In OpenWrt, /var is symlinked to /tmp by default. This is done to reduce
the amount of writes to the flash chip, which often have not the
greatest durability. As a result, things like DHCP or UPnP lease files,
are not persistent across reboots.
Since OpenWrt can run on devices with more durable storage, it makes
sense to have an option for a persistent /var. Add an option to make
/var persistent. When enabled, /var will no longer be symlinked to /tmp,
but /var/run will be symlink to /tmp/run, as it should contains only
files that should not be kept during reboot. The option is off by
default, to maintain the current behaviour.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The file is a info file just like config.buildinfo, feeds.buildinfo and
version.buildinfo. It bundles these and more information in a machine
readable way.
This commit enables the creation of profiles.json by default and not
only for buildbots. By doing so it follow the behaviour of the
ImageBuilder which always creates the file, lastly this increases the
files visibility for downstream projects.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The grub2 and grub2-efi packages should only contain boot-related code.
grub-bios-setup is the same as grub-editenv, they are both grub2 tools
and should be placed in a separate package.
Signed-off-by: 李国 <uxgood.org@gmail.com>
[use AUTORELEASE and update to SPDX]
Signed-off-by: Paul Spooren <mail@aparcar.org>
The code interprets these config values as Mebibytes rather than
Megabytes so modify the description accordingly.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
[fix commit title prefix]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* show only if target supports it (ie. seperate_ramdisk feature set)
* select XZ compression by default of ramdisk is seperate
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Instead of embedding the initrd cpio archive into the kernel, allow
for having an external ramdisk added to the FIT or uImage.
This is useful to overcome kernel size limitations present in many
stock bootloaders, as the ramdisk is then loaded seperately and doesn't
add to the kernel size. Hence we can have larger ramdisks to host ie.
installers with all binaries to flash included (or a web-based
firmware selector).
In terms of performance and total size the differences are neglectible.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The license folder is a core part of OpenWrt and all GPL-2.0 licensed.
Use SPDX license tags to allow machines to check licenses.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[rebase, keep some Copyright lines, sharpen commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The config setting was renamed to CONFIG_KPROBE_EVENTS.
Fixes: 97d3f800a8 ("config: kernel: Add KPROBE_EVENTS config option)
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Not everyone will want to bloat their kernel by 24 kiB for such a niche
feature.
Fixes: a1a7f3274e "kernel: enable SRv6 support by
enabling lwtunnel"
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
The current master only supports kernel 5.4, and there is no reason
to remove KERNEL_IO_URING for future kernels.
Drop the unneeded dependency.
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
[improve commit title/message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Enable the ability to use segment routing based on IPv6. It allows the
packet to specify a path that the packet should take through the
network.
Lwtunnel allow an easy encapsulation of a package. You can just install
ip-full package and use it:
ip -6 route add 2003::/64 dev eth0 encap seg6 mode encap \
segs 2001::1,2002::2
An IPv6 package looks like this:
[IPv6 HDR][IPv6 RH][IPv6 HDR][Data...]
Netifd support:
https://git.openwrt.org/?p=project/netifd.git;
a=commit;h=458b1a7e9473c150a40cae5d8be174f4bb03bd39
Increases imagesize by 24.125 KiB. Therefore, only enable for devices
with enough flash.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Currently, you are not able to get statistics about IPv4 and IPv6
usage. This information can be collected via the snmp and snmp6.
However, in the current state this interface is disabled as you can
read in the "902-debloat_proc.patch":
"Strip non-essential /proc functionality to reduce code size"
Tools like netstat use the snmp/6 interface to collect interface
statistics. Some prometheus exporters also mention this:
- prometheus-collectors/netstat.lua
- prometheus-collectors/snmp6 (still a PR)
- collectd/snmp6 (still a PR)
PRs:
- https://github.com/collectd/collectd/pull/3789
- https://github.com/openwrt/packages/pull/14158
Instead of enabling it as default for all devices we condition it
default y if SMALL_FLASH
A test shows it needs around 16 kiB.
