Usage of current R1 ISA is inconsistent with the MIPS32 subtarget, little
used and has limited utility for testing.
Many distros target a minimum R2 ISA. Debian MIPS 32-bit/64-bit ports all
use MIPS R2 ISA since Stretch, for example. Fedora's MIPS arch also targets
the R2 ISA for 32-bit/64-bit.
Widely used MIPS64 platforms like Octeon are based on the MIPS R2 ISA or
later, and benefit from having a compatible test platform in OpenWRT.
While Linux does support MIPS64 R1 targets, its usefulness for development
and testing is limited. As an example, the modern Linux eBPF JIT requires
a MIPS R2 ISA or later.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
[Refresh config and fix README]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
The buildroot and SDK both require the compilers (gcc, g++) to be
installed on the host system, however the ImageBuilder uses precompiled
binaries.
This patch changes the prerequirements checks to skip the checking for
the compilers if running as ImageBuilder. A similar change has been
made for libncurses-dev in 4a1a58a3e2.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
Acked-by: Paul Spooren <mail@aparcar.org>
Seemingly unneeded based on new upstream code so manually deleted:
layerscape:
820-usb-0007-usb-dwc3-gadget-increase-timeout-value-for-send-ep-c.patch
Manually merged:
generic-hack:
251-sound_kconfig.patch
All other modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800, lantiq/Easybox 904 xDSL
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[add lantiq test report, minor commit message clarification]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The former nft_chain_nat_ipv4 and nft_chain_nat_ipv6 modules have been merged
into a common nft_chain_nat module starting with Linux 5.1.
Ensure that this common module is shipped along with kmod-nft-nat on recent
kernels.
While we're at it, also apply version constraints to other nft modules that
have been merged into the core with newer kernels.
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2815#comment8016
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Instead of hardcoding 'targeted' policy, evaluate /etc/selinux/config
in rootfs to choose according to which policy files in the rootfs got
to be labeled.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
By installing policycoreutils to host/bin it is also available within
the ImageBuilder and SDK, allowing to correctly label both filesystems
and packages.
Signed-off-by: Paul Spooren <mail@aparcar.org>
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x, ath79/generic, bcm72xx/bcm2711
Run-tested: ipq806x (R7800)
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
There are currently several variants of 'wpad' package but the 'iwinfo'
is included by default only if 'wpad', 'wpad-{basic*,mini}' or 'nas'
packages are included in {DEVICE,DEFAULT}_PACKAGES. Use 'wpad-*'
pattern to include 'iwinfo' with any 'wpad' variant.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
'setfiles' and others should be installed to $(STAGING_DIR_HOSTPKG)/bin
rather than $(...)/sbin which isn't in PATH.
Also using -Wl,-rpath to set library search location instead of setting
LD_LIBRARY_PATH when calling setfiles in image.mk.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Some bootloaders are really keen on just one special
fdt in a multi-image fit image. This is a problem, because
currently this is fixed to "fdt@1".
This patch introduces a new device variable:
DEVICE_FDT_NUM that allows to specify the right
fdt number.
If the value is absent "1" will be chosen.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x, lantiq/xrx200 and ath79/generic
Run-tested: ipq806x (R7800), lantiq (Easybox 904 xDSL)
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[add test on lantiq]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
All modifications made by update_kernel.sh/no manual intervention needed
Run-tested: ipq806x (R7800), ath79 (Archer C7v5), x86/64
No dmesg regressions, everything appears functional
Signed-off-by: John Audia <graysky@archlinux.us>
[add run test from PR]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This reverts commit 34cc2c9a99.
The reverted shell code is a very poor reimplementation of the existing
package-metadata.pl usergroup subcommand and the resulting file is not
used anymore, so drop this code.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This file can be subsequently used to resolve symbolic user or group names
to their numeric IDs when packing ipk archives.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Multiple packages contain a USERID variable defining required user and
group for the package to run. With the recent addition of
"PKG_FILE_MODES" it is possible to define user and group of specific
files, replacing (possibly insecure) post-inst scripts. These modes are
set during build time and put directly into the packages.
To allow user and group names rather than the numeric values, a mapping
like `/etc/passwd` is required by the `ipkg-build` script, mapping names
defined in "PKG_FILE_MODES" to a numeric value, as the build system does
not create any users during build.
This commit adds a single line to the `prepare-tmpinfo` target, so that
everytime the feeds are updated the *passwd like* content of
`./tmp/userids` is updated.
Signed-off-by: Paul Spooren <mail@aparcar.org>
All modifications made by update_kernel.sh/no manual intervention needed
Build-tested: x86_64
Run-tested: ipq806x (R7800)
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Currently the global variable PKG_FILE_MODES is used for all ipkg
creations. This works for Makefiles which output a single package, or
variants of a single package.
But if a Makefile outputs multiple packages that each contain different
files, setting PKG_FILE_MODES causes build failure when any of the files
in the variable do not exist in the folder that is currently being
packaged.
Example:
/openwrt/staging_dir/host/bin/fakeroot -l /openwrt/staging_dir/host/lib/libfakeroot.so -f /openwrt/staging_dir/host/bin/faked /openwrt/scripts/ipkg-build -m "/usr/lib/mariadb/plugin/auth_pam_tool_dir:root:376:0750" /openwrt/build_dir/target-mips_24kc_musl/mariadb-10.4.13/ipkg-mips_24kc/mariadb-server-plugin-disks /openwrt/bin/packages/mips_24kc/packages
+chown: cannot access '/openwrt/build_dir/target-mips_24kc_musl/mariadb-10.4.13/ipkg-mips_24kc/mariadb-server-plugin-disks//usr/lib/mariadb/plugin/auth_pam_tool_dir': No such file or directory
This commit changes the file mode handling a bit. The file mode can now
be set either globally via PKG_FILE_MODES (no behavior change) or on a
per-package basis via FILE_MODES. This way specific file modes can be
used for any particular package.
This behavior is already used for other OpenWrt variables, hence it is
familiar:
PKG_MAINTAINER vs MAINTAINER
PKG_SOURCE_SUBDIR vs SUBDIR
PKG_LICENSE vs LICENSE
...
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Manually merged:
hack-5.4
230-openwrt_lzma_options.patch
bcm27xx
950-0283-hid-usb-Add-device-quirks-for-Freeway-Airmouse-T3-an.patch
x86
011-tune_lzma_options.patch
Remove upstreamed patches in collaboration with Ansuel Smith:
ipq806x
093-1-v5.8-ipq806x-PCI-qcom-Add-missing-ipq806x-clocks-in-PCIe-driver.patch
093-2-v5.8-ipq806x-PCI-qcom-Change-duplicate-PCI-reset-to-phy-reset.patch
093-3-v5.8-ipq806x-PCI-qcom-Add-missing-reset-for-ipq806x.patch
All other modifications made by update_kernel.sh
Build-tested: bcm27xx/bcm2708, ipq806x, x86/64
Run-tested: ipq806x (R7800), x86/64
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[update commit message/tested]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adding inline shell invocations in per-target variables causes them to be
executed over and over again, which causes a significant slowdown.
Fix this by evaluating it only once per package directory
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This removes switches dependent on kernel version 4.14 as well as
several packages/modules selected only for that version.
This also removes sched-cake-virtual, which is not required anymore
now that we have only one variant of cake.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Using fakeroot without passing the paths to libfakeroot.sh and faked
causes havoc. Use the $(FAKEROOT) Make variable which includes them.
