Install ld-preload hooks allowing to add seccomp filters for arbitrary
services if kernel support for seccomp is present.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add procd-ujail to DEFAULT_PACKAGES if not building for
space-constraint (FEATURES:=small_flash) targets.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update install procedure based on upstream feedback. Normally, meson is
to be installed with pip. But as pip is not mandated by the build
system, it cannot be used. Upstream provides a nice script to pack meson
automatically.
Moved src/ to files/. No need to copy to BUILD_DIR.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Fix Fedora 34/35 issue where 'which' detection of 'which' wasn't working
because Fedora use alias and proc
Fixup of fca5ad55d2 prereq-build: fix `which` detection on Fedora
Reported-by: Jani Partanen <rtfm@iki.fi>
Suggest-by: Etienne Champetier <champetier.etienne@gmail.com>
Tested-by: Georgi Valkov <gvalkov@abv.bg>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Fix Fedora 34/35 issue where 'which' detection of 'which' wasn't working
because Fedora use alias and proc
Signed-off-by: Jani Partanen <rtfm@iki.fi>
[fix commit subject and message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Fedora 35 contains Python 3.10 as default version. Make use of it.
Signed-off-by: Marcin Juszkiewicz <marcin@juszkiewicz.com.pl>
[fix commit subject]
Signed-off-by: Paul Spooren <mail@aparcar.org>
commit 5ec60cbe9d ("scripts: mkits.sh: replace @ with - in nodes")
broke support for Meraki MR32 and this patch makes the replacement
configurable allowing for specifying the @ or - or whatever character
that is desired to retain backwards compatibility with existing devices.
For example, this patch includes the fix for the Meraki MR32 in
target/linux/bcm53xx/image for meraki_mr32:
DEVICE_DTS_DELIMITER := @
DEVICE_DTS_CONFIG := config@1
Fixes: 5ec60cbe9d ("scripts: mkits.sh: replace @ with - in nodes")
Signed-off-by: Damien Mascord <tusker@tusker.org>
[Added tags, checkpatch.pl fixes, noted that this is for old stuff]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
meson is a next generation build system designed to have good defaults,
simpler build files, and fast compilation.
It is built upon python and uses ninja for compilation. The latter
provides fast by default (parallel) and problem free compilation.
There are over 40 packages already successfully using meson. The next
commit will convert pkgconf to use meson compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Multiple profiles create artifacts, these should be stored in the JSON
file as well, allowing downstream tooling to show those files, too.
Artifacts don't have specific filesystems so only the fields `name`,
`type` and `sha256` are available.
Rename env variable names from IMAGE_ to FILE_ prefixes to reflect that
images, kernels and artifacts are added with the same command.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The option '-xattr' for mksquashfs4 should be '-xattrs' which lead to
build failure with SELinux enabled. Add the missing 's'.
Fixes: 4baf47b9a8 ("images: squashfs: xattrs should not depend on buld host")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When a target configuration has unser Kconfig symbols, the build will
fail when OpenWrt is compiled with V=s and stdin is connected to a tty.
In case OpenWrt is compiled without either of these preconditions, the
build will uscceed with the symbols in question being unset.
Modify the kernel configuration in a way it fails on unset symbols
regardless of the aformentioned preconditions.
Signed-off-by: David Bauer <mail@david-bauer.net>
Enable xattr for the generated squashfs only if needed for SELinux.
This eliminates warnings during boot on target when building
(non-SELinux) OpenWrt on SELinux-enabled hosts like Fedora.
Reported-by: fda77 <fda77@users.noreply.github.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add the new CONFIG_BATTERY_RT5033 to the generic configuration, as reported by
Paul Blazejowski. Resort the kconfig while at it.
No deleted or manually refreshed patches.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Manually rebased:
bcm27xx/patches-5.4/950-0089-cgroup-Disable-cgroup-memory-by-default.patch
All other patches automatically rebased.
Signed-off-by: John Audia <graysky@archlinux.us>
The ABIV_$(pkgname) variable already is formatted so return it as-is from
the GetABISuffix macro and only filter through FormatABISuffix if we read
the raw ABI version value from a version stamp file.
This ensures that binary intra-package dependencies on ABI versioned
libraries are properly formatted.
Ref: https://github.com/openwrt/packages/issues/15871
Fixes: f6a03bff5b ("build: prepend ABI suffixes with a dash if package name ends with digit")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Ensure that ABI suffixes are separated with a dash from the package name if
the name happens to end with a digit. This implementation detail got lost
during the recent refactoring of the ABI_VERSION handling in buildroot.
Ref: https://github.com/openwrt/packages/pull/14237#issuecomment-860473585
Fixes: c921650382 ("build: drop ABI version from metadata")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
tools/quilt requires GNU diffutils to compile. Failure can be simulated
by installing Alpine Linux without diffutils.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Speed goes from:
Executed in 178.08 secs fish external
usr time 20.16 mins 509.00 micros 20.16 mins
sys time 2.88 mins 39.00 micros 2.88 mins
To:
Executed in 175.90 secs fish external
usr time 20.19 mins 0.00 micros 20.19 mins
sys time 2.85 mins 497.00 micros 2.85 mins
Tested with "time make -j 12" on AMD Ryzen 3600
When building individual packages, the build time difference is often
significantly bigger than that.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
ninja is faster at building cmake packages than make, and according to reports
also more reliable at handling parallel builds
This commit includes a patch that adds GNU make jobserver support, in order to
allow more precise control over the number of parallel tasks
Enable parallel build by default for packages using ninja
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Don't attempt to copy initramfs images for devices which do not output
an initramfs image.
This was breaking builds for mpc85xx-p1010 since mid-march.
Signed-off-by: David Bauer <mail@david-bauer.net>
The variable was missing in the definition of DEFAULT_DEVICE_VARS which
caused it to contain wrong values, messing up the resulting JSON files.
This patch adds the variable DEVICE_PACKAGES to DEFAULT_DEVICE_VARS.
Suggested-by: Baptiste Jonglez <git@bitsofnetworks.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
This fixes a regression introduced with commit
5ed1e5140a ("build: build kernel image
before building modules/packages").
Before this commit the make target would always include "modules",
resulting in a MODPOST and a complete Module.symvers file. Since this
commit a MODPOST of the kernel modules is not guaranteed for kernels <
5.10. This results in some broken SDKs in which external packages that
depend on exported symbols from kernel modules fail to compile.
Adding "modules" back to the calls to the CompileImage defines fixes the
regression. For kernels > 5.10 this is not needed, but it doesn't cause
any harm either.
Tested with kernels 5.4.x and 5.10.x.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Remove \n that mangles output, and fix inconsistent version name check.
