Commit Graph

1009 Commits

Author SHA1 Message Date
Wenli Looi
f0e4595188 build: add ALT3 and ALT4 vendor/model/variant
This is needed for the Netgear EX7300 series v2.

Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
2023-01-25 00:42:52 +01:00
Christian Marangi
26bb4b409d
scripts: ext-tools: add option to only refresh timestamps
It's possible to have prebuilt tools already extracted. Add option to
just refresh the timestamps.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-23 19:18:05 +01:00
Christian Marangi
1506f8c322
scripts: ext-tools: follow links for host tools path
Host tools path may be a symbolic link. Use -H with find to follow path
links passed from command line to find command.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-23 19:18:05 +01:00
Christian Marangi
5f1758ef14
scripts/dl_github_archieve.py: fix generating unreproducible tar
Allign dl_github_archieve.py to 8252511dc0
change. On supported system the sigid bit is applied to files and tar
archieve that on tar creation. This cause unreproducible tar for these
system and these bit should be dropped to produce reproducible tar.

Add the missing option following the command options used in other
scripts.

Fixes: 75ab064d2b ("build: download code from github using archive API")
Suggested-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-12 14:59:07 +01:00
David Bauer
9ac377d0e0 scripts: add Apache fastly mirror
Add the Apache fastly mirror as preferred download source.
This service is using a dual-stacked CDN.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-01-07 01:32:58 +01:00
Shiji Yang
9fa8fff0af scripts: remove redundant character '0x0a' from Linksys image signature
The redundant character '0x0a' after the 192 bytes '0x00' padding broke
the factory image. We need to remove it to make things work again.

Fixes: e6769d11f3 scripts: fix missing character '0' issue in linksys image
Tested-by: Tony Butler <spudz76@gmail.com>
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2022-11-27 13:18:29 +01:00
Andre Heider
9a2d362bf7
scripts: fix dl_cleanup.py argument handling
The -w|--whitelist and -D|--download-dir arguments pass an additional value,
properly evaluate that.
Also allow to pass the download directory without -D|--download-dir, just as
the usage describes.
Finally fix spitting out the wrong error messages about those args.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-11-15 14:45:50 +01:00
Felix Fietkau
b8bf27e4cb scripts/mkits.sh: fix portability issue
BSD wc can output more whitespaces, which breaks the cut usage.
Replace the cut invocation with awk, which is more portable.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-11-09 20:43:41 +01:00
David Bauer
a208f0a9be mkits: support definition of DTB loadaddr
Support defining a per-device loadaddress for the DTB. This is required
for devices which to not align the DTB from the bootloader correctly.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-11-08 12:16:36 +01:00
Shiji Yang
e6769d11f3 scripts: fix missing character '0' issue in linksys image
In the stock firmware of Linksys, there is a '0' after the crc checksum.
Validated on EA6350V3, EA7300 and EA7300V2's stock images.

Fixes: 892d741259 build: add a script for generating Linksys factory images
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2022-10-30 23:14:45 +01:00
Zhang Hua
a53f29b583
scripts/download.pl: pass aria2 config in ENV only
The aria2c command tries to load config from
${XDG_CONFIG_HOME:-${HOME}/.config}/aria2/aria2.conf by default,
which may result unexpected behavior.

As a replacement, people can use environment variable ARIA2C_OPTIONS
to custom arguments passed to aria2c like curl and wget below.
Including --conf-path=/path/to/config.conf in ARIA2C_OPTIONS can
also set a custom config file path easily if needed.

Signed-off-by: Zhang Hua <zhanghuadedn@gmail.com>
2022-10-20 20:38:31 +02:00
Christian Marangi
f17608ddca
scripts/download.pl: make the download tool configurable
Introduce a new option in the "Advanced configuration options" to
configure a custom download tool.

By declaring a string in "Use custom download tool" an user can force
what command to use to download package. With the string empty the
default tool used is curl, with wget as a fallback if not available.

download.pl supports 3 tools officially aria2c, curl and wget.
If one of the tool is used in this config, download.pl will use the
default args to make use of them.