Fixes: 353ce2e521 ("build: ipkg-build use fakeroot with PKG_FILE_MODES")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The variable VERSION_REPO is used by opkg to download package(list)s.
Now that the default installation support encrypted HTTP opkg should
make use of it.
Suggested-by: Petr Štetiar <ynezz@true.cz>
Suggested-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
The line of default packages became very long and it is easier to read
one package per line, therefore split it by newlines and sort it
alphabetically.
Signed-off-by: Paul Spooren <mail@aparcar.org>
To allow HTTPS usage on a router it requires both certificates
(ca-bundle) and a fitting libustream library (libustream-wolfssl)
By adding both, uclient-fetch and wget can connect to encrypted HTTP.
This allows opkg to update package lists in a more secure fashion.
Suggested-by: Petr Štetiar <ynezz@true.cz>
Suggested-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
The usage of granular `SOURCE_DATE_EPOCH` for packages is an
incrementing integer which could be useful for downstream tooling,
therefore add it to the packages manifest.
Signed-off-by: Paul Spooren <mail@aparcar.org>
With the new `SOURCE` argument of `get_source_date_epoch` it is possible
to set package timestamps based on actual package changes rather thane
$TOPDIR changes.
This commit adds a new variable PKG_SOURCE_DATE_EPOCH which is used by
the `ipkg` build script. As a fallback the existing SOURCE_DATE_EPOCH is
used or as last resort the current time.
The redundant checks for `.git/` and `.svn/` are removed.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The `ipkg-build` script converts a folder into a `opkg` installable
package. Until now it would use root:root for all packages and try to
preserve file modes.
This has the two drawbacks of packages want to add non-root files or add
SUID files, like the `sudo` package does.
To give more flexibility regarding file modes and avoid init script
hacks, a new variable called `PKG_FILE_MODES`. The variable contains a
list of files modes in the format `path:owner:group:mode`.
An example for the `sudo` package below:
```
PKG_FILE_MODES:=\
/usr/bin/sudo:root:root:4755 \
/etc/sudoers:root:root:0440
```
The `ipkg-build` now runs within a fakeroot environment to set any mode
and directly store it in the resulting `ipk` package archive.
Both options `-o` and `-g` are no longer required due to the introduction
of the more flexible `-m` options, which takes the `PKG_FILE_MODES` as
input.
Lastly the option `-c` is removed as it's unused within the script.
Signed-off-by: Paul Spooren <mail@aparcar.org>
This allows the build process to prepare a squashfs filesystem for use
with SELinux.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, add commit message]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
CMake provides a user package registry (stored in ~/.cmake/packages) and
a system package registry (not available on non-Windows platforms).
The "export(PACKAGE)" command may store information in the user package
registry, and the "find_package()" command may search both user and
system package registries for information.
This sets various variables to disable the use of these package
registries (both saving and retrieval of package information).
This also sets deprecated variables that perform similar functions, in
case external toolchains include older versions of CMake.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This PR is a blend of several kernel bumps authored by ldir taken from his
staging tree w/ some further adjustments made by me and update_kernel.sh
Summary:
Deleted upstreamed patches:
generic:
742-v5.5-net-sfp-add-support-for-module-quirks.patch
743-v5.5-net-sfp-add-some-quirks-for-GPON-modules.patch
bcm63xx:
022-v5.8-mtd-rawnand-brcmnand-correctly-verify-erased-pages.patch
024-v5.8-mtd-rawnand-brcmnand-fix-CS0-layout.patch
mediatek:
0402-net-ethernet-mtk_eth_soc-Always-call-mtk_gmac0_rgmii.patch
Deleted patches applied differently upstream:
generic:
641-sch_cake-fix-IP-protocol-handling-in-the-presence-of.patch
Manually merged patches:
generic:
395-v5.8-net-sch_cake-Take-advantage-of-skb-hash-where-appropriate.patch
bcm27xx:
950-0132-lan78xx-Debounce-link-events-to-minimize-poll-storm.patch
layerscape:
701-net-0231-enetc-Use-DT-protocol-information-to-set-up-the-port.patch
Build system: x86_64
Build-tested: ath79/generic, bcm27xx/bcm2708, bcm27xx/bcm2711,
imx6, mvebu/cortexa9, sunxi/a53
Run-tested: Netgear R7800 (ipq806x)
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-By: Lucian Cristian <Lucian.cristian@gmail.com> [mvebu]
Tested-By: Curtis Deptuck <curtdept@me.com> [x86/64]
[do not remove 395-v5.8-net-sch_cake-Take-advantage-... patch,
adjust and refresh patches, adjust commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-By: John Audia <graysky@archlinux.us> [ipq806x]
The README file is displayed on "make help", but updating the
command has been overlooked during the README -> README.md
rename.
Fix it.
Fixes: d0113711a3 ("README: port to 21st century")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Fix shellcheck SC2230
> which is non-standard. Use builtin 'command -v' instead.
Using `command -v` is POSIX compliant while `which` is not. Also to
mention, `command -v` is a shell builtin whereas `which` is a separate
busybox applet.
Once applied to everything concerning OpenWrt we can disable the busybox
feature `which` and save 3.8kB.
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Paul Spooren <mail@aparcar.org>
[also replace cases in zram-swap]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
It has been reported that the current message displayed during
upgrade with compat_version change is misleading for "legacy"
devices, i.e. those without the "new" fwtool. This is partially
caused by the fact that we need to exploit the supported_devices
string to get some message text displayed for these devices.
This patch modifies the message to make it more helpful and
include additional information, e.g.
Device linksys,wrt3200acm not supported by this image
Supported devices: linksys,wrt3200acm linksys-whateverelse - Image
version mismatch: image 1.1, device 1.0. Please wipe config during
upgrade (force required) or reinstall. Reason: Config cannot be
migrated from swconfig to DSA
Note that the line breaks (except the one before Supported devices)
are added manually here, I hesitate to hack \n into the
supported_devices as well. The "Reason:" will only be displayed if
DEVICE_COMPAT_MESSAGE is set for the device, otherwise
"Please check documentation ..." will be shown instead.
While at it, also rearrange the code in image-commands.mk to
make lines shorter and remove the double filter-out command.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Add package which provides size optimized wpad with support for just
WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[adapt to recent changes, add dependency for WPA_WOLFSSL config]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Instead of just printing a warning that an image is too big, also
print both actual size and limit in the string:
WARNING: Image file somename.bin is too big: 2096101 > 1048576
Since the kernel size is checked via the same function (if
KERNEL_SIZE is specified), this will also apply to the kernel
image size check.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The recipe check-kernel-size is not used in the entire tree. Instead,
we already check the size of the kernel image in Device/Build/kernel
in image.mk via check-size function if KERNEL_SIZE is defined.
Therefore, drop the function. Using it would be redundant anyway.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
So far, the compatibility mechanism only works if both device and
image are already updated to the new routines. This patch extends
the sysupgrade metadata and fwtool_check_image() to account for
"older" images as well:
The basic mechanism for older devices to check for image compatibility
is the supported_devices entry. This can be exploited by putting
a custom message into this variable of the metadata, so older FW
will produce a mismatch and print the message as it thinks it's the
list of supported devices. So, we have two cases:
device 1.0, image 1.0:
The metadata will just contain supported_devices as before.
device 1.0, image 1.1:
The metadata will contain:
"new_supported_devices":["device_string1", "device_string2", ...],
"supported_devices":["Image version 1.1 incompatible to device: ..."]