Example before:
Build dependency: Please install the GNU C++ Compiler (g++) 6 or later
Build dependency: \nPlease reinstall the GNU C++ Compiler (4.8 or later) - it appears to be broken
Build dependency: Please install ncurses. (Missing libncurses.so or ncurses.h)
Signed-off-by: Karl Palsson <karlp@tweak.net.au>
Use an 'if' so the absence of $(LINUX_DIR)/user_headers doesn't make the
line evaluate to false and cause the build to fail.
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Removed upstreamed:
generic/pending-5.4/770-02-net-ethernet-mtk_eth_soc-fix-rx-vlan-offload.patch
All other patches automatically rebased.
Build system: x86_64
Build-tested: ipq806x/R7800
Note that since I rebased the previous commit, I removed my Run-tested line
although I confirm building the image successfully.
Signed-off-by: John Audia <graysky@archlinux.us>
Removed upstreamed:
generic/backport-5.4/050-gro-fix-napi_gro_frags-Fast-GRO-breakage-due-to-IP-a.patch
bcm63xx/patches-5.4/434-nand-brcmnand-fix-OOB-R-W-with-Hamming-ECC.patch*
Removed/code was included upstream and therefore redundant:
ramips/patches-5.4/999-fix-pci-init-mt7620.patch
All other patches automatically rebased.
* update_kernel.sh did not flag this yet it was included in 5.4.119[1], as a
result of the rebase, I removed my testing lines since I did not go back to
test built or to run test 5.4.119 with the removed patch present.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.4.119&id=e5b3e69eb36ac1178a7a2392616fd29afd288c4e
Signed-off-by: John Audia <graysky@archlinux.us>
Before this commit, it was assumed that mkhash is in the PATH. While
this was fine for the normal build workflow, this led to some issues if
make TOPDIR="$(pwd)" -C "$pkgdir" compile
was called manually. In most of the cases, I just saw warnings like this:
make: Entering directory '/home/.../package/gluon-status-page'
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
[...]
While these were only warnings and the package still compiled sucessfully,
I also observed that some package even fail to build because of this.
After applying this commit, the variable $(MKHASH) is introduced. This
variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the
correct path.
Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
When building for MikroTik devices the kernel2minor tool will sometimes
fail with:
Can't get lstat from kernel file!: No such file or directory.
This is because kernel2minor expects paths no longer than 250 chars.
To work around this the include/image-commands.mk has been modified
to copy the kernel to a temporary file (/tmp/tmp.XXXXXXXXXX) before
calling kernel2minor.
Signed-off-by: François Chavant <francois@chavant.info>
OpenWRT requires a number of Perl modules to be installed. It wasn't checking on all of them.
This patch adds checks for Perl FindBin, File::Copy, File::Compare and Thread::Queue modules.
Failing to install these, will have the build break at some point. By adding these to the
prereq-build.mk script, they are checked on forehand.
Tested on a Fedora 33 and 34 (beta) that was freshly installed. Fedora appears to
break up Perl modules into small packages that need to be installed for the build to succeed.
Signed-off-by: Bas Mevissen <abuse@basmevissen.nl>
These have long been obsolete. For reference, here's the Linux version where
each symbol has been dropped:
CONFIG_IP6_NF_QUEUE - 3.5
CONFIG_IP6_NF_TARGET_LOG - 3.4
CONFIG_IP_NF_MATCH_DSCP - 2.6.19
CONFIG_NF_CONNTRACK_IPV4 - 4.19
CONFIG_NF_CONNTRACK_IPV6 - 4.19
CONFIG_NF_CONNTRACK_RTCACHE - out-of-tree, superseded by flow offloading
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Manually rebased*
generic/backport-5.4/700-v5.5-net-core-allow-fast-GRO-for-skbs-with-Ethernet-heade.patch
Added new backport*
generic/backport-5.4/050-gro-fix-napi_gro_frags-Fast-GRO-breakage-due-to-IP-a.patch
All others updated automatically.
The new backport was included based on this[1] upstream commit that will be
mainlined soon. This change is needed because Eric Dumazet's check for
NET_IP_ALIGN (landed in 5.4.114) causes huge slowdowns on drivers which use
napi_gro_frags().
Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
*Credit to Alexander Lobakin
1. https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7ad18ff6449cbd6beb26b53128ddf56d2685aa93
Signed-off-by: John Audia <graysky@archlinux.us>
The 'append-image-stage' command doesn't work when setting the
EXTRA_IMAGE_NAME option of the ImageBuilder as in that case
DEVICE_IMG_PREFIX is modified and no longer matches the value it had in
buildroot. Choose a filename independent of DEVICE_IMG_PREFIX for
images staged using 'append-image-stage' to fix that.
Fixes: de4b29dab9 ("image: introduce 'append-image-stage' build command")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Similar to 'append-image' this new command appends an existing binary.
'append-image-stage' also makes a copy of that binary and keeps it in
$(STAGING_DIR_IMAGE). When called from within the ImageBuilder, this
copy is used instead of expecting the binary to be present.
This is useful for artifacts which include the initramfs/recovery image
which is usually not included in the ImageBuilder.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Ran update_kernel.sh in a fresh clone without any existing toolchains. No
manual intervention needed.
Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
Removed upstreamed:
mvebu/patches-5.4/319-ARM-dts-turris-omnia-configure-LED-2--INTn-pin-as-interrupt-pin.patch
Build system : x86_64
Build-tested : ipq806x/R7800
Run-tested : ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
Manually rebased due to movement of rx-offload.c in 5.4.110:
layerscape/patches-5.4/802-can-0002-can-rx-offload-fix-long-lines.patch
layerscape/patches-5.4/802-can-0003-can-rx-offload-can_rx_offload_compare-fix-typo.patch
layerscape/patches-5.4/802-can-0004-can-rx-offload-can_rx_offload_irq_offload_timestamp-.patch
layerscape/patches-5.4/802-can-0005-can-rx-offload-can_rx_offload_reset-remove-no-op-fun.patch
layerscape/patches-5.4/802-can-0006-can-rx-offload-Prepare-for-CAN-FD-support.patch
layerscape/patches-5.4/802-can-0018-can-flexcan-use-struct-canfd_frame-for-CAN-classic-f.patch
Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Use update_kernel to refresh all patches, required manual updates to:
610-netfilter_match_bypass_default_checks.patch
611-netfilter_match_bypass_default_table.patch
762-net-bridge-switchdev-Refactor-br_switchdev_fdb_notif.patch
764-net-bridge-switchdev-Send-FDB-notifications-for-host.patch
Run-tested: x86_64
Nothing screamed out but any funny business with linux bridging should
suspect this update first.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
Manually rebased:
pending-5.4/611-netfilter_match_bypass_default_table.patch
The upstream change affecting this patch is the revert of an earlier
kernel commit. Therefore, we just revert our corresponding changes
in [1].
