Rework SetInitramfs functions to take a second arg to define the
location of the .config. This is needed in preparation for PER_ROOTFS
Initramfs support as we will prepare .config in dedicated directory and
use them only later when the image is actually built.
Link: https://github.com/openwrt/openwrt/pull/12959
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Allow Kernel/CompileImage/Initramfs to use a different rootfs location.
If the additional arg is not defined, TARGET_DIR is used by default.
This allows the caller to customize the kernel initramfs for different
rootfs.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[ simplify commit and rework commit description ]
Link: https://github.com/openwrt/openwrt/pull/12959
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The nf_dup_ipv4.ko and nf_dup_ipv6.ko kernel module were packaged by
kmod-ipt-tee and kmod-nft-dup-inet at the same time. Extract them into a
separate package used by both.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Link: https://github.com/openwrt/openwrt/pull/15833
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The recipe Download/git-kernel uses DownloadMethod/git
which now requires a definition of SOURCE_VERSION instead of VERSION
due to Validate/git being used to check for the variables.
Rename the variable as intended to match with the others
that were renamed in the referenced commit.
This fixes the following Makefile parse error
when downloading a specific kernel repository version
when configured with the CONFIG_KERNEL_GIT_CLONE_URI option:
Makefile:19: *** Download/git-kernel is missing the SOURCE_VERSION field.. Stop.
Fixes: 9fc79e2e2 ("download: don't overwrite VERSION variable")
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Link: https://github.com/openwrt/openwrt/pull/15858
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Now kernel configs of armv6k CPUs don't include CONFIG_CPU_V6.
So armv6k CPUs cannot be detected as arm_v6.
Fix this by adding detection for CONFIG_CPU_V6K.
Signed-off-by: Lu jicong <jiconglu58@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15855
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Several GNU tools such as tar, coreutils, and findutils
now build with support for 64-bit time by default
and otherwise require reconfiguring with a flag
--disable-year2038 in order to build without 64-bit time.
Some standard C libraries, for example,
certain older versions of glibc such as 2.31
have large file support but not long time bits support:
checking for ... option to enable large file support... -D_FILE_OFFSET_BITS=64
checking for ... option for timestamps after 2038... support not detected
This test using C code taken from largefile.m4 in gnulib
uses math and casting to check for overflow
with a macro and array pair that can only be defined
when 64-bit time support is present, and otherwise errors.
It is the exact same code used to test for 64-bit time
during the configure stage of building these tools,
so the results of this test before configure takes place
will always be in concordance with the results of
the test that takes place during the configure script.
Based on the test, the configure flag --disable-year2038
is added to every host tool build depending on the host system.
When the year 2038 problem finally comes around,
the effect of the test can be converted
from the toggling of a configure option into a build prerequisite,
requiring it to pass in order to continue building.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Link: https://github.com/openwrt/openwrt/pull/15799
Signed-off-by: Robert Marko <robimarko@gmail.com>
This reverts commit 25bbefcdd9.
Only the Config-build.in change needed to be merged and this contains
leftover from previous revision of the feature.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Handling default packages selection is really problematic and error
prone. In all the changes, the SECCOMP config is enabled by default if
supported by the target.
This is problematic for the scenario of the first .config creation where
this option will be enabled by default but the package default are
already being parsed.
This cause the reparsing of the default package on the next command and
the "outdated config" error. To better handle this special case, add
additiona logic to match the dependency in the config and check if
CONFIG_SECCOMP should be enabled by default in the scenario where a
.config needs to be init and doesn't exist.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Also include toolchain standard header as system header. These are
required by xdp-tools that try to include stddef.h and stdbool.h for
some tools. These header are usually in /lib/gcc/../include but musl
also have some special variant in /include.
To fix compilation of xdp-tools, also include these standard header.
These header should follow ISO C standard and should not introduce
regression in bpf tools making them specific to an arch.
Link: https://github.com/openwrt/openwrt/pull/15390
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
With some big corner case, tmp directory might not exist when
check-dynamic-def-pkg is called. To handle this, make sure tmp exist
before creating the .packagedynamicdefault file.
Fixes: 9a52ec4fa0 ("toplevel.mk: implement logic to invalidate targetinfo with some config")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Limit CONFIG_IPK_FILES_CHECKSUMS config to OPKG as APK have different
way to validate package integrity (apk audit)
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
For non-overlay configuration we need checksum for config file that
weren't modified by the user. For OPKG in sysupgrade we check the status
file for the Conffiles: entry of every package. this entry contains
checksum for every static file that the package contains.