If the device is "legacy", i.e. does not have the updated fwtool.sh,
it will just fail with image check and print the content of
supported_devices. If DEVICE_COMPAT_MESSAGE is set, this will be
printed on old devices as well through the same mechanism. Otherwise
a generic "Please check documentation ..." is appended.
Upgrade can still be performed with -F like when
SUPPORTED_DEVICES has been removed to prevent bricking.
If the device has updated fwtool.sh (but is 1.0), it will just use
the new_supported_devices instead, and work as intended (flashing
with -n will work, flashing without will print the appropriate
warning).
This mechanism should provide a fair tradeoff between simplicity
and functionality.
Since we touched a lot of fields in metadata, this also bumps
metadata_version to 1.1.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
We regularly encounter the situation that devices are subject to
changes that will make them incompatible to previous versions.
Removing SUPPORTED_DEVICES will not really be helpful in most of these
cases, as this only helps after a rename.
To solve this situation, this patchset introduces a compatibility
version for devices. It will be implemented via a per-device
Make variable DEVICE_COMPAT_VERSION, which will be set to 1.0
globally by default and then can be overwritten as needed.
Furthermore, a variable DEVICE_COMPAT_MESSAGE is added, where
a message to be displayed during sysupgrade may be specified
optionally.
This patch only implements the build variables and adds them
to the sysupgrade metadata, the evaluation will be addressed
in a subsequent patch.
To set it, one would just need to add the following to a device node:
define Device/somedevice
...
DEVICE_COMPAT_VERSION := 1.1
DEVICE_COMPAT_MESSAGE := Config cannot be migrated from swconfig to DSA
endef
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
By specifying "BROKEN := 1" or "BROKEN := y" for a device, it will be
hidden (and deselected) by default. By that, it provides a stronger
option to "disable" a device beyond just using DEFAULT := n.
To make these devices visible, just enable the BROKEN option in
developer settings as already implemented for targets and packages.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
update_kernel.sh refreshed all patches, no human interaction was needed
Build system: x86_64
Run-tested: Netgear R7800 (ipq806x)
Signed-off-by: John Audia <graysky@archlinux.us>
Set CCACHE_DIR to $(TOPDIR)/.ccache and CCACHE_BASEDIR to $(TOPDIR).
This allows to do clean and dirclean. Cache hit rate for test build
after dirclean is ~65%.
If CCACHE is enabled stats are printed out at the end of building process.
CCACHE_DIR config variable allows to override default, which could be useful
when sharing cache with many builds.
cacheclean make target allows to clean the cache.
Changes from v1:
- remove ccache directory using CCACHE_DIR variable
- remove ccache leftovers from sdk and toolchain make files
- introduce CONFIG_CCACHE_DIR variable
- introduce cacheclean make target
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Instead of using xargs to pass a huge number of files to
script/ipkg-remove, which will usually pick only one, use a more
restrictive wildcard so that, currently, at the most 325 files are
examined, instead of up to over 2,300. The 325-file package is python,
which is picking up python3* ipks. It is about to be removed.
Runner-up is ddns-scripts with 7 files.
This makes a second run of make package/luci/compile go from
real 16.40s; user 17.42s; sys 2.73s
to
real 10.71s; user 9.51s; sys 1.27s
There is a caveat though: if one were to remove the ABI_VERSION of a
package that ends in a digit [0-9], then the old package ipk will not be
removed from the bin directory by make package/abc2/clean.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The wildcard call to clean up luci package (luci*) can pick up over
2,300 files when the full tree is built. Running make package/luci/clean
or a second run of make package/luci/compile would fail with an
'Argument list too long' error.
To avoid that, a maybe_use_xargs function was created that runs the
command straight as usual if the number of arguments is < 512, or saves
the list in a temporary file and feeds it to xargs otherwise.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Instead of calling $(wildcard) to check if the removal list is empty,
then calling it again to actually remove the files, define a function so
that the arguments are expanded only once when it gets called.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
f4f8f4a180 broke ffmpeg compilation with x86
The reason is that ffmpeg's x86 assembly requires at least MMX, which the
pentium CPU_TYPE was preventing.
Fixes ffmpeg compilation on x86_legacy and x86_geode.
Ref: https://github.com/openwrt/openwrt/pull/3061
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Add support for make target nconfig (ncurses)
Reviewed-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Sergio E. Nemirowski <sergio@outerface.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Only enable the testing-kernel feature for the target when the testing
kernel version does not match the stable kernel version.
This way, the option for building the testing kernel in the build config
menu is only exposed when there's a testing kernel available.
Signed-off-by: David Bauer <mail@david-bauer.net>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Fixes:
- CVE-2020-10757
The "mtd: rawnand: Pass a nand_chip object to nand_release()" commit was
backported which needed some adaptations to other code.
Run tested: ath79
Build tested: ath79
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fixes:
- CVE-2020-10757
The "mtd: rawnand: Pass a nand_chip object to nand_release()" commit was
backported which needed some adaptations to other code.
Build tested: ramips
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
With this commit the `profiles.json` contain both the target specific
`default_packages` as well as the device specific `device_packages` as a
array of strings.
This information is required for downstream projects like the various
web-based interactive firmware generators.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Removes the standalone implementation of stack smashing protection
in gcc's libssp in favour of the native implementation available
in glibc and uclibc. Musl libc already uses its native ssp, so this
patch does not affect musl-based toolchains.
Stack smashing protection configuration options are now uniform
across all supported libc variants.
This also makes kernel-level stack smashing protection available
for x86_64 and i386 builds using non-musl libc.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
The buildroot and SDK both require `libncurses-dev` to be installed on
the system, however the ImageBuilder uses precompiled binaries.
This patch changes the prerequirements checks to skip the
`libncurses-dev` part if running as ImageBuilder.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Required for installation of autoconf:
make[5]: Entering directory `/openwrt/build_dir/host/autoconf-2.69'
Making all in bin
make[6]: Entering directory `/openwrt/build_dir/host/autoconf-2.69/bin'
autom4te_perllibdir='..'/lib AUTOM4TE_CFG='../lib/autom4te.cfg'
../bin/autom4te -B '..'/lib -B '..'/lib --language M4sh --cache
'' --melt ./autoconf.as -o autoconf.in
Can't locate Data/Dumper.pm in @INC (@INC contains: ../lib
/usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl
/usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at
../lib/Autom4te/C4che.pm line 33.
BEGIN failed--compilation aborted at ../lib/Autom4te/C4che.pm line 33.
Compilation failed in require at ../bin/autom4te line 40.
BEGIN failed--compilation aborted at ../bin/autom4te line 40.
make[6]: *** [autoconf.in] Error 2
Signed-off-by: Rosen Penev <rosenp@gmail.com>
While the effective "default" based on frequent use is "router", the
DEVICE_TYPE variable actually provides a "basic" configuration without
selecting any additional packages.
This is currently set up with the identifier "bootloader", which seems
to be not used at all. However, the only targets not using "router" or
"nas" are actually archs38 and arc770, which use their own value
"developerboard" for DEVICE_TYPE which seems to have been invented when
these targets where added. The latter is not implemented in target.mk,
though, and will fall back to the "basic" set of packages then.
So, to clean this up and make it more readable, let's just define a
DEVICE_TYPE "basic" and use it for the aforementioned cases.