Build system: x86_64
Build-tested: ipq806x/R7800
[1] 9b1b89229f ("kernel: bump 5.4 to 5.4.86")
Signed-off-by: John Audia <graysky@archlinux.us>
[adjust manually rebased patch, add explanation]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The recent removal of usbutils from core and replacement by hwdata in
packages has exposed hwdata's requirement for certain GNU options on
'install' (-T) Other packages (sqm-scripts) have openwrt specific
makefile sections to avoid GNU options but I suspect this is going to
get harder in the future.
Add GNU install as a prerequisite and link into
$STAGING_DIR/host/etc/bin as per similar GNU utils
This resolves an issue building under MacOS which would otherwise use a
non-GNU options aware version of 'install'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
In case CONFIG_TARGET_MULTI_PROFILE is set, IMG_PREFIX cannot be
expanded. Use DEVICE_IMG_PREFIX instead and make sure it's defined.
Fixes: 8f89b1ab0f ("image: add 'append-image' build command")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Commit 7ce1d9ce09 ("build: artifacts add dependency for built images")
now makes sure that sysupgrade and initramfs images are available at
the stage that artifacts are created.
Allow making use of that with a new build command 'append-image' to
be used in artifacts.
See the next commit for an example.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add possibility to use images and initramfs in artifacts.
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Straightforward refresh of patches using update_kernel.
Removed (reverse-applicable):
bmips/patches-5.10/010-v5.11-net-dsa-implement-a-central-TX-reallocation-procedur.patch
Run tested: x86_64 (apu2)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Straightforward refresh of patches using update_kernel.
Run tested: x86_64 (apu2)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
Manually rebased:
bcm27xx/950-0993-xhci-quirks-add-link-TRB-quirk-for-VL805.patch
layerscape/701-net-0231-enetc-Use-DT-protocol-information-to-set-up-the-port.patch
Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[remove accidental whitespace edit]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
FS#3574
Adding cgroup support enables adding rules on processes
to limit resources in terms of iptable policies
Signed-off-by: Supriya Mane <sm.supriya@globaledgesoft.com>
Add new target feature 'dt-overlay' which makes DTC keep the symbol
names in the generated dtb.
Make sure additional DT overlay sources specified by the new device
variable DEVICE_DTS_OVERLAY get compiled together with the main DTS
(currently overlays got to be in the same folder). Let Build/fit pass
the generated DT overlay blobs to mkits.sh.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
With the existence of ABI versions there is no clean way to determine
the package name without an attached ABI version. The Packages index is
stored on device to know what packages are installed.
The ABIVersion was recently removed in c921650382 "build: drop ABI
version from metadata", while ABI versions still exists. This becomes a
problem if a user tries to export installed packages via `ubus call
rpcd-sys packagelist` which would return package names including the ABI
version. Trying to find these packages in a later release with changes
ABI version is impossible.
This commits adds the `ABIVersion` field again. Knowing both the
combined (SourceName + ABIVersion) and the `ABIVersion` it is possible
to calculate the package `SourceName` without storing it in the
on-device package list.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Also add a new kconfig symbol (CONFIG_KCMP) to the generic config,
disabling the SYS_kcmp syscall (it was split from
CONFIG_CHECKPOINT_RESTORE, which is disabled by default, so the
previous behaviour is kept).
Removed (upstreamed) patches:
070-net-icmp-pass-zeroed-opts-from-icmp-v6-_ndo_send-bef.patch
081-wireguard-device-do-not-generate-ICMP-for-non-IP-pac.patch
082-wireguard-queueing-get-rid-of-per-peer-ring-buffers.patch
083-wireguard-kconfig-use-arm-chacha-even-with-no-neon.patch
830-v5.12-0002-usb-serial-option-update-interface-mapping-for-ZTE-P685M.patch
Manually rebased patches:
313-helios4-dts-status-led-alias.patch
104-powerpc-mpc85xx-change-P2020RDB-dts-file-for-OpenWRT.patch
Run tested:
ath79 (TL-WDR3600)
mvebu (Turris Omnia)
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
U-boot will reject all nodes with @ since commit:
79af75f777
This will cause the OpenWrt images to fail booting,
to rectify use the config-1 as default.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
5.4.102 backported a lot of stuff that our WireGuard backport already
did, in addition to other patches we had, so those patches were
removed from that part of the series. In the process other patches were
refreshed or reworked to account for upstream changes.
This commit involved `update_kernel.sh -v -u 5.4`.
Cc: John Audia <graysky@archlinux.us>
Cc: David Bauer <mail@david-bauer.net>
Cc: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
`which` utility is not shipped by default for example on recent Arch
Linux and then any steps relying on its presence fails, like for example
following Python3 prereq build check:
$ python3 --version
Python 3.9.1
$ make
/bin/sh: line 1: which: command not found
...
Checking 'python3'... failed.
So make `which` utility host build requirement.
References: PR#3820 FS#3525
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This reverts commit c7aec47e5e.
The original commit replaces 'which' with 'command'. Sadly most of
them are not equivalent and for 'which -a', there is no easy
replacements that would not reimplement PATH parsing logic. Hence
revert. Keeping a dependency on which is absolutely fine.
Signed-off-by: Clemens Fruhwirth <clemens@endorphin.org>
Currently minimal GNU supported GCC version is 7 (from May 2, 2017),
buildbots are using default GCC version 6 on Debian 9 (old stable),
current Debian stable has GCC version 8.3.0.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The previous approach of referencing artifacts in follow-up artifacts
can't work with parallel builds in the current way image.mk is built.
Refactor things so this is not needed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Write everything needed for eMMC install into the gaps between
partitions on SD card. In that way, installation to eMMC only needs
the SD card, no additional files need to be loaded via TFTP any more.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
autotools.mk does not have any protection currently that would prevent
it from being sourced multiple times. Note that both package.mk and
host-build.mk source autotools.mk. So any package Makefile that includes
both will cause hooks to be added twice (at least twice).
This is fixed by declaring a new variable, __autotools_inc, and only
continuing if this variable doesn't equal 1. The same is done by
rules.mk already.
Also, this commit does away with an ifneq that checks PKG_FIXUP (instead
of HOST_FIXUP) for patch-libtool before adding to the host pre-configure
hook. This does not make sense.
The second ifneq is amended. The current one manually does what the
define patch_libtool_host is already doing. It can just use the define.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional.
