Commit Graph

49634 Commits

Author SHA1 Message Date
Felix Fietkau
1a9ea9267c netifd: update to the latest version
d6bd1047d004 vlandev: dump vlan id in device status
e0c838bd06a6 vlandev: support bridge-vlan aliases in the vid config parameter
574dc4a17105 system-dummy: print configured mac address
14f0e8ff928f system-linux: simplify mask check in system_if_apply_settings
524310276f20 system-linux: move device settings handling to device.c
42c48866f1c1 config: parse default mac address from board.json

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:16 +00:00
John Crispin
8b720707c0 realtek: fix SFP ports on the dlink 10port switch
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:16 +00:00
John Crispin
4f68224316 realtek: add zyxel_gs1900-10hp support
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:16 +00:00
John Crispin
d6090f2f3f realtek: cleanup package selection
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:16 +00:00
John Crispin
5e5001487b realtek: clean up board.json generation
In this new setup the switch is treated as wan, lan1.100 is used as
our mgmt vlan.

The board mac is applied to eth0, switch and switch.1

The board mac is assigned with the LA bit set to all lan ports while
incrementing it.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:16 +00:00
John Crispin
069289d2f7 base-files: allow setting device and bridge macs
Add code for setting mac addresses inside board.json and rendering
them out to uci. On switches we want to have a unique MAC on each port.
With 48 port switches that would require 48 device sections in
/etc/config/network. Doing so via board.json is easier.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:16 +00:00
John Crispin
9ba35fe727 uboot-envtools: add support for the realtek target
On most boards the MAC is located inside the u-boot-env.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:16 +00:00
Paul Spooren
c31899282f README: mv logo.svg include/logo.{png,svg}
Some Git hoster (e.g. sr.ht) disable hosting of svg images (xml) to
avoid XSS attacks. To show the logo correctly on all code hosters use a
"safe" PNG image.

Also move logo(s) to include/ folder to lower autocomplete churn with
the `logs/` folder. While at it, replace absolute logo path and make it
relative, as this may break other code hosters as well.

Signed-off-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:16 +00:00
Tomasz Maciej Nowak
322ba8cd73 ath79: restore sysupgrade support for ja76pf2 and routerstations
Because the bug described in FS#2428 has been fixed with bf2870c1d9
("kernel: fix mtd partition erase < parent_erasesize writes") these
devices can now safely do sysupgrade.

Restore sysupgrade support disabled in:

0cc87b3bac ("ath79: image: disable sysupgrade images for routerstations
and ja76pf2")

cc5256a8bf ("ath79: base-files: disable sysupgrade for routerstations
and ja76pf2")

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
[move Build block, remove check-size argument, wrap sysupgrade line,
make commit message easier to read]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:16 +00:00
Tomasz Maciej Nowak
1260c17758 ath79: wlr-7100: remove device variant indicator
As reported by user, the same image works on both device variants which
are v1 001 and v1 002.

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:16 +00:00
Tomasz Maciej Nowak
bf868b22d7 tegra: sysupgrade: write additional information to log output
This will explain what is actually occuring on dd invocations.
Additionally remove comments for steps which are described by printed
statements anyway.

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:16 +00:00
Tomasz Maciej Nowak
595e0b17f2 tegra: sysupgrade: use v function for writing logs
Sync with x86 target changes.

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:16 +00:00
Tomasz Maciej Nowak
a9cd65786c mvebu: sysupgrade: write additional information to log output
This will explain what is actually occuring on dd invocations.
Additionally remove comments for steps which are described by printed
statements anyway.

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:16 +00:00
Tomasz Maciej Nowak
8711d899f3 mvebu: sysupgrade: use v function for writing logs
Sync with x86 target changes.

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:16 +00:00
Daniel Golle
1c802cb623 procd: update to git HEAD
f3c3563 jail: improve seccomp BPF generator
 f67a66f jail: always call cgroups_free()
 4625350 jail: seccomp: improve code readability

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:16 +00:00
Daniel Golle
71329d7892 busybox: add check for capabilities file
Similar to the previous commit adding a check to the init script of
umdns, do a similar change for sysntpd, just to be on the safe side.

Inspired-by: 520403cd49 ("umdns: add check for seccomp list")

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:16 +00:00
Jan Pavlinec
2f32edcddf umdns: add check for seccomp list
This should fix an issue when user have a router with enabled seccomp
and tries to run umdns package which was build with SDK with disabled
seccomp support.

