Make sure the timestamp of the root directory of the initramfs is set
to SOURCE_DATE_EPOCH as well.
Fixes: 29d7461d11 ("kernel: set options to make external initramfs reproducible")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Introduce `sha256_unsigned` which is a checksum of the image _before_ a
signature is attached. This is helpful to compare image reproducibility.
Since the `.sha256sum` file is located in the $(KDIR) folder, switch
$(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR)
itself is not stored inside the resulting JSON file, so it can be
replaced.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Make sure xz uses at least 2 threads so compression always runs in
multi-threaded mode as the resulting file in single-threaded mode
differs.
Fixes: 29d7461d11 ("kernel: set options to make external initramfs reproducible")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Drop the -processors argument from the mksquashfs4 call, so it will use
all available processors. This dramatically reduces the time to create
squashfs filesystems.
The times below are observed when building an image for my main router,
the WatchGuard Firebox M300 (qoriq target):
Before:
real 4m45,973s
After:
real 0m23,497s
With this commit `mksquashfs` may use more cores than defined via `-j`.
This is the same behaviour as for archive creation of ImageBuilder, SDK
or toolchain. There is no trivial way to limit `mksquashfs` CPU core
usage to the amount of "free" make jobs since two running `mksquashfs`
instances would each run with the total allowed number (-j) of threads.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[extended reasoning in commit message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
the cache directory should be autom4te.cache in all $(PKG_AUTOMAKE_PATHS)
rather than $(PKG_BUILD_DIR)/autom4te.cache only
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
Add new module require in 5.15
- Changes in block module
- Changes in netfilter module (log module unified)
- Changes in fs module (mainly new depends for cifs and new ntfs3 module)
- Changes in lib add shared lib now used by more than 1 kmod
- Changes in crypto, dropped one crypto algo added arm crypto accellerator
- Changes in other, add zram default compressor choice and missing lib
by tpm module
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
engine.mk is supposed to be included by engine packages, but it will not
be present in the SDK in the same place as in the main repository.
Move it to include/openssl-engine.mk to avoid this.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
As the upcoming release will be based on Linux 5.10 only, remove all
kernel configuration as well as patches for Linux 5.4.
There were no targets still actively using Linux 5.4.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
HOST_PATCH_DIR is used for host patches, not PATCH_DIR.
Fixes refreshing patches with a custom HOST_PATCH_DIR.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Remove "--mtime" option introduced in commit 18c9faa032 ("tools: zip:
add option for reproducible archives") and instead fetch SOURCE_DATE_EPOCH
environment variable directly in the code.
Ref: https://sourceforge.net/p/infozip/patches/25/
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Zip uses DOS timestamp for mtime which is stored in local time and hence
depends on the timezone of the build system. Force zip to use UTC timezone
to make image builds more reproducible.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
For debugging purposes, we need to know if users are using modified
U-boot versions or not. Currently, the U-boot version is somehow
stripped. This is a little bit problematic when there are
backported/wip/to-upstream patches.
To make it more confusing, there was (before this commit) two U-boot
versioning. U-boot compiled by OpenWrt build bots are missing ``Build:``
This is also the case when the U-boot is compiled locally.
Example:
```
U-Boot SPL 2022.01 (Jan 27 2022 - 00:24:34 +0000)
U-Boot 2022.01 (Jan 27 2022 - 00:24:34 +0000)
```
On the other hand, if you run full build, you can at least see, where it
was compiled. Notice added ``Build:``.
Example:
```
U-Boot 2022.01 (Jan 27 2022 - 00:24:34 +0000), Build: jenkins-turris-os-packages-burstlab-omnia-216
```
In both cases, it is not clear to U-boot developers if it is an unmodified
build. This is also caused that there is a missing ``.git`` file from
U-boot folder, and so there is no history. It leads to that it can not
contain suffix ``-dirty`` (uncommitted modifications) or even something
else like number of commits, etc. [1]
When U-boot is compiled as it should be, the version should look like
this: ``U-Boot 2022.04-rc1-01173-g278195ea1f (Feb 11 2022 - 14:46:50 +0100)``
The date is not changed daily when there are new OpenWrt builds.
This commit adds OpenWrt specific version, which could be verified by
using strings.