Cc: Christian Lamparter <chunkeey@gmail.com>
Cc: Sungbo Eo <mans0n@gorani.run>
Cc: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
zstd with its default settings (compression level -3) compresses better
than bzip2 -9 (which is the default setting), and is an order of magnitude
faster.
I made the following measurements for the most common compression tools
(all standard Debian Buster versions, default flags unless noted
otherwise), using the debug information of a large x86-64 kernel with
ALL_KMODS:
* kernel-debug.tar: 376M
* kernel-debug.tar.gz: 101M, compressed in ~12s
* kernel-debug.tar.bz2: 91M, compressed in ~15s
* kernel-debug.tar.xz: 57M, compressed in ~101s
* kernel-debug.tar.zst: 86M, compressed in ~1s
With zstd, there is still some room for improvement by increasing the
compression, but the slight increase in compression ratio
(22.83% -> 19.46%) does not justify the significant increase in
compression time (about 5 times on my machine) in my opinion.
Note that multithreaded compression (-T argument) does not affect
reproducibility with zstd.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Running make with RECURSIVE_DEP_IS_ERROR=1 will cause a hard failure
when a recursive dependency is detected. This is useful to apply
stricter Ci tests, for example.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
This information already exists in some makefiles. In order for the
information to be processed further, it should also be added to the
manifest file and the control file of ipkg packages.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
undefine was added in make 3.82 which is now some 10 years ago, some
make scripts are beginning to use 'undefine'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
ftp can cause problems on some networks switch primary download location
to https and add another mirror
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
xt_MASQUERADE.ko is picked up by both kmod-ipt-nat and kmod-ipt-nat6, causing
conflict
As kmod-ipt-nat6 already depends on kmod-ipt-nat, remove xt_MASQUERADE from it
Fixes: FS#2924
Fixes: 0fad8af851 ("kernel: Include xt_MASQUERADE for kernel 5.2 and later")
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
This reverts commit 3204430e38.
Reverting this commit in preparation for reverting
dcf3e63a35 ("build: scripts/config - update to kconfig-v5.6") which
introduces various unaddressed build breakages.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This addes the option to treat recursive dependencies as warnings
instead of errors, by running make with WARN_RECURSIVE_DEP=1.
Note that the script/config targets will not get rebuilt when you add or
remove WARN_RECURSIVE_DEP while running make. One must run
'make config-clean' before building config with a different setting.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Instead of passing pkg-config location through a variable when building
qconf (make xconfig), prepend its parent directory to the PATH, as it is
being done for other conf targets.
Use a Makefile pattern rule to group all 'scripts/config/%onf'
(currently conf, mconf, qconf) targets in a single rule. Add -O2 to
CFLAGS when building them as well.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The symvers files of older kernel versions are incompatible with the ones
from 5.4, so changing the kernel version without running make clean was
causing build failures in kernel module packages.
Fix this by moving the directory, ensuring that symvers files get thrown
away with a kernel version change
Signed-off-by: Felix Fietkau <nbd@nbd.name>
JSON info files contain machine readable information of built profiles
and resulting images. These files were added in commit 881ed09ee6
("build: create JSON files containing image info").
They are useful for firmware wizards and script checking for
reproducibility.
Currently all JSON files are stored next to the built images, resulting
in up to 168 individual files for the ath79/generic target.
This patch refactors the JSON creation to store individual per image
(not per profile) files in $(BUILD_DIR)/json_info_files and create an
single overview file called `profiles.json` in the target directory.
Storing per image files and not per profile solves the problem of
parallel file writes. If a profiles sysupgrade and factory image are
finished at the same time both processes would write to the same JSON
file, resulting in randomly broken outputs.
Some target like x86/64 do not use the image code yet, resulting in
missing JSON files. If no JSON info files were created, no
`profiles.json` files is created as it would be empty anyway.
As before, this creation is enabled by default only if `BUILDBOT` is set.
Tested via buildroot & ImageBuilder on ath79/generic, imx6 and x86/64.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[json_info_files dir handling in Make, if case refactoring]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Add EFI platform bootable images for x86 platforms. These images can
also boot from legacy BIOS platform.
EFI System Partition need to be fat12/fat16/fat32 (not need to load
filesystem drivers), so the first partition of EFI images are not ext4
filesystem any more.
GPT partition table has an alternate partition table, we did not
generate it. This may cause problems when use these images as qemu disk
(kernel can not find rootfs), we pad enough sectors will be ok.
Signed-off-by: 李国 <uxgood.org@gmail.com>
[part_magic_* refactoring, removed genisoimage checks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
There is a restriction in the number of parameters(10) that may be passed to
the SetupHostCommand macro so continually adding explicit gcc'n' version
checks ends up breaking the compiler check for the later versions and
oddballs like Darwin as was done in 835d1c68a0 which added gcc10.
Drop all the explicitly specified gcc version checks. If a suitable gcc
compiler is not found, it may be specified at the dependency checking
stage after which that version will be symlinked into the build staging
host directory.
eg. 'CC=gccfoo CXX=g++foo make prereq'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Lets add GCC 10 detection to the build system as distributions like Fedora 32 have started shipping with it.
Some tools like mtd-utils need work to compile under GCC10, but that will be next step.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
In most cases check-size is used with IMAGE_SIZE and vice versa. Let check-size
use IMAGE_SIZE by default.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
This commit introduces few related changes which need to be done in
single commit to keep images buildable between git revisions. In result
it retains all previous image creation possibilities with slight name
change of generated images. Brief summary of the commit:
* Split up image generation recipe to smaller chunks to make it more
generic and reusable.
* Make iso images x86 specific and drop their definition as root
filesystem.
* Convert image creation process to generic code specified in image.mk.
* Make geode subtarget inherit features from the main target instead of
redefining them.
* For subtargets create device definitions with basic packages set.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rebased]
Signed-off-by: Paul Spooren <mail@aparcar.org>
IMAGE_SIZE is widely used in many targets. Declare it in the default template to
clean up redundant code. This also prevents deriving IMAGE_SIZE unintentionally
from the previously defined device.
While at it, remove duplicate KERNEL_SIZE declaration.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
getopt is the only command where /usr/local/bin is specified explicitly.
All other commands are assumed to exist in the PATH in one form or
another. Remove this exception and require gnugetopt/getopt to be in
the user's PATH.
In the case of macos Homebrew, getopt is 'keg only' hence not linked
into /usr/local/bin whilst other commands are linked and likely found by
virtue of /usr/local/bin being in PATH.
Since 2019 Homebrew is very reluctant to install links that have
potential to override default OS behaviour, eg: following instructions
on our current 'how to build on macos' wiki page:
$ brew ln gnu-getopt --force
Warning: Refusing to link macOS-provided software: gnu-getopt
If you need to have gnu-getopt first in your PATH run:
echo 'export PATH="/usr/local/opt/gnu-getopt/bin:$PATH"' >> ~/.zshrc
A better option for macos is to link getopt as 'gnugetopt' in
/usr/local/bin, thus the build system will find 'gnugetopt' but other
applications looking for just 'getopt' will find the original macos
binary.
Ultimately it makes sense that 'GNU' dependencies are placed in
/usr/local/bin and /usr/local/bin is included in the user's PATH.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Build/InstallDev no longer places a file list in
$(STAGING_DIR_HOST)/packages; this change removes the creation of
$(STAGING_DIR_HOST)/packages and the attempted removal of a
STAGING_DIR_HOST file list during package clean.