Signed-off-by: John Audia <graysky@archlinux.us>
We so far had two variables IMG_PREFIX and IMAGE_PREFIX with
different content. Since these names are obviously quite
confusing, this patch renames the latter to DEVICE_IMG_PREFIX,
as it's a device-dependent variable, while IMG_PREFIX is only
(sub)target-dependent.
For consistency, also rename IMAGE_NAME to DEVICE_IMG_NAME, as
that's a device-dependent variable as well.
Cc: Paul Spooren <mail@aparcar.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
That was a left-over from testing and should not have made it into the
tree. Remove it.
Fixes: 330bd380e8 ("image: allow building FIT and uImage with ramdisk")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[refresh again]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Previously, build would fail for targets containing devices with not
initramfs image (such as mpc85xx-p1010). Only generate the JSON image
info for the initramfs image when we have one to avoid breaking the
builds.
Fixes commit d3140d0529 ("build/json: generate json file for initramfs")
Signed-off-by: David Bauer <mail@david-bauer.net>
Instead of embedding the initrd cpio archive into the kernel, allow
for having an external ramdisk added to the FIT or uImage.
This is useful to overcome kernel size limitations present in many
stock bootloaders, as the ramdisk is then loaded seperately and doesn't
add to the kernel size. Hence we can have larger ramdisks to host ie.
installers with all binaries to flash included (or a web-based
firmware selector).
In terms of performance and total size the differences are neglectible.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Allow for single (external-data) FIT image to hold kernel, dtb and
squashfs. In that way, the bootloader verifies the system integrity
including the rootfs, because what's the point of checking that the
hash of the kernel is correct if it won't boot in case of squashfs
being corrupted? Better allow bootloader to check everything needed
to make it at least up to failsafe mode. As a positive side effect
this change also makes the sysupgrade process on nand potentially
much easier as it is now.
In short: mkimage has a parameter '-E' which allows generating FIT
images with 'external' data rather than embedding the data into the
device-tree blob itself. In this way, the FIT structure itself remains
small and can be parsed easily (rather than having to page around
megabytes of image content). This patch makes use of that and adds
support for adding sub-images of type 'filesystem' which are used to
store the squashfs. Now U-Boot can verify the whole OS and the new
partition parsers added in the Linux kernel can detect the filesystem
sub-images, create partitions for them, and select the active rootfs
volume based on the configuration in FIT (passing configuration via
device tree could be implemented easily at a later stage).
This new FIT partition parser works for NOR flash (on top of mtdblock),
NAND flash (on top of ubiblock) as well as classic block devices
(ie. eMMC, SDcard, SATA, NVME, ...).
It could even be used to mount such FIT images via `losetup -P` on a
user PC if this patch gets included in Linux upstream one day ;)
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The update to gettext 0.21 broke packages that use autotools and
gettext because the sed line was failing with the new version. Fix with
a better sed expression.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The initramfs images are missing from the profiles.json files.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
[fix code by exporting device variables]
Signed-off-by: Paul Spooren <mail@aparcar.org>
package/openwrt-packages is left over
from what is now a legacy repository
and has no other reference in the build tree
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Use approach suggested by Adrian Schmutzler instead of introducing
another device variable.
Also revert the unnecessary white-space changes accidentally introduced
by the previous commit.
Fixed: c067b1e79b ("mediatek: move out-of-tree DTS files to dedicated dts folder")
Suggested-by: Adrian Schmutzler <mail@adrianschmutzler.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use dedicated dts folder like on ramips to store device tree source
files for boards not already supported in vanilla Linux.
Doing so instead of having them in files-* has several advantages:
* we don't need to duplicate them for several kernel versions
* changes to a device tree don't trigger a complete kernel rebuild
* the files are more obvious to find
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
No manual changes needed.
Build system: x86_64
Build-tested: bcm27xx/bcm2711
Signed-off-by: John Audia <graysky@archlinux.us>
GetABISuffix does not work for intra-package ABI version of provided symbols,
since ABIV_$(provided) is not set.
Fix ABI version by using $(ABIV_$(1)) directly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Fixes: FS#2086
The logic for IS_TTY was broken, because it was testing stdin
instead of stdout.
MAKE_TERMOUT was introduced in GNU Make version 4.1 (05 Oct 2014),
so it should be available everywhere nowadays.
Signed-off-by: R. Diez <rdiezmail-openwrt@yahoo.com>
FS#2086 "IS_TTY in the makefile is broken" reports flawed detection of
stdout piping to a file. The issue describes how e.g. terminal color
codes and up in log files if running make like `make > log.txt`.
The proposed solution uses the make variable "MAKE_TERMOUT", which was
introduced in make 4.1. All major distributions seem to updated to 4.1
or later, so this ideally dosen't break anything.
Signed-off-by: Paul Spooren <mail@aparcar.org>
This was accidentally dropped in 27a4a71c24
("metadata: handle ABI version rebuild tracking for transient dependencies")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This reverts commit b12288fa69.
The patchelf approach is too fragile, and the only users of this have been
converted to make patching unnecessary
Leave the abi_version_str variable in place in rules.mk
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Preparation for supporting dynamic ABI versions that depend on the runtime
configuration. Read the suffix from the staging dir pkginfo version files.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This makes it possible to declare a package ABI_VERSION independent from the
upstream soname by setting PKG_ABI_VERSION in the package makefile.
The library filename is fixed up for files installed to packages and to the
staging dir. References to the original from executables within the same
package are also fixed up
Signed-off-by: Felix Fietkau <nbd@nbd.name>
A stray comma was being appended to the last package version dependency,
causing it to be missed for ABI version checks
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The version string generated for ARM Trusted-Firmware-A was stated as
"OpenWRT". Fix that by changing it to the exact spelling "OpenWrt"
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Multiple sources are hosted on OpenWrts source server only. The source
URLs to point to the server vary based on different epochs in OpenWrts
history.
Replace all by @OPENWRT which is an "empty" mirror, therefore using the
fallback servers sources.cdn.openwrt.org and sources.openwrt.org.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The license folder is a core part of OpenWrt and all GPL-2.0 licensed.
Use SPDX license tags to allow machines to check licenses.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[rebase, keep some Copyright lines, sharpen commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
Removed upstreamed patches:
imx6: 303-ARM-dts-imx6qdl-gw52xx-fix-duplicate-regulator-namin.patch
Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
All modification made by update_kernel.sh in a fresh clone without
existing toolchains.
