Heider
7b76219e15 sunxi: fix build without ext4 rootfs
The sdcard image generation uses CONFIG_TARGET_ROOTFS_PARTSIZE, which is
currently bound to TARGET_ROOTFS_EXT4FS on this target.

Since the rootfs is squashfs anyway, allow deselecting of the ext4fs
one.

Sort the target list alphabetically while here.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2018-09-29 17:23:11 +02:00
Felix Fietkau
00f030a9c6 build: add support for enabling the rootfs/boot partition size option via target feature
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-03 12:06:24 +02:00
Kjel Delaey
8492ad0cc1 x86: add support to set GRUB menu entry title
$ make menuconfig

        Target Images -> Title for the menu entry in GRUB

Signed-off-by: Kjel Delaey <kjel_delaey@hotmail.com>
2018-07-30 15:55:21 +02:00
Alex Maclean
11d6547455 config: extend small_flash feature
Extend the small_flash feature to disable swap, core dumps, and
kernel debug info, and change the squashfs block size to 1024KiB.

Also change squashfs fragment cache to 2 for small_flash to ease memory
usage.

Signed-off-by: Alex Maclean <monkeh@monkeh.net>
2018-07-12 18:15:33 +02:00
Mathias Kresin
cf7154db07 kernel: only optimized for size if small_flash
Add a new config option to allow to select the default compile
optimization level for the kernel.

Select the optimization for size by default if the small_flash feature is
set. Otherwise "Optimize for performance" is set.

Add the small_flash feature flag to all (sub)targets which had the
optimization for size in their default kernel config.

Remove CC_OPTIMIZE_FOR_* symbols from all kernel configs to apply the new
setting.

Exceptions to the above are:

  - lantiq, where the optimization for size is only required for the
    xway_legacy subtarget but was set for the whole target
  - mediatek, ramips/mt7620 & ramips/mt76x8 where boards should have
    plenty of space and an optimization for size doesn't make much sense
  - rb532, which has 128MByte flash

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-07-12 18:15:32 +02:00
Jeremiah McConnell
206fbbfec2 config: add config option for KERNEL_TASKSTATS
In order for monitoring tools such as atop and htop to track and report
i/o data, kernel support for task statistics and io accounting is
required.

Add a config option to enable building this support in the kernel.

Signed-off-by: Jeremiah McConnell <miah@miah.com>
2018-07-07 18:33:57 +02:00
Hauke Mehrtens
fc166931fa config: fix ARM64 dependency check
The ARM64 CPUs use aarch64 config symbol, fix the depends lines.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-10 20:16:39 +01:00
Yousong Zhou
d76ad1dc79 lantiq: ase: turn off fpu emulator in default build
It was only enabled when the target was added back in commit 9b321bc
("lantiq: add Amazon-SE subtarget")

Leave pistachio alone as devices of this target are not likely have
small_flash or low_mem constraint

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-29 17:34:48 +08:00
Yousong Zhou
82ceb2ad2a build: add config option KERNEL_MIPS_FPU_EMULATOR
To make it more accessible for nodejs users to configure and run a build
on mips target lacking hardware fpu

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-29 15:06:53 +08:00
Julien Dusser
241e6dd3e9 build: cleanup SSP_SUPPORT configure option
Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh,
avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain
and depends it means 'build gcc with libssp'.

Musl no longer uses libssp (1877bc9d8f), it has internal support, so
SSP_SUPPORT was disabled leading some package to not use SSP.

No information why Glibc and uClibc use libssp, but they may also provide
their own SSP support. uClibc used it own with commit 933b588e25 but it was
reverted in f3cacb9e84 without details.

Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT
if either USE_MUSL or GCC_LIBSSP.

Signed-off-by: Julien Dusser <julien.dusser@free.fr>
2018-01-27 19:02:48 +01:00
Julien Dusser
df0bd42fde build: add hardened builds with PIE (ASLR) support
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.

Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.

Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.

If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.

Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
2018-01-27 16:46:45 +01:00
Alexandru Ardelean
ab6a96f3f5 Config-devel.in: rename symbol KERNEL_GIT_BRANCH -> KERNEL_GIT_REF
The Download/git rule will do a `git checkout <git-ref>`.
So, we can use any ref we want.

No need to limit just to branches.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2018-01-27 16:46:45 +01:00
Yousong Zhou
dc555d003c build: disable BUILD_PATENTED by default
This is mainly for legal considerations and not promoting the usage of
and no redistribution of binaries of patented technologies seems to be
also the established practice in other linux distros.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-26 09:45:08 +08:00
Koen Vandeputte
fce35bce0f config: support new symbol intro'd in kernel 4.12
Symbol CONFIG_INITRAMFS_FORCE allows to ignore the value passed by the
bootloader.

By default, all symbols containing INITRAMFS are wiped from the final
config and then re-added conditionally.

Add support for this symbol, as the build will stop otherwise
questioning the user about this option:

* Restart config...
*
*
* General setup
*
Cross-compiler tool prefix (CROSS_COMPILE) []
Compile also drivers which will not load (COMPILE_TEST) [N/y/?] n

...

Initial RAM filesystem and RAM disk (initramfs/initrd) support
(BLK_DEV_INITRD) [Y/n/?] y
Initramfs source file(s) (INITRAMFS_SOURCE) []
Ignore the initramfs passed by the bootloader (INITRAMFS_FORCE)
[N/y/?] (NEW)

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-13 16:27:45 +01:00
Matthias Schiffer
ef27f15330
kernel: allow disabling multicast routing support
Multicast routing support is not needed in most setups, and increases the
size of the kernel considerably (>10K after LZMA). Add a config switch to
allow disabling it.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-11 11:51:24 +01:00
Sascha Paunovic
d810a2aebf kernel: fix spelling in CONFIG_DEVTMPFS help text
Change "ti" to "to", as that's the correct spelling.

Signed-off-by: Sascha Paunovic <azarus@posteo.net>
2017-12-11 12:43:29 +01:00
Chris Blake
a92f73e922 mpc85xx: Enable initramfs for p1020 subtarget
The following patch enables building of initramfs images by default for
the P1020 subtarget in mpc85xx.

Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
2017-10-14 01:19:35 +02:00
Hauke Mehrtens
589621b1c0 config: make CONFIG_ALL_* select other CONIFG_ALL_* options
Select the other CONFIG_ALL_* options in the hierarchy when the master
option is selected. Currently CONFIG_ALL_KMODS is not selected when the
build bot selects CONFIG_ALL_NONSHARED for example.

Now the rtc kmods should get build when CONFIG_ALL_KMODS,
CONFIG_ALL_NONSHARED or CONFIG_ALL and CONFIG_RTC_SUPPORT are selected
like it is done by the build bots for targets with rtc support.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-08-26 14:59:20 +02:00
Felix Fietkau
7887a46f45 build: enable gzipping of images on x86 even if ext4 is disabled
There is lots of padding between the boot partition and the rootfs, so
gzipping is helpful here

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-07-06 11:30:33 +02:00
Florian Fainelli
90336ef4cd kernel: Make KERNEL_PERF_EVENTS selectable
The kernel itself allows enabling/disabling CONFIG_PERF_EVENTS, so allow
doing the same thing.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-26 15:42:25 -07:00
Florian Fainelli
ce731158c8 kernel: Hide kernel options behind a menu
We are starting to add more and more kernel configurable options, to the
point where the Global build options menu is not really usable anymore,
hide all kernel-related configuration options behind a menu.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-26 15:42:13 -07:00
Daniel Golle
48d71ab502 kernel: enable CRASH_DUMP on supported platforms
While we have CRASHLOG on MIPS it makes sense to support 'classic'
kexec-based CRASH_DUMP on x86 and arm platforms.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-05-20 00:26:03 +02:00
Felix Fietkau
0b7ed65cec kernel: remove out of tree direct-io disable hack
Direct-IO support has to be enabled for the release build anyway, so
this hack is not worth keeping