Signed-off-by: Nick Hainke <vincent@systemli.org>
[fixed whitespace issue]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This adds the CONFIG_IRQSOFF_TRACER and the CONFIG_PREEMPT_TRACER kernel
configuration option to the OpenWrt menu. This can be used to debug
latencies in the system.
The CONFIG_PREEMPT_TRACER option needs the CONFIG_PREEMPT option which is
supposed to be used for Low-Latency Desktop and not used by many targets
in OpenWrt.
The help text is copied from the Linux kernel Kconfig.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
Enable CONFIG_KEYS by default on systems which are not marked as
flash-space constraint by the 'small_flash' feature.
CONFIG_KEYS is required by Docker, enabling it in our kernel allows
users to run Docker on stock OpenWrt.
It is also used of by some network file systems (such as NFSv4) to
store credentials as well as UID/GID mappings.
Adds about 50kB to vmlinux on ath79/generic (~18kB compressed)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add KERNEL_KEYS_REQUEST_CACHE option.
'tristate' (ie. module builds) are not valid in Config-kernel.in, hence
remove tristate KERNEL_ENCRYPTED_KEYS. It will be readded as a kernel
module in a follow-up commit.
Fixes: 39d817cf38 ("Add config symbols for kernel keyring support")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
As discussed in the today's (2020-12-10) meeting, add a new option to
menuconfig to group the selection of all experimental features to be
selected by default.
Developers are recommended to make use of this new symbol to guard
new features.
Other developers and community members should feel encouraged to
build with this flag enabled to help testing and provide feedback.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This is a neat project, but offers no benefit to OpenWrt. The initial
reason for it was to be a replacement for libstdcpp as it is smaller
and lacks compatibility for C++98. Unfortunately, compiling several
packages with it results in larger ipk sizes.
While not a member of the packages feed, this will be moved to
packages-abandoned to keep it somewhere.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Drop our local sstrip copy and use the current ELFKickers upstream
version.
Patch the original makefile in order to avoid building elftoc, since it
fails with musl's elf.h. This is fine, since we only need sstrip anyway.
Finally, add the possibility to pass additional arguments to sstrip and
pass -z (remove trailing zeros) by default, which matches the behaviour
of the previous version.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[shorten long commit msg lines]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Trivial cosmetic cleanup. This also helps for script that parse for
options in Config files.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Reviewed-by: Petr Štetiar <ynezz@true.cz>
This reverts commit 9eb9943f82.
Building the 'modular' variant requires 'semodule_package' from
'selinux-python' to be installed on the buildhost.
Apart from that, this change also broke the monolithic refpolicy
'targeted' build.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This adds a variant of refpolicy that builds the modular form of the
policy. While this requires more memory on the target device, along with
some tricks to deal with OpenWrt's volatile /var directory, it is useful
for experiementing with SELinux policy.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
The pistachio target uses a MIPS CPU with FPU and OpenWrt uses a
toolchain with hard FPU support. MIPS FPU support needs the FPU
emulation code in the kernel.
Fixes: ac5671f46c ("kernel: remove obsolete kernel version switches for 4.19")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This removes switches dependent on kernel version 4.19 as well as
several packages/modules selected only for that version.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
In order to make it easier for users to build with SELinux, have a
single option in 'Global build settings' to enable all necessary
kernel features, userland packages and build-system hooks.
Also add better descriptions and help messages while at it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The LSM (Linux security mechanism) list is the successor of the now
legacy *major LSM*. Instead of defining a single security mechanism the
LSM symbol is a comma separated list of mechanisms to load.
Until recently OpenWrt would only support DAC (Unix discretionary access
controls) which don't require an additional entry in the LSM list. With
the newly introduced SELinux support the LSM needs to be extended else
only a manual modified Kernel cmdline (`security=selinux`) would
activate SELinux.
As the default OpenWrt Kernel config sets DAC as default security
mechanism, SELinux is stripped from the LSM list, even if
`KERNEL_DEFAULT_SECURITY_SELINUX` is activated. To allow SELinux without
a modified cmdline this commit sets a specific LSM list if
`KERNEL_SECURITY_SELINUX` is enabled.