Provide the same info for APK by creating a conffiles_static file and
parse this file on sysupgrade for non-overlay configurations.
This is also used by the sysupgrade -u option to exclude non-changed
files from the final backup.
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Implement some logic to invalidate targetinfo files in tmp with the
changing of some config.
Some config might affect DEFAULT_PACKAGES list but DEFAULT_PACKAGES is
only evaluated once. This cause the interesting scenario where someone
install feeds packages, targetinfo is evaluated in tmp and then add some
config like CONFIG_USE_APK. Using make defconfig will still select OPKG
as default package as DEFAULT_PACKAGES in targetinfo has been already
evaluated in the feeds install and is never updated.
To handle this add some logic in toplevel.mk to cache the current state
of these special config and wipe targetinfo when these change.
This cause the targetinfo to be reevaluated and handle this REALLY
corner case.
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
There is currently a problem with how some option that modify default
package configuration are parsed.
When the DEFAULT_PACKAGES list is composed, DUMP is used. Using DUMP
disable the loading of .config to remove and modification done by the
user to prevent any kind of conflict or strange thing one creating all
the info for each target. Because of this, .config is never parsed and
any check to CONFIG doesn't work (for the first creation of .config).
Later image build will check what is set in .config and the default
package list won't be parsed anymore.
This is problematic for some config that are OK to parse, for example
SELINUX or USE_APK.
To better handle them add some logic when DUMP is used to selectively
parse these option if present in a to-be-init .config so that option are
correctly parsed and DEFAULT_PACKAGES is correctly set.
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
since the split of APK in mbedtls and openssl version, installing `apk`
as default package doesn't do the trick anymore. Instead specify
`apk-mbedtls` directly.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add special handling for CONTROL conffiles. Some packages (base-files)
manually append stuff to the CONTROL directory.
The CONTROL directory is something for OPKG that is added in the root of
the ipkg directory and usually contains postinst, list, and conffiles
file. For APK the implementation is different, to keep compatibility
with this and maybe other packages, apply manual fixup and check for
these corner case.
Also check if the CONTROL directory is present and is empty to make sure
we don't drop other special file while removing any pending CONTROL
directory in the ipkg directory.
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
As done for OPKG, correctly remove APK files before building package to
make sure we don't work on dirty files.
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Rework handling of post-install scripts for APK. As we do with OPKG,
lets just iterate between each post-install package so we can actually
check if something fail in applying them.
To do this we first extract each .post-install script in APK
scripts.tar.
Also remove these files from final image as they are needed only for the
first installation of the packages.
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Move Build/buffalo-trx to image-commands.mk from image/mt7622.mk to use
that definition from ramips as well.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Since the Yafut tool is now used for both updating the kernel on
MikroTik devices with NAND flash and preparing firmware images for
MikroTik devices with NOR flash, remove the kernel2minor utility from
the tree as it is no longer used for anything.
Signed-off-by: Michał Kępień <openwrt@kempniu.pl>
Link: https://github.com/openwrt/openwrt/pull/13453
Signed-off-by: Robert Marko <robimarko@gmail.com>
The Yafut tool now has limited capabilities for working on filesystem
images stored in regular files. This enables preparing Yaffs2 images
for devices with NOR flash using upstream Yaffs2 filesystem code instead
of the custom kernel2minor tool.
Since minimizing the size of the resulting filesystem image size is
important and upstream Yaffs2 code requires two allocator reserve blocks
to be available when writing a file to the filesystem, a trick is
employed while preparing an OpenWRT image: the blank filesystem image
that Yafut operates on initially contains two extra erase blocks that
are chopped off after the kernel file is written. This is safe to do
because Yaffs2 has a true log structure and therefore only ever writes
sequentially (and the size of the kernel file is known beforehand).
While the two extra erase blocks are necessary for writes, Yaffs2 code
seems to be perfectly capable of reading back files from a "truncated"
filesystem that does not contain these extra erase blocks.
