3019f50 jail: leak less memory
7e01453 jail: fix segfault on missing name and refactor
5abee8f jail: fix and simplify userns uid/gid maps from OCI
4ba72ec jail: relax /etc/resolv.conf creation
db5ef86 jail: don't use NULL arguments for mount syscall
19ac9df jail: don't fail if can't mount-bind /etc/resolv.conf
acf36f2 jail: seteuid before clone(CLONE_NEWUSER)
e40828f jail: fix typo in usage output
b87984b jail: don't attempt to mount /sys with noatime
b275b11 jail: enter existing cgroups namespace if given
31e0a46 jail: properly initialize timens_fd
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Hauke wrote:
> We want to run some processes in the procd-ujail, this works when we
> use a SquashFS image and an overlay file system, but when we use an
> initramfs it does not work.
> [...]
> When we switch from initramfs to tmpfs, it is working, we added this
> code to target/linux/generic/other-files/init to make [it] work.
Move files to newly mounted tmpfs and then use switch_root to chroot
into new rootfs and free initramfs.
Suggested-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Added PKG_INSTALL to avoid using an explicit define Build/Compile
Added PKG_BUILD_PARALLEL for faster compilation.
Removed TARGET_CLAFGS. They are no longer necessary.
fPIC is default now. So is gnu99. -DUSE_DOS is a hack to include old
and mostly unused conversions.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- Removed following patches:
100-strip_charsets.patch - makes the full variant slim.
101-autotools.patch - this one fails to apply because it was backported
from newer versions for 1.11.1.
103-configure_ac_fix.patch - backported from newer versions
200-work-with-libtool2.patch - is not needed anymore, it is done
differently in upstream
300-fortify-source-compat.patch - these files are not there anymore
- TVHeadend requires working iconv library e.g. transliteration to ASCII
and this does not work with libiconv-full currently.
There is a simple test, which requires to install iconv package.
Before applying this update:
root@turris:/# echo ŽluťoučkýKůň | iconv -t ASCII//TRANSLIT//IGNORE
luoukK
After applying this update:
root@turris:~# echo ŽluťoučkýKůň | iconv -t ASCII//TRANSLIT//IGNORE
Zlutouck'yKun
- Makefile changes:
Use HTTPS for their website
Fixed deprecated SPDX License Identifier
Move PKG_MAINTAINER above PKG_LICENSE
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Tested-by: Rosen Penev <rosenp@gmail.com> [malta]
Drop our local sstrip copy and use the current ELFKickers upstream
version.
Patch the original makefile in order to avoid building elftoc, since it
fails with musl's elf.h. This is fine, since we only need sstrip anyway.
Finally, add the possibility to pass additional arguments to sstrip and
pass -z (remove trailing zeros) by default, which matches the behaviour
of the previous version.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[shorten long commit msg lines]
Signed-off-by: Paul Spooren <mail@aparcar.org>
compiler warns that exit() isn't defined so checks for build system
compiler fail.
include <stdlib.h> to define exit()
Tested under macos Catalina & Big Sur
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Recent kernel bumps & target patch refactors have left some patch fuzz
around. Refreshed kernel patches using update_kernel script.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Removed since could be reverse-applied by quilt and found to be
included upstream:
backport-5.4/789-net-usb-qmi_wwan-Set-DTR-quirk-for-MR400.patch
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711, ath79/generic
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86_64 build/run]
custom-initramfs-uimage was replaced by calls to uImage, but apparently
mtc_wr1201 was missed in the transistion. Use uImage for this device
too.
Fixes: 9f574b1b87 "ramips: mt7621: drop custom uImage function"
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Several variables in hostapd.sh can be used uninitialized in numerical
comparisons, causing errors in logread:
netifd: radio24 (1668): sh: out of range
Set defaults for those variables to silence those errors.
Fixes: b518f07d4b ("hostapd: remove ieee80211v option")
Fixes: cc80cf53c5 ("hostapd: add FTM responder support")
Fixes: e66bd0eb04 ("hostapd: make rrm report independent of ieee80211k setting")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Since we are using mac80211 5.8, let's also switch the ath10k-ct driver
to the new 5.8 version.
Modify patches so they patch the new ath10k-ct driver version.