The upstream Kconfig adds even more mechanisms
(smack,selinux,tomoyo,apparmor), but until they're ported to OpenWrt,
these can be ignored.
To compile SELinux Kernel support but disable it from loading, the
already present options `KERNEL_SECURITY_SELINUX_DISABLE` or
`KERNEL_SECURITY_SELINUX_BOOTPARAM` (with custom cmdline `selinux=0`)
can be used. Further it's possible to edit `/etc/selinux/config`.
Signed-off-by: Paul Spooren <mail@aparcar.org>
This removes switches dependent on kernel version 4.14 as well as
several packages/modules selected only for that version.
This also removes sched-cake-virtual, which is not required anymore
now that we have only one variant of cake.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This target is still on kernel 4.14, and recent attempts to move it to
kernel 5.4 have not led to success. The device tester reported that it
wouldn't boot with the following messages:
From sysupgrade:
Press any key within 4 seconds to enter setup....
loading kernel from nand... OK
setting up elf image... OK
jumping to kernel code
At this point the system hangs.
From CompactFlash:
Press any key within 4 seconds to enter setup....
Booting CF
Loading kernel... done
setting up elf image... kernel out of range kernel loading failed
The tester reported that the same was observed with current master
(kernel 4.14) as well. This looks like some kernel size restriction.
Since this target is quite old and only supports one device, and since
nobody else seemed interested in working on this for quite some time,
I decided to not put further work into analyzing the problem and drop
this together with the other 4.14-only targets.
Patchwork series:
https://patchwork.ozlabs.org/project/openwrt/list/?series=197066&state=*
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This adds a number of options to config/Config-kernel.in so that
packages related to SELinux support can enable the appropriate Linux
kernel support.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase; add ext4, F2FS, UBIFS, and JFFS2 support; add commit message]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
This allows the build process to prepare a squashfs filesystem for use
with SELinux.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, add commit message]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
This target has been mostly replaced by ath79 and won't be included
in the upcoming release anymore. Finally put it to rest.
This also removes all references in packages, tools, etc. as well as
the uboot-ar71xx and vsc73x5-ucode packages.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The symbol KERNEL_CGROUP_HUGETLB is always used whenever KERNEL_CGROUPS is enabled.
The absence of this notation will cause the user to be asked to enter this parameter the first time it is compiled.
Signed-off-by: Yuan Tao <ty@wevs.org>
Remove `if !SMALL_FLASH` in places which are anyway already augmented
by `if !SMALL_FLASH`.
Always enable CONFIG_BLK_DEV_THROTTLING on !SMALL_FLASH devices rather
than just enabling it on bcm27xx.
Enabled CPU bandwidth provisioning for FAIR_GROUP_SCHED on !SMALL_FLASH
devices as CONFIG_FAIR_GROUP_SCHED is already enabled and becomes more
useful for cgroups with that option enbled as well.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Remapping the local build path in debug information makes debugging
using ./scripts/remote-gdb harder, because files no longer refer to the full
path on the build host.
For local builds, debug information does not need to be reproducible,
since it will be stripped out of packages anyway.
For buildbot builds, it makes sense to keep debug information reproducible,
since the full path is not needed (nor desired) anywhere.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Enabling KERNEL_TRANSPARENT_HUGEPAGE exposes 2 missing symbols:
* CONFIG_READ_ONLY_THP_FOR_FS
* TRANSPARENT_HUGEPAGE_ALWAYS
* TRANSPARENT_HUGEPAGE_MADVISE
The first one was added in 5.4, and is marked experimental there so just
disable it in the generic config.
For the latter two, we should not force the user to use either of them,
so add them as build-configurable kernel options.
Fixes: d1a8217d87 ("kernel: clean-up build-configurable kernel config symbols")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
It was removed from target defaults though it didn't exist in the
build-systems kernel configuration options. Add it there.