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:16 +00:00
David Bauer
a2e29c75d2 generic: ipeth: fix iOS 14 tethering
This fixes tethering with devices using iOS 14. Prior to this patch,
connections to remote endpoints were not possible while data transfers
between the OpenWrt device and the iOS endpoints worked fine.

Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Nick Lowe
f0fc112161 hostapd: Add cell_density data rates option
Add a cell_density option to configure data rates for normal, high and
very high cell density wireless deployments.

The purpose of using a minimum basic/mandatory data rate that is higher
than 6 Mb/s, or 5.5 Mb/s (802.11b compatible), in high cell density
environments is to transmit broadcast/multicast data frames using less
airtime or to reduce management overheads where significant co-channel
interference (CCI) exists and cannot be avoided.

Caution: Without careful design and validation, configuration of a too
high minimum basic/mandatory data rate can sacrifice connection stability
or disrupt the ability to reliably connect and authenticate for little to
no capacity benefit. This is because this configuration affects the
ability of clients to hear and demodulate management, control and
broadcast/multicast data frames.

Deployments that have not been specifically designed and validated are
usually best suited to use 6, 12 and 24 Mb/s as basic/mandatory data
rates.

Only usually seek to configure a 12 Mb/s, or 11 Mb/s (802.11b
compatible), minimum basic/mandatory rate in high cell density
deployments that have been designed and validated for this.

For many deployments, the minimum basic/mandatory data rate should not be
configured above 12 Mb/s to 18 Mb/s, 24 Mb/s or higher. Such a
configuration is only appropriate for use in very high cell density
deployment scenarios.

A cell_density of Very High (3) should only be used where a deployment
has a valid use case and has been designed and validated specifically for
this use, nearly always with highly directional antennas - an example
would be stadium deployments. For example, with a 24 Mb/s OFDM minimum
basic/mandatory data rate, approximately a -73 dBm RSSI is required to
decode frames. Many clients will not have roamed elsewhere by the time
that they experience -73 dBm and, where they do, they frequently may not
hear and be able to demodulate beacon, control or broadcast/multicast
data frames causing connectivity issues.

There is a myth that disabling lower basic/mandatory data rates will
improve roaming and avoid sticky clients. For 802.11n, 802.11ac and
802.11ax clients this is not correct as clients will shift to and use
lower MCS rates and not to the 802.11b or 802.11g/802.11a rates that are
able to be used as basic/mandatory data rates.

There is a myth that disabling lower basic/mandatory data rates will
ensure that clients only use higher data rates and that better
performance is assured. For 802.11n, 802.11ac and 802.11ax clients this
is not correct as clients will shift around and use MCS rates and not the
802.11b or 802.11g/802.11a rates that able to be used as basic/mandatory
data rates.

Cell Density

0 - Disabled (Default)
Setting cell_density to 0 does not configure data rates. This is the
default.

1 - Normal Cell Density
Setting cell_density to 1 configures the basic/mandatory rates to 6, 12
and 24 Mb/s OFDM rates where legacy_rates is 0. Supported rates lower
than the minimum basic/mandatory rate are not offered.
Setting cell_density to 1 configures the basic/mandatory rates to the 5.5
and 11 Mb/s DSSS rates where legacy_rates is 1. Supported rates lower
than the minimum basic/mandatory rate are not offered.

2 - High Cell Density
Setting the cell_density to 2 configures the basic/mandatory rates to the
12 and 24 Mb/s OFDM rates where legacy_rates is 0. Supported rates lower
than the minimum basic/mandatory rate are not offered.
Setting the cell_density to 2 configures the basic/mandatory rates to the
11 Mb/s DSSS rate where legacy_rates is 1. Supported rates lower than the
minimum basic/mandatory rate are not offered.

3 - Very High Cell Density
Setting the cell_density to 3 configures the basic/mandatory rates to the
24 Mb/s OFDM rate where legacy_rates is 0. Supported rates lower than the
minimum basic/mandatory rate are not offered.
Setting the cell_density to 3 only has effect where legacy_rates is 0,
else this has the same effect as being configured with a cell_density of 2.

Where specified, the basic_rate and supported_rates options continue to
override both the cell_density and legacy_rates options.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Huangbin Zhan
97affba9f0 base-files: fix alias more to properly detect /usr/bin/more
Package more is installed to /usr/bin rather than /bin.

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Aleksander Jan Bajkowski
b9f2d08145 lantiq: fix build of squashfs images
This patch fixes build of squashfs image on lantiq. Currently the FEATURE
variable is overwritten by the subtarget.