Adapt 164-ath10k-commit-rates-from-mac80211.patch.
Drop upstreamed 205-ath10k-Add-NL80211_EXT_FEATURE_AQL-flag.patch.
Drop the other options for CT_KVER from the comment, as it is incorrect
and there are too many versions to sum up and maintain there.
Runtime-tested on ath79 (D-Link DAP-2695-A1, TP-Link EAP245-v3).
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Strictly, an SPDX identifier requires a space between the comment
marker and the identifier itself. The choice of the comment marker
itself is irrelevant.
Correct:
// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
Wrong:
//SPDX-License-Identifier: GPL-2.0-or-later OR MIT
Fix that in the whole tree (actually, only ramips contained wrong
uses).
Found by checkpatch.pl
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This commit adds support for Xiaomi's Mi Router 4C device.
Specifications:
- CPU: MediaTek MT7628AN (580MHz)
- Flash: 16MB
- RAM: 64MB DDR2
- 2.4 GHz: IEEE 802.11b/g/n with Integrated LNA and PA
- Antennas: 4x external single band antennas
- WAN: 1x 10/100M
- LAN: 2x 10/100M
- LEDs: 2x yellow/blue. Programmable (labelled as power on case)
- Non-programmable (shows WAN activity)
- Button: Reset
How to install:
1- Use OpenWRTInvasion to gain telnet and ftp access.
2- Push openwrt firmware to /tmp/ using ftp.
3- Connect to router using telnet. (IP: 192.168.31.1 -
Username: root - No password)
4- Use command "mtd -r write /tmp/firmware.bin OS1" to flash into
the router..
5- It takes around 2 minutes. After that router will restart itself
to OpenWrt.
Signed-off-by: Ataberk Özen <ataberkozen123@gmail.com>
[wrap commit message, bump PKG_RELEASE for uboot-envtools, remove
dts-v1 from DTS, fix LED labels]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Enable busybox's find -mmin time support, which is extremely small,
however also very useful in scripts:
72d1a2357d
Comparing package sizes...
Change Local Remote Package
+7 229009 229002 busybox
Signed-off-by: Lukas Tribus <lukas@ltri.eu>
[fix commit message long line and missing size change]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Trivial cosmetic cleanup. This also helps for script that parse for
options in Config files.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Reviewed-by: Petr Štetiar <ynezz@true.cz>
This function eliminates false-positive errors emitted by dd.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
[drop argument check changes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This is already done by get_partitions.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
[add "redundant" to title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This is already done by get_partitions.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
[add "redundant" to title, remove declaration of magic variable]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Strictly speaking, ash does not support it.
From https://wiki.ubuntu.com/DashAsBinSh#A.5B.5E.5D
Not to be confused by sed's and other program's regular expression
syntax. Uses of [^...] in case (parameter/word expansion in general) need
to be replaced with [!...].
Found with shellcheck: https://github.com/koalaman/shellcheck/wiki/SC2169
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[minor commit title/message adjustments]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
UIMAGE_MAGIC is now supported by Build/uImage, in addition to
UIMAGE_NAME. This removes the need for a custom mkimage call, so let's
remove it.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Replace NETGEAR_KERNEL_MAGIC by UIMAGE_MAGIC to better match the
variable's purpose. This allows to drop the custom
Build/netgear-uImage.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
[keep UIMAGE_MAGIC definitions even for default value]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Allow a device recipe to specify a custom UIMAGE_MAGIC value, as used by
OpenWrt's -M flag for mkimage. This allows to automatically customize
the magic bytes in all calls to Build/uImage for this device, similar to
the behaviour of UIMAGE_NAME. Since the -M argument is inserted before
the user arguments, it can be overriden.
The following example would use 0x87654321 for the KERNEL image, but
0x12345678 for the KERNEL_INITRAMFS image:
define Device/MyDevice
UIMAGE_MAGIC := 0x87654321
KERNEL := ... | uImage lzma
KERNEL_INITRAMFS := ... | uImage lzma -M 0x12345678
...
endef
Fixes: df8e6be59a ("rtl838x: add new architecture")
[UIMAGE_MAGIC was not declared as a device variable]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
[rebase, improve formatting of "Fixes"]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Use the mkimage argument overrides provided by uImage to implement the
customisations required for the initramfs, instead of the near-identical
custom function.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
For some build recipes, the argument to Build/uImage is used to sneak in
extra arguments for mkimage, whereas this appears to have been intended
to specificy the compression method only.