```
$ strings bin/targets/mvebu/cortexa9/u-boot-omnia/u-boot-spl.kwb | grep -E "OpenWrt*"
U-Boot SPL 2022.01-OpenWrt-r18942+54-cbfce92367 (Feb 21 2022 - 13:17:34 +0000)
arm-openwrt-linux-muslgnueabi-gcc (OpenWrt GCC 11.2.0 r18942+54-cbfce92367) 11.2.0
2022.01-OpenWrt-r18942+54-cbfce92367
U-Boot 2022.01-OpenWrt-r18942+54-cbfce92367 (Feb 21 2022 - 13:17:34 +0000)
```
[1] https://u-boot.readthedocs.io/en/latest/develop/version.html
Reported-by: Pali Rohár <pali@kernel.org>
Suggested-by: Karel Kočí <karel.koci@nic.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
If a image is bigger than the device can handle, an error message is
printed. This is usually silenced and silently ignored, making it harder
to debug. While it's possible to run the build in verbose mode (via
`make V=s`) and grep for *is too big*, it's more intuitive to print the
error message directly. For that use the newly unlocked `$(call
ERROR_MESSAGE,...)` definition which now also print in non-verbose mode.
Fixes: FS#50 (aka #7604)
Signed-off-by: Paul Spooren <mail@aparcar.org>
Using `make -j9` only prints a subset of messages to follow the build
process progressing. However this silently skips over errors which might
be of interested. Using `make V=s` easily floods the terminal making it
hard to find error messages between the lines.
A compromise is the usage of `$(call ERROR_MESSAGE,...)` which prints a
message in red. This function is silenced in the non-verbose mode, even
if only used at a single place in `package/Makefile` where it notifies
about a OPKG corner case.
This commit moves the `ERROR_MESSAGE` definition outside of the
`OPENWRT_VERBOSE` condition and print error messages in every mode.
With this in place further error messages are possible.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Toplevel Make is not aware about changes in the `scripts/config/*conf`
targets and this is causing issues for during update to that part of
build tree, where one needs to handle this manually by either force
rebuilding the targets or running `make config-clean`. Fix this by
forcing the rebuild if necessary.
Fixes: #9297
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Had to update generic defconfig (make kernel_menuconfig CONFIG_TARGET=generic)
for this bump, but since that only modifies the target defined in .config,
and since that target also needed to be updated for unrelated reasons, manually
propagated the newly added symbol to the generic config.
Removed upstreamed:
pending-5.10/860-Revert-ASoC-mediatek-Check-for-error-clk-pointer.patch[1]
All other patches automatically rebased.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.99&id=080f371d984e8039c66db87f3c54804b0d172329
Build system: x86_64
Build-tested: bcm2711/RPi4B, mt7622/RT3200
Run-tested: bcm2711/RPi4B, mt7622/RT3200
Signed-off-by: John Audia <graysky@archlinux.us>
ipTIME AX2004M is an 802.11ax (Wi-Fi 6) router, based on MediaTek
MT7621A.
Specifications:
* SoC: MT7621A
* RAM: 256 MiB
* Flash: NAND 128 MiB
* Wi-Fi:
* MT7915D: 2.4/5 GHz (DBDC)
* Ethernet: 5x 1GbE
* Switch: SoC built-in
* USB: 1x 3.0
* UART: J4 (115200 baud)
* Pinout: [3V3] (TXD) (RXD) (GND)
MAC addresses:
| interface | MAC address | source | comment
|-----------|-------------------|----------------|---------
| LAN | 58:xx:xx:00:xx:9B | | [1]
| WAN | 58:xx:xx:00:xx:99 | |
| WLAN 2G | 58:xx:xx:00:xx:98 | factory 0x4 |
| WLAN 5G | 5A:xx:xx:40:xx:98 | |
| | 58:xx:xx:00:xx:98 | config ethaddr |
[1] Used in this patch as WLAN 5G MAC address with the local bit set
Load addresses:
* stock
* 0x80010000: FIT image
* 0x81001000: kernel image -> entry
* OpenWrt
* 0x80010000: FIT image
* 0x82000000: uncompressed kernel+relocate image
* 0x80001000: relocated kernel image -> entry
Notes:
* This device has a dual-boot partition scheme, but this firmware works
only on boot partition 1. The stock web interface will flash only on the
inactive boot partition, but the recovery web page will always flash on
boot partition 1.
Installation via recovery mode:
1. Press reset button, power up the device, wait >10s for CPU LED
to stop blinking.
