Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value
of CONFIG_SIGNED_PACKAGES and thus is enabled by default.
This option is needed to support building target opkg with enabled
signature verification while having the signed package lists disabled.
Our buildbots currently disable package signing globally in the
buildroot and SDK to avoid the need to ship private signing keys to
the build workers and to prevent the triggering of random key generation
on the worker nodes since package signing happens off-line on the master
nodes.
As unintended side-effect, updated opkg packages will get built with
disabled signature verification, hence the need for a new override option.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f565f276e2)
Commit eae6cac6a3 ("lantiq: add support for AVM FRITZ!Box 7362 SL"), but
one needs an initramfs image to flash OpenWrt from stock firmware (as
described in the commit log). This patch has the initramfs image built
by default.
Thanks to blogic (for pointing to the FEATURES declaration in the target
Makefiles) and Musashino on the forum for suggesting
config/Config-images.in needed editing too. While at it, reorder the
TARGET_INITRAMFS_COMPRESSION_LZMA declarations alphabetically.
This patch will result in initramfs images for all lantiq subtargets
that have the ramdisk flag set. I tested on the falcon and ase
subtargets, which lack that flag, to confirm they don't produce any
initramfs images with this patch - which they do not.
Given the limited scope of the lantiq (sub)target(s), blogic indicated
this should be OK.
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[fixed the wrong reference to eae6cac6a3 commit]
If the target supports a newer kernel version that is not used by default
yet, it can be enabled with this option
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Upstream has renamed KPROBE_EVENT to KPROBE_EVENTS in the following
commit:
commit 6b0b7551428e4caae1e2c023a529465a9a9ae2d4
Author: Anton Blanchard <anton@samba.org>
Date: Thu Feb 16 17:00:50 2017 +1100
perf/core: Rename CONFIG_[UK]PROBE_EVENT to CONFIG_[UK]PROBE_EVENTS
We have uses of CONFIG_UPROBE_EVENT and CONFIG_KPROBE_EVENT as
well as CONFIG_UPROBE_EVENTS and CONFIG_KPROBE_EVENTS.
Consistently use the plurals.
So I'm adding this plural option in order to make kconfig happy and stop
asking about it if kernel is compiled with verbose logging:
Enable kprobes-based dynamic events (KPROBE_EVENTS) [Y/n/?] (NEW)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
VBoxManage is not used and the image is created with proper permisions:
0f5d0f6 image: use internal qemu-img for vmdk and vdi images drop host
dependencies on qemu-utils and VirtualBox
Unreachable config symbols:
9e0759e x86: merge all geode based subtargets into one
No need to define those symbols since x86_64 is subtarget of x86:
196fb76 x86: make x86_64 a subtarget instead of a standalone target
Unreachable config symbols, so remove GRUB_ROOT:
371b382 x86: remove the xen_domu subtarget
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
When CGROUP block io is enabled a new symbol is exposed and needs to
be set or unset else kernel oldconfig hangs waiting for input during
normal OpenWrt builds. Therefore add sane defaults for this symbol
in that case. Also, the defaults brcm2708 are different than generic
defaults because the platform's defconfig enables BLK_DEV_THROTTLING
by default (in defconfig config from the patches used to match
upstream's kernel, not in OpenWrt config-4.xx).
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
[make KERNEL_BLK_DEV_THROTTLING_LOW depend on KERNEL_BLK_DEV_THROTTLING]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch adds the boot-part feature which enables the brcm2708
target move from the custom boot partition size config option to
the generic CONFIG_TARGET_KERNEL_PARTSIZE.
Note:
For people using custom images: Just like with
CONFIG_TARGET_ROOTFS_PARTSIZE changing the value
can cause sysupgrade to repartition the device!
Make sure to have a backup in this case.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This may be useful if you don't entirely trust your flash and want to be able
to check for corruptions.
Signed-off-by: Michal Hrusecky <Michal@Hrusecky.net>
This patch adds the boot-part feature to the apm82181 sata target.
This makes it possible to configure the boot partition size with
the generic CONFIG_TARGET_KERNEL_PARTSIZE symbol.
Please note: For people using custom images: Just like with
CONFIG_TARGET_ROOTFS_PARTSIZE changing the value can cause
sysupgrade to repartition the device!
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The configuration option was renamed with kernel 4.19 from
CONFIG_CC_STACKPROTECTOR to CONFIG_STACKPROTECTOR adapt the code to set
both options.
CONFIG_STACKPROTECTOR now sets the regular stack protector and
CONFIG_STACKPROTECTOR_STRONG activates the additional protection of more
functions.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The sdcard image generation uses CONFIG_TARGET_ROOTFS_PARTSIZE, which is
currently bound to TARGET_ROOTFS_EXT4FS on this target.
Since the rootfs is squashfs anyway, allow deselecting of the ext4fs
one.
Sort the target list alphabetically while here.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Extend the small_flash feature to disable swap, core dumps, and
kernel debug info, and change the squashfs block size to 1024KiB.
Also change squashfs fragment cache to 2 for small_flash to ease memory
usage.
Signed-off-by: Alex Maclean <monkeh@monkeh.net>
Add a new config option to allow to select the default compile
optimization level for the kernel.
Select the optimization for size by default if the small_flash feature is
set. Otherwise "Optimize for performance" is set.
Add the small_flash feature flag to all (sub)targets which had the
optimization for size in their default kernel config.
Remove CC_OPTIMIZE_FOR_* symbols from all kernel configs to apply the new
setting.
Exceptions to the above are:
- lantiq, where the optimization for size is only required for the
xway_legacy subtarget but was set for the whole target
- mediatek, ramips/mt7620 & ramips/mt76x8 where boards should have
plenty of space and an optimization for size doesn't make much sense
- rb532, which has 128MByte flash
Signed-off-by: Mathias Kresin <dev@kresin.me>
In order for monitoring tools such as atop and htop to track and report
i/o data, kernel support for task statistics and io accounting is
required.