Build-tested: bcm27xx/bcm2711, ipq806x/R7800,
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Upon boot it now prints:
NOTICE: BL1: v2.4(release):OpenWRT v2.4-1 (espressobin-v3-v5-1gb-2cs) (Marvell-devel-18.12.0)
Signed-off-by: Andre Heider <a.heider@gmail.com>
A header used in ELECOM WRC-300GHBK2-I and WRC-1750GHBK2-I/C is also
used in ELECOM WRC-2533GHBK-I, so split the code to generate the header
and move it to image-commands.mk to use from ramips target.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Reviewed-by: Sungbo Eo <mans0n@gorani.run>
/lib/functions.sh was executable for no obvious reason and its
execute property was even checked in package-ipkg.mk just to
source it afterwards.
Remove the execute bit and shebang as this is clearly a library.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
The majority of our targets provide a default value for the variable
SUPPORTED_DEVICES, which is used in images to check against the
compatible on a running device:
SUPPORTED_DEVICES := $(subst _,$(comma),$(1))
At the moment, this is implemented in the Device/Default block of
the individual targets or even subtargets. However, since we
standardized device names and compatible in the recent past, almost
all targets are following the same scheme now:
device/image name: vendor_model
compatible: vendor,model
The equal redundant definitions are a symptom of this process.
Consequently, this patch moves the definition to image.mk making it
a global default. For the few targets not using the scheme above,
SUPPORTED_DEVICES will be defined to a different value in
Device/Default anyway, overwriting the default. In other words:
This change is supposed to be cosmetic.
This can be used as a global measure to get the current compatible
with: $(firstword $(SUPPORTED_DEVICES))
(Though this is not precisely an achievement of this commit.)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
All modification made by update_kernel.sh in a fresh clone without
existing toolchains.
Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86/64]
All modification made by update_kernel.sh in a fresh clone without
existing toolchains.
Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86/64]
Kerning seems to be very off-putting for some people so the logo
designer thankfully updated guidelines to something which is now
considered final.
Signed-off-by: Paul Spooren <mail@aparcar.org>
All modification made by update_kernel.sh in a fresh clone without
existing toolchains.
Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86/64]
Currently `qemu-img` is used to convert raw x86 images to VDI and VMDK
images, used for virtual machines.
Having `qemu-img` in tree requires us to maintain an ancient version of
`qemu-utils`, which recently required extra work to compile with newer
compiler version.
This commit prints a warning message in case `qemu-img` is missing.
As a next step the in-tree version of `qemu-img` can be removed.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Linux 5.9 introduces support for ZSTD ramdisk and initrd compression,
make sure we enable/disable the relevant options when building an
initramfs enabled kernel.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
When we use an external kernel tree which may not have been fully
cleaned, there may be user_headers left which do not match the target
architecture, leading to build failures for packages that do an explicit
inclusion of user_headers (such as iproute2 or iptables). Make sure we
delete them while preparing the directory.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
This keeps the configuration, like the size of the cache, and the
statistics intact. Move the removal of the cache directory to the
distclean target, but only delete the .ccache directory inside of our
build tree, as we should not mess with a user-configured external ccache
directory this destructively.
Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
clang's gcc emulation does the right thing with -print-file-name now,
drop the wrapper
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
`which` utility is not shipped by default for example on recent Arch
Linux and then any steps relying on its presence fails, like for example
following Python3 prereq build check:
$ python3 --version
Python 3.9.1
$ make
/bin/sh: line 1: which: command not found
/bin/sh: line 1: which: command not found
/bin/sh: line 1: which: command not found
...
Checking 'python3'... failed.
...
Fix this by switching to Bash builtin `command` which should provide
same functionality.
Fixes: FS#3525
Signed-off-by: Petr Štetiar <ynezz@true.cz>
With commit 2ca084cc ("build: improve ccache support") these variables
are being set globally and we don't need them for specific targets.
Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
While parsing the nm output, we need to account for the fact that 64-bit kernels
have 64-bit wide addresses. While at it, replace the grep | sed combo with a
single awk invocation and a stronger regex.
Fixes: 2ef0acc5fc "kernel-build: fix
STRIP_KERNEL_EXPORTS for recent kernels"
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Multiple prereq checks are only required within the build system but not
for the ImageBuilder. These checks are excluded by using ifndef IB.
This commit merges the three ifndef IB blocks together.
Signed-off-by: Paul Spooren <mail@aparcar.org>
All modifications made by update_kernel.sh run in a fresh clone
without any existing toolchains.
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Some images are created using different filesystems, most popular
squashfs and ext4. To allow downstream projects to distinguesh between
those, add the `filesystem` information to created json files.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Removed since included upstream and could be reverse-applied by quilt:
backport-5.4/315-v5.10-usbnet-ipeth-fix-connectivity-with-ios-14.patch
Remaining modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [build/run x86_64]
It was observed that the MD5 would not change after source files had been
modified, looking deeper into the build process it was discovered that
find_md5 build function makes a list of the files being built and then
passes the list to a summing utility on stdin. The resultant MD5 is of
the file list, not the contents of the files.
The MD5 would change if the ordering of the list changed, or items were
removed or deleted.
The proposed fix is to add the modification time after the filename and
then sort the list to prevent find returning files in a different order
falsely re-triggering a rebuild. The MD5 will now change when a file is
modified or files are added/removed from the list.
Using 'T@' to show time in epoch for timezone independent behaviour.
Signed-off-by: John Beckett <john.beckett@net2edge.com>
This is a neat project, but offers no benefit to OpenWrt. The initial
reason for it was to be a replacement for libstdcpp as it is smaller
and lacks compatibility for C++98. Unfortunately, compiling several
packages with it results in larger ipk sizes.
While not a member of the packages feed, this will be moved to
packages-abandoned to keep it somewhere.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
On non-GNU systems, zcat often does not handle gzip decompression.
Use gzip -dc like the regular unpack command
Signed-off-by: Felix Fietkau <nbd@nbd.name>
All modifications made by update_kernel.sh/no human intervention needed
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[another refresh]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The include/trusted-firmware-a.mk file is based on the
include/u-boot.mk file and should be used to build a Trusted Firmware-A
(TFA) which was previously named Arm trusted firmware.
This is useful for targets where the TFA is board specific like for
Marvell SoCs and probably also NXP Layerscape SoCs.
This also makes use of this abstraction in the
arm-trusted-firmware-mvebu package to build board specific ATF binaries.
The ATF binaries will be automatically activated and build when the
board is selected in the normal build or all boards are selected. This
should also activate the build when build bot creates images.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Some Git hoster (e.g. sr.ht) disable hosting of svg images (xml) to
avoid XSS attacks. To show the logo correctly on all code hosters use a
"safe" PNG image.