If the provided string is different than aria2c, curl or wget, the command
is used as is and the download url will be appended at the end of such command.

While at it also tweak the tool selection logic and chose the tool only
once when the script is called and move aria2c specific variables in the
relevant section.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-10-20 00:35:19 +02:00
Christian Marangi
5428bdc2df
scripts/ext-tools: introduce new script to install prebuilt tools
Add a simple script to make it easier to install a prebuilt tools tar.
Currently it will be used by our tools container and kernel workflow on
github.

Simple script that take a tar that contains prebuilt host tools, extract
them and refresh the timestamps to skip recompilation of such host
tools.

By default it refresh timestamps of build_dir/host and
staging_dir/host/stamp.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-09-30 22:42:18 +02:00
Bradford Zhang
e937663025
scripts/download.pl: add tsinghua and ustc mirrors
Add https://mirrors.tuna.tsinghua.edu.cn/ and https://mirrors.ustc.edu.cn/ mirrors into download.pl to speed up download in China.

Signed-off-by: Bradford Zhang <zyc@zyc.name>
2022-09-30 14:57:19 +02:00
Christian Marangi
261925a869
scripts/download.pl: generilize and simplify download tool check
Generilize download tool check and skip other check if a download tool
has been found.
While at it also reintroduce c836ca84e8
that was previously dropped with aria2c support.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-09-28 16:55:10 +02:00
Christian Marangi
f1b3958d02
scripts/download.pl: fix support for aria2c download tool on macos
Currently we use /dev/shm to place aria2c tmp file. This is not present
on macos. Use the openwrt tmp directory instead of the linux-only
/dev/shm to save compatibility with more os.

Fixes: d391236269 ("download.pl: add aria2c support")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-09-26 20:50:10 +02:00
Christian Marangi
5df60f5c24
scripts/download.pl: fix mirrors regression for curl and wget
With the introduction of aria2c support, curl and wget no longer try to
download the file from mirrors. Fix this regression by emptying the
remaining mirrors list only when aria2c is used.

Fixes: d391236269 ("download.pl: add aria2c support")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-09-26 20:50:09 +02:00
Christian Marangi
295e0ed7a9
scripts/download.pl: fix whitespace in mirror urls and drop for
Fix whitespace in mirror urls and replace for loop with join+map logic.

Fixes: d391236269 ("download.pl: add aria2c support")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-09-25 15:54:12 +02:00
Bradford Zhang
d391236269
download.pl: add aria2c support
Use aria2c download tool by default on package download if available in
the system.
aria2c permits to use multiple mirrors and may improve download speed on
special context where servers are hard to reach.

Co-authored-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Bradford Zhang <zyc@zyc.name>
[ fix wrong var in the script and improve commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-09-25 14:56:45 +02:00
Michael Pratt
da4609788d scripts/dl_cleanup: add support for subdirectories
Allow comparing subdirectories exactly like files.

Handle a corner case where the new subdirectory
has the same tarball inside of it
as the one that was downloaded
before a subdirectory for that package was established.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-09-22 16:48:36 -04:00
Ansuel Smith
cf2c9498be
scripts: add clean of build dir to dl_cleanup script
Improve dl_cleanup by adding an option to also clean the build directory
related to the downloaded package.
The script will check every directory in build_dir/ and check if any
old package is present there. If outdated package are found, the old
one are cleared leaving only the last one.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2022-09-14 01:34:47 +02:00
Ansuel Smith
69760d415d
scripts: assume dl/ the default dir for dl_cleanup script
Assume dl/ the default dl dir and make it configurable if someone have that in
a different place.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2022-09-14 01:34:47 +02:00
Ansuel Smith
428c5bf3d1
scripts: add additional regex for dl_cleanup
Add additional regex for dl_cleanup script to handle
case with xxx-v1.2a and xxx-v1.2.3a

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2022-09-14 01:34:43 +02:00
Petr Štetiar
50a48faa1b scripts/download.pl: fix downloads with wget
Several users of wget for downloads (curl is not available in the
system) have reported broken download functionality:

 wget --tries=5 --timeout=20 --output-document=-  https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.142.tar.xz
 http://: Invalid host name.