2. Upload recovery image through the recovery web page at 192.168.0.1.
Revert to stock firmware:
1. Install stock image via recovery mode.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
When using a non default MESON_HOST_BUILD_DIR, HOST_BUILD_DIR is not
appropriate to use. This change matches the target configure section.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Commit f4a79148f8 ("ramips: add support for ipTIME AX2004M") seems to
leak KERNEL_LOADADDR 0x82000000 to other devices, causing the to no
longer boot. The leak is visible in u-boot:
Using 'config-1' configuration
Trying 'kernel-1' kernel subimage
Description: MIPS OpenWrt Linux-5.10.92
Type: Kernel Image
Compression: lzma compressed
Data Start: 0x840000e4
Data Size: 10750165 Bytes = 10.3 MiB
Architecture: MIPS
OS: Linux
Load Address: 0x82000000
Entry Point: 0x82000000
Normally, it should look like this:
Using 'config-1' configuration
Trying 'kernel-1' kernel subimage
Description: MIPS OpenWrt Linux-5.10.92
Type: Kernel Image
Compression: lzma compressed
Data Start: 0xbfca00e4
Data Size: 2652547 Bytes = 2.5 MiB
Architecture: MIPS
OS: Linux
Load Address: 0x80001000
Entry Point: 0x80001000
Revert the commit to avoid more people soft-bricking their devices.
This reverts commit f4a79148f8.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
ipTIME NAS1 is a 1-bay NAS, based on Marvell Kirkwood SoC.
Specifications:
* SoC: 88F6281
* RAM: 256 MiB
* Flash: SPI NOR 16 MiB
* SATA: 1x 3Gb/s
* Ethernet: 1x 1GbE
* USB: 1x 2.0
* Fan: 2 speed level
* UART: JP1 (115200 8N1)
* Pinout: [3V3] (TXD) (RXD) (GND)
Notes:
* There are several variants of the model name: "NAS-I", "NASI", "NAS1".
Here "NAS1" is adopted for consistent naming scheme.
* The reset button is also a USB copy button in stock FW,
but in this patch the former is the only default behavior.
Installation via web interface:
1. Flash sysupgrade image through the stock web interface.
Revert to stock firmware:
1. Perform sysupgrade with stock image.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
This allows to implement statefull bridge filtering
As the uncompressed size is only 7.6k (arm64), just add
nf_conntrack_bridge.ko to kmod-nft-bridge package
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
On macOS, system binaries silently drop the environment variables for injecting
extra shared libraries (used by fakeroot). This is done for security reasons.
Work around this by building bash from source, so that it gets an ad-hoc signature
and does not have these restrictions
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Ubuntu started to flag which as deprecated and it
seems which is not really standard and may vary
across Distro.
Drop the use of which and use the standard 'command -v'
for this simple task.
Which is still present in the prereq if some package/script
still use which.
A utility script called command_all.sh is implemented that
will just mimic the output of which -a.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Added HOST_CXXFLAGS to specify CXXFLAGS during host-compile
(e.g. to specify c++ standard: HOST_CXXFLAGS += -std=c++11)
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Move the kernel versions and hash to dedicated files.
This makes kernel bump quicker and fix some annoying
problem with rebasing when multiple kernel bump are proposed.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[Rebased on top of current master]
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Add and enable a new kconfig knob to disable unprivileged eBPF by default.
Patches automatically rebased.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
All patches automatically rebased.
Build system: x86_64
Build-tested: ramips/mt7621*
*Had to revert 7f1edbd in order to build due to FS#4149
Signed-off-by: John Audia <graysky@archlinux.us>
This CPU type is compatible with NXP's PPC based QorIQ processors, and
will be used by the upcoming new qoriq target.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Rui Salvaterra <rsalvaterra@gmail.com>
All patches automatically rebased.
Build system: x86_64
Build-tested: bcm2711/RPi4B, ipq806x/R7800*
Run-tested: bcm2711/RPi4B, ipq806x/R7800*
*Had to revert 7f1edbd412 in order to build
(binutils 2.37, https://bugs.openwrt.org/index.php?do=details&task_id=4149)
Signed-off-by: John Audia <graysky@archlinux.us>
All patches automatically rebased.
Build system: x86_64
Build-tested: bcm2711/RPi4B, ipq806x/R7800*
Run-tested: bcm2711/RPi4B, ipq806x/R7800*
*Had to revert 7f1edbd412 in order to build
(binutils 2.37, https://bugs.openwrt.org/index.php?do=details&task_id=4149)
Signed-off-by: John Audia <graysky@archlinux.us>
Removed target for patch which does not exist:
bcm27xx/patches-5.10/950-0249-kbuild-Disable-gcc-plugins.patch
All patches automatically rebased.
Build system: x86_64
Build-tested: bcm2711/RPi4B, ipq806x/R7800*
Run-tested: bcm2711/RPi4B, ipq806x/R7800*
* Had to revert 7f1edbd412 in order to build
(binutils 2.37, https://bugs.openwrt.org/index.php?do=details&task_id=4149)
Signed-off-by: John Audia <graysky@archlinux.us>
All patches automatically rebased.