In terms of image size, this new approach is only marginally worse than
the current kernel2minor-based one: specifically, upstream Yaffs2 code
needs to write three object headers (each of which takes up an entire
data chunk) when the kernel file is written to the filesystem:
- an object header for the kernel file when it is created,
- an object header for the root directory when the kernel file is
created,
- an updated object header for the kernel file when the latter is
fully written (so that its new size can be recorded).
kernel2minor only writes two of these headers, which is the absolute
minimum required for reading the file back. This means that the
Yafut-based approach causes firmware images to be at most one erase
block (64 kB) larger than those created using kernel2minor, but only in
the very unfortunate scenario where the size of the kernel file is
really close to a multiple of the erase block size.
The rest of the calculations performed when the empty filesystem image
is first prepared stems from the Yaffs2 layout used by MikroTik NOR
devices: each 65,536-byte erase block contains 63 chunks, each of which
consists of 1024 bytes of data followed by 16-byte Yaffs tags without
ECC data; each such group of 63 chunks is then followed by 16 bytes of
padding, which translates to "-C 1040 -B 64k -E" in the Yafut
invocation. Yaffs2 checkpoints and summaries are disabled (using
Yafut's -P and -S switches, respectively) as they are merely performance
optimizations that require extra storage space. The -L and -M switches
are used to force little-endian or big-endian byte order (respectively)
in the resulting filesystem image, no matter what byte order the build
host uses. The tr invocation is used to ensure that the filesystem
image is initialized with 0xFF bytes (which are an indicator of unused
space for Yaffs2 code).
Signed-off-by: Michał Kępień <openwrt@kempniu.pl>
Link: https://github.com/openwrt/openwrt/pull/13453
Signed-off-by: Robert Marko <robimarko@gmail.com>
We currently skip defining Host/Prepare/Default if HOST_UNPACK is not
defined.
This is mostly the case for Host packages that just provide files with
the src directory and don't need to be downloaded/extracted.
This was probably done lots of times ago due to quilt causing error as
the patches directory wasn't present.
This has changed now and quilt can correctly detect if no patches needs
to be applied (instead of terminating with error)
Always define Host/Prepare/Default to make tools/refresh correctly works
as HOST_QUILT is hardcoded enabled for this make target and will
complain for tool not prepared for quilt patches.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Since we set the root for APK it tries to use those during the build,
which shouldn't happen since local package are used instead.
Disable the repositories by manually setting an empty repository.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Skip removal of APK cache since now deprecated as APK doesn't make use
of cache anymore in our configuration.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Due to missing quotes the script would wrongly assume APK to be enabled
and don't run post install scripts, breaking pretty much everything.
Signed-off-by: Paul Spooren <mail@aparcar.org>
A new option called `USE_APK` is added which generated APK packages
(.apk) instead of OPKG packages (.ipk).
Some features like fstools `snapshot` command are not yet ported
Signed-off-by: Paul Spooren <mail@aparcar.org>
include-prefixes were moved to a common directory in linux v4.12, see
d5d332d3f7
This is needed for bcm27xx kernel v6.6 support.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The needed file '.packageinfo' for creating the CycloneDX SBOM in the
imagebuilder is available in the top directory of the imagebuilder and
not in the tmp directory.
For this reason, the creation of the CycloneDX SBOM file is not available
for the imagebuilder.
To fix this, it is now first checked whether the CycloneDX SBOM should be
built at all and then second decided by checking the IB variable where the
'.packageinfo' file is to be found.
With this change, it is now possible to create the CycloneDX SBOM also for
the imagebuilder as well.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This is an artifact and is not needed. We have already set the
information 'Maintainer:' in the '.packageinfo-*' files.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Add target for Loongson LoongArch64-based boards.
LoongArch is a new RISC ISA developed by Loongson. It's a bit like
MIPS or RISC-V. LoongArch includes both 32-bit and 64-bit versions
(LoongArch32/LoongArch64).
Loongson 3A5000 and 3A6000 are the two existing CPUs of LoongArch64
and is used for PC products. It's BIOS supports ACPI and UEFI-only
boot. These CPUs supports SMP and SMT.
At present only LoongArch64 is supported by linux kernel.
Toolchain requirement:
binutils >= 2.40
gcc >= 13.1
For details, please check the following links:
https://lwn.net/Articles/861951/https://loongson.github.io/LoongArch-Documentation/README-EN.html
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Commit d82c5884c6 ("treewide: make use of new toolchain define")
changed $(TOOLCHAIN_DIR)/include to the new variable
$(TOOLCHAIN_INC_DIRS) that now can contain multiple entry.