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-26 10:27:45 +02:00
Philip Prindeville
7fe5963be0 build: allow specifying flow-control to grub on serial console
On the more sophisticated (i.e. deeper FIFO) serial controllers,
flow-control might be needed to avoid dropping output.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-04-03 08:51:02 +02:00
Vitaly Chekryzhev
01337ba472 build: add devel option to store build config in firmware
Store config.seed in firmware /etc/build.config

Signed-off-by: Vitaly Chekryzhev <13hakta@gmail.com>
2017-03-18 12:08:04 +01:00
David Woodhouse
ab20c638b6 x86: Set default baud rate on Geode images to 115200
Prior to commit 1496b95a0 ("x86: clean up default grub baudrate
settings") we had three different baud rates for the Geode targets:
19200 for net5501, 38400 for alix2, and 115200 for Geos.

It doesn't seem that there's a very good reason for varying from our
default 115200 baud, so let's make the Geode target do that instead.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2017-02-17 10:30:38 +01:00
Felix Fietkau
9dcb921d90 build: add buildbot specific config option for setting defaults
This can be used to tweak the buildbot behavior without having to change
buildbot's configuration.
It will also allow us to add more aggressive clean steps (e.g. on
toolchain changes), which would break developers' workflows if enable
by default.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-14 14:18:35 +01:00
Hannu Nyman
eaf3fef946 ccache, samba36: fix samba.org addresses to use https
samba.org has started to enforce https and
currently plain http downloads with curl/wget fail,
so convert samba.org download links to use https.

Modernise links at the same time.

Also convert samba.org URL fields to have https.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-02-02 00:14:03 +01:00
Felix Fietkau
7a523569f7 build: add support for automatically removing build dir contents during build
This is used to save space on buildbot instances.
If any part of a package needs to be rebuild, the whole package is
rebuilt from scratch. Stamp files are preserved to allow dependency
checks to work

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-18 23:57:08 +01:00
Felix Fietkau
749918911d x86: disable crashlog
It could cause crashes with some forms of virtualization, and it is
unlikely to work properly with most systems.
It's safer to just disable it.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 15:15:09 +01:00
Felix Fietkau
1e1d735e52 build: remove obsolete parallel build related options
Always use the main make jobserver, which has been the default for ages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Hauke Mehrtens
6e7fdf07b7 kernel: add KERNEL_DEVMEM and KERNEL_DEVKMEM
These options are needed to create /dev/mem or /dev/kmem .
/dev/mem is needed by the io tool to access raw hardware memory, which
is helpful when debugging and developing drivers.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: John Crispin <john@phrozen.org>
2016-12-24 14:55:35 +01:00
Felix Fietkau
4cc1f1ac1c x86: revert default root size back to 256 MB
2 GB is overkill and was only added to allow unlimited ext4 resizing,
which is a pretty rare use case. 256 MB allows resizing up to 256 GB,
which should be good enough for almost all users.

A lot of this is mostly irrelevant anyway, since you can just use
squashfs + ext4 overlay.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-15 11:46:01 +01:00
Hauke Mehrtens
c058f4f22d kernel: add KERNEL_DEBUG_PINCTRL and KERNEL_DEBUG_GPIO
This makes it possible to activate the gpio and the pinctl debugging
from LEDE menuconfig.

Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-10 16:06:34 +01:00
Felix Fietkau
426e4d93bb uml: clean up the kernel config and add squashfs+ext4/f2fs support
Replaces plain ext4 images

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-11-24 12:53:18 +01:00
Felix Fietkau
12a6e3cd05 x86: bump default kernel partition size to 16M
This leaves more room for sysupgrade config data or for having multiple
kernel images to choose from

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-11-09 12:17:52 +01:00
Jo-Philipp Wich
dc6cc04016 config: ext4: increase x86 rootfs size to 2GB to support online resize2fs
The current default rootfs size of 256MB in conjunction with 4K blocks
produces an ext4 filesystem which lacks the appropriate amount of backup GDT
entries to support online-resizing.