Build system: x86_64
Build-tested: ramips/mt7621*
*FS#4149 affects me so I had to revert 7f1edbd412
in order to downgrade to 2.35.1
Signed-off-by: John Audia <graysky@archlinux.us>
All patches automatically rebased.
Build system: x86_64
Build-tested: ramips/mt7621*
*FS#4149 affects me so I had to revert 7f1edbd412
in order to downgrade to 2.35.1
Signed-off-by: John Audia <graysky@archlinux.us>
All patches automatically rebased.
Build system: x86_64
Build-tested: ramips/mt7621*
*FS#4149 affects me so I had to revert 7f1edbd412
in order to downgrade to 2.35.1
Signed-off-by: John Audia <graysky@archlinux.us>
Added support to generate dynamic-sized VHDX images for Hyper-V.
Compile-tested on x86 and run-tested on Windows 10 21H2 (Hyper-V).
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
change meson binary to use py extension. Fixes issue with meson's
symbolextractor using the host python instead of the system one.
We intentionally use a .py extension here so that meson launches
additional python scripts with the same build host python interpreter as
itself is running under (and not the host package one once it becomes
available)
Signed-off-by: Rosen Penev <rosenp@gmail.com>
CONFIG_EXTERNAL_CPIO is a string variable, hence testing for 'y'
doesn't make much sense here.
Fixes: 330bd380e8 ("image: allow building FIT and uImage with ramdisk")
Reported-by: Huangbin Zhan <zhanhb88@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Newer NAND devices from MikroTik like the hAP ac3
require the kernel to be packed into UBIFS and then
ubinized.
So, since the ubinize-image.sh script can now ubinize
kernel only as well lets add a command for it.
This now allows calling ubinize-kernel in the kernel
packaging at then end.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Rootfs is now optional in ubinize-image.sh and
requires --rootfs flag instead of just passing the
rootfs image as the argument before ubinize opts.
So, simply add --rootfs flag before the $(IMAGE_ROOTFS).
Signed-off-by: Robert Marko <robimarko@gmail.com>
All patches automatically rebased.
Build system: x86_64
Build-tested: ramips/mt7621*
*I am hit with the binutils 2.37 bug so I had to revert 7f1edbd412
in order to downgrade to 2.35.1
Signed-off-by: John Audia <graysky@archlinux.us>
Manually rebased:
generic-backport/850-v5.13-usb-ehci-add-spurious-flag-to-disable-overcurrent-ch.patch
All other patches automatically rebased.
Signed-off-by: John Audia <graysky@archlinux.us>
BTF pointer data has a different size on 32 vs 64 bit targets,
and while the generated eBPF code works, the BTF data fails to validate
on mismatch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This allows a package to be rebuilt for all different VARIANTs.
To do so, set VARIANT=*.
The wpa-cli package is not getting built after changes made by
19aae94 [build: avoid rebuilds of unset VARIANT packages], because
wpa-cli is only built when compiling a variant that includes
supplicant support, and the first selected variant may not build it.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Removed upstreamed:
backport-5.4/790-v5.7-net-switchdev-do-not-propagate-bridge-updates-across.patch
All other patches automatically rebased.
Signed-off-by: John Audia <graysky@archlinux.us>
When the prebuilt llvm toolchain is unpacked into the source dir,
it is automatically picked up and used by the build system, and eBPF
based packages can be selected
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The empty executable is causing problems with meson builds, due to the
error: OSError: [Errno 8] Exec format error: 'ldconfig'
This patch changes the empty ldconfig stub to symlink to /bin/true to
work around this issue.
Fixes: FS#4117
Fixes: 3bd31cc4d2 ("tools/meson: update to 0.60.0")
Signed-off-by: Damien Mascord <tusker@tusker.org>
Tested-by: Aleksander Jan Bajkowski <olek2@wp.pl> # Tested on Debian 11
Tested-By: Lucian Cristian <lucian.cristian@gmail.com>
Tested-By: Baptiste Jonglez <git@bitsofnetworks.org>
Cc: Rosen Penev <rosenp@gmail.com>
If a Makefile defines some packages with VARIANT set, and others without
it, the latter will be built once for every different VARIANT set, each
build trumping the previous one.
Avoid rebuilds by only building unnamed variant packages when the first
variant is built.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The $(LINUX_DIR)/.config timesptamp changes between runs of
make target/compile and make target/install (which builds the image).
Kernel-dependent packages and out of tree modules are built in between
those runs, and they check the .config timestamp to decide if they need
to be rebuilt.
Save the target/compile .config to use its timestamp if the file does
not change between runs. That way the subsequent kernel packages are
not unnecessarily rebuilt when you run 'make' back to back.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
4e19cbc553: [download: handle possibly invalid local tarballs] added a
FORCE rule to downloaded files, so that they will be always checked by
download.pl.