Also move logo(s) to include/ folder to lower autocomplete churn with
the `logs/` folder. While at it, replace absolute logo path and make it
relative, as this may break other code hosters as well.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Commit f98878e4c1 ("cmake.mk: set C/CXX compiler for host builds as
well") has introduced regression as it didn't taken usage of ccache into
the account so fix it by handling ccache use cases as well.
In order to get this working we need to export HOSTCXX_NOCACHE in
rules.mk as well.
Fixes: f98878e4c1 ("cmake.mk: set C/CXX compiler for host builds as well")
Reported-by: Ansuel Smith <ansuelsmth@gmail.com>
Tested-by: Ansuel Smith <ansuelsmth@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
It is impossible to locate package that failed the build just from log
once more build is run in parallel (that is more than one make job). The
only way is to scout log files for failed package going back trough log.
This change makes it so error is printed for package that failed every
time.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
Without this, cmake will use whatever CC/CXX is set to, which could be
clang. In that case, at least libjson-c/host will fail to compile.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Currently it's assumed, that already downloaded tarballs are always
fine, so no checksum checking is performed and the tarball is used even
if it might be corrupted.
From now on, we're going to always check the downloaded tarballs before
considering them valid.
Steps to reproduce:
1. Remove cached tarball
rm dl/libubox-2020-08-06-9e52171d.tar.xz
2. Download valid tarball again
make package/libubox/download
3. Invalidate the tarball
sed -i 's/PKG_MIRROR_HASH:=../PKG_MIRROR_HASH:=ff/' package/libs/libubox/Makefile
4. Now compile with corrupt tarball source
make package/libubox/{clean,compile}
Signed-off-by: Petr Štetiar <ynezz@true.cz>
When setting the option IPK_FILES_CHECKSUMS the build system stores
checksums of all package file as metadata. In combination with pkg_check
this allows to see if a package is broken, e.g. caused by bad flash.
To create those checksums the tool `sha256sum` were used while the rest
of OpenWrt uses `mkhash`, a small & fast implementation of sha256. As
the build system does not check the existence of `sha256sum` and the
stderr output is moved to /dev/null, a situation where the option is
enabled but no actual checksum are created may occur.
Instead of adding `sha256sum` as a requirement, this replaces it with
`mkhash sha256` and adapts the `sed` pipe command to fit spacing.
CC: Xu Wang <xwang1498@gmx.com>
CC: Michal Hrusecky <Michal@Hrusecky.net>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Removed since could be reverse-applied by quilt and found to be
included upstream:
backport-5.4/789-net-usb-qmi_wwan-Set-DTR-quirk-for-MR400.patch
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711, ath79/generic
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86_64 build/run]
Allow a device recipe to specify a custom UIMAGE_MAGIC value, as used by
OpenWrt's -M flag for mkimage. This allows to automatically customize
the magic bytes in all calls to Build/uImage for this device, similar to
the behaviour of UIMAGE_NAME. Since the -M argument is inserted before
the user arguments, it can be overriden.
The following example would use 0x87654321 for the KERNEL image, but
0x12345678 for the KERNEL_INITRAMFS image:
define Device/MyDevice
UIMAGE_MAGIC := 0x87654321
KERNEL := ... | uImage lzma
KERNEL_INITRAMFS := ... | uImage lzma -M 0x12345678
...
endef
Fixes: df8e6be59a ("rtl838x: add new architecture")
[UIMAGE_MAGIC was not declared as a device variable]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
[rebase, improve formatting of "Fixes"]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
For some build recipes, the argument to Build/uImage is used to sneak in
extra arguments for mkimage, whereas this appears to have been intended
to specificy the compression method only.
Use the first provided word for -C to be backwards compatible with
current calls to Build/uImage. Use the rest of the call arguments to
override the provided defaults. Only the input file name (-d) and the
output file name cannot overriden.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Manually rebased patches:
ath79/patches-5.4/910-unaligned_access_hacks.patch
bcm27xx/patches-5.4/950-0135-spi-spi-bcm2835-Disable-forced-software-CS.patch
bcm27xx/patches-5.4/950-0414-SQUASH-Fix-spi-driver-compiler-warnings.patch
ipq806x/patches-5.4/093-4-v5.8-ipq806x-PCI-qcom-Use-bulk-clk-api-and-assert-on-error.patch
Removed since could be reverse-applied by quilt and found to be included upstream:
ipq806x/patches-5.4/096-PCI-qcom-Make-sure-PCIe-is-reset-before-init-for-rev.patch
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[refresh altered targets after rebase]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Commit 5d76065 moved the creation of the symvers directory to
include/kernel-build.mk. This is fine when building from scratch. But
when unpacking an SDK the directory doesn't exist and because the kernel
won't be built (again) this directory will not be created by the build
system, causing build failure if make tries to copy files into it.
This moves the creation of the symvers directory back into
include/kernel.mk so that the directory is created in any case.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Apple ships a broken make version with the Xcode command line tools.
Homebrew installs make as gmake by default in order to not collide with
Apple's version.
Exit with an error if the broken one is used accidentally
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Define wildcard patterns for filtering in target/linux/generic/config-filter
Preparation for supporting newer kernels
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This replaces the previous (deprecated) method of collecting symvers data
in $(PKG_BUILD_DIR)/Module.symvers, which does not work on newer kernels
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This change adds the configuration option to build and include
the nft_queue kernel module, which allows traffic to be queued up
to userspace from an nftables rule
Tested-by: Sébastien Delafond sdelafond@gmail.com
Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
The source date epoch is the only reproducible date close to the actual
build date. It can be used for tooling like the firmware wizard to show
the image age.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Manually rebased patches:
bcm27xx:
patches-5.4/950-0267-xhci-add-quirk-for-host-controllers-that-don-t-updat.patch
bcm53xx:
patches-5.4/180-usb-xhci-add-support-for-performing-fake-doorbell.patch
layerscape:
patches-5.4/802-can-0025-can-flexcan-add-LPSR-mode-support-for-i.MX7D.patch
patches-5.4/808-i2c-0002-MLK-10893-i2c-imx-add-irqf_no_suspend.patch
patches-5.4/820-usb-0016-MLK-16735-usb-host-add-XHCI_CDNS_HOST-flag.patch
Removed since could be reverse-applied by quilt:
mediatek:
patches-5.4/0700-arm-dts-mt7623-add-missing-pause-for-switchport.patch
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711, x86_64
Run-tested: ipq806x/R7800, x86_64
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86_64]
Rebase of 802-can-0025-can-flexcan-add-LPSR-mode-support-for-i.MX7D.patch
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
This removes switches dependent on kernel version 4.19 as well as
several packages/modules selected only for that version.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
We use 5.4 on all targets by default, and 4.19 has never been released
in a stable version. There is no reason to keep it.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
LegacyDevice is not used anymore in our tree, so let's drop it
together with the relevant definitions and recipes.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The definitions in image-commands.mk seem to have no particular
order. Sort them alphabetically to make it easier to actually
find anything there. No other changes made beyond moving entire
blocks.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Build/combined-image is only used in ath25 target, and that defines
its own version. Thus, drop the unused definition in image-commands.mk.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This drops unused legacy recipes Image/Build/SysupgradeNAND and
Image/Build/UbinizeImage.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This reverts commit 7f94e2afcf.