This also changes the host directory passed to Build/UninstallDev from
$(STAGING_DIR_HOST) to $(STAGING_DIR)/host, to match the directory
passed to Build/InstallDev.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Build system needs an 'xargs' that supports '-r' which darwin doesn't.
Homebrew installs a 'gxargs' with the findutils package so look for
'gxargs' as well as 'xargs'
This is a bit of a 'fun' corner case anyway. xargs is only required by
the build if 'CONFIG_AUTOREMOVE' is set and after the build system has
built 'tools/findutils' we have a fully working xargs for host anyway.
Until that time we have to rely on the host's xargs implementation.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The following patches were removed because they are integrated in the upstream kernel 5.4:
* backport-5.4/047-v4.21-mtd-keep-original-flags-for-every-struct-mtd_info.patch
* backport-5.4/048-v4.21-mtd-improve-calculating-partition-boundaries-when-ch.patch
* backport-5.4/080-v5.1-0001-bcma-keep-a-direct-pointer-to-the-struct-device.patch
* backport-5.4/080-v5.1-0002-bcma-use-dev_-printing-functions.patch
* backport-5.4/095-Allow-class-e-address-assignment-via-ifconfig-ioctl.patch
* backport-5.4/101-arm-cns3xxx-use-actual-size-reads-for-PCIe.patch
* backport-5.4/200-v5.2-usb-dwc2-Set-lpm-mode-parameters-depend-on-HW-configuration.patch
* backport-5.4/210-arm64-sve-Disentangle-uapi-asm-ptrace.h-from-uapi-as.patch
* backport-5.4/380-v5.3-net-sched-Introduce-act_ctinfo-action.patch
* backport-5.4/450-v5.0-mtd-spinand-winbond-Add-support-for-W25N01GV.patch
* backport-5.4/451-v5.0-mtd-spinand-Add-initial-support-for-Toshiba-TC58CVG2.patch
* backport-5.4/452-v5.0-mtd-spinand-add-support-for-GigaDevice-GD5FxGQ4xA.patch
* backport-5.4/455-v5.1-mtd-spinand-Add-support-for-all-Toshiba-Memory-produ.patch
* backport-5.4/456-v5.1-mtd-spinand-Add-support-for-GigaDevice-GD5F1GQ4UExxG.patch
* backport-5.4/460-v5.0-mtd-spi-nor-Add-support-for-mx25u12835f.patch
* backport-5.4/460-v5.3-mtd-spinand-Define-macros-for-page-read-ops-with-thr.patch
* backport-5.4/461-v5.3-mtd-spinand-Add-support-for-two-byte-device-IDs.patch
* backport-5.4/462-v5.3-mtd-spinand-Add-support-for-GigaDevice-GD5F1GQ4UFxxG.patch
* backport-5.4/463-v5.3-mtd-spinand-Add-initial-support-for-Paragon-PN26G0xA.patch
* backport-5.4/700-v5.1-net-phylink-only-call-mac_config-during-resolve-when.patch
* backport-5.4/701-v5.2-net-phylink-ensure-inband-AN-works-correctly.patch
* backport-5.4/702-v4.20-net-ethernet-Add-helper-for-MACs-which-support-asym-.patch
* backport-5.4/703-v4.20-net-ethernet-Add-helper-for-set_pauseparam-for-Asym-.patch
* backport-5.4/704-v4.20-net-phy-Stop-with-excessive-soft-reset.patch
* backport-5.4/705-v5.1-net-phy-provide-full-set-of-accessor-functions-to-MM.patch
* backport-5.4/706-v5.1-net-phy-add-register-modifying-helpers-returning-1-o.patch
* backport-5.4/707-v5.1-net-phy-add-genphy_c45_check_and_restart_aneg.patch
* backport-5.4/708-v5.3-net-phylink-remove-netdev-from-phylink-mii-ioctl-emu.patch
* backport-5.4/709-v5.3-net-phylink-support-for-link-gpio-interrupt.patch
* backport-5.4/710-v5.3-net-phy-allow-Clause-45-access-via-mii-ioctl.patch
* backport-5.4/711-v5.3-net-sfp-add-mandatory-attach-detach-methods-for-sfp-.patch
* backport-5.4/712-v5.3-net-sfp-remove-sfp-bus-use-of-netdevs.patch
* backport-5.4/713-v5.2-net-phylink-avoid-reducing-support-mask.patch
* backport-5.4/714-v5.3-net-sfp-Stop-SFP-polling-and-interrupt-handling-duri.patch
* backport-5.4/715-v5.3-net-phylink-don-t-start-and-stop-SGMII-PHYs-in-SFP-m.patch
* backport-5.4/740-v5.5-net-phy-avoid-matching-all-ones-clause-45-PHY-IDs.patch
* backport-5.4/741-v5.5-net-phylink-fix-link-mode-modification-in-PHY-mode.patch
* pending-5.4/103-MIPS-perf-ath79-Fix-perfcount-IRQ-assignment.patch
* pending-5.4/131-spi-use-gpio_set_value_cansleep-for-setting-chipsele.patch
* pending-5.4/132-spi-spi-gpio-fix-crash-when-num-chipselects-is-0.patch
* pending-5.4/220-optimize_inlining.patch
* pending-5.4/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch
* pending-5.4/475-mtd-spi-nor-Add-Winbond-w25q128jv-support.patch
* pending-5.4/477-mtd-add-spi-nor-add-mx25u3235f.patch
* pending-5.4/479-mtd-spi-nor-add-eon-en25qh64.patch
Some bigger changes were done to this feature and we did not port this patch yet:
* hack-5.4/207-disable-modorder.patch
This depends on BOOTMEM which was removed from the kernel, this needs some bigger changes:
* hack-5.4/930-crashlog.patch
A different version of the FPU disable patch was merged upstream, OpenWrt needs some adaptations.
* pending-5.4/304-mips_disable_fpu.patch
- no crashlog support yet as a required file got deleted upstream
- Removed patch below, which is now seen as a recursive dependency [1]
- Removed patch below due to build error [2]
- fix still required to avoid identical function def [3]
- Fixes included from Blocktrron
- Fixes included from Chunkeey
- Fix included from nbd regarding "dst leak in Flow Offload"
[1] target/linux/generic/hack-5.4/260-crypto_test_dependencies.patch
[2] target/linux/generic/hack-5.4/207-disable-modorder.patch
[3] target/linux/generic/pending-5.4/613-netfilter_optional_tcp_window_check.patch
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Some targets like kirkwood or omap don't use a subtarget which results
in a malformed JSON info file.
Instead of having a valid value like `"target": "ath79/tiny"` for these
targets the value is `"target": "kirkwood/"`.
This patch uses the same if condition to use `generic` if the subtarget
is empty.
Tested for the kirkwood target.
Signed-off-by: Paul Spooren <mail@aparcar.org>
In Linux kernel commit 8377bd2b9ee1 ("kbuild: Rename HOST_LOADLIBES to
KBUILD_HOSTLDLIBS") HOST_LOADLIBES was renamed to KBUILD_HOSTLDLIBS.
This patch adapts the OpenWrt kernel build to this new variable. Without
this change the kernel host tools would not link against the libraries
found in the staging directory.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Most of the kernel version switches below 4.14 were removed in commit
97940f8766 ("kernel: remove obsolete kernel version switches"),
but some of them still remained. Remove them now.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Certain boards have limitations on U-Boot that prevent flashing
of images where the kernel size exceeds a threshold, yet
sysupgrade can sucessfully manage larger kernels. The current
check-size will remove the target artifact if its total size
exceeds the threshold. If applied after append-kernel,
it will remove the kernel, but the remaining image-assembly
steps will continue, resulting in an image without a kernel
that is likely unbootable.