For x86 targets, increase the default rootfs size to 2048MB which allows
online resizing the filesystem to up to 2TB which is the current theoretical
maximum for LEDE, due to missing GPT support on the root block device.

Note that the filesystem artefact will not occupy 2GB on the build system as
the make_ext4fs utility uses sparse files to generate the filesystem images,
so the actual disk usage is much lower. Furthermore the filesystem images
are gzip compressed, shrinking them to only a few megabytes on the download
server.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Michael Heimpold <mhei@heimpold.de>
2016-10-27 19:24:38 +02:00
Jo-Philipp Wich
d1ae4c4958 config: ext4: drop option to set maximum number of inodes
There is very little practical use to limit the number of available inodes on
an ext4 filesystem and the make_ext4fs utility is able to calculate useful
defaults by itself.

Drop the option to make resulting ext4 filesystems more flexible by default.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Michael Heimpold <mhei@heimpold.de>
2016-10-27 19:24:38 +02:00
Matthias Schiffer
77f54eae45
config: enable shadow passwords unconditionally
Configurations without shadow passwords have been broken since the removal
of telnet: as the default entry in /etc/passwd is not empty (but rather
unset), there will be no way to log onto such a system by default. As
disabling shadow passwords is not useful anyways, remove this configuration
option.

The config symbol is kept (for a while), as packages from feeds depend on
it.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-26 17:57:56 +02:00
Felix Fietkau
a1f83bad60 images: bump default rootfs size to 256 MB
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-08 15:28:39 +02:00
Josua Mayer
3242c07649 mvebu: add sdcard image creation script
Added gen_mvebu_sdcard_img.sh to facilitate creating an fixed-size sdcard image,
adding the bootloader and populating it with actual data.

Added the required rules for creating a 4GB sdcard image according to this layout:
p0: boot (fat32)
p1: rootfs (squashfs)
p2: rootfs_data (ext4)
This should be generic to any mvebu boards that can boot from block storage.

Added the new sdcard image to the Clearfog image profile.

Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
2016-09-02 14:43:52 +02:00
Nathaniel Wesley Filardo
39d817cf38 Add config symbols for kernel keyring support
Enable selection of the kernel key retention framework and some of its
additional facilities; see Documentation/security/keys.txt and
security/keys/Kconfig for details

Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
2016-09-02 14:43:52 +02:00
Christian Lamparter
08257a4053 apm821xx: use lzma compression for the initramfs images
The MR24's u-boot takes it sweet time decompressing the
LZMA-packed initramfs image. A user reported that
compared to the old gzip method in v2: it "takes a ton
longer to decompress like 4\x the old boot time for
decompression".

This patch also fixes a issue with the WNDR4700's initramfs
image getting to big and causing the following u-boot crash
during the decompression:

"Uncompressing Multi-File Image ... Error: inflate() returned -5
out-of-mem or overwrite error - must RESET board to recover"

This patch fixes both issues by reverting the MR24's initramfs
compression method back to gzip. And choosing to compress the
initramfs within the initramfs image as LZMA by default.

Cc: chrisrblake93@gmail.com
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2016-07-25 10:38:11 +02:00
Felix Fietkau
673004f9bc config: remove options for including kernel/dtb in rootfs
These options were a big design flaw to begin with

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-20 10:13:50 +02:00
Felix Fietkau
d7b185128d build: make TARGET_ROOTFS_JFFS2 depend on USES_JFFS2
If jffs2 support was not enabled by the target, jffs2 are quite likely
to be broken, so we shouldn't build them.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-20 10:13:50 +02:00
Felix Fietkau
a4e90e2cac toolchain: get rid of GCC_VERSION_5 config symbol
Replace it with !GCC_VERSION_4_8 to be more future compatible