Because of this only the first include in $(TOOLCHAIN_INC_DIRS) was
actually included with -isystem, making the other producing warning with
ignored inputs.
Fix this by parsing each entry in $(TOOLCHAIN_INC_DIRS) and adding the
-isystem prefix to correctly include them in the BPF_KERNEL_INCLUDE.
Fixes: d82c5884c6 ("treewide: make use of new toolchain define")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
In package-defaults.mk the VERSION variable contains the final package
version, which is a combination of `PKG_VERSION`, `PKG_RELEASE` and if
used, parameters of `PKG_SOURCE_VERSION`. While this works fine for
building, within the package Makefile the content VERSION varies:
When building a package from a release tarball, the content of VERSION
contains the actual package version, however when building from source
(i.e. Git), the VERSION is overwritten by `PKG_SOURCE_VERSION`.
To fix the overwrite, this commit switches from `VERSION` in download.mk
to `SOURCE_VERSION` which isn't used anywhere else yet.
As a result, Makefiles may pass the package version to be included
inside the binary.
Signed-off-by: Paul Spooren <mail@aparcar.org>
A funny bug was discovered where if the buildroot's path
has the name of the build target within it, it will also be substituted
along with the stampfile's name for each program,
causing an attempt to touch a file in a directory that doesn't exist.
...
...
touch: cannot touch '/Volumes/touch/openwrt/staging_dir/host/stamp/.touch_installed': No such file or directory
touch: cannot touch '/Volumes/ln/openwrt/staging_dir/host/stamp/.ln_installed': No such file or directory
touch: cannot touch '/Volumes/chown/openwrt/staging_dir/host/stamp/.chown_installed': No such file or directory
make[2]: *** [Makefile:50: /Volumes/coreutils/openwrt/staging_dir/host/stamp/.coreutils_installed] Error 1
...
...
Split up the path with $(dir) and $(notdir) before substitution to fix
the syntax.
Reported-by: Georgi Valkov <gvalkov@gmail.com>
Tested-by: Georgi Valkov <gvalkov@gmail.com> # MacOS
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Historically it's possible to leave the `SUBTARGETS` undefined and
automatically fallback to a "generic" subtarget. This however breaks
various downstream scripts which may have expectations around filenames:
While some targets with an explicit generic subtarget contain `generic`
in the filenames of artifacts, implicit "subtargets" don't.
Right now this breaks the CI[1], possibly also scripts using the ImageBuilders.
This commit removes all code that support implicit handling of
subtargets and instead requires every target to define "SUBTARGETS".
[1]: https://github.com/openwrt/openwrt/actions/runs/8592821105/job/23548273630
Signed-off-by: Paul Spooren <mail@aparcar.org>
The compression is faster to (un)pack files, make use of it.
Also add a new build prerequirement, the `zstd` to (un)pack files.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[ improve commit title ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This fix a long lasting bug/inconsistency with rawgit method and
dl_github_archive script.
The dl_github_archive script works by using the github generated tar.gz
instead of cloning and checkout and the tar.gz is generated by using git
archive command that parse and apply .gitattributes rules.
rawgit command never handled .gitattributes and instead made a simple git
clone and checkout causing the inconsistency.
To fix the inconsistency, add extra steps to call git archive command
and generate an intermediate tar to apply .gitattributes rules.
Also for git log format, Github shorthash length is 8 instead of the
default 7, also apply this locally for each cloned repo to produce
consistent tar.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The recovery image is reqired for D-Link M30 as well. So I moved it to include/image-commands.mk to be able to use it for MT7622 and filogic devices.
Signed-off-by: Roland Reinl <reinlroland+github@gmail.com>
Host packages typically are statically linked to avoid rpath issues and
to avoid libraries not being found as a result. With target packages,
both libraries make the most sense as InstallDev typically installs
both, giving packages flexibility. Default this behavior.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Different from OPKG, APK uses a deterministic version schema which chips
the version into chunks and compares them individually. This enforces a
certain schema which was previously entirely flexible.
- Releases are added at the very and end prefixed with an `r` like
`1.2.3-r3`.
- Hashes are prefixed with a `~` like `1.2.3~abc123`.
