Netgear encrypted image is used in various devices including WAX202,
WAX206, and EX6400v3. This image format also requires a dummy squashfs4
image which is added here as well.
References in WAX202 GPL source:
https://www.downloads.netgear.com/files/GPL/WAX202_V1.0.5.1_Source.rar
* openwrt/bootloader/u-boot-mt7621-2018.09-gitb178829-20200526/board/ralink/common/dual_image.c
Bootloader code that verifies the presence of a squashfs4 image, thus
a dummy image is added here.
* openwrt/tools/imgencoder/src/gj_enc.c
Contains code that generates the encrypted image. There is support for
adding an RSA signature, but it does not look like the signature is
verified by the stock firmware or bootloader.
* openwrt/tools/imgencoder/src/imagekey.h
Contains the encryption key and IV. It appears the same key/IV is used
for other Netgear devices including WAX206 and EX6400v3.
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
gettext (libintl-stub) was removed in commit [1], so the libintl-stub
lib and include directories aren't existing anymore. This commit cleans
up the INTL flags for the BUILD_NLS=n case.
[1] e6f569406f
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Reviewed-by: Rosen Penev <rosenp@gmail.com>
Manual rebase by Marty Jones:
bcm27xx/patches-5.15/950-0078-BCM2708-Add-core-Device-Tree-support.patch
All other patches automatically rebased.
Signed-off-by: John Audia <therealgraysky@proton.me>
Signed-off-by: Marty Jones <mj8263788@gmail.com>
[Apply same changes to new dts entry in modified file]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The ImageBuilder does not need git or rsync since it only glues files
together, packages are downloaded via wget and not rsync.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[ solve conflict with additional git prereq test ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This avoids a dangling symlink to self when reinstalling the toolchain:
./staging_dir/toolchain-mips_24kc_gcc-9.3.0_musl/lib/lib -> lib
This is caused by the fact that in the toolchain dir we have
'lib64 -> lib'
and on executing
'ln lib ./staging_dir/toolchain-mips_24kc_gcc-9.3.0_musl/lib64'
ln dereference the symbolic link 'lib64' to 'lib' so the REAL command is
'ln lib ./staging_dir/toolchain-mips_24kc_gcc-9.3.0_musl/lib'
this results in the dangling symlink to self.
Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
[ add more details to the commit description and fix title ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
No patches rebased, just checksum update for this refresh.
Build system: x86_64
Build-tested: ipq806x/R7800
Signed-off-by: John Audia <therealgraysky@proton.me>
No patches required a rebase, just updated checksum.
Build system: x86_64
Build-tested: ipq806x/R7800
Signed-off-by: John Audia <therealgraysky@proton.me>
This updates prereq-build.mk to find a suitable realpath utility, and
adds another place to look for a suitable getopt utility.
realpath has been used most notably by scripts/ipkg-build since
commit bb95be9265 ("scripts,ipkg-build: use realpath for pkg_dir")
and there are assorted other uses of it during a build.
It is ordinarily provided by GNU coreutils. This adds a SetupHostCommand
to locate it either under its own name or under grealpath, the name that
it will be available as under MacPorts or Homebrew, which use
--program-prefix=g.
Similarly, update the SetupHostCommand for getopt to be able to locate a
util-linux getopt at the default path used by MacPorts, in the same
fashion that
commit cc16f5d73e ("build: try to find getopt in macOS homebrew's standard location")'
did for Homebrew. As there is no standard alternative --program-prefix
for util-linux utilities in the way that GNU packages often use a "g"
prefix, this path-based approach is required in case a non-util-linux
getopt (such as one provided by an OS) shadows the util-linux getopt
in the PATH.
Signed-off-by: Mark Mentovai <mark@moxienet.com>
Compiler option -no-plt will break kernel builds on some architectures
eg. (x86) Filter this option from the recently introduced handling of
KCFLAGS vs EXTRA_OPTIMISATION
Fixes: 1d42af720c ("kernel: use KCFLAGS for passing EXTRA_OPTIMIZATION flags")
Suggested-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This uses kernel's generic variable and doesn't require patching it with
a custom Makefile change. It's expected *not* to change any behaviour.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
With some OS (Guix) the git submodule command is wrapped in
a script. Current logic parse the git submodule script directly.
If it's wrapped the prereq check wrongly fails while 'git submodule
--recursive' is actually available.