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-15 14:17:40 +02:00
Daniel Dickinson
b9952797e6 kernel: Move POSIX ACL and attr support options into submenu
Make global options menuconfig cleaner by moving POSIX ACL
and attr support options into a submenu.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
2016-07-05 22:59:14 +02:00
Daniel Dickinson
e408abd7fb kernel: Add option to make using filesystem ACL support the default
This adds a configuration options that allows to make filesystem ACL support
the default in the kernel, except for old nfs.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
2016-06-30 22:48:39 +02:00
John Crispin
30acacb0af config: add a small_flash feature
this causes KALLSYMS to be off by default

Signed-off-by: John Crispin <john@phrozen.org>
2016-06-13 22:51:43 +02:00
Daniel Golle
2aa818a0bb kernel: add missing symbol
Add missing symbol When building kernel with profiling enabled and ARM
or ARM64 targets.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2016-05-16 18:00:34 +02:00
Felix Fietkau
42d2eb7628 build: remove leftover dependenices on TARGET_rdc
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-12 17:43:48 +02:00
Jo-Philipp Wich
941fc5e8c8 global: introduce ALL_NONSHARED symbol
Introduce a new symbol ALL_NONSHARED which selects all non-sharable packages
by default. This option is mainly intented for buildbot setups to build the
target dependant software subset only.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-13 17:24:12 +02:00
Felix Fietkau
be9e991b88 build: don't add -fno-plt for ARC
Curent ARC toolchain fails to build libstdc++ if -fno-plt is used.
Lots of following error messages appear:
------------------->8------------------
...
staging_dir/toolchain-arc_arc700_gcc-arc-2015.06_uClibc-1.0.9/arc-openwrt-linux-uclibc/bin/ld:
BFD (GNU Binutils) 2.23.2 assertion fail elf32-arc.c:2786
collect2: error: ld returned 1 exit status
------------------->8------------------

In newer binutils (still in development) for ARC rewritten from
scratch this seem to not happen, so once new binutils for ARC hit
the street this patch might be reverted.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Felix Fietkau <nbd@openwrt.org>
Cc: Jo-Philipp Wich <jow@openwrt.org>
Cc: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 48642
2016-02-07 13:29:16 +00:00
Florian Fainelli
312367665a buildroot: add options to build the kernel for NFS boot
Add the basic set of kernel options to allow it from mounting a NFS root
and boot from it.

Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 48590
2016-02-01 01:06:39 +00:00
Felix Fietkau
b3f7902a06 include/kernel: add custom USER/DOMAIN config options
These allow the generated kernel's build metadata to be defined explicitly.
This metadata is reported, eg, at boot time and in `uname -a` on running
systems. If the variables aren't configured, the current build system username
and hostname are used as normal.

The motivation for this option is to achive reproducible (bit-for-bit
identical) kernel builds of official openwrt releases.

Signed-off-by: bryan newbold <bnewbold@robocracy.org>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48541
2016-01-28 22:42:34 +00:00
Felix Fietkau
657d0cc2ce build: do not deselect CONFIG_USE_SSTRIP if CONFIG_DEBUG is enabled
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48504
2016-01-26 08:39:21 +00:00
Felix Fietkau
fb713ddd4d build: add -fno-plt to default cflags, it improves PIC code optimization
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48470
2016-01-24 00:16:36 +00:00
Felix Fietkau
aec0e6ac8f build: use sstrip by default for musl
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48313
2016-01-18 12:47:36 +00:00
Felix Fietkau
33beafa8d8 Configure IPv6 kernel options in config/Config-kernel.in
Revision 46834 changed IPv6 support from a module to builtin. But
since the configuration of the IPv6 kernel options was left in
package/kernel/linux/modules/netsupport.mk, this means that an
empty kmod-ipv6 module was still being generated (not packaged).

This patch moves the configuration of the IPv6 kernel options to
config/Config-kernel.in to remove this last bit of the module.

Note that CONFIG_IPV6_PRIVACY was dropped (enabled by default
since Linux v3.13), so this option is no longer needed.