Thats all happening due to '' was passed as an argument, which got later
expanded to http://.

In the context of a list constructor '' is not nothing, it is an empty
string element.  So fix it by using () as it will yield "nothing" and
thus not introduce an empty string element.

Fixes: #10692
Fixes: 90c6e3aedf ("scripts: always check certificates")
Signed-off-by: Jo-Philipp Wich <jo@mein.io> [shellwords() -> ()]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-13 09:14:09 +02:00
Petr Štetiar
c836ca84e8 scripts/download.pl: silence can't exec curl warning
When running build in verbose mode `make V=s` we can see a lot of
following warnings when curl is not available in the system:

 Can't exec "curl": No such file or directory at scripts/download.pl line 77.

So lets fix it by redirecting of the stderr to null hole.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-13 09:14:09 +02:00
Josh Roys
90c6e3aedf
scripts: always check certificates
Remove flags from wget and curl instructing them to ignore bad server
certificates. Although other mechanisms can protect against malicious
modifications of downloads, other vectors of attack may be available
to an adversary.

TLS certificate verification can be disabled by turning oof the
"Enable TLS certificate verification during package download" option
enabled by default in the "Global build settings" in "make menuconfig"

Signed-off-by: Josh Roys <roysjosh@gmail.com>
[ add additional info on how to disable this option ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-09-10 15:24:22 +02:00
Petr Štetiar
06e01e817e scripts: xxdi.pl: add xxd -i compat mode
So it can serve as a standalone drop in replacement for xxd utility used
currently mostly in U-Boot packages with `xxd -i` mode which outputs C
include file style, with aim for byte to byte identical output, so the
eventual difference in the generated output is easily spottable.

Fixes: #10555
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Jo-Philipp Wich <jo@mein.io> [perl-fu]
2022-09-06 08:04:53 +02:00
Jo-Philipp Wich
8b278a76d9 scripts: xxdi.pl: remove File::Slurp dependency
In order to make it more portable.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-06 08:04:53 +02:00
Petr Štetiar
2117d04a3a scripts: add xxdi.pl
xxdi.pl is a Perl script that implements vim's 'xxd -i' mode so that
packages do not have to use all of vim just to get this functionality.

References: #10555
Source: 97a6bd5cee/xxdi.pl
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-06 08:04:53 +02:00
Christian Marangi
7be01fe13b
scripts: ext-toolchain: add support for musl
Openwrt now supports only glibc and musl. Add support for musl and
rework the libc check to handle the new config flags and correctly
compile package basend on that.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-07-24 19:53:45 +02:00
Christian Marangi
75311977f5
scripts: ext-toolchain: add support for info.mk in probe_cc
Openwrt generate info.mk that contains the libc type. For probe_cc check
if the file exist and parse directly it for LIBC type.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-07-24 19:53:44 +02:00
Christian Marangi
ddeabc75eb
scripts: ext-toolchain: actually probe libc type on config generation
Currently we never call probe_cc before config generation, this cause
the script to never actually detect the correct libc type.
Call probe_cc before config generation to correctl set the .config file.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-07-24 19:53:44 +02:00
Christian Marangi
f4dd18ca39
scripts: ext-toolchain: add option to overwrite config
It can be useful to overwrite an already generated config.
Option are simply added at the end of the config and make defconfig
will overwrite the relevant option with the new one.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-07-24 19:53:44 +02:00
Christian Marangi
53c293262f
scripts: ext-toolchain: fix wrong prefix in print_config generation
The parsed prefix in print_config is wrong and this produce broken
generated .config that won't work with any external toolchain.