Package kmod-nft-core is missing dependencies for the following libraries:
nft_reject.ko
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Nightly snapshot builds of OpenWrt change their kernels versions
frequently and lose thereby compatibility to kmods from the upstream
target specific packages feed.
To allow opkg to install packages over multiple days a kmod archive is
offered at $target/$subtarget/kmods/$kernelversion and added as a feed
to created snapshot images via a buildbot step[1].
Instead of using a buildstep add the kmod feed directly via
FeedSourcesAppend to be included in the ImageBuilder repositories.conf
as well. This is conditionally only done for SNAPSHOT builds and when
running as BUILDBOT. Releases are unaffected as they don't include
kernel version changes and local builds may use different kernel
versions or magics than available upstream.
This commit allows in a future step to ship ImageBuilders without a
locally stored kmod archive.
[1]: https://git.openwrt.org/?p=buildbot.git;a=blob;f=phase1/master.cfg;h=3ba7a1606e89b095b10555e703ea96e93295deec;hb=HEAD#l1025
Signed-off-by: Paul Spooren <mail@aparcar.org>
The mips kernel vmlinux image supports adding an empty ELF section
for DTB to be later inserted into with MIPS_ELF_APPENDED_DTB.
This ELF + inserted DTB image can then be directly booted on some
devices.
Example usage:
image/subtarget.mk:
KERNEL_NAME := vmlinux.elf
KERNEL_INITRAMFS_NAME := vmlinux-initramfs.elf
KERNEL := kernel-bin | append-dtb-elf
On mt7621 memory size needed to be manually specified.
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
Kernel commit 1ac89d20150e ("netfilter: nat: merge nf_nat_redirect into
nf_nat") made the redirect module part of the nat core and changed the
CONFIG_NF_NAT_REDIRECT option to a boolean, without prompt, affecting
kernel 4.18 onwards. CONFIG_NF_NAT_REDIRECT now can only be selected by
CONFIG_NFT_REDIR or NETFILTER_XT_TARGET_REDIRECT
Fixes: FS#2476
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2476
Fixes: FS#2990 (partial)
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2990
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
[note that the option has no prompt and can only be selected by other
kconfig options]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
It was removed in upstream linux commit faec18db ("netfilter: nat:
remove l4proto->manip_pkt"). This happened since linux 5.0
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Kernel commit 22fc4c4c9fd6 ("netfilter: conntrack: gre: switch module to
be built-in") moved the CT GRE code into the core nf_conntrack.ko module
and changed the CONFIG_NF_CT_PROTO_GRE option to boolean for kernel 5.1
and onwards.
CONFIG_NF_CT_PROTO_GRE at the moment has no prompt and can only be
selected by NF_CONNTRACK_PPTP
Fixes: FS#2990 (partial)
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2990
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
[note that the option now can not be enabled on its own]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The upstream linux commit is 3bf195ae ("netfilter: nat: merge
nf_nat_ipv4,6 into nat core"). It was included since linux 5.1
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
CONFIG_IP_NF_TARGET_REDIRECT is a compat option since upstream commit
2cbc78a2 ("netfilter: combine ipt_REDIRECT and ip6t_REDIRECT"). That
happened since linux 3.10
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
CONFIG_IP_NF_TARGET_MASQUERADE and its counterpart
CONFIG_IP6_NF_TARGET_MASQUERADE are "backwards-compat option for the
user's convenience"
Related commit d22c1755 ("netfilter: fix NAT packaging with kernels
5.2+")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Add procd-ujail and procd-seccomp to DEFAULT_PACKAGES if not building
for space-constraint (FEATURES:=small_flash) targets.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Rather than unconditionally adding busybox and procd to the set of
default packages, add busybox-selinux and procd-selinux in case
CONFIG_SELINUX is set.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
* add d-link_dgs-1210-10p support
* make sure mips16 is disabled
* add a generic sub target
* add proper cflags
Signed-off-by: John Crispin <john@phrozen.org>
This reverts commit ef7c34c1d1.
The commit seems to break all buildbots with messages like:
/builder/shared-workdir/build/include/toplevel.mk:15:
/builder/shared-workdir/build/include/toplevel-vars.mk: No such file or directory
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
version_abbrev uses $(shell) and the ?= is causing make to run the command
over and over again, causing a significant build slowdown
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Usage of current R1 ISA is inconsistent with the MIPS32 subtarget, little
used and has limited utility for testing.
Many distros target a minimum R2 ISA. Debian MIPS 32-bit/64-bit ports all
use MIPS R2 ISA since Stretch, for example. Fedora's MIPS arch also targets
the R2 ISA for 32-bit/64-bit.
Widely used MIPS64 platforms like Octeon are based on the MIPS R2 ISA or
later, and benefit from having a compatible test platform in OpenWRT.
While Linux does support MIPS64 R1 targets, its usefulness for development
and testing is limited. As an example, the modern Linux eBPF JIT requires
a MIPS R2 ISA or later.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
[Refresh config and fix README]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
The buildroot and SDK both require the compilers (gcc, g++) to be
installed on the host system, however the ImageBuilder uses precompiled
binaries.
This patch changes the prerequirements checks to skip the checking for
the compilers if running as ImageBuilder. A similar change has been
made for libncurses-dev in 4a1a58a3e2.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
Acked-by: Paul Spooren <mail@aparcar.org>
Seemingly unneeded based on new upstream code so manually deleted:
layerscape:
820-usb-0007-usb-dwc3-gadget-increase-timeout-value-for-send-ep-c.patch
Manually merged:
generic-hack:
251-sound_kconfig.patch
All other modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800, lantiq/Easybox 904 xDSL
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[add lantiq test report, minor commit message clarification]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The former nft_chain_nat_ipv4 and nft_chain_nat_ipv6 modules have been merged
into a common nft_chain_nat module starting with Linux 5.1.
Ensure that this common module is shipped along with kmod-nft-nat on recent
kernels.
While we're at it, also apply version constraints to other nft modules that
have been merged into the core with newer kernels.