Add an additional check that try to directly use the 'git submodule'
command to check if the prereq is satisfied.
Fixes: #9986
Reported-by: Attila Lendvai <attila@lendvai.name>
Suggested-by: Attila Lendvai <attila@lendvai.name>
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
Delete the crypto-lib-blake2s kmod package, as BLAKE2s is now built-in.
Patches automatically rebased.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Delete the crypto-lib-blake2s kmod package, as BLAKE2s is now built-in.
Patches automatically rebased.
Build system: x86_64
Build-tested: ipq806x/R7800, x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
If you change SCAN_EXTRA variable with "-path target/linux/xxxx" in
include/toplevel.mk for speed up scan, find will warn with:
find: warning: you have specified the global option -maxdepth after
the argument -path, but global options are not positional, i.e.,
-maxdepth affects tests specified before it as well as those specified
after it. Please specify global options before other arguments.
The find option -mindepth -maxdepth are global options and must be
before any path option. Change order of $(SCAN_EXTRA) after -mindepth
and -maxdepth to fix this.
Signed-off-by: Leo Chung <gewalalb@gmail.com>
[capitalize Description, Author and Sob and minor description tweak]
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
According to the GNU make manual, specifying library paths should be
done in LDFLAGS rather than LDLIBS. Replace KBUILD_HOSTLDLIBS with
KBUILD_HOSTLDFLAGS to pass the host lib directory.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
HOST_LOADLIBES was renamed to KBUILD_HOSTLDLIBS in kernel 4.19. As the
oldest kernel version we support is 5.10, cleanup HOST_LOADLIBES use.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Image metadata and signature is of no use for images which are included
inside other artifacts (like an SD-card image). Strip them off before
using images in artifacts or stashing them for the ImageBuilder as the
contained signature breaks reproducibility.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Make it clear, that for `make kernel_{menu,old}config` it's possible to
use only following values for CONFIG_TARGET variable:
* env
* target
* subtarget
* subtarget_target
This should prevent misuse like `make kernel_menuconfig
CONFIG_TARGET=bcm2710` etc.
Keep support for obsolete `platform` and `subtarget_platform` targets
with deprecation notice so this compat stuff could be removed in the
future.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Acked-by: Piotr Dymacz <pepe2k@gmail.com>
Both legacy iptables and nftables require nf-log modules for rule logging,
so move them into a separate package both firewall implementations can
depend on.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
ARM Trusted Firmware builds do not depend on any target libraries as
they are bare-metal builds. However, the compiler aborts due to
-Werror=missing-include-dirs if the include dir doesn't exists and this
can happen when building with parallelisation as that makes it likely
for arm-trusted-firmware-* to be build very early before any of the
libraries which would implicitely create the directory.
Fix this by making sure the include dir exists before building.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Make sure the timestamp of the root directory of the initramfs is set
to SOURCE_DATE_EPOCH as well.
Fixes: 29d7461d11 ("kernel: set options to make external initramfs reproducible")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Introduce `sha256_unsigned` which is a checksum of the image _before_ a
signature is attached. This is helpful to compare image reproducibility.
Since the `.sha256sum` file is located in the $(KDIR) folder, switch
$(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR)
itself is not stored inside the resulting JSON file, so it can be
replaced.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Make sure xz uses at least 2 threads so compression always runs in
multi-threaded mode as the resulting file in single-threaded mode
differs.
Fixes: 29d7461d11 ("kernel: set options to make external initramfs reproducible")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Drop the -processors argument from the mksquashfs4 call, so it will use
all available processors. This dramatically reduces the time to create
squashfs filesystems.
The times below are observed when building an image for my main router,
the WatchGuard Firebox M300 (qoriq target):
Before:
real 4m45,973s
After:
real 0m23,497s
With this commit `mksquashfs` may use more cores than defined via `-j`.
This is the same behaviour as for archive creation of ImageBuilder, SDK
or toolchain. There is no trivial way to limit `mksquashfs` CPU core
usage to the amount of "free" make jobs since two running `mksquashfs`
instances would each run with the total allowed number (-j) of threads.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[extended reasoning in commit message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
the cache directory should be autom4te.cache in all $(PKG_AUTOMAKE_PATHS)
rather than $(PKG_BUILD_DIR)/autom4te.cache only
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
Add new module require in 5.15
- Changes in block module
- Changes in netfilter module (log module unified)
- Changes in fs module (mainly new depends for cifs and new ntfs3 module)
- Changes in lib add shared lib now used by more than 1 kmod
- Changes in crypto, dropped one crypto algo added arm crypto accellerator
- Changes in other, add zram default compressor choice and missing lib
by tpm module
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
engine.mk is supposed to be included by engine packages, but it will not
be present in the SDK in the same place as in the main repository.