Fixes: FS#3480
Fixes: f1c6523376 ("lantiq: clean up target/subtarget features")

Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
[reformat Fixes:]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Pavel Chervontsev
189da6d754 ramips: add support for ASUS RT-N56U B1
Specifications:

SoC: MediaTek MT7621ST (880 MHz)
FLASH: 16 MiB (Macronix MX25L12835FM2I-10G)
RAM: 128 MiB (Nanya NT5CB64M16FP-DH)
WiFi: MediaTek MT7603EN bgn 2x2:2
WiFi: MediaTek MT7612EN an 2x2:2
BTN: Reset, WPS
LED: - Power
- WiFi 2.4 GHz
- WiFi 5 GHz
- WAN
- LAN {1-4}
- USB {1-2}
UART: UART is present as pin hole next to the aluminium capacitor.
3V3 - RX - GND - TX / 115200-8N1
3V3 is the nearest on the aluminium capacitor and nut hole (pin1).
USB: 2 ports
POWER: 12VDC, 1.5A (Barrel 5.5x2.1)

Installation:

Via TFTP:
    Set your computers IP-Address to 192.168.1.75
    Power up the Router with the Reset button pressed.
    Release the Reset button after 5 seconds.
    Upload OpenWRT sysupgrade image via TFTP:
    tftp -4 -v -m binary 192.168.1.1 -c put IMAGE

MAC addresses:

0x4     *:98  2g/wan, label
0x22    *:9c
0x28    *:98
0x8004  *:9c  5g/lan

Though addresses are written to 0x22 and 0x28, it appears that the
vendor firmware actually only uses 0x4 and 0x8004. Thus, we do the
same here.

Signed-off-by: Pavel Chervontsev <cherpash@gmail.com>
[add MAC address overview, add label-mac-device, fix IMAGE_SIZE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Álvaro Fernández Rojas
0f5a2a0972 ath10k-firmware: remove unused package
All firmwares were added to linux-firmware, so there's no need to keep this
package definitions.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Álvaro Fernández Rojas
75f6e3d163 ath10k-ct-firmware: switch to linux-firmware board binaries
Instead of duplicating board firmware binaries, which are exactly the same
as the ones from linux-firmware, add dependencies and remove duplicated
downloads.

Runtime-tested on ath79 (TP-Link Archer C7 v2) and ipq806x (Netgear R7800).

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Álvaro Fernández Rojas
56e1c89a9b linux-firmware: ath10k: add board firmware packages
Split ath10k firmwares into board and firmware packages.
This way we can add dependencies to ath10k-ct firmware packages.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Petr Štetiar
7fa77596c3 cmake.mk,rules.mk: fix host builds using CMake and ccache
Commit f98878e4c1 ("cmake.mk: set C/CXX compiler for host builds as
well") has introduced regression as it didn't taken usage of ccache into
the account so fix it by handling ccache use cases as well.

In order to get this working we need to export HOSTCXX_NOCACHE in
rules.mk as well.

Fixes: f98878e4c1 ("cmake.mk: set C/CXX compiler for host builds as well")
Reported-by: Ansuel Smith <ansuelsmth@gmail.com>
Tested-by: Ansuel Smith <ansuelsmth@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Rosen Penev
b1a30a50cc libnetfilter-cthelper: remove
conntrack was moved to packages where this is used. This will be moved
there as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Rosen Penev
909bf5c5ee libnetfilter-cttimeout: remove
conntrack was moved to packages where this is used. This will be moved
there as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Rosen Penev
8609286790 libnetfilter-log: remove
ulogd in the packages feed is the only user of this. It will be moved
there.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Rosen Penev
c7bab49d17 libnetfilter-queue: remove
Nothing in base uses this. This will be moved to packages where it is
used.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Karel Kočí
a1cfc02fff include/subdir: on build failure always print error
It is impossible to locate package that failed the build just from log
once more build is run in parallel (that is more than one make job). The
only way is to scout log files for failed package going back trough log.

This change makes it so error is printed for package that failed every
time.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Piotr Stefaniak
33429565ad build: mkhash on FreeBSD
Apply patch from
https://bugs.openwrt.org/index.php?do=details&task_id=971
in order to make it easier to build OpenWRT on FreeBSD.

Signed-off-by: Piotr Stefaniak <pstef@freebsd.org>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Klaus Kudielka
553fbabf96 mvebu: fixup Turris Omnia U-Boot environment
Fixup dfa357a3de "mvebu: base-files: Update Turris Omnia U-Boot
environment" which should have included this file as well.