By defining check-kernel-size, it is now possible to prevent release
of such unbootable images through a construct similar to:
IMAGE/factory.img := append-kernel | pad-to $$$$(GL_UBOOT_UBI_OFFSET) | \
append-ubi | check-kernel-size $$$$(GL_UBOOT_UBI_OFFSET)
Cc: Chuanhong Guo <gch981213@gmail.com>
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Setting CONFIG_IPK_FILES_CHECKSUMS=y causes sha256 checksum files to be
included with the packages to check for corruption. This commit fixes two
issues:
- /sbin/pkg_check was being removed incorrectly if IPK_FILES_CHECKSUMS=y
- checksums were being saved in the wrong file
Signed-off-by: Xu Wang <xwang1498@gmx.com>
Package new kmods "nf_tables_set" and "nft_objref" which got introduced
with kernel 4.18 and restrict the old "nft_set_rbtree" and "nft_set_hash"
modules to sub-4.18 versions.
Also reorder the nftables related netfilter.mk entries alphabetically
while touching this code section.
Fixes: FS#2699
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2699#comment7450
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This tristate choose allows to select to build only some applications
with PIE enabled. On MIPS binaries are getting about 30% bigger when PIE
is activated for the, which is a huge increase.
Network exposed applications like dnsmasq should then be build with PIE
enabled, but some applications which are normally not parsing data from
the network do not have it activated. The regular option should give a
good trade off between extra flash and RAM memory usage and security.
This changes the default from building no applications with PIE to build
some specifically marked applications with PIE enabled. This option is
only activated for targets with bigger flash and RAM to not consume
extra memory on the very small targets. On SDK builds the Regular option
should always be selected, because some tiny targets share the
applications with big targets and only the images for the tiny targets
should contain the none PIE applications, but the images for the normal
targets should use PIE. The shared packages should always use PIE when
it should be normally activated.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
nft_hash hash falsely removed in commit 97940f8766
("kernel: remove obsolete kernel version switches").
Add the module back, as otherwise the build fails.
Fixes: 97940f8766 ("kernel: remove obsolete kernel version switches")
Signed-off-by: David Bauer <mail@david-bauer.net>
After kernel 4.9 has been removed, this removes all (now obsolete)
kernel version switches that deal with versions before 4.14.
Package kmod-crypto-iv is empty now and thus removed entirely.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This move the slightly different target-specific implementations of
mktplinkfw from the targets to include/image-commands.mk and renames
it to tplink-v1-image. Having a common version will increase
consistency between implementation and will complete the
tplink build command already present in the new location.
Due to the slight differences of the original implementations, this
also does some adjustments to the device build commands/variables.
This also moves rootfs_align as this is required as dependency.
Tested on:
- TL-WDR4300 v1 (ath79, factory)
- TL-WDR4900 v1 (mpc85xx, sysupgrade)
- RE210 v1 (ramips, see Tested-by)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Christoph Krapp <achterin@googlemail.com>
Several CMake packages such as log4cplus and protobuf(-c) install to
lib64 instead of lib on some hosts. This completely breaks rpath linking.
Override it globally to avoid fixing each package individually.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
Currently in OpenWrt, there are two libc++: libstdcpp and uClibc++. The
former is huge and the latter supports only C++98 with some basic support
for C++11. Those C++ versions seem to be specific to the compiler version
libcxx supports C++11 and above while being much smaller than libstdcpp.
On mt7621, these are the sizes of the ipks that I get:
libstdcpp: 460786
libcxx: 182881
uClibc++:67720
libcxx is faster than uClibc++ and is under active development as part of
the LLVM project while uClibc++ is effectively dead.
This PR modifies uclibc++.mk to expose the make menuconfig option. Further
cleanup is beyond the scope of this PR. What that means is, this is not
used by default.
A g++-libcxx wrapper based on the uClibc++ one was added. Works the same
way.
Compile tested with all packages that use uclibc++.mk in their Makefiles
under mipsel_24kc. kismet fails compilation but that package needs to be
cleaned up and updated.
Runtime tested with gddrescue, gdisk, dcwapd, bonnie++, and aircrack-ng
on a TP-Link Archer C7v2.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This creates the device variable SOC and adds it to DEFAULT_DEVICE_VARS.
It is supposed to replace target-specific SOC variables like ATH_SOC or
MTK_SOC and thus unify variable names across targets.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Don't put CC_HAS_ASM_GOTO, IS_GCC, IS_CLANG and GCC_VERSION runtime
config options into the kernel configs during reconfiguration as it
makes no sense, since these options should be set at runtime.
Fixes: FS#2588
Signed-off-by: Petr Štetiar <ynezz@true.cz>
It seems that there is a missing PKG_SOURCE_URL_FILE support.
This little fix adds the support for packages to change the name of the
downloaded file.
Sometimes it is desirable to change the downloaded archive file name, like
for mitigating name conflicts for different packages (some files on the server
could be named like, e.g. 2018-01-01.tar.gz) or for the cases that there is
no name for the file in the URL (e.g. http://someserver.com/download).
Signed-off-by: Kamil Wcislo <kamil.wcislo@lpnplant.io>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Add support for Python 3.8 which was released Oct. 14, 2019.
Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
[added missing commit description, simplified version check]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Commit 965f341aa9 ("build: fix host menu config targets using
ncurses") has moved host's path with pkg-config (usually /usr/bin) at
the first place in PATH variable, which is now causing issues with bison
as BISON_PKGDATADIR points into STAGING_DIR_HOST, but the actual bison
used is the one under host PATH (usually /usr/bin/bison), leading to the
following strange failures:
$ make target/linux/clean kernel_menuconfig V=sc
export MAKEFLAGS= ;make -C /somewhere/linux-4.19.81 menuconfig
make -f ./scripts/Makefile.build obj=scripts/kconfig menuconfig
...
bison -oscripts/kconfig/zconf.tab.c -t -l scripts/kconfig/zconf.y
staging_dir/host/bin/m4: cannot open `staging_dir/host/share/bison/bison.m4': No such file or directory
staging_dir/host/bin/m4: cannot open `staging_dir/host/share/bison/c-skel.m4': No such file or directory
...
gcc -Wp,-MD,scripts/kconfig/.zconf.tab.o.d <...snip...> -o scripts/kconfig/zconf.tab.o scripts/kconfig/zconf.tab.c
gcc: error: scripts/kconfig/zconf.tab.c: No such file or directory
gcc: fatal error: no input files
Fix this by forcing usage of bison under STAGING_DIR_HOST/bin via YACC
make variable.
Cc: Thomas Albers <thomas.gameiro@gmail.com>
Cc: Stijn Tintel <stijn@linux-ipv6.be>
Cc: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tested-by: Ivan Revyakin <LovingFox@GMail.com>
Tested-by: Thomas Albers <thomas.gameiro@googlemail.com>
Ref: https://forum.openwrt.org/t/bpi-r64-kernel-4-19-kernel-menuconfig-error
Fixes: 965f341aa9 ("build: fix host menu config targets using ncurses")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Replace 2 instances of non posix use of 'head' with posix compliant
'cut'.
'head -c n' cuts 'n' bytes from the passed string and happens to work on
Linux & Mac OS X even though '-c' is not posix.
'head --bytes n' does the same thing and happens to work on linux but
not on Mac OS X and is also not posix.