As a side-effect, check-compile will fail, forcing unnecessary package
rebuilds.
The check-compile.txt log shows (for libxml2 for example):
Considering target file '.../dl/libxml2-2.9.12.tar.gz'.
...
prerequisite 'FORCE' of target '.../dl/libxml2-2.9.12.tar.gz' does
not exist.
Must remake target '.../dl/libxml2-2.9.12.tar.gz'.
...
Giving up on target file '...libxml2-2.9.12/.prepared_...'.
Giving up on target file '...libxml2-2.9.12/.configured_...'.
Giving up on target file '...libxml2-2.9.12/.built'.
Giving up on target file '...stamp/.libxml2_installed'.
Giving up on target file '.compile'.
Then the package is rebuilt even if it is not otherwise needed.
To fix this, instead of always forcing the download target to be remade,
check its hash first: if it matches, then the FORCE is not added.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
In order to genererate suitable kernel headers, a 5.10 kernel tree is
prepared with a default config for mips. The arch is forced to mips in
order to avoid issues with inline asm on various architectures in a way
that doesn't involve relying on the host toolchain/headers.
It also has the advantage of supporting both endian types
Signed-off-by: Felix Fietkau <nbd@nbd.name>
ELECOM WRC-X3200GST3 uses the same header/footer as WRC-GS/GST devices
in ramips/mt7621 subtarget, so move "Build/elecom-wrc-gs-factory" to
image-commands.mk to use from mediatek/mt7622 subtarget.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Deleted (upstreamed):
bcm27xx/patches-5.10/950-0145-xhci-add-quirk-for-host-controllers-that-don-t-updat.patch [1]
Manually rebased:
bcm27xx/patches-5.10/950-0355-xhci-quirks-add-link-TRB-quirk-for-VL805.patch
bcm53xx/patches-5.10/180-usb-xhci-add-support-for-performing-fake-doorbell.patch
Note: although automatically rebaseable, the last patch has been edited to avoid
conflicting bit definitions.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=b6f32897af190d4716412e156ee0abcc16e4f1e5
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
No package here depends on it. Furthermore, uClibc++ is a fairly buggy
C++ library and seems to be relatively inactive upstream.
It also lacks proper support for modern C++11 features.
The main benefit of it is size: 66.6 KB vs 287.3 KB on mips24kc. Static
linking and LTO can help bring the size down of packages that need it.
Added warning message to uclibc++.mk
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Host libraries are only build static, so let's pass --static to
pkg-config globally and remove the then unnecessary patches doing
exactly that individually.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Using Host/Exports doesn't work as intended, explicitly add the
required vars so that u-boot finds the required libraries when building
its tools.
Signed-off-by: Andre Heider <a.heider@gmail.com>
DEVICE_DTS_DELIMITER needs to be in the DEFAULT_DEVICE_VARS
list to work as expected. This was missing from the original
version and got overlooked.
Fixes: fd67908647 ("scripts: mkits.sh: Allow legacy @ mode for dts creation")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Removed upstreamed:
backport-5.4/070-v5.5-MIPS-BPF-Restore-MIPS32-cBPF-JIT.patch
All other patches automatically rebased.
Signed-off-by: John Audia <graysky@archlinux.us>
Until now, this feature was switched on via the kernel configuration
option KERNEL_SECCOMP.
The follwing change a7f794cd2a now requires that
the package procd-seccomp must also enabled for buildinmg.
However, this is not the case we have no dependency and the imagebuilder
cannot build the image, because of the implicit package selection.
This change adds a new configuration option CONFIG_SECCOMP.
The new option has the same behaviour as the configuration
option CONFIG_SELINUX.
If the CONFIG_SECCOMP is selected then the package procd-seccomp and
KERNEL_SECCOMP is enabled for this build.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
While the binary `python3.10` is correctly detected by the build system
the default `python3` binary is currently not detected if pointing to a
Python 3.10 installation.
Fix this by extending the grep regex.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Install ld-preload hooks allowing to add seccomp filters for arbitrary
services if kernel support for seccomp is present.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add procd-ujail to DEFAULT_PACKAGES if not building for
space-constraint (FEATURES:=small_flash) targets.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update install procedure based on upstream feedback. Normally, meson is
to be installed with pip. But as pip is not mandated by the build
system, it cannot be used. Upstream provides a nice script to pack meson
automatically.