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2815#comment8016
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Instead of hardcoding 'targeted' policy, evaluate /etc/selinux/config
in rootfs to choose according to which policy files in the rootfs got
to be labeled.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
By installing policycoreutils to host/bin it is also available within
the ImageBuilder and SDK, allowing to correctly label both filesystems
and packages.
Signed-off-by: Paul Spooren <mail@aparcar.org>
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x, ath79/generic, bcm72xx/bcm2711
Run-tested: ipq806x (R7800)
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
There are currently several variants of 'wpad' package but the 'iwinfo'
is included by default only if 'wpad', 'wpad-{basic*,mini}' or 'nas'
packages are included in {DEVICE,DEFAULT}_PACKAGES. Use 'wpad-*'
pattern to include 'iwinfo' with any 'wpad' variant.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
'setfiles' and others should be installed to $(STAGING_DIR_HOSTPKG)/bin
rather than $(...)/sbin which isn't in PATH.
Also using -Wl,-rpath to set library search location instead of setting
LD_LIBRARY_PATH when calling setfiles in image.mk.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Some bootloaders are really keen on just one special
fdt in a multi-image fit image. This is a problem, because
currently this is fixed to "fdt@1".
This patch introduces a new device variable:
DEVICE_FDT_NUM that allows to specify the right
fdt number.
If the value is absent "1" will be chosen.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x, lantiq/xrx200 and ath79/generic
Run-tested: ipq806x (R7800), lantiq (Easybox 904 xDSL)
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[add test on lantiq]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
All modifications made by update_kernel.sh/no manual intervention needed
Run-tested: ipq806x (R7800), ath79 (Archer C7v5), x86/64
No dmesg regressions, everything appears functional
Signed-off-by: John Audia <graysky@archlinux.us>
[add run test from PR]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This reverts commit 34cc2c9a99.
The reverted shell code is a very poor reimplementation of the existing
package-metadata.pl usergroup subcommand and the resulting file is not
used anymore, so drop this code.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This file can be subsequently used to resolve symbolic user or group names
to their numeric IDs when packing ipk archives.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Multiple packages contain a USERID variable defining required user and
group for the package to run. With the recent addition of
"PKG_FILE_MODES" it is possible to define user and group of specific
files, replacing (possibly insecure) post-inst scripts. These modes are
set during build time and put directly into the packages.
To allow user and group names rather than the numeric values, a mapping
like `/etc/passwd` is required by the `ipkg-build` script, mapping names
defined in "PKG_FILE_MODES" to a numeric value, as the build system does
not create any users during build.
This commit adds a single line to the `prepare-tmpinfo` target, so that
everytime the feeds are updated the *passwd like* content of
`./tmp/userids` is updated.
Signed-off-by: Paul Spooren <mail@aparcar.org>
All modifications made by update_kernel.sh/no manual intervention needed
Build-tested: x86_64
Run-tested: ipq806x (R7800)
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Currently the global variable PKG_FILE_MODES is used for all ipkg
creations. This works for Makefiles which output a single package, or
variants of a single package.
But if a Makefile outputs multiple packages that each contain different
files, setting PKG_FILE_MODES causes build failure when any of the files
in the variable do not exist in the folder that is currently being
packaged.
Example:
/openwrt/staging_dir/host/bin/fakeroot -l /openwrt/staging_dir/host/lib/libfakeroot.so -f /openwrt/staging_dir/host/bin/faked /openwrt/scripts/ipkg-build -m "/usr/lib/mariadb/plugin/auth_pam_tool_dir:root:376:0750" /openwrt/build_dir/target-mips_24kc_musl/mariadb-10.4.13/ipkg-mips_24kc/mariadb-server-plugin-disks /openwrt/bin/packages/mips_24kc/packages
+chown: cannot access '/openwrt/build_dir/target-mips_24kc_musl/mariadb-10.4.13/ipkg-mips_24kc/mariadb-server-plugin-disks//usr/lib/mariadb/plugin/auth_pam_tool_dir': No such file or directory
This commit changes the file mode handling a bit. The file mode can now
be set either globally via PKG_FILE_MODES (no behavior change) or on a
per-package basis via FILE_MODES. This way specific file modes can be
used for any particular package.
This behavior is already used for other OpenWrt variables, hence it is
familiar:
PKG_MAINTAINER vs MAINTAINER
PKG_SOURCE_SUBDIR vs SUBDIR
PKG_LICENSE vs LICENSE
...
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Manually merged:
hack-5.4
230-openwrt_lzma_options.patch
bcm27xx
950-0283-hid-usb-Add-device-quirks-for-Freeway-Airmouse-T3-an.patch
x86
011-tune_lzma_options.patch
Remove upstreamed patches in collaboration with Ansuel Smith:
ipq806x
093-1-v5.8-ipq806x-PCI-qcom-Add-missing-ipq806x-clocks-in-PCIe-driver.patch
093-2-v5.8-ipq806x-PCI-qcom-Change-duplicate-PCI-reset-to-phy-reset.patch
093-3-v5.8-ipq806x-PCI-qcom-Add-missing-reset-for-ipq806x.patch
All other modifications made by update_kernel.sh
Build-tested: bcm27xx/bcm2708, ipq806x, x86/64
Run-tested: ipq806x (R7800), x86/64
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[update commit message/tested]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adding inline shell invocations in per-target variables causes them to be
executed over and over again, which causes a significant slowdown.
Fix this by evaluating it only once per package directory
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This removes switches dependent on kernel version 4.14 as well as
several packages/modules selected only for that version.
This also removes sched-cake-virtual, which is not required anymore
now that we have only one variant of cake.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Using fakeroot without passing the paths to libfakeroot.sh and faked
causes havoc. Use the $(FAKEROOT) Make variable which includes them.
Fixes: 353ce2e521 ("build: ipkg-build use fakeroot with PKG_FILE_MODES")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The variable VERSION_REPO is used by opkg to download package(list)s.
Now that the default installation support encrypted HTTP opkg should
make use of it.
Suggested-by: Petr Štetiar <ynezz@true.cz>
Suggested-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
The line of default packages became very long and it is easier to read
one package per line, therefore split it by newlines and sort it
alphabetically.
Signed-off-by: Paul Spooren <mail@aparcar.org>
To allow HTTPS usage on a router it requires both certificates
(ca-bundle) and a fitting libustream library (libustream-wolfssl)
By adding both, uclient-fetch and wget can connect to encrypted HTTP.
This allows opkg to update package lists in a more secure fashion.
Suggested-by: Petr Štetiar <ynezz@true.cz>
Suggested-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
The usage of granular `SOURCE_DATE_EPOCH` for packages is an
incrementing integer which could be useful for downstream tooling,
therefore add it to the packages manifest.
Signed-off-by: Paul Spooren <mail@aparcar.org>