- Dates become semantic versions, like `2024.04.01`
- Extra tags are possible like `_git`, `_alpha` and more.
For full details see the APK test list:
https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/test/version.data
Signed-off-by: Paul Spooren <mail@aparcar.org>
hostpkg python from packages feed can be picked when do a incremental
build because hostpkg has higher priority in PATH. It may lead build
faliure as it's heavily trimmed (e.g. lacks necessary modules).
For uboot which uses binman and intree dtc, this is forced as hostpkg
python will never provide those modules by default.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This reverts commit c42b915af0.
Now that rpcd uses the 'Auto-Installed' field to differentiate between
deliberately and implicitely installed packages we can remove the
hotfix.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Commit be9023ed43 ("build: fix opkg flags in rootfs") introduced a
call to 'awk' which removes the 'user' flag from all installed
packages in the opkg status file. While is is somehow desireable when
building images directly within the buildroot, when using the
ImageBuilder dropping the 'user' flag means loosing information about
a package being deliberately selected or just implicitely pulled as a
dependency. And that then break tools like 'auc' which request only
packages having the 'user' flag from the asu server, resulting in
broken images being delivered to users.
Restore the original behavior in case of an image being created using
the ImageBuilder.
Fixes: be9023ed43 ("build: fix opkg flags in rootfs")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Building a package in the build system or the SDK results in different
values for the `SOURCE` property, it's either `packages/<package name>`
or `feeds/base/<package name>`. The reason is that the SDK handles
`openwrt.git` as an external feed called while the build system contains
the *base* packages directly.
Since packages created with either method are (ideally) the same (bit
for bit), align the content of SOURCE. To do so this commit creates a
symlink from `feeds/base` to `$(TOPDIR)/package` and adopts the SOURCE
when building from inside the build system.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Let ubinize-image append the ubinized image to the existing image
instead of replacing it.
Fixes: 6c17d71973 ("scripts: ubinize-image.sh: support static volumes, make size optional")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
By default opkg sets the "user" flag when a package is installed,
which resulted in most packages in the rootfs having this flag
set incorrectly. This patch removes the "user" flag from all
installed packages when preparing the rootfs image.
Fixes: #14427
Signed-off-by: Justin Klaassen <justin@tidylabs.app>
Make sure ubinize-image.sh also works with more simple POSIX Shell and
allow creating complete custom images to be used as ARTIFACT/foo.img
and thereby allow including uImage.FIT, TF-A FIP and what ever else
is required on a specific board.
Fixes: 6c17d71973 ("scripts: ubinize-image.sh: support static volumes, make size optional")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
In order to support devices having TF-A FIP image or UBI-aware U-Boot
SPL we need to include a static volume for the bootloader.
Introduce support for adding additional static volumes by prefixing
the filename with ':', eg.
UBINIZE_PARTS := fip:=$(STAGING_DIR_IMAGE)/u-boot.fip
Also add support for rootfs-in-uImage.FIT setups which don't require a
rootfs partition and make the (3rd) size parameter in UBINIZE_PARTS
optional (see example above without declared size).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This reverts commit 131e41614d.
Sadly it makes menuconfig fail with
tmp/.config-package.in:171: glob failed: No files found "feeds/base/utils/busybox/Config.in"
make: *** [/usr/src/openwrt/include/toplevel.mk:136: menuconfig] Error 1
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Building a package in the build system or the SDK results in different
values for the `SOURCE` property, it's either `packages/<package name>`
or `feeds/base/<package name>`. The reason is that the SDK handles
`openwrt.git` as an external feed called while the build system contains
the *base* packages directly.
Since packages created with either method are (ideally) the same (bit
for bit), align the content of SOURCE. To do so this commit creates a
symlink from `feeds/base` to `$(TOPDIR)/package` and adopts the SOURCE
when building from inside the build system.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Add support for compiling DTS for the selected target. This can be
useful for testing if the DTS correctly compile and doesn't produce any
error.
This adds a new make target. To compile only DTS use:
make target/linux/dtb
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The GCC option -fstack-protector-all is a security feature used to protect against stack-smashing attacks.
This option enhances the stack-smashing protection provided by -fstack-protector-strong.
-fstack-protector-all option applies stack protection to all functions, regardless of their characteristics.
While this offers the most comprehensive protection against stack-smashing attacks, it can significantly impact
the performance of the program because every function call includes additional checks for stack integrity.