Moved src/ to files/. No need to copy to BUILD_DIR.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Fix Fedora 34/35 issue where 'which' detection of 'which' wasn't working
because Fedora use alias and proc
Fixup of fca5ad55d2 prereq-build: fix `which` detection on Fedora
Reported-by: Jani Partanen <rtfm@iki.fi>
Suggest-by: Etienne Champetier <champetier.etienne@gmail.com>
Tested-by: Georgi Valkov <gvalkov@abv.bg>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Fix Fedora 34/35 issue where 'which' detection of 'which' wasn't working
because Fedora use alias and proc
Signed-off-by: Jani Partanen <rtfm@iki.fi>
[fix commit subject and message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Fedora 35 contains Python 3.10 as default version. Make use of it.
Signed-off-by: Marcin Juszkiewicz <marcin@juszkiewicz.com.pl>
[fix commit subject]
Signed-off-by: Paul Spooren <mail@aparcar.org>
commit 5ec60cbe9d ("scripts: mkits.sh: replace @ with - in nodes")
broke support for Meraki MR32 and this patch makes the replacement
configurable allowing for specifying the @ or - or whatever character
that is desired to retain backwards compatibility with existing devices.
For example, this patch includes the fix for the Meraki MR32 in
target/linux/bcm53xx/image for meraki_mr32:
DEVICE_DTS_DELIMITER := @
DEVICE_DTS_CONFIG := config@1
Fixes: 5ec60cbe9d ("scripts: mkits.sh: replace @ with - in nodes")
Signed-off-by: Damien Mascord <tusker@tusker.org>
[Added tags, checkpatch.pl fixes, noted that this is for old stuff]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
meson is a next generation build system designed to have good defaults,
simpler build files, and fast compilation.
It is built upon python and uses ninja for compilation. The latter
provides fast by default (parallel) and problem free compilation.
There are over 40 packages already successfully using meson. The next
commit will convert pkgconf to use meson compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Multiple profiles create artifacts, these should be stored in the JSON
file as well, allowing downstream tooling to show those files, too.
Artifacts don't have specific filesystems so only the fields `name`,
`type` and `sha256` are available.
Rename env variable names from IMAGE_ to FILE_ prefixes to reflect that
images, kernels and artifacts are added with the same command.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The option '-xattr' for mksquashfs4 should be '-xattrs' which lead to
build failure with SELinux enabled. Add the missing 's'.
Fixes: 4baf47b9a8 ("images: squashfs: xattrs should not depend on buld host")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When a target configuration has unser Kconfig symbols, the build will
fail when OpenWrt is compiled with V=s and stdin is connected to a tty.
In case OpenWrt is compiled without either of these preconditions, the
build will uscceed with the symbols in question being unset.
Modify the kernel configuration in a way it fails on unset symbols
regardless of the aformentioned preconditions.
Signed-off-by: David Bauer <mail@david-bauer.net>
Enable xattr for the generated squashfs only if needed for SELinux.
This eliminates warnings during boot on target when building
(non-SELinux) OpenWrt on SELinux-enabled hosts like Fedora.
Reported-by: fda77 <fda77@users.noreply.github.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add the new CONFIG_BATTERY_RT5033 to the generic configuration, as reported by
Paul Blazejowski. Resort the kconfig while at it.
No deleted or manually refreshed patches.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Manually rebased:
bcm27xx/patches-5.4/950-0089-cgroup-Disable-cgroup-memory-by-default.patch
All other patches automatically rebased.
Signed-off-by: John Audia <graysky@archlinux.us>
The ABIV_$(pkgname) variable already is formatted so return it as-is from
the GetABISuffix macro and only filter through FormatABISuffix if we read
the raw ABI version value from a version stamp file.
This ensures that binary intra-package dependencies on ABI versioned
libraries are properly formatted.
Ref: https://github.com/openwrt/packages/issues/15871
Fixes: f6a03bff5b ("build: prepend ABI suffixes with a dash if package name ends with digit")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Ensure that ABI suffixes are separated with a dash from the package name if
the name happens to end with a digit. This implementation detail got lost
during the recent refactoring of the ABI_VERSION handling in buildroot.
Ref: https://github.com/openwrt/packages/pull/14237#issuecomment-860473585
Fixes: c921650382 ("build: drop ABI version from metadata")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
tools/quilt requires GNU diffutils to compile. Failure can be simulated
by installing Alpine Linux without diffutils.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Speed goes from:
Executed in 178.08 secs fish external
usr time 20.16 mins 509.00 micros 20.16 mins
sys time 2.88 mins 39.00 micros 2.88 mins
To:
Executed in 175.90 secs fish external
usr time 20.19 mins 0.00 micros 20.19 mins
sys time 2.85 mins 497.00 micros 2.85 mins
Tested with "time make -j 12" on AMD Ryzen 3600
When building individual packages, the build time difference is often
significantly bigger than that.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
ninja is faster at building cmake packages than make, and according to reports
also more reliable at handling parallel builds
This commit includes a patch that adds GNU make jobserver support, in order to
allow more precise control over the number of parallel tasks
Enable parallel build by default for packages using ninja
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Don't attempt to copy initramfs images for devices which do not output
an initramfs image.