Add a config option to enable building this support in the kernel.
Signed-off-by: Jeremiah McConnell <miah@miah.com>
It was only enabled when the target was added back in commit 9b321bc
("lantiq: add Amazon-SE subtarget")
Leave pistachio alone as devices of this target are not likely have
small_flash or low_mem constraint
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
To make it more accessible for nodejs users to configure and run a build
on mips target lacking hardware fpu
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh,
avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain
and depends it means 'build gcc with libssp'.
Musl no longer uses libssp (1877bc9d8f), it has internal support, so
SSP_SUPPORT was disabled leading some package to not use SSP.
No information why Glibc and uClibc use libssp, but they may also provide
their own SSP support. uClibc used it own with commit 933b588e25 but it was
reverted in f3cacb9e84 without details.
Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT
if either USE_MUSL or GCC_LIBSSP.
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.
Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.
Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.
If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.
Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
The Download/git rule will do a `git checkout <git-ref>`.
So, we can use any ref we want.
No need to limit just to branches.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This is mainly for legal considerations and not promoting the usage of
and no redistribution of binaries of patented technologies seems to be
also the established practice in other linux distros.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Symbol CONFIG_INITRAMFS_FORCE allows to ignore the value passed by the
bootloader.
By default, all symbols containing INITRAMFS are wiped from the final
config and then re-added conditionally.
Add support for this symbol, as the build will stop otherwise
questioning the user about this option:
* Restart config...
*
*
* General setup
*
Cross-compiler tool prefix (CROSS_COMPILE) []
Compile also drivers which will not load (COMPILE_TEST) [N/y/?] n
...
Initial RAM filesystem and RAM disk (initramfs/initrd) support
(BLK_DEV_INITRD) [Y/n/?] y
Initramfs source file(s) (INITRAMFS_SOURCE) []
Ignore the initramfs passed by the bootloader (INITRAMFS_FORCE)
[N/y/?] (NEW)
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Multicast routing support is not needed in most setups, and increases the
size of the kernel considerably (>10K after LZMA). Add a config switch to
allow disabling it.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The following patch enables building of initramfs images by default for
the P1020 subtarget in mpc85xx.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Select the other CONFIG_ALL_* options in the hierarchy when the master
option is selected. Currently CONFIG_ALL_KMODS is not selected when the
build bot selects CONFIG_ALL_NONSHARED for example.
Now the rtc kmods should get build when CONFIG_ALL_KMODS,
CONFIG_ALL_NONSHARED or CONFIG_ALL and CONFIG_RTC_SUPPORT are selected
like it is done by the build bots for targets with rtc support.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>
We are starting to add more and more kernel configurable options, to the
point where the Global build options menu is not really usable anymore,
hide all kernel-related configuration options behind a menu.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
While we have CRASHLOG on MIPS it makes sense to support 'classic'
kexec-based CRASH_DUMP on x86 and arm platforms.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
On the more sophisticated (i.e. deeper FIFO) serial controllers,
flow-control might be needed to avoid dropping output.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Prior to commit 1496b95a0 ("x86: clean up default grub baudrate
settings") we had three different baud rates for the Geode targets:
19200 for net5501, 38400 for alix2, and 115200 for Geos.
It doesn't seem that there's a very good reason for varying from our
default 115200 baud, so let's make the Geode target do that instead.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
This can be used to tweak the buildbot behavior without having to change
buildbot's configuration.
It will also allow us to add more aggressive clean steps (e.g. on
toolchain changes), which would break developers' workflows if enable
by default.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
samba.org has started to enforce https and
currently plain http downloads with curl/wget fail,
so convert samba.org download links to use https.
Modernise links at the same time.
Also convert samba.org URL fields to have https.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
This is used to save space on buildbot instances.
If any part of a package needs to be rebuild, the whole package is
rebuilt from scratch. Stamp files are preserved to allow dependency
checks to work
Signed-off-by: Felix Fietkau <nbd@nbd.name>
It could cause crashes with some forms of virtualization, and it is
unlikely to work properly with most systems.
It's safer to just disable it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
These options are needed to create /dev/mem or /dev/kmem .
/dev/mem is needed by the io tool to access raw hardware memory, which
is helpful when debugging and developing drivers.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: John Crispin <john@phrozen.org>
2 GB is overkill and was only added to allow unlimited ext4 resizing,
which is a pretty rare use case. 256 MB allows resizing up to 256 GB,
which should be good enough for almost all users.
A lot of this is mostly irrelevant anyway, since you can just use
squashfs + ext4 overlay.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This makes it possible to activate the gpio and the pinctl debugging
from LEDE menuconfig.
Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The current default rootfs size of 256MB in conjunction with 4K blocks
produces an ext4 filesystem which lacks the appropriate amount of backup GDT
entries to support online-resizing.
For x86 targets, increase the default rootfs size to 2048MB which allows
online resizing the filesystem to up to 2TB which is the current theoretical
maximum for LEDE, due to missing GPT support on the root block device.
Note that the filesystem artefact will not occupy 2GB on the build system as
the make_ext4fs utility uses sparse files to generate the filesystem images,
so the actual disk usage is much lower. Furthermore the filesystem images
are gzip compressed, shrinking them to only a few megabytes on the download
server.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Michael Heimpold <mhei@heimpold.de>
There is very little practical use to limit the number of available inodes on
an ext4 filesystem and the make_ext4fs utility is able to calculate useful
defaults by itself.
Drop the option to make resulting ext4 filesystems more flexible by default.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Michael Heimpold <mhei@heimpold.de>