This option can incur a performance penalty because of the extra checks added to every function call,
but it significantly enhances security, making it harder for attackers to exploit buffer overflows to execute arbitrary code.
It's particularly useful in scenarios where security is paramount and performance trade-offs are acceptable.
Signed-off-by: Cedric DOURLENT <cedric.dourlent@softathome.com>
Using PKG_URL one may set the URL for all sub packages, which is usually
shared anyway. Future packages should only use PKG_URL instead of adding
it per sub-package.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The manifest should provide as much information as possible about the
package, including the project URL. With this commit the URL is stored
as it's own attribute instead of at the end of the description.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Previous commits installed non-elf files into /lib/modules/$VER/.
COLLECT_KERNEL_DEBUG tries to strip all files and these two files
break the build.
Fix it by copying only kernel modules for debug info collection.
Fixes: e1d8e57614 ("kernel: include modinfo for built-in modules")
Fixes: 29f6da4340 ("kernel: include built-in module list")
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Partially revert changes to verbose logging that break the 'check' target
dependencies and trigger many runtime warnings like:
/home/kodidev/openwrt-project/include/toplevel.mk:213: *** mixed implicit and normal rules: deprecated syntax
Fixes: e4a43cda0 ("build: allow var.% targets to bypass the prepare steps")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
In order to pass a status message at runtime,
which is usually listing subtargets
of a Makefile target or an error message,
from a child invocation of Make (submake)
through the parent process to the terminal,
the file descriptors 8 and 9 are opened to be used
by the functions MESSAGE and ERROR_MESSAGE.
However, there are situations where those functions
can be called while not in a submake or a subshell
or a child process which results in a shell error:
/bin/bash: 8: Bad file descriptor
Commit aee3594ffc
("verbose.mk: print ERROR messages in non-verbose")
has exposed this issue to more cases, but it is not the root cause.
To solve this, use the exit code of the first printf attempt
to the alternative file descriptors in order to tell whether
the standard file descriptors need to be used instead.
In order to get rid of the "Bad file descriptor" error, stderr is
redirected to null after grouping the two printf alternatives
into one command to combine outputs.
For ERROR_MESSAGE, the real message is redirected to stderr
after redirecting the error from the attempted printing to null.
For MESSAGE, without redirection, the Make function "shell"
will absorb the actual message from stdout and input the value into the Makefile,
therefore the dummy variable "_NULL", previously used merely for causing
a call to the MESSAGE function to trigger without writing target rules,
now has and a real value when defined, so rename it to "_MESSAGE"
as a placeholder for the real message when the output should be stdout.
When "_MESSAGE" has a value, use Make function "info" to
finally bring it from the Makefile to the terminal.
This also fixes what is likely a typo, in that
while file descriptor 9 is meant to redirect to stderr
for use in error messages like in the function ERROR_MESSAGE,
that function has printf redirecting to file descriptor 8 instead.
Fixes: a4c8d4e37 ("build: make the color of the 'configuration out of sync' warning red")
Signed-off-by: Michael Pratt <mcpratt@pm.me>
These targets are used to input variable values from the Make
context into other things like python scripts, so log messages
should be silenced and build prerequisites should be skipped.
The same thing is done for the other variable print target "val.%".
While at it, combine identical target rules into one definition.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Many NAND devices use a build recipe with "append-ubi | check-size" to
ensure factory images don't exceed the target flash partition size.
However, UBI reserves space for bad block handling and other operational
overhead, and thus 'check-size' can overestimate the space available by
several MB. In practice, this means a failed check is definitely a failure,
while a passing check is only probably a pass.
Improve the situation by teaching 'Build/append-ubi' to check image sizes
while accounting for UBI reserved blocks. Add new device variable NAND_SIZE
and use with existing IMAGE_SIZE to derate the available space. Each UBI
device reserves 20 PEBs per 1024 PEBs of the entire NAND device for bad
blocks, plus an additional 4 PEBs overhead.
Many devices can transparently enable this check by setting NAND_SIZE based
on their flash storage, and may then remove any unneeded 'check-size'.