This was breaking builds for mpc85xx-p1010 since mid-march.
Signed-off-by: David Bauer <mail@david-bauer.net>
The variable was missing in the definition of DEFAULT_DEVICE_VARS which
caused it to contain wrong values, messing up the resulting JSON files.
This patch adds the variable DEVICE_PACKAGES to DEFAULT_DEVICE_VARS.
Suggested-by: Baptiste Jonglez <git@bitsofnetworks.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
This fixes a regression introduced with commit
5ed1e5140a ("build: build kernel image
before building modules/packages").
Before this commit the make target would always include "modules",
resulting in a MODPOST and a complete Module.symvers file. Since this
commit a MODPOST of the kernel modules is not guaranteed for kernels <
5.10. This results in some broken SDKs in which external packages that
depend on exported symbols from kernel modules fail to compile.
Adding "modules" back to the calls to the CompileImage defines fixes the
regression. For kernels > 5.10 this is not needed, but it doesn't cause
any harm either.
Tested with kernels 5.4.x and 5.10.x.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Remove \n that mangles output, and fix inconsistent version name check.
Example before:
Build dependency: Please install the GNU C++ Compiler (g++) 6 or later
Build dependency: \nPlease reinstall the GNU C++ Compiler (4.8 or later) - it appears to be broken
Build dependency: Please install ncurses. (Missing libncurses.so or ncurses.h)
Signed-off-by: Karl Palsson <karlp@tweak.net.au>
Use an 'if' so the absence of $(LINUX_DIR)/user_headers doesn't make the
line evaluate to false and cause the build to fail.
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Removed upstreamed:
generic/pending-5.4/770-02-net-ethernet-mtk_eth_soc-fix-rx-vlan-offload.patch
All other patches automatically rebased.
Build system: x86_64
Build-tested: ipq806x/R7800
Note that since I rebased the previous commit, I removed my Run-tested line
although I confirm building the image successfully.
Signed-off-by: John Audia <graysky@archlinux.us>
Removed upstreamed:
generic/backport-5.4/050-gro-fix-napi_gro_frags-Fast-GRO-breakage-due-to-IP-a.patch
bcm63xx/patches-5.4/434-nand-brcmnand-fix-OOB-R-W-with-Hamming-ECC.patch*
Removed/code was included upstream and therefore redundant:
ramips/patches-5.4/999-fix-pci-init-mt7620.patch
All other patches automatically rebased.
* update_kernel.sh did not flag this yet it was included in 5.4.119[1], as a
result of the rebase, I removed my testing lines since I did not go back to
test built or to run test 5.4.119 with the removed patch present.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.4.119&id=e5b3e69eb36ac1178a7a2392616fd29afd288c4e
Signed-off-by: John Audia <graysky@archlinux.us>
Before this commit, it was assumed that mkhash is in the PATH. While
this was fine for the normal build workflow, this led to some issues if
make TOPDIR="$(pwd)" -C "$pkgdir" compile
was called manually. In most of the cases, I just saw warnings like this:
make: Entering directory '/home/.../package/gluon-status-page'
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
[...]
While these were only warnings and the package still compiled sucessfully,
I also observed that some package even fail to build because of this.
After applying this commit, the variable $(MKHASH) is introduced. This
variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the
correct path.
Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
When building for MikroTik devices the kernel2minor tool will sometimes
fail with:
Can't get lstat from kernel file!: No such file or directory.
This is because kernel2minor expects paths no longer than 250 chars.
To work around this the include/image-commands.mk has been modified
to copy the kernel to a temporary file (/tmp/tmp.XXXXXXXXXX) before
calling kernel2minor.
Signed-off-by: François Chavant <francois@chavant.info>
OpenWRT requires a number of Perl modules to be installed. It wasn't checking on all of them.
This patch adds checks for Perl FindBin, File::Copy, File::Compare and Thread::Queue modules.
Failing to install these, will have the build break at some point. By adding these to the
prereq-build.mk script, they are checked on forehand.
Tested on a Fedora 33 and 34 (beta) that was freshly installed. Fedora appears to
break up Perl modules into small packages that need to be installed for the build to succeed.