See 5d9efa7ee9

Signed-off-by: Arjen de Korte <arjen+openwrt@de-korte.org>

SVN-Revision: 48132
2016-01-04 23:30:36 +00:00
John Crispin
b4564e3163 kernel: add support for KERNEL_CGROUP_PIDS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 47275
2015-10-26 11:54:56 +00:00
Luka Perkov
75078acd93 cosmetic: remove trailing whitespaces
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 47197
2015-10-15 22:12:13 +00:00
Steven Barth
0c8f0186d5 linux: make IPv6 builtin if selected (saves >30KB)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46834
2015-09-09 12:20:36 +00:00
Felix Fietkau
400fb6cadc gcc: remove version 4.9-linaro
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46798
2015-09-06 10:07:03 +00:00
Steven Barth
ed53726072 enable strong SSP / Stackprotector on gcc5
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>

SVN-Revision: 46685
2015-08-18 09:20:34 +00:00
Felix Fietkau
bf82deff70 build: disable kernel stack protector support for i386/x86_64
When stack protector support is disabled in libc (always the case for
!musl), gcc assumes that it needs to use __stack_chk_guard for the stack
canary.
This causes kernel build errors, because the kernel is only set up to
handle TLS stack canaries.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46543
2015-08-02 07:40:12 +00:00
Steven Barth
efe03e5fc7 hardening: disable user-space SSP for !musl
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46146
2015-06-29 16:44:27 +00:00
Steven Barth
2738526a16 toolchain: add fortify-headers, enable FORTIFY_SOURCE by default
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46117
2015-06-23 14:38:03 +00:00
Steven Barth
1877bc9d8f gcc/musl: rework SSP-support
Make musl provide libssp_nonshared.a and make GCC link it unconditionally
if musl is used. This should be a no-op if SSP is disabled and seems to be
the only reliable way of dealing with SSP over all packages due to the mess
that is linkerflags handling in packages.

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46108
2015-06-22 10:31:07 +00:00
Felix Fietkau
b3d81b2dec kernel: mitigate cgroups config dependency changes
Memory Resource Controller no longer depends on Resource counters since
Kernel version 4.0.
3.18 is the only still supported version needing Resource counters for
MEMCG, thus declare the dependency only for that version.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 46024
2015-06-18 06:39:00 +00:00
Steven Barth
19810a5145 hardening: enable regular SSP support by default
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46020
2015-06-17 13:13:48 +00:00
Steven Barth
f8140c9caf hardening: enable RELRO by default
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46004
2015-06-16 17:28:05 +00:00
Steven Barth
11489a85cf hardening: enable format security checking by default
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46003
2015-06-16 17:27:59 +00:00
Felix Fietkau
ec73574027 build: enable package list signing by default
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45614
2015-05-05 21:16:13 +00:00
Felix Fietkau
beca028bd6 build: add integration for managing opkg package feed keys
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45286
2015-04-06 19:39:51 +00:00
John Crispin
3ec7ccf501 config: add an option to enable KPROBE
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>

SVN-Revision: 45212
2015-04-01 08:33:04 +00:00
Felix Fietkau
1496b95a0f x86: clean up default grub baudrate settings
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45113
2015-03-29 04:31:21 +00:00
Felix Fietkau
b872533e68 build: remove leftover olpc support code
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45084
2015-03-28 11:40:06 +00:00
John Crispin
006f8c9446 kernel: cleanup seccomp symbol selection
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45005
2015-03-26 10:57:51 +00:00
Jo-Philipp Wich
02e2548b84 x86: use PARTUUID instead explicitly specifying the device by default
This changes the x86 image generation to match x86_64, using the PARTUUID for
the rootfs instead of explicitly configuring the device.

It unbreaks KVM with VirtIO, which uses /dev/vda2 instead of /dev/sda2.

Tested in QEMU/KVM with VirtIO, VirtualBox and VMware.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>

SVN-Revision: 44966
2015-03-24 10:08:12 +00:00
Felix Fietkau
5d9eeab64a build: remove obsolete references to cris and avr32
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44965
2015-03-24 10:07:40 +00:00
John Crispin
f9f7c80cd2 kernel: Support kernel options required by systemd
These kernel options are all likely to be widely useful in this modern age, but
are immediately useful for systemd support.

c.f. http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-apps/systemd/systemd-9999.ebuild?&view=markup#l118

Adapted from a patch by Adam Porter.