Move it to include/openssl-engine.mk to avoid this.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
As the upcoming release will be based on Linux 5.10 only, remove all
kernel configuration as well as patches for Linux 5.4.
There were no targets still actively using Linux 5.4.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
HOST_PATCH_DIR is used for host patches, not PATCH_DIR.
Fixes refreshing patches with a custom HOST_PATCH_DIR.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Remove "--mtime" option introduced in commit 18c9faa032 ("tools: zip:
add option for reproducible archives") and instead fetch SOURCE_DATE_EPOCH
environment variable directly in the code.
Ref: https://sourceforge.net/p/infozip/patches/25/
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Zip uses DOS timestamp for mtime which is stored in local time and hence
depends on the timezone of the build system. Force zip to use UTC timezone
to make image builds more reproducible.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
For debugging purposes, we need to know if users are using modified
U-boot versions or not. Currently, the U-boot version is somehow
stripped. This is a little bit problematic when there are
backported/wip/to-upstream patches.
To make it more confusing, there was (before this commit) two U-boot
versioning. U-boot compiled by OpenWrt build bots are missing ``Build:``
This is also the case when the U-boot is compiled locally.
Example:
```
U-Boot SPL 2022.01 (Jan 27 2022 - 00:24:34 +0000)
U-Boot 2022.01 (Jan 27 2022 - 00:24:34 +0000)
```
On the other hand, if you run full build, you can at least see, where it
was compiled. Notice added ``Build:``.
Example:
```
U-Boot 2022.01 (Jan 27 2022 - 00:24:34 +0000), Build: jenkins-turris-os-packages-burstlab-omnia-216
```
In both cases, it is not clear to U-boot developers if it is an unmodified
build. This is also caused that there is a missing ``.git`` file from
U-boot folder, and so there is no history. It leads to that it can not
contain suffix ``-dirty`` (uncommitted modifications) or even something
else like number of commits, etc. [1]
When U-boot is compiled as it should be, the version should look like
this: ``U-Boot 2022.04-rc1-01173-g278195ea1f (Feb 11 2022 - 14:46:50 +0100)``
The date is not changed daily when there are new OpenWrt builds.
This commit adds OpenWrt specific version, which could be verified by
using strings.
```
$ strings bin/targets/mvebu/cortexa9/u-boot-omnia/u-boot-spl.kwb | grep -E "OpenWrt*"
U-Boot SPL 2022.01-OpenWrt-r18942+54-cbfce92367 (Feb 21 2022 - 13:17:34 +0000)
arm-openwrt-linux-muslgnueabi-gcc (OpenWrt GCC 11.2.0 r18942+54-cbfce92367) 11.2.0
2022.01-OpenWrt-r18942+54-cbfce92367
U-Boot 2022.01-OpenWrt-r18942+54-cbfce92367 (Feb 21 2022 - 13:17:34 +0000)
```
[1] https://u-boot.readthedocs.io/en/latest/develop/version.html
Reported-by: Pali Rohár <pali@kernel.org>
Suggested-by: Karel Kočí <karel.koci@nic.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
If a image is bigger than the device can handle, an error message is
printed. This is usually silenced and silently ignored, making it harder
to debug. While it's possible to run the build in verbose mode (via
`make V=s`) and grep for *is too big*, it's more intuitive to print the
error message directly. For that use the newly unlocked `$(call
ERROR_MESSAGE,...)` definition which now also print in non-verbose mode.
Fixes: FS#50 (aka #7604)
Signed-off-by: Paul Spooren <mail@aparcar.org>
Using `make -j9` only prints a subset of messages to follow the build
process progressing. However this silently skips over errors which might
be of interested. Using `make V=s` easily floods the terminal making it
hard to find error messages between the lines.
A compromise is the usage of `$(call ERROR_MESSAGE,...)` which prints a
message in red. This function is silenced in the non-verbose mode, even
if only used at a single place in `package/Makefile` where it notifies
about a OPKG corner case.