Fixes: d1a8217d87 ("kernel: clean-up build-configurable kernel config symbols")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
By specifying "BROKEN := 1" or "BROKEN := y" for a device, it will be
hidden (and deselected) by default. By that, it provides a stronger
option to "disable" a device beyond just using DEFAULT := n.
To make these devices visible, just enable the BROKEN option in
developer settings as already implemented for targets and packages.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Don't explicitely disable options in target/linux/generic/config-* if
they are already controlled in config/Config-kernel.in.
Add a bunch of new symbols and prepare defaults for using only unified
hierarchy (ie. cgroup2). Update symbol dependencies while at it
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Currently the user space stack cookies work well also when the kernel
stack cookies are not activated. This is handled completely in user
space and does not need kernel support.
This dependency was probably needed some years ago when the libc did not
support stack cookies.
Reviewed-by: Ian Cooper <iancooper@hotmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Set CCACHE_DIR to $(TOPDIR)/.ccache and CCACHE_BASEDIR to $(TOPDIR).
This allows to do clean and dirclean. Cache hit rate for test build
after dirclean is ~65%.
If CCACHE is enabled stats are printed out at the end of building process.
CCACHE_DIR config variable allows to override default, which could be useful
when sharing cache with many builds.
cacheclean make target allows to clean the cache.
Changes from v1:
- remove ccache directory using CCACHE_DIR variable
- remove ccache leftovers from sdk and toolchain make files
- introduce CONFIG_CCACHE_DIR variable
- introduce cacheclean make target
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Removes the standalone implementation of stack smashing protection
in gcc's libssp in favour of the native implementation available
in glibc and uclibc. Musl libc already uses its native ssp, so this
patch does not affect musl-based toolchains.
Stack smashing protection configuration options are now uniform
across all supported libc variants.
This also makes kernel-level stack smashing protection available
for x86_64 and i386 builds using non-musl libc.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
This patch adds support for the MikroTik RouterBOARD RB493G, ported
from the ar71xx target.
See https://routerboard.com/RB493G for details
Specification:
- SoC Qualcomm Atheros AR7161
- RAM: 256 MiB
- Storage: 128MiB NAND
- Ethernet: 9x 1000/100/10 Mbps
- USB 1x 2.0 / 1.0 type A
- PCIe: 3x Mini slot
- MicroSD slot
Working:
- Board/system detection
- Ethernet
- SPI
- NAND
- LEDs
- USB
- Sysupgrade
Enabled (but untested due to lack of hardware):
- PCIe - ath79_pci_irq struct has the slot/pin/IRQ mappings if needed
Installation methods:
- tftp boot initramfs image, scp then flash via "sysupgrade -n"
- nand boot existing OpenWrt, scp then flash via "sysupgrade -n"
Notes:
- initramfs image will not work if uncompressed image size over ~8.5Mb
- The "rb4xx" drivers have been enabled
Signed-off-by: Christopher Hill <ch6574@gmail.com>
JSON info files contain machine readable information of built profiles
and resulting images. These files were added in commit 881ed09ee6
("build: create JSON files containing image info").
They are useful for firmware wizards and script checking for
reproducibility.
Currently all JSON files are stored next to the built images, resulting
in up to 168 individual files for the ath79/generic target.
This patch refactors the JSON creation to store individual per image
(not per profile) files in $(BUILD_DIR)/json_info_files and create an
single overview file called `profiles.json` in the target directory.
Storing per image files and not per profile solves the problem of
parallel file writes. If a profiles sysupgrade and factory image are
finished at the same time both processes would write to the same JSON
file, resulting in randomly broken outputs.
Some target like x86/64 do not use the image code yet, resulting in
missing JSON files. If no JSON info files were created, no
`profiles.json` files is created as it would be empty anyway.
As before, this creation is enabled by default only if `BUILDBOT` is set.
Tested via buildroot & ImageBuilder on ath79/generic, imx6 and x86/64.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[json_info_files dir handling in Make, if case refactoring]
Signed-off-by: Petr Štetiar <ynezz@true.cz>