Use the first provided word for -C to be backwards compatible with
current calls to Build/uImage. Use the rest of the call arguments to
override the provided defaults. Only the input file name (-d) and the
output file name cannot overriden.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Sort patches according to target/linux/generic/PATCHES. Additionally:
- replace hashes in backported patches with the ones from main Linux tree
- add descriptions to some patches
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
[remove 004-add_sata_disk_activity_trigger.patch separately]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Remove 004-add_sata_disk_activity_trigger.patch, as the trigger is
already added in shared dtsi.
Suggested-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
TL-MR6400v5 is very similar to TL-MR6400v4. Main differences are:
- smaller form factor
- different LED GPIOs
- different switch connections
You can flash via tftp recovery:
- serve tftp-recovery image as /tp_recovery.bin on 192.168.0.225/24
- connect to any ethernet port
- power on the device while holding the reset button
- wait at least 8 seconds before releasing reset button
Flashing via OEM web interface does not work.
LTE module does not support DHCP so it must be configured via QMI.
Hardware Specification (v5.0 EU):
- SoC: MT7628NN
- Flash: Winbond W25Q64JVS (8MiB)
- RAM: ESMT M14D5121632A (64MiB)
- Wireless: SoC platform only (2.4GHz b/g/n, 2x internal antenna)
- Ethernet: 1NIC (4x100M)
- WWAN: TP-LINK LTE MODULE (2x external detachable antenna)
- Power: DC 9V 0.85A
Signed-off-by: Filip Moc <lede@moc6.cz>
FCC ID: A8J-EAP300A
Engenius EAP300 v2 is an indoor wireless access point with a
100/10-BaseT ethernet port, 2.4 GHz wireless, internal antennas,
and 802.3af PoE.
**Specification:**
- AR9341
- 40 MHz reference clock
- 16 MB FLASH MX25L12845EMI-10G
- 64 MB RAM
- UART at J1 (populated)
- Ethernet port with POE
- internal antennas
- 3 LEDs, 1 button (power, eth, wlan) (reset)
**MAC addresses:**
phy0 *:d3 art 0x1002 (label)
eth0 *:d4 art 0x0/0x6
**Installation:**
- if you get Failsafe Mode from failed flash:
only use it to flash Original firmware from Engenius
or risk kernel loop or halt which requires serial cable
Method 1: Firmware upgrade page:
OEM webpage at 192.168.1.1
username and password "admin"
Navigate to "Firmware" page from left pane
Click Browse and select the factory.bin image
Upload and verify checksum
Click Continue to confirm and wait 3 minutes
Method 2: Serial to load Failsafe webpage:
After connecting to serial console and rebooting...
Interrupt uboot with any key pressed rapidly
execute `run failsafe_boot` OR `bootm 0x9fdf0000`
wait a minute
connect to ethernet and navigate to
"192.168.1.1/index.htm"
Select the factory.bin image and upload
wait about 3 minutes
**Return to OEM:**
If you have a serial cable, see Serial Failsafe instructions
*DISCLAIMER*
The Failsafe image is unique to Engenius boards.
If the failsafe image is missing or damaged this will not work
DO NOT downgrade to ar71xx this way, can cause kernel loop or halt
The easiest way to return to the OEM software is the Failsafe image
If you dont have a serial cable, you can ssh into openwrt and run
`mtd -r erase fakeroot`
Wait 3 minutes
connect to ethernet and navigate to 192.168.1.1/index.htm
select OEM firmware image from Engenius and click upgrade
**TFTP recovery** (unstable / not reliable):
rename initramfs to 'vmlinux-art-ramdisk'
make available on TFTP server at 192.168.1.101
power board while holding or pressing reset button repeatedly
NOTE: for some Engenius boards TFTP is not reliable
try setting MTU to 600 and try many times
**Format of OEM firmware image:**
The OEM software of EAP300 v2 is a heavily modified version
of Openwrt Kamikaze. One of the many modifications
is to the sysupgrade program. Image verification is performed
simply by the successful ungzip and untar of the supplied file
and name check and header verification of the resulting contents.