Link: http://www.linux-mtd.infradead.org/doc/ubi.html#L_overhead
Suggested-by: Shiji Yang <yangshiji66@qq.com>
Suggested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Current factory image sizes for Linksys devices are 256-byte aligned. This
is not an issue writing factory images from the OpenWrt or Linksys GUIs,
but can lead to failures using a TFTP client from the Linksys bootloader:
NAND write: device 1 offset 0x2800000, size 0xc00100
Attempt to write to non page aligned data
NAND write to offset 2800000 failed -22
0 bytes written: ERROR
Simplify Linksys footer creation by migrating to a makefile build recipe,
and pre-pad the footer (with 0xFF) to ensure the final image is $(PAGESIZE)
aligned. Finally, remove the old linksys-image.sh script no longer needed.
Linksys footer details are given below for future reference. The 256-byte
footer is appended to factory images and tested by both the Linksys
Upgrader (observed in EA6350v3) and OpenWrt sysupgrade.
Footer format:
.LINKSYS. Checked by Linksys upgrader before continuing. (9 bytes)
<VERSION> Upgrade version number, unchecked so arbitrary. (8 bytes)
<TYPE> Model of device, space padded (0x20). (15 bytes)
<CRC> CRC checksum of factory image to flash. (8 bytes)
<padding> Padding ('0' + 0x20 * 7) (8 bytes)
<signature> Signature of signer, unchecked so arbitrary. (16 bytes)
<padding> Padding with nulls (0x00) (192 bytes)
Link: https://github.com/openwrt/openwrt/pull/11405#issuecomment-1358510123
Link: https://github.com/openwrt/openwrt/pull/11405#issuecomment-1587517739
Reported-by: Stijn Segers <foss@volatilesystems.org>
Reported-by: Wyatt Martin <wawowl@gmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Add the make function 'exp_units' for helping evaluate k/m/g size units in
expressions, and use this to consistently replace many ad hoc substitutions
like '$(subst k,* 1024,$(subst m, * 1024k,$(IMAGE_SIZE)))' in makefiles.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Some patched u-boots may have problems with parallel build.
Do not enforce parallel build here so one can set PKG_BUILD_PARALLEL:=0
in the specific u-boot Makefile also before including the u-boot.mk.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
This reverts commit 7ceb76ca3a.
Python 3.12 removes the distutils package and is therefore not
compatible. We have to check downstream what relies on distutils before
adding actual support for Python 3.12. Sorry for the noise.
With this in-place, the macOS CI job fails and turns things red, revert
for now.
Signed-off-by: Paul Spooren <mail@aparcar.org>
creates SGE encrypted factory images
to use via the D-Link web interface
rename the old factory unencrypted images to recovery
for use in the recovery console when recovery is needed
DIR-1935-A1 , DIR-853-A1 , DIR-853-A3 , DIR-867-A1 ,
DIR-878-A1 and DIR-882-A1
Signed-off-by: Alan Luck <luckyhome2008@gmail.com>
Changes introduced in commit d604a07225 ("build: add CycloneDX SBOM
JSON support") broke ImageBuilder:
Cannot open '/openwrt-imagebuilder-ath79-generic.Linux-x86_64/tmp/.packageinfo': No such file or directory
So lets fix it by wrapping the BOM generation behind condition of IB
feature check.
Fixes: #13881
Fixes: d604a07225 ("build: add CycloneDX SBOM JSON support")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
`true` might be a shell built-in, or simply not accessible in the hardcoded locations.
Replace it with a custom script that does nothing.
Signed-off-by: Ilya Katsnelson <me@0upti.me>
CycloneDX is an open source standard developed by the OWASP foundation.
It supports a wide range of development ecosystems, a comprehensive set
of use cases, and focuses on automation, ease of adoption, and
progressive enhancement of SBOMs (Software Bill Of Materials) throughout
build pipelines.
So lets add support for CycloneDX SBOM for packages and images
manifests.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
There is no standard for ABI versioning, so its not possible to find out
from `libext2fs2`, `libiwinfo20230701` or `libss2` package names if
thats just package name or package name with ABI version included. To
help with the decision, lets make ABI version aviable in package index.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
In order for the information to be processed further, it should also be
available in package index files.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Kernel module packages compiling is not cached (e.g. mac80211)
even with CONFIG_CCACHE on.
CC should be set to KERNEL_CC in KERNEL_MAKE_FLAGS at kernel.mk
to allow kernel module packages using ccache.
Signed-off-by: Zeyu Dong <dzy201415@gmail.com>