This commit moves the `ERROR_MESSAGE` definition outside of the
`OPENWRT_VERBOSE` condition and print error messages in every mode.
With this in place further error messages are possible.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Toplevel Make is not aware about changes in the `scripts/config/*conf`
targets and this is causing issues for during update to that part of
build tree, where one needs to handle this manually by either force
rebuilding the targets or running `make config-clean`. Fix this by
forcing the rebuild if necessary.
Fixes: #9297
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Had to update generic defconfig (make kernel_menuconfig CONFIG_TARGET=generic)
for this bump, but since that only modifies the target defined in .config,
and since that target also needed to be updated for unrelated reasons, manually
propagated the newly added symbol to the generic config.
Removed upstreamed:
pending-5.10/860-Revert-ASoC-mediatek-Check-for-error-clk-pointer.patch[1]
All other patches automatically rebased.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.99&id=080f371d984e8039c66db87f3c54804b0d172329
Build system: x86_64
Build-tested: bcm2711/RPi4B, mt7622/RT3200
Run-tested: bcm2711/RPi4B, mt7622/RT3200
Signed-off-by: John Audia <graysky@archlinux.us>
ipTIME AX2004M is an 802.11ax (Wi-Fi 6) router, based on MediaTek
MT7621A.
Specifications:
* SoC: MT7621A
* RAM: 256 MiB
* Flash: NAND 128 MiB
* Wi-Fi:
* MT7915D: 2.4/5 GHz (DBDC)
* Ethernet: 5x 1GbE
* Switch: SoC built-in
* USB: 1x 3.0
* UART: J4 (115200 baud)
* Pinout: [3V3] (TXD) (RXD) (GND)
MAC addresses:
| interface | MAC address | source | comment
|-----------|-------------------|----------------|---------
| LAN | 58:xx:xx:00:xx:9B | | [1]
| WAN | 58:xx:xx:00:xx:99 | |
| WLAN 2G | 58:xx:xx:00:xx:98 | factory 0x4 |
| WLAN 5G | 5A:xx:xx:40:xx:98 | |
| | 58:xx:xx:00:xx:98 | config ethaddr |
[1] Used in this patch as WLAN 5G MAC address with the local bit set
Load addresses:
* stock
* 0x80010000: FIT image
* 0x81001000: kernel image -> entry
* OpenWrt
* 0x80010000: FIT image
* 0x82000000: uncompressed kernel+relocate image
* 0x80001000: relocated kernel image -> entry
Notes:
* This device has a dual-boot partition scheme, but this firmware works
only on boot partition 1. The stock web interface will flash only on the
inactive boot partition, but the recovery web page will always flash on
boot partition 1.
Installation via recovery mode:
1. Press reset button, power up the device, wait >10s for CPU LED
to stop blinking.
2. Upload recovery image through the recovery web page at 192.168.0.1.
Revert to stock firmware:
1. Install stock image via recovery mode.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
When using a non default MESON_HOST_BUILD_DIR, HOST_BUILD_DIR is not
appropriate to use. This change matches the target configure section.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Commit f4a79148f8 ("ramips: add support for ipTIME AX2004M") seems to
leak KERNEL_LOADADDR 0x82000000 to other devices, causing the to no
longer boot. The leak is visible in u-boot:
Using 'config-1' configuration
Trying 'kernel-1' kernel subimage
Description: MIPS OpenWrt Linux-5.10.92
Type: Kernel Image
Compression: lzma compressed
Data Start: 0x840000e4
Data Size: 10750165 Bytes = 10.3 MiB
Architecture: MIPS
OS: Linux
Load Address: 0x82000000
Entry Point: 0x82000000
Normally, it should look like this:
Using 'config-1' configuration
Trying 'kernel-1' kernel subimage
Description: MIPS OpenWrt Linux-5.10.92
Type: Kernel Image
Compression: lzma compressed
Data Start: 0xbfca00e4
Data Size: 2652547 Bytes = 2.5 MiB
Architecture: MIPS
OS: Linux
Load Address: 0x80001000
Entry Point: 0x80001000
Revert the commit to avoid more people soft-bricking their devices.
This reverts commit f4a79148f8.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
ipTIME NAS1 is a 1-bay NAS, based on Marvell Kirkwood SoC.