Signed-off-by: Jeff Waugh <jdub@bethesignal.org>

SVN-Revision: 44929
2015-03-21 21:48:12 +00:00
John Crispin
7274db3b5a config: add function tracers
Adds menuconfig options for ftrace function tracers

Signed-off-by: Bryan Forbes <bryan@reigndropsfall.net>

SVN-Revision: 44878
2015-03-18 20:08:21 +00:00
Jonas Gorski
9dc137397f buildroot: make it easier to build all kmods
Split out kmods from ALL to make it easier to create local builds that
are compatible kmod-wise with releases.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 44830
2015-03-16 11:51:54 +00:00
John Crispin
b1953bdf27 kernel: enable open by fhandle syscalls
This is needed by many services to function properly and as
all modern distributions got it enabled, it starts to be a
de-facto standard, i.e. user-space starts to silently depend
on it.

This also pulls in EXPORTFS, however, the kernel binary size
increases only a little.
On ARM systems comes down to 800 bytes uncompressed and about
200 bytes compressed size.
On MIPS systems it's about 1.2 kB size increase of the LZMA
compressed kernel.

v2: use menuconfig option instead of just enabling the option

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 44765
2015-03-15 06:35:13 +00:00
John Crispin
3e2f578353 toolchain: The glorious return of glibc, ver 2.21
It's the eglibc packaging with a bit of spit-polishing. And testing. :-)

[blogic: merged glibc and eglibc into 1 and made eglibc a glibc variant]

Signed-off-by: Jeff Waugh <jdub@bethesignal.org>
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44701
2015-03-12 19:50:57 +00:00
Nicolas Thill
f87f373c9f config: disable kernel tracing on uml
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 44397
2015-02-11 11:31:26 +00:00
Jo-Philipp Wich
3f56785706 config: remove CONFIG_BUILD_STATIC_TOOLS
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44287
2015-02-06 00:00:51 +00:00
Nicolas Thill
f6433f63ef config: fix typo in Global build settings menu
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 44258
2015-02-05 05:10:44 +00:00
John Crispin
1c160bf082 config: fix typo in Global build settings menu
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 44163
2015-01-28 12:05:58 +00:00
John Crispin
491f3fc048 Support for building an hardened OpenWRT
Introduce configuration options to build an "hardened" OpenWRT.

Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.

uClibc makefile now automatically detects if SSP support is necessary.

hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.

Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.

Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.

Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>

SVN-Revision: 44005
2015-01-17 14:31:30 +00:00
Rafał Miłecki
757b45a32f config: enable EARLY_PRINTK on bcm53xx by default
It's useful for debugging and safe at the same time as we enable it per
device.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 43980
2015-01-16 14:50:51 +00:00
John Crispin
baad87ae3d kernel: add SECCOMP to menuconfig
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43888
2015-01-08 21:23:18 +00:00
John Crispin
f76755da3f packages: fix typo in OpenWrt name
Signed-off-by: Cezary Jackiewicz <cezary.jackiewicz@gmail.com>

SVN-Revision: 43542
2014-12-07 16:53:30 +00:00
Jo-Philipp Wich
1eb6640612 config: use PARTUUID by default on x86_64
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43086
2014-10-27 14:35:39 +00:00
Hauke Mehrtens
d041cb6e95 Kconfig: Fix missing help text in DEVEL config menu
This patch completes missing help text for some options under CONFIG_DEVEL.

Provides help for BINARY_FOLDER and DOWNLOAD_FOLDER, and reduces ambiguity in
the help for BUILD_SUFFIX with an example.