Currently the prefix from a CC of

'arm-openwrt-linux-muslgnueabi-gcc-12.1.0'

produce a prefix

'arm-openwrt-linux-muslgnueabi-gcc-'

This is wrong as the real prefix should be

'arm-openwrt-linux-muslgnueabi-'

This is probably caused by a change in how the toolchain is now handled
that now append also the gcc version. Probably in ancient days the
version wasn't part of the name and the prefix generation stripped the
'-gcc' instead of the gcc version.

Fix this and correctly strip the gcc version and the gcc suffix to
correctly call toolchain bins.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-07-24 19:53:43 +02:00
David Bauer
a0b7fef0ff ramips: add support for ZyXEL NWA50AX / NWA55AXE
Hardware
--------
CPU:    Mediatek MT7621
RAM:    256M DDR3
FLASH:  128M NAND
ETH:    1x Gigabit Ethernet
WiFi:   Mediatek MT7915 (2.4/5GHz 802.11ax 2x2 DBDC)
BTN:    1x Reset (NWA50AX only)
LED:    1x Multi-Color (NWA50AX only)

UART Console
------------
NWA50AX:
Available below the rubber cover next to the ethernet port.
NWA55AXE:
Available on the board when disassembling the device.

Settings: 115200 8N1

Layout:

<12V> <LAN> GND-RX-TX-VCC

Logic-Level is 3V3. Don't connect VCC to your UART adapter!

Installation Web-UI
-------------------
Upload the Factory image using the devices Web-Interface.

As the device uses a dual-image partition layout, OpenWrt can only
installed on Slot A. This requires the current active image prior
flashing the device to be on Slot B.

If the currently installed image is started from Slot A, the device will
flash OpenWrt to Slot B. OpenWrt will panic upon first boot in this case
and the device will return to the ZyXEL firmware upon next boot.

If this happens, first install a ZyXEL firmware upgrade of any version
and install OpenWrt after that.

Installation TFTP
-----------------
This installation routine is especially useful in case
 * unknown device password (NWA55AXE lacks reset button)
 * bricked device

Attach to the UART console header of the device. Interrupt the boot
procedure by pressing Enter.

The bootloader has a reduced command-set available from CLI, but more
commands can be executed by abusing the atns command.

Boot a OpenWrt initramfs image available on a TFTP server at
192.168.1.66. Rename the image to owrt.bin

 $ atnf owrt.bin
 $ atna 192.168.1.88
 $ atns "192.168.1.66; tftpboot; bootm"

Upon booting, set the booted image to the correct slot:

 $ zyxel-bootconfig /dev/mtd10 get-status
 $ zyxel-bootconfig /dev/mtd10 set-image-status 0 valid
 $ zyxel-bootconfig /dev/mtd10 set-active-image 0

Copy the OpenWrt ramboot-factory image to the device using scp.
Write the factory image to NAND and reboot the device.

 $ mtd write ramboot-factory.bin firmware
 $ reboot

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-07-20 21:52:06 +02:00
Wenli Looi
efca76ffce
image: add support for Netgear encrypted image
Netgear encrypted image is used in various devices including WAX202,
WAX206, and EX6400v3. This image format also requires a dummy squashfs4
image which is added here as well.

References in WAX202 GPL source:
https://www.downloads.netgear.com/files/GPL/WAX202_V1.0.5.1_Source.rar

* openwrt/bootloader/u-boot-mt7621-2018.09-gitb178829-20200526/board/ralink/common/dual_image.c
  Bootloader code that verifies the presence of a squashfs4 image, thus
  a dummy image is added here.

* openwrt/tools/imgencoder/src/gj_enc.c
  Contains code that generates the encrypted image. There is support for
  adding an RSA signature, but it does not look like the signature is
  verified by the stock firmware or bootloader.

* openwrt/tools/imgencoder/src/imagekey.h
  Contains the encryption key and IV. It appears the same key/IV is used
  for other Netgear devices including WAX206 and EX6400v3.

Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
2022-07-19 14:49:03 +02:00
Sander Vanheule
ebfe66e494 scripts: fix CAMEO tag generator
What should have been only cosmetic changes, ended up in breaking the
script. Rename UIMAGE_CRC_SLICE back to (the original) UIMAGE_CRC_OFF.

Fixes issue #10204 "cameo-tag.py broken"

Reported-by: Markus Stockhausen <markus.stockhausen@gmx.de>
Fixes: f9e840b657 ("scripts: add CAMEO tag generator")
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-07-05 10:18:06 +02:00
Markus Stockhausen
f9e840b657 scripts: add CAMEO tag generator
This script inserts CAMEO tags into an uImage to make U-Boot
of DGS-1210 switches happy.

Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
Suggested-by: Sander Vanheule <sander@svanheule.net> # Mutual checksum algorithm
[commit title prefix, trailing whitespace, OpenWrt capitalisation, move
CRC calculation comment, use UIMAGE_NAME_*, remove parentheses for
return, use f-string instead of str()]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-07-05 09:55:36 +02:00
Mikhail Zhilkin
0cb1dc0277 scripts: add support for Sercomm PID
This scripts creates Sercomm PID file. PID is necessary for the factory
images creation of variuos Sercomm-based devices (Beeline, Netgear,
Etisalat).

Size: 0x70
+-------+------+---------------+------------------+
| Start | Size | Value* (ASCII)| Description      |
+=======+======+===============+==================+
| 0x0   | 0x8  | 10100         | Hardware version |
+-------+------+---------------+------------------+
| 0x8   | 0x8  | 444245 (DBE)  | Hardware ID      |
+-------+------+---------------+------------------+
| 0x64  | 0x4  | 1002          | Software version |
+-------+------+---------------+------------------+
*for Beeline Smartbox GIGA

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
2022-07-03 20:25:38 +02:00
Mikhail Zhilkin
87092b3c06 scripts: add support for Sercomm kernel header
This scripts creates custom kernel header that necessary for Sercomm
mt7621 devices:
- Sercomm S3
- Beeline SmartBox Giga
- Beeline SmartBox Pro
- Beeline Smartbox Turbo
- Beeline Smartbox Turbo+
- WiFire S1500.NBN

Header format
-------------
+--------+---------------+------------------------+
| Offset | Value         | Description            |
+========+===============+========================+
| 0x0    | 53 65 72 00   | Magic "Ser."           |
+--------+---------------+------------------------+
| 0x4    | 04 00 00 01   | End offset of RootFS   |
+--------+---------------+------------------------+
|        |               | This header checksum   |
| 0x8    | d6 14 9a c1   | htonl(~crc)            |
+--------+---------------+------------------------+
| 0xc    | 02 ff ff ff   | Constant               |
+--------+---------------+------------------------+
| 0x10   | 00 01 40 00   | Kernel start offset    |
+--------+---------------+------------------------+
| 0x14   | c6 94 24 00   | Kernel length          |
+--------+---------------+------------------------+
|        |               | Kernel checksum        |
| 0x18   | e7 78 89 f1   | htonl(~crc)            |
+--------+---------------+------------------------+
| 0x1c   | 00 00 00 00   | Constant               |
+--------+---------------+------------------------+
| 0x20   | ff ff ff ff   | Constant               |
+--------+---------------+------------------------+
| 0x24   | ff ff ff ff   | Constant               |
+--------+---------------+------------------------+
| 0x28   | 00 00 00 01   | RootFS offset          |
+--------+---------------+------------------------+
|        |               | RootFS length          |
| 0x2c   | 04 00 00 00   | Always 0x4, we check   |
|        |               | UBI magic only         |
+--------+---------------+------------------------+
|        |               | RootFS checksum        |
| 0x30   | 1c fc 55 2d   | htonl(~crc)            |
|        |               | Const for UBI magic    |
+--------+---------------+------------------------+
| 0x34   | 00 00 00 00   | Constant               |
+--------+---------------+------------------------+
| 0x38   | ff ff ff ff … | Pad to 0x100           |
+--------+---------------+------------------------+