Specifications:
* SoC: 88F6281
* RAM: 256 MiB
* Flash: SPI NOR 16 MiB
* SATA: 1x 3Gb/s
* Ethernet: 1x 1GbE
* USB: 1x 2.0
* Fan: 2 speed level
* UART: JP1 (115200 8N1)
* Pinout: [3V3] (TXD) (RXD) (GND)
Notes:
* There are several variants of the model name: "NAS-I", "NASI", "NAS1".
Here "NAS1" is adopted for consistent naming scheme.
* The reset button is also a USB copy button in stock FW,
but in this patch the former is the only default behavior.
Installation via web interface:
1. Flash sysupgrade image through the stock web interface.
Revert to stock firmware:
1. Perform sysupgrade with stock image.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
This allows to implement statefull bridge filtering
As the uncompressed size is only 7.6k (arm64), just add
nf_conntrack_bridge.ko to kmod-nft-bridge package
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
On macOS, system binaries silently drop the environment variables for injecting
extra shared libraries (used by fakeroot). This is done for security reasons.
Work around this by building bash from source, so that it gets an ad-hoc signature
and does not have these restrictions
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Ubuntu started to flag which as deprecated and it
seems which is not really standard and may vary
across Distro.
Drop the use of which and use the standard 'command -v'
for this simple task.
Which is still present in the prereq if some package/script
still use which.
A utility script called command_all.sh is implemented that
will just mimic the output of which -a.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Added HOST_CXXFLAGS to specify CXXFLAGS during host-compile
(e.g. to specify c++ standard: HOST_CXXFLAGS += -std=c++11)
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Move the kernel versions and hash to dedicated files.
This makes kernel bump quicker and fix some annoying
problem with rebasing when multiple kernel bump are proposed.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[Rebased on top of current master]
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Add and enable a new kconfig knob to disable unprivileged eBPF by default.
Patches automatically rebased.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
All patches automatically rebased.
Build system: x86_64
Build-tested: ramips/mt7621*
*Had to revert 7f1edbd in order to build due to FS#4149
Signed-off-by: John Audia <graysky@archlinux.us>
This CPU type is compatible with NXP's PPC based QorIQ processors, and
will be used by the upcoming new qoriq target.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Rui Salvaterra <rsalvaterra@gmail.com>
All patches automatically rebased.
Build system: x86_64
Build-tested: bcm2711/RPi4B, ipq806x/R7800*
Run-tested: bcm2711/RPi4B, ipq806x/R7800*
*Had to revert 7f1edbd412 in order to build
(binutils 2.37, https://bugs.openwrt.org/index.php?do=details&task_id=4149)
Signed-off-by: John Audia <graysky@archlinux.us>
All patches automatically rebased.
Build system: x86_64
Build-tested: bcm2711/RPi4B, ipq806x/R7800*
Run-tested: bcm2711/RPi4B, ipq806x/R7800*
*Had to revert 7f1edbd412 in order to build
(binutils 2.37, https://bugs.openwrt.org/index.php?do=details&task_id=4149)
Signed-off-by: John Audia <graysky@archlinux.us>
Removed target for patch which does not exist:
bcm27xx/patches-5.10/950-0249-kbuild-Disable-gcc-plugins.patch
All patches automatically rebased.
Build system: x86_64
Build-tested: bcm2711/RPi4B, ipq806x/R7800*
Run-tested: bcm2711/RPi4B, ipq806x/R7800*
* Had to revert 7f1edbd412 in order to build
(binutils 2.37, https://bugs.openwrt.org/index.php?do=details&task_id=4149)
Signed-off-by: John Audia <graysky@archlinux.us>
All patches automatically rebased.
Build system: x86_64
Build-tested: ramips/mt7621*
*FS#4149 affects me so I had to revert 7f1edbd412
in order to downgrade to 2.35.1
Signed-off-by: John Audia <graysky@archlinux.us>
All patches automatically rebased.
Build system: x86_64
Build-tested: ramips/mt7621*
*FS#4149 affects me so I had to revert 7f1edbd412
in order to downgrade to 2.35.1
Signed-off-by: John Audia <graysky@archlinux.us>
All patches automatically rebased.
Build system: x86_64
Build-tested: ramips/mt7621*
*FS#4149 affects me so I had to revert 7f1edbd412
in order to downgrade to 2.35.1
Signed-off-by: John Audia <graysky@archlinux.us>
Added support to generate dynamic-sized VHDX images for Hyper-V.