By rebasing the initial patch this file somehow disappeared.

Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tested-by: W. Michael Petullo <mike@flyn.org> (Turris Omnia "2020")
Tested-by: Klaus Kudielka <klaus.kudielka@gmail.com> (Turris Omnia)
[explain fixup in commit message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Petr Štetiar
0650e6f0d1 download.pl: properly cleanup intermediate .hash file
It seems like after a build the /dl dir seems to now contain a .hash
file for each source file due to inproper cleanup so fix it by removing
those intermediate files before leaving the download action.

Fixes: 4e19cbc553 ("download: handle possibly invalid local tarballs")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Andre Heider
bb3c58a9a2 tools: always create $STAGING_DIR/usr/{include,lib}
rules.mk always passes these as -I/-L to the toolchain.

Fixes rare errors like:
cc1: error: staging_dir/target-aarch64_cortex-a53_musl/usr/include: No such file or directory [-Werror=missing-include-dirs]

Signed-off-by: Andre Heider <a.heider@gmail.com>
Acked-by: Paul Spooren <mail@aparcar.org>
Acked-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Petr Štetiar
d75e429455 rules.mk: remove redundant target flags
We're patching the GCC specs [1], [2] to implicitly add
$STAGING_DIR/usr/lib to the linker and $STAGING_DIR/usr/include to the
CPP flags. There is no need to globally pass these as -I and -L flags
respectively.

1. https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=toolchain/gcc/final/Makefile#l86
2. https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=scripts/patch-specs.sh#l37

Ref: https://patchwork.ozlabs.org/project/openwrt/patch/20200820060637.533293-1-a.heider@gmail.com/#2511505
Suggested-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Petr Štetiar
202ddf06bc kernel: sfc,sfc-falcon: fix kernel config symbols
I've just noticed on i.mx6 target, that there are missing kernel symbols
so I'm fixing it.

Fixes: 3c5d70ad26 ("kernel: add module support Solarflare network adapter")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Rosen Penev
1c2d102b5f cmake.mk: set C/CXX compiler for host builds as well
Without this, cmake will use whatever CC/CXX is set to, which could be
clang. In that case, at least libjson-c/host will fail to compile.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Petr Štetiar
254cfd8106 toolchain: kernel-headers: kernel Git tree mirror hash
Allow setting of mirror hash for Git kernel tree.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Petr Štetiar
1782b4defa toolchain: kernel-headers: fix check target for kernel Git tree
Currently the check target fails if the kernel Git tree is used:

 $ make toolchain/kernel-headers/{download,check}

  make[2]: Entering directory 'toolchain/kernel-headers'
  Makefile:105: *** ERROR: Unknown pack format for file openwrt/tmp/dl/.  Stop.
  make[2]: Leaving directory 'toolchain/kernel-headers'
  toolchain/Makefile💯 recipe for target 'toolchain/kernel-headers/check' failed

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Petr Štetiar
8b066269a3 download: handle possibly invalid local tarballs
Currently it's assumed, that already downloaded tarballs are always
fine, so no checksum checking is performed and the tarball is used even
if it might be corrupted.

From now on, we're going to always check the downloaded tarballs before
considering them valid.

Steps to reproduce:

 1. Remove cached tarball

   rm dl/libubox-2020-08-06-9e52171d.tar.xz

 2. Download valid tarball again

   make package/libubox/download

 3. Invalidate the tarball

   sed -i 's/PKG_MIRROR_HASH:=../PKG_MIRROR_HASH:=ff/' package/libs/libubox/Makefile

 4. Now compile with corrupt tarball source

   make package/libubox/{clean,compile}

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Rosen Penev
f649cce051 libroxml: remove
This will be moved to the packages feed as nothing here uses it.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Imran Khan
dde2d21182 base-files: merge /etc/passwd on rw-rootfs
Support installations without root-overlayfs (and hence without /rom)
when migrating user accounts.

Signed-off-by: Imran Khan <gururug@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[simplified patch, bumped PKG_RELEASE, cleaned message]
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Klaus Kudielka
74cafb9233 mvebu: base-files: Update Turris Omnia U-Boot environment
Move the update procedure from sysupgrade to first boot, which is much
more convenient in the sysupgrade case (otherwise the environment is
always one generation behind).

Check whether we have an old U-Boot release installed, and update the
environment only if necessary.

Some notes on the U-Boot environment:

The first 9 lines are a copy of the default environment of the old U-Boot
release - only modified, to run "distro_bootcmd", in case "mmcboot" fails
to boot the factory OS.