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
2022-07-03 20:25:38 +02:00
Luiz Angelo Daros de Luca
2fd66e058b scripts: add cameo image header generator
The cameo header is a 0x40-byte header used by D-Link DGS 1210 switches
and Apresia ApresiaLightGS series. cameo-imghdr.py is a clean-room
reimplementation of imghdr present in the DGS-1210-28-GPL package.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[fix board_version argument's help text]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-06-28 22:20:09 +02:00
Paul Spooren
7a73221332 build: use numeric-owner in ipkg-build
To create packages the `ipkg-build` script is used which double packs
`control.tar.gz` and `data.tar.gz` to a single package. By default it's
using a verbose username instead of a numeric value for files.

Official OpenWrt images (artifacts) are created within docker containers
which do not seem to contain those verbose usernames and instead
defaults to numeric values.

This becomes a problem when rebuilding public artifacts because other
build environments may offer verbose usernames and there the created
packages is different from the official ones.

With this commit `ipkg-build` always uses numeric values for user/group
and thereby making it easier to reproduce official artifacts.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-04-19 22:59:50 +02:00
Doug Kerr
6f692c9c49 scripts: format to black
clean up formatting with black using 80 character line limit

Signed-off-by: Doug Kerr <dek3rr@gmail.com>
2022-04-16 14:53:17 +02:00
Doug Kerr
0642a2166b scripts: use std library for jam crc32 calculation
CRC32 is available in a standard library. It seems reasonable
to defer to that rather than run a custom implementation.

Signed-off-by: Doug Kerr <dek3rr@gmail.com>
2022-04-16 14:53:17 +02:00
Daniel Golle
4d289ae7e6
scripts/gen_image_generic.sh: fix order of files in EFI bootfs
mtools recursive copy (mcopy -s ...) is using READDIR(3) to iterate
over the directory entries, hence they end up in the FAT filesystem in
traversal order which breaks reproducibility (rather than being added
to the FAT filesystem in a reproducible order). Implement recursive
copy in gen_image_generic.sh in Shell code instead, as in that way we
can force files to be copied in reproducible order.

Fixes: aece8f5ae8 ("scripts/gen_image_generic.sh: generate reproducible EFI filesystem")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-04-15 01:17:04 +01:00
Daniel Golle
aece8f5ae8
scripts/gen_image_generic.sh: generate reproducible EFI filesystem
Generate FAT filesystem for EFI boot in a reproducible way:
 * use '--invariant' option of mkfs.fat
 * set timestamps of all files to SOURCE_DATE_EPOCH
 * make sure files are ordered locale-independent

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-04-11 15:29:33 +01:00
Daniel Golle
1d77dca3b3
scripts: make sure sort-order is independent from locale
Set LC_ALL=C environment variable when calling 'sort' as the sort
order otherwise depends on the locale set.

Fixes: 56ce110b73 ("scripts: make sure conffiles are sorted")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-04-06 17:33:31 +01:00
Paul Spooren
56ce110b73 scripts: make sure conffiles are sorted
It may happen that conffiles are in different order on different builds.
Make sure they have the same order by sorting them.

FIX: #9612

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-04-01 13:08:58 +01:00
Paul Spooren
8822a8d850 build: store sha256_unsigned in JSON
Introduce `sha256_unsigned` which is a checksum of the image _before_ a
signature is attached. This is helpful to compare image reproducibility.

Since the `.sha256sum` file is located in the $(KDIR) folder, switch
$(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR)
itself is not stored inside the resulting JSON file, so it can be
replaced.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-03-29 21:41:06 +01:00
Daniel Golle
068ea2cde0
scripts/gen_image_generic.sh: make ext4 bootfs reproducible
Set fixed timestamp for kernel other files in /boot filesystem.
This should help making x86 *combined* images reproducible.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-03-28 20:52:37 +01:00