To form a factory.bin that is accepted by OEM Openwrt build,
the kernel and rootfs must have specific names
and begin with the respective headers (uImage, squashfs).
Then the files must be tarballed and gzipped.
The resulting binary is actually a tar.gz file in disguise.
This can be verified by using binwalk on the OEM firmware images,
ungzipping then untaring.
The OEM upgrade script is at /etc/fwupgrade.sh.
OKLI kernel loader is required because the OEM software
expects the kernel size to be no greater than 1536k
and otherwise the factory.bin upgrade procedure would
overwrite part of the kernel when writing rootfs.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
[clarify MAC address section, bump PKG_RELEASE for uboot-envtools]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The feature "squashfs" is defined for target and all subtargets
individually. Remove the redundant entries in the subtargets.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[split patch, adjust commit title/message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Move features common to all subtargets to the parent target.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[split patch to make it target-specific, adjust commit title/message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
There are linux firmwares packages for 43362, 43430 and 43455 which shouldn't
be installed at the same time as Cypress firmwares.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This expands packages to define not only provides but also conflicts.
These packages provides same files so they should specify conflicts.
Second expansion is that *-ct-htt and *-ct-full-htt firmwares can also
provide *-ct variant as that allows explicit dependency on CT variant
with various firmware modifications.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
[Bump PKG_RELEASE and format PROVIDES/CONFLICTS]
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
61b3c62 opkg_verify_integrity: better logging and error conditions
f73d42f download: purge cached packages that have incorrect checksum
1c1480e download: factor out the logic for building cache filenames
293b1ce libopkg: factor out checksum and size verification
a786e25 download: remove compatibility with old cache naming scheme
Signed-off-by: Paul Spooren <mail@aparcar.org>
This PR backports upstream fix for CVE-2020-8037. This fix is only
relevant for tcpdump package, tcpdump-mini is not affeted by this issue.
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
As package size changes are a continuous topic on the mailing list this
scripts helps developers to compare their local package modifications
against latest upstream.
The script downloads the latest package indexes based on env variables
or the `.config` file. The script compares the actual installed size
(data.tar.gz) or the IPK package size.
An example output is found below:
```
user@dawn:~/src/openwrt/openwrt$ ./scripts/size_compare.sh
Compare packages of ath79/tiny/mips_24kc:
dropbear busybox iw ubus
Checking configuration difference
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 554 100 554 0 0 336 0 0:00:01 0:00:01 --:--:-- 336
--- start config diff ---
--- /tmp/config.DDjwVh-LOCAL 2020-11-23 09:08:28.913203068 -1000
+++ /tmp/config.DDjwVh-UPSTREAM 2020-11-23 09:08:36.369240887 -1000
@@ -1,5 +1,9 @@
+CONFIG_ALL_KMODS=y
+CONFIG_ALL_NONSHARED=y
CONFIG_AUTOREBUILD=y
+CONFIG_AUTOREMOVE=y
--- 8< ---
CONFIG_BINARY_FOLDER=""
+CONFIG_BUILDBOT=y
+CONFIG_TARGET_ALL_PROFILES=y
CONFIG_TARGET_ROOTFS_DIR=""
CONFIG_USE_SSTRIP=y
CONFIG_USE_UCLIBCXX=y
--- end config diff ---
Checking installed size
Fetching latest package indexes...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 80634 100 80634 0 0 33499 0 0:00:02 0:00:02 --:--:-- 33485
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 54082 100 54082 0 0 24252 0 0:00:02 0:00:02 --:--:-- 24252
Comparing package sizes...
Change Local Remote Package
+271 51386 51115 base-files
+123 705241 705118 bnx2-firmware
+86 17209 17123 fstools
+22 47989 47967 procd
+21 208311 208290 busybox
+19 67181 67162 netifd
```
I plan to integrate this script into the CI so we have a summary how
sizes change over different architectures.
Signed-off-by: Paul Spooren <mail@aparcar.org>
When building images with the imagebuilder, the partition signature
never changes. The signature is generated by hashing SOURCE_DATE_EPOCH
and LINUX_VERMAGIC which are undefined. Prepopulate these variables, as
done by the SDK.
Signed-off-by: Matthew Gyurgyik <matthew@gyurgyik.io>