Signed-off-by: Andrew McDonnell <bugs@andrewmcdonnell.net>

SVN-Revision: 42520
2014-09-13 20:27:52 +00:00
Hauke Mehrtens
bdeda10f1c Kconfig: Various typo/grammar/line-length fixes in Config*.in files
Non-functional changes to config/Config-*.in files, including:

* spelling mistakes
* inconsistent terminology
* grammar
* overly long lines in "help" components

Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>

SVN-Revision: 42519
2014-09-13 20:27:25 +00:00
Luka Perkov
cc82f93251 config: enable cgroup freezer
This option will be enabled by default only when cgroups support is enabled.

Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 42464
2014-09-10 23:15:22 +00:00
John Crispin
7a1f4c50fa PKG_CHECK_FORMAT_SECURITY: add a menuconfig option, disable by default
The idea is still to enable it by default at some point
I've tested all ar71xx packages (except oldpackages) using CONFIG_ALL=y
Failing packages have been marked with PKG_CHECK_FORMAT_SECURITY:=0 for now
I can test more targets but i have no idea which are the most used

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>

SVN-Revision: 42282
2014-08-25 06:36:06 +00:00
Felix Fietkau
08f9168615 x86: add back a line accidentally removed in r41763
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41764
2014-07-20 08:20:14 +00:00
Felix Fietkau
c718d0b10c x86: remove the arbitrary limitation of vmware/virtualbox images to ext4, select TARGET_IMAGES_PAD instead
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41763
2014-07-20 08:18:50 +00:00
John Crispin
93fe29055f config/Config-images.in: enable zlib as the default ubi compression
http://patchwork.openwrt.org/patch/5686/

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 41329
2014-06-24 18:14:05 +00:00
Steven Barth
e64f122023 Disable crashlog for UML
SVN-Revision: 41153
2014-06-12 11:34:44 +00:00
Felix Fietkau
43dc78425c kernel: fix duplicate KERNEL_PERF_EVENTS with wrong dependency
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41030
2014-06-06 09:20:15 +00:00
Felix Fietkau
2f9a3c791b build: set default squashfs block size to 64k for low-memory systems
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40981
2014-06-02 17:04:41 +00:00
Felix Fietkau
5eecccd75e build: make the squashfs block size configurable
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40979
2014-06-02 17:04:34 +00:00
John Crispin
a810981e6b config/Config-images.in: the ext4 series introduced a regression
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 40951
2014-06-02 13:03:15 +00:00
John Crispin
34106f4a1a include: Allow git kernel branch selection
This allows the selection of a specific branch in the menuconfig
when using a kernel downloaded from GIT.

Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>

SVN-Revision: 40946
2014-06-02 12:45:22 +00:00
John Crispin
45e3540a3f config: Remove KERNEL_GIT_LOCAL_REPOSITORY option
The GIT_LOCAL_REPOSITORY option adds the --reference argument to the
git clone kernel command line, if KERNEL_GIT_CLONE_URI is set.

This option is intended to speed-up the repo creation by using local
objets rather than downloading it. However, a local repo can be cloned
much faster by setting GIT_LOCAL_REPOSITORY directly to the local tree.

In that case, git clone will bypass the normal "git aware" transport
mechanism and clone the repository by copying and hardlinking objects
rather than downloading it, resulting in a significant speed increase.

That makes the GIT_LOCAL_REPOSITORY option pretty useless so we'll just
remove it and recommand the usage of KERNEL_GIT_CLONE_URI directly.

Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>

SVN-Revision: 40944
2014-06-02 12:45:16 +00:00
John Crispin
14421bd7fb image: ext4: rename config options as these are only used for ext4 image creation
Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 40926
2014-06-02 12:44:10 +00:00
John Crispin
5fd7e00d9d image: ext4: allow creation of a journaling filesystem
Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 40925
2014-06-02 12:44:07 +00:00
John Crispin
fe20272ab1 image: ext4: allow to choose a block size for the rootfs
Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 40924
2014-06-02 12:44:04 +00:00
John Crispin
fbb05ce063 image: ext4: move ext4 specific options into submenu
Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 40923
2014-06-02 12:43:53 +00:00