The remaining 16 lines are a backport of the default environment of the
new U-Boot release (shipped with CZ11NIC23). The main entry point is
"distro_bootcmd", which eventually sources boot.scr. This way, we have
a unified boot protocol for all Turris Omnia revisions so far.

This commit also fixes a shortcoming of previous Turris Omnia support:

Users may install OpenWrt with the Turris Omnia in factory state
(i.e. invalid environment store). In that case, neither fw_setenv, nor
U-Boot itself, would import the default environment from the image -
screwing up the rescue system, at least!

Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tested-by: W. Michael Petullo <mike@flyn.org> (Turris Omnia "2020")
Tested-by: Klaus Kudielka <klaus.kudielka@gmail.com> (Turris Omnia)
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Klaus Kudielka
72cd57ffca mvebu: Add turris-omnia.bootscript
In contrast to the U-Boot version shipped with older versions of Turris
Omnia (CZ11NIC13, CZ11NIC20), the version shipped with Turris Omnia 2019
(CZ11NIC23) relies on the existence of /boot.scr.

Consequently, add a suitable boot script to the sysupgrade image.

Flash instructions for Turris Omnia 2019:
- Download openwrt-...-sysupgrade.img.gz, gunzip it, and copy the resulting
  .img file to the root of a USB flash drive (FAT32 or ext2/3/4).
- Enter a rescue shell: Either via 5-LED reset and ssh root@192.168.1.1
  on LAN port 4, or via 7-LED reset and the serial console.
- Insert the USB drive and mount it:
  mkdir /mnt; mount /dev/sda1 /mnt
- Flash the OpenWrt image to eMMC:
  dd if=/mnt/openwrt-...-sysupgrade.img of=/dev/mmcblk0 bs=4096 conv=fsync
- Reboot.

Flash instructions using a temporary "medkit" installation were written for
the older versions of Turris Omnia, and will *not* work on the Turris Omnia
2019.

Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tested-by: W. Michael Petullo <mike@flyn.org> (Turris Omnia "2020")
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Hannu Nyman
e3aab429a2 scripts/feeds: silence git warning by selecting pull style
Silence the warning in git 2.27 about undefined fast-forward style
in git pull. Define "ff-only" as the style.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Paul Spooren
90b4077cf6 build: use mkhash for IPK metadata checksums
When setting the option IPK_FILES_CHECKSUMS the build system stores
checksums of all package file as metadata. In combination with pkg_check
this allows to see if a package is broken, e.g. caused by bad flash.

To create those checksums the tool `sha256sum` were used while the rest
of OpenWrt uses `mkhash`, a small & fast implementation of sha256. As
the build system does not check the existence of `sha256sum` and the
stderr output is moved to /dev/null, a situation where the option is
enabled but no actual checksum are created may occur.

Instead of adding `sha256sum` as a requirement, this replaces it with
`mkhash sha256` and adapts the `sed` pipe command to fit spacing.

CC: Xu Wang <xwang1498@gmx.com>
CC: Michal Hrusecky <Michal@Hrusecky.net>

Signed-off-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Daniel Golle
1ea7afc426 umdns: update seccomp filter rules
Add 'writev' syscall to list of allowed syscalls.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Daniel Golle
1b1e75549c procd: update to git HEAD
3019f50 jail: leak less memory
 7e01453 jail: fix segfault on missing name and refactor
 5abee8f jail: fix and simplify userns uid/gid maps from OCI
 4ba72ec jail: relax /etc/resolv.conf creation
 db5ef86 jail: don't use NULL arguments for mount syscall
 19ac9df jail: don't fail if can't mount-bind /etc/resolv.conf
 acf36f2 jail: seteuid before clone(CLONE_NEWUSER)
 e40828f jail: fix typo in usage output
 b87984b jail: don't attempt to mount /sys with noatime
 b275b11 jail: enter existing cgroups namespace if given
 31e0a46 jail: properly initialize timens_fd

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00
Daniel Golle
4a5f3ebb4f initramfs: switch to tmpfs to fix ujail
Hauke wrote:
> We want to run some processes in the procd-ujail, this works when we
> use a SquashFS image and an overlay file system, but when we use an
> initramfs it does not work.
> [...]
> When we switch from initramfs to tmpfs, it is working, we added this
> code to target/linux/generic/other-files/init to make [it] work.

Move files to newly mounted tmpfs and then use switch_root to chroot
into new rootfs and free initramfs.

Suggested-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:15 +00:00