'cut -b1-8' cuts the first 8 bytes from the passed string and is posix
compliant, hence works on Linux & Mac OS X.
Our usage of 'head --bytes' was particularly unfortunate since it was
used to calculated the RootFS UUID passed to grub - the net result being
a non-functioning system waiting for the root file system to appear.
Thanks to karlp, ynezz & others for pointers on solving this.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
x86, mvebu and tegra targets are currently using more or less same
SIGNATURE variable which provides unique partition ID/signature, so it
makes sense to refactor it out into common variable which could be
reused by all targets. While at it, make the content of the variable
reproducible.
Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-March/016148.html
Signed-off-by: Paul Spooren <mail@aparcar.org>
Suggested-by: Jo-Philipp Wich <jo@mein.io>
[renamed to IMG_PARTSIGNATURE, reworked with epoch+vermagic hash]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Commit 881ed09ee6 ("build: create JSON files containing image info")
has removed the crucial empty new line from the image copy step
resulting in the following errors during make function expansion:
GZ_SUFFIX :=
bash: GZ_SUFFIX: command not found
Makefile:86: recipe for target 'openwrt-ath79-generic-tplink_archer-c7-v5-squashfs-sysupgrade.bin' failed
Fixes: 881ed09ee6 ("build: create JSON files containing image info")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
UUID of ext4 volumes generated by make_ext4fs are determined by volume
label and it will all be 57f8f4bc-abf4-655f-bf67-946fc0f9f25b when label
is empty
Labeling them does not make them unique but tools like block command
from fstools have a better chance differentiating them
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
It's related to the upstream kernel commit adf82accc5f5 ("netfilter:
x_tables: merge ip and ipv6 masquerade modules").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The luci and freifunk feed having a common Makefile included by the
individual packages. Currently a change to this file will be ignored
when running "scripts/feeds update".
When we are updating for a feed, add a dependency for all .mk files
in the root of it.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
This separates the options for signature creation and verification
* SIGNED_PACKAGES create Packages.sig
* SIGNED_IMAGES add ucert signature to created images
* CHECK_SIGNATURE add verification capabilities to images
* INSTALL_LOCAL_KEY add local key-build to /etc/opkg/keys
Right now the buildbot.git contains some hacks to create images that
have signature verification capabilities while not storing private keys
on buildbot slaves. This commit allows to disable these steps for the
buildbots and only perform signing on the master.
Signed-off-by: Paul Spooren <mail@aparcar.org>
'append-uImage-fakehdr' can now accept magic number as a second, optional
parameter (passed directly to 'mkimage' command with '-M' option). This
enables construction of proper Netgear-specific fake rootfs images
(required for flashing WNDR4300 for example).
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
Problem found on alpine linux when trying to `./scripts/feeds update -a`,
which results in `Build dependency: Missing seq command`.
Ref: https://github.com/openwrt/openwrt/pull/1926
Suggested-by: imShara <shara@protonmail.com>
[reworded commit and turned faulty Sob into Suggested-by]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Some kmods (gpio-hotplug, wireguard) store the build path in the
compiled files and therefore make it harder to rebuild the official
binaries. As the same "iremap" function is used as for other binaries,
the change is compatible with gcc7 and 8.
Tested with both gcc7 and gcc8 resulting in build path independent
reproducible builds.
Signed-off-by: Paul Spooren <mail@aparcar.org>
This is a follow up of 8cb13f4e6d which sets the right timestamp for the
/init file in initramfs. The previous patch doesn't cover it as the
files appear to come from a later step during compilation.
CC: Alexander Couzens <lynxis@fe80.eu>
Signed-off-by: Paul Spooren <mail@aparcar.org>
The check for libelf in the kernel build is not enough, because the code that
uses libelf for stack validation is completely non-portable, as it tries to
include asm/types.h and relies on kernel types in user space.
Until this is fixed properly, the only solution is to disable this on any non
Linux build host
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The JSON info files contain details about the created firmware images
per device and are stored next to the created images.
The JSON files are stored as "$(IMAGE_PREFIX).json" and contain some
device/image meta data as well as a list of created firmware images.
An example of openwrt-ramips-rt305x-aztech_hw550-3g.json
{
"id": "aztech_hw550-3g",
"image_prefix": "openwrt-ramips-rt305x-aztech_hw550-3g",
"images": [
{
"name": "openwrt-ramips-rt305x-aztech_hw550-3g-squashfs-sysupgrade.bin",
"sha256": "db2b34b0ec4a83d9bf612cf66fab0dc3722b191cb9bedf111e5627a4298baf20",
"type": "sysupgrade"
}
],
"metadata_version": 1,
"supported_devices": [
"aztech,hw550-3g",
"hw550-3g"
],
"target": "ramips/rt305x",
"titles": [
{
"model": "HW550-3G",
"vendor": "Aztech"
},
{
"model": "ALL0239-3G",
"vendor": "Allnet"
}
],
"version_commit": "r10920+123-0cc87b3bac",
"version_number": "SNAPSHOT"
}
Signed-off-by: Paul Spooren <mail@aparcar.org>
On a recent Gentoo Linux installation, invoking `make menuconfig`, `make
kernel_menuconfig` or `make kernel_nconfig` in the build system fails,
whereas for example `make menuconfig` in the kernel tree alone works as
expected.
This is happening because STAGING_PREFIX is not defined when kernel's
{menu,n}config target calls pkg-config from the toolchain/host and thus
pkg-config returns an empty value, and the fallback values in the kernel
config script are applied but those are off and the linking fails.
Solution is to use system's pkg-config for all ncurses based menu config
targets in order to provide proper compiler/linker flags.
Ref: FS#2423
Cc: Thomas Albers <thomas.gameiro@gmail.com>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Some tools doesn't support SOURCE_DATE_EPOCH (e.g. initramfs images).
Ensure all files of a root filesystem are set to SOURCE_DATE_EPOCH.
Make initramfs builds reproducible (for ramips).
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
This patch removes scons host build tool, as commit 7087efd72a8d
("scons: move host build tool to a proper place") in the packages feed
has moved scons into the new home.
There are currently no packages in the master tree which would need
scons, yet scons is build always as part of host tools, just in order to
satisfy host build dependency of few packages in the packages feeds.
Ref: https://github.com/openwrt/packages/pull/9584
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Currently for at91 target, Build/install-dtb can be triggered concurrently for
multiple different TARGET_FILESYSTEMS, cp command can fail when the
target file is already open exclusively by other cp process
[ -f /builder/shared-workdir/build/build_dir/target-arm_arm926ej-s_musl_eabi/linux-at91_sam9x/at91sam9263ek-uImage -a -f /builder/shared-workdir/build/build_dir/target-arm_arm926ej-s_musl_eabi/linux-at91_sam9x/root.ubifs+fs=-m_2048_-e_126KiB_-c_2048+pkg=68b329da ]
[ -f /builder/shared-workdir/build/build_dir/target-arm_arm926ej-s_musl_eabi/linux-at91_sam9x/at91sam9263ek-uImage -a -f /builder/shared-workdir/build/build_dir/target-arm_arm926ej-s_musl_eabi/linux-at91_sam9x/root.ext4+pkg=68b329da ]
cp -fpR /builder/shared-workdir/build/build_dir/target-arm_arm926ej-s_musl_eabi/linux-at91_sam9x/linux-4.14.141/arch/arm/boot/dts/at91sam9263ek.dtb /builder/shared-workdir/build/bin/targets/at91/sam9x/openwrt-at91-sam9x-at91sam9263ek.dtb;
cp -fpR /builder/shared-workdir/build/build_dir/target-arm_arm926ej-s_musl_eabi/linux-at91_sam9x/linux-4.14.141/arch/arm/boot/dts/at91sam9263ek.dtb /builder/shared-workdir/build/bin/targets/at91/sam9x/openwrt-at91-sam9x-at91sam9263ek.dtb;
cp: cannot create regular file '/builder/shared-workdir/build/bin/targets/at91/sam9x/openwrt-at91-sam9x-at91sam9263ek.dtb': File exists
Makefile:87: recipe for target '/builder/shared-workdir/build/build_dir/target-arm_arm926ej-s_musl_eabi/linux-at91_sam9x/tmp/openwrt-at91-sam9x-at91sam9263ek-ubifs-dtb' failed
make[4]: *** [/builder/shared-workdir/build/build_dir/target-arm_arm926ej-s_musl_eabi/linux-at91_sam9x/tmp/openwrt-at91-sam9x-at91sam9263ek-ubifs-dtb] Error 1
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This reverts commit 1c0290c5cc.