Signed-off-by: Bas Mevissen <abuse@basmevissen.nl>
These have long been obsolete. For reference, here's the Linux version where
each symbol has been dropped:
CONFIG_IP6_NF_QUEUE - 3.5
CONFIG_IP6_NF_TARGET_LOG - 3.4
CONFIG_IP_NF_MATCH_DSCP - 2.6.19
CONFIG_NF_CONNTRACK_IPV4 - 4.19
CONFIG_NF_CONNTRACK_IPV6 - 4.19
CONFIG_NF_CONNTRACK_RTCACHE - out-of-tree, superseded by flow offloading
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Manually rebased*
generic/backport-5.4/700-v5.5-net-core-allow-fast-GRO-for-skbs-with-Ethernet-heade.patch
Added new backport*
generic/backport-5.4/050-gro-fix-napi_gro_frags-Fast-GRO-breakage-due-to-IP-a.patch
All others updated automatically.
The new backport was included based on this[1] upstream commit that will be
mainlined soon. This change is needed because Eric Dumazet's check for
NET_IP_ALIGN (landed in 5.4.114) causes huge slowdowns on drivers which use
napi_gro_frags().
Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
*Credit to Alexander Lobakin
1. https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7ad18ff6449cbd6beb26b53128ddf56d2685aa93
Signed-off-by: John Audia <graysky@archlinux.us>
The 'append-image-stage' command doesn't work when setting the
EXTRA_IMAGE_NAME option of the ImageBuilder as in that case
DEVICE_IMG_PREFIX is modified and no longer matches the value it had in
buildroot. Choose a filename independent of DEVICE_IMG_PREFIX for
images staged using 'append-image-stage' to fix that.
Fixes: de4b29dab9 ("image: introduce 'append-image-stage' build command")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Similar to 'append-image' this new command appends an existing binary.
'append-image-stage' also makes a copy of that binary and keeps it in
$(STAGING_DIR_IMAGE). When called from within the ImageBuilder, this
copy is used instead of expecting the binary to be present.
This is useful for artifacts which include the initramfs/recovery image
which is usually not included in the ImageBuilder.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Ran update_kernel.sh in a fresh clone without any existing toolchains. No
manual intervention needed.
Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
Removed upstreamed:
mvebu/patches-5.4/319-ARM-dts-turris-omnia-configure-LED-2--INTn-pin-as-interrupt-pin.patch
Build system : x86_64
Build-tested : ipq806x/R7800
Run-tested : ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
Manually rebased due to movement of rx-offload.c in 5.4.110:
layerscape/patches-5.4/802-can-0002-can-rx-offload-fix-long-lines.patch
layerscape/patches-5.4/802-can-0003-can-rx-offload-can_rx_offload_compare-fix-typo.patch
layerscape/patches-5.4/802-can-0004-can-rx-offload-can_rx_offload_irq_offload_timestamp-.patch
layerscape/patches-5.4/802-can-0005-can-rx-offload-can_rx_offload_reset-remove-no-op-fun.patch
layerscape/patches-5.4/802-can-0006-can-rx-offload-Prepare-for-CAN-FD-support.patch
layerscape/patches-5.4/802-can-0018-can-flexcan-use-struct-canfd_frame-for-CAN-classic-f.patch
Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Use update_kernel to refresh all patches, required manual updates to:
610-netfilter_match_bypass_default_checks.patch
611-netfilter_match_bypass_default_table.patch
762-net-bridge-switchdev-Refactor-br_switchdev_fdb_notif.patch
764-net-bridge-switchdev-Send-FDB-notifications-for-host.patch
Run-tested: x86_64
Nothing screamed out but any funny business with linux bridging should
suspect this update first.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
Manually rebased:
pending-5.4/611-netfilter_match_bypass_default_table.patch
The upstream change affecting this patch is the revert of an earlier
kernel commit. Therefore, we just revert our corresponding changes
in [1].
Build system: x86_64
Build-tested: ipq806x/R7800
[1] 9b1b89229f ("kernel: bump 5.4 to 5.4.86")
Signed-off-by: John Audia <graysky@archlinux.us>
[adjust manually rebased patch, add explanation]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The recent removal of usbutils from core and replacement by hwdata in
packages has exposed hwdata's requirement for certain GNU options on
'install' (-T) Other packages (sqm-scripts) have openwrt specific
makefile sections to avoid GNU options but I suspect this is going to
get harder in the future.
Add GNU install as a prerequisite and link into
$STAGING_DIR/host/etc/bin as per similar GNU utils
This resolves an issue building under MacOS which would otherwise use a
non-GNU options aware version of 'install'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
In case CONFIG_TARGET_MULTI_PROFILE is set, IMG_PREFIX cannot be
expanded. Use DEVICE_IMG_PREFIX instead and make sure it's defined.
Fixes: 8f89b1ab0f ("image: add 'append-image' build command")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>