Dropping the nopad can make the padding overflow into the next erase
block on devices using a non-aligned rootfs start. This breaks the jffs2
overlay partition with the following messages:
[ 30.343877] jffs2_scan_eraseblock(): End of filesystem marker found at 0x10000
[ 30.376512] jffs2: Cowardly refusing to erase blocks on filesystem with no valid JFFS2 nodes
[ 30.385253] jffs2: empty_blocks 196, bad_blocks 0, c->nr_blocks 197
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Pass suitable pkg-config overrides to the kernel build process in
order to let our pkg-config wrapper discover libraries provided
by tools/.
This mainly affects the use of libelf which is required for the
CONFIG_STACK_VALIDATION features. So far, the build system either
silently used host system libraries or kbuild simply disabled the
feature due to the lack of a suitable libelf.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
While the -nopad option prevents mksquashfs from padding the
image to an arbitrary 4k. It does not take into consideration
that squashfs is programmed to have this 4k padding when it's
being used on on a block device... which is its main "use-case".
Now, after a week long discussion on the ML that included a
back-and-forth between some of the possible options.
But this is likely the best KISS patch to deal with the issue
right away given the limited resources.
From squashfs code point of view, be warned. The 4k padding is
not enough when dealing with devices that have a PAGE_SIZE
bigger than 4k.
if it turns out to be affecting you, then please look-up either:
"FS#2460 - kernel panic reading squashfs from ubi volume" bug
Or the discussion on the OpenWrt-Devel ML in
"amp821xx: use newly added pad-squashfs for Meraki MR24" and
"Squashfs breakage lottery with UBI..."
before making an educated guess.
Note: This will not affect the "tiny"/small flash devices as
much as it seems at first. This is because the the rootfs_data
partition that follows uses jffs2. And it requires to be aligned
to the flash block-size in order to work at all.
So either the involved FSes will meet in the middle as before,
or not at all. But in that latter case the image was already
hoping for the "undefined behaviour" gamble to turn out in its
favour and this is probably why this was unnoticed for so long.
Fixes: FS#2460
Reported-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Refreshed all patches.
Also add a missing symbol for x86 which got used now in this bump.
- ISCSI_IBFT
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Refreshed all patches.
Also add a missing symbol for x86 which got used now in this bump.
- ISCSI_IBFT
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Underscores don't harm in filenames, however the sanitize function from
version.mk replaces them, causing inconsistent filenames.
A fix tried to solve this previously via
dfe99645db however I did not look close
enough:
openwrt-ath79-generic-8dev-carambola2.manifest # current
openwrt-ath79-generic_8dev-carambola2.manifest # patched
---------------------^
Eventually the sanitization of PROFILES *could* be removed as more and
more profiles follow the device tree approach of vendor_model, neither
containing upper case letters nor spaces.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Some devices are produced and sold under different names. To debloat
the buildroot but keeping it complete, new variables are introduced to
handle different namings. Below an example taken from a recent PR[0]
DEVICE_VENDOR := Arcadyan
DEVICE_MODEL := ARV4520PW
DEVICE_ALT0_VENDOR := Vodafone
DEVICE_ALT0_MODEL := Easybox 800
DEVICE_ALT1_VENDOR := Airties
DEVICE_ALT1_MODEL := WAV-281
With this commit the buildroot is extended to take care of up to three
alternative namings. The primary title plus alternatives names (if
defined) are shown in the `make menuconfig` dialog. Selecting on of
devices automatically selects all alternative names as they share the
same profile.
A list of the newly introduced variables:
DEVICE_ALT0_VENDOR :=
DEVICE_ALT0_MODEL :=
DEVICE_ALT0_VARIANT :=
DEVICE_ALT1_VENDOR :=
DEVICE_ALT1_MODEL :=
DEVICE_ALT1_VARIANT :=
DEVICE_ALT2_VENDOR :=
DEVICE_ALT2_MODEL :=
DEVICE_ALT2_VARIANT :=
[0]: https://github.com/openwrt/openwrt/pull/2229/files#diff-b436f01932a18876c27800ba183d95f6R140
Signed-off-by: Paul Spooren <mail@aparcar.org>
The LEDE URL is automatically redirected to the OpenWRT one,
returning an HTTP 301 code (Moved Permanently).
Also, use https, as indicated by the redirect.
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
Allow overriding the default selection state for Devices, similar to
setting a default for packages.
E.g. by setting DEFAULT to n, they won't be selected by default anymore
when enabling all device in the multi device profile.
This allows preventing images being built by the default config for
known broken devices, devices without enough RAM/flash, or devices not
working with a certain kernel versions.
This does not prevent the devices from being manually selected or images
being built by the ImageBuilder. These devices often still have worth
with a reduced package-set, or as a device for regression testing, when
no better device is available.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
The manifest file is based on IMG_PREFIX and PROFILE_SANITIZED, whereas
the latter takes a string like DEVICE_8dev_carambola2 and sanitizes it.
This behaviour results in a useless "device_" profile-prefix in the
device manifest filename. Now uses *subst* to remove that.
Therefore this patch results more consistent device file names:
openwrt-ath79-generic-8dev_carambola2-initramfs-kernel.bin
openwrt-ath79-generic-8dev-carambola2.manifest
openwrt-ath79-generic-8dev_carambola2-squashfs-sysupgrade.bin
instead of a single file being called
openwrt-ath79-generic-device_8dev-carambola2.manifest
Signed-off-by: Paul Spooren <mail@aparcar.org>
Revert "mac80211: add new minstrel_ht patches to improve probing on mt76x2" (9861050b85)
Revert "kernel: use bulk free in kfree_skb_list to improve performance" (98b654de2e)
Revert "ramips: add preliminary support for WIO ONE" (085141dc5b)
Revert "ramips: add preliminary support for SGE AP-MTKH7-0006 developer board" (b1db6d0539)
Revert "build: use config.site generated by autoconf-lean, drop hardcoded sitefiles" (363ce4329d)
Revert "toolchain: add autoconf-lean" (fdb30eed03)
Revert "build: allow overriding the filename on the remote server when downloading" (6fa0e07758)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Github releases usually don't contain the project name in the release
filename, which makes them very inconvenient to use from the build
system. Add support for naming the local file differently.
Signed-off-by: Felix Fietkau <nbd@nbd.name>