Compile-tested on x86 and run-tested on Windows 10 21H2 (Hyper-V).
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
change meson binary to use py extension. Fixes issue with meson's
symbolextractor using the host python instead of the system one.
We intentionally use a .py extension here so that meson launches
additional python scripts with the same build host python interpreter as
itself is running under (and not the host package one once it becomes
available)
Signed-off-by: Rosen Penev <rosenp@gmail.com>
CONFIG_EXTERNAL_CPIO is a string variable, hence testing for 'y'
doesn't make much sense here.
Fixes: 330bd380e8 ("image: allow building FIT and uImage with ramdisk")
Reported-by: Huangbin Zhan <zhanhb88@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Newer NAND devices from MikroTik like the hAP ac3
require the kernel to be packed into UBIFS and then
ubinized.
So, since the ubinize-image.sh script can now ubinize
kernel only as well lets add a command for it.
This now allows calling ubinize-kernel in the kernel
packaging at then end.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Rootfs is now optional in ubinize-image.sh and
requires --rootfs flag instead of just passing the
rootfs image as the argument before ubinize opts.
So, simply add --rootfs flag before the $(IMAGE_ROOTFS).
Signed-off-by: Robert Marko <robimarko@gmail.com>
All patches automatically rebased.
Build system: x86_64
Build-tested: ramips/mt7621*
*I am hit with the binutils 2.37 bug so I had to revert 7f1edbd412
in order to downgrade to 2.35.1
Signed-off-by: John Audia <graysky@archlinux.us>
Manually rebased:
generic-backport/850-v5.13-usb-ehci-add-spurious-flag-to-disable-overcurrent-ch.patch
All other patches automatically rebased.
Signed-off-by: John Audia <graysky@archlinux.us>
BTF pointer data has a different size on 32 vs 64 bit targets,
and while the generated eBPF code works, the BTF data fails to validate
on mismatch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This allows a package to be rebuilt for all different VARIANTs.
To do so, set VARIANT=*.
The wpa-cli package is not getting built after changes made by
19aae94 [build: avoid rebuilds of unset VARIANT packages], because
wpa-cli is only built when compiling a variant that includes
supplicant support, and the first selected variant may not build it.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Removed upstreamed:
backport-5.4/790-v5.7-net-switchdev-do-not-propagate-bridge-updates-across.patch
All other patches automatically rebased.
Signed-off-by: John Audia <graysky@archlinux.us>
When the prebuilt llvm toolchain is unpacked into the source dir,
it is automatically picked up and used by the build system, and eBPF
based packages can be selected
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The empty executable is causing problems with meson builds, due to the
error: OSError: [Errno 8] Exec format error: 'ldconfig'
This patch changes the empty ldconfig stub to symlink to /bin/true to
work around this issue.
Fixes: FS#4117
Fixes: 3bd31cc4d2 ("tools/meson: update to 0.60.0")
Signed-off-by: Damien Mascord <tusker@tusker.org>
Tested-by: Aleksander Jan Bajkowski <olek2@wp.pl> # Tested on Debian 11
Tested-By: Lucian Cristian <lucian.cristian@gmail.com>
Tested-By: Baptiste Jonglez <git@bitsofnetworks.org>
Cc: Rosen Penev <rosenp@gmail.com>
If a Makefile defines some packages with VARIANT set, and others without
it, the latter will be built once for every different VARIANT set, each
build trumping the previous one.
Avoid rebuilds by only building unnamed variant packages when the first
variant is built.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The $(LINUX_DIR)/.config timesptamp changes between runs of
make target/compile and make target/install (which builds the image).
Kernel-dependent packages and out of tree modules are built in between
those runs, and they check the .config timestamp to decide if they need
to be rebuilt.
Save the target/compile .config to use its timestamp if the file does
not change between runs. That way the subsequent kernel packages are
not unnecessarily rebuilt when you run 'make' back to back.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
4e19cbc553: [download: handle possibly invalid local tarballs] added a
FORCE rule to downloaded files, so that they will be always checked by
download.pl.
As a side-effect, check-compile will fail, forcing unnecessary package
rebuilds.
The check-compile.txt log shows (for libxml2 for example):
Considering target file '.../dl/libxml2-2.9.12.tar.gz'.
...
prerequisite 'FORCE' of target '.../dl/libxml2-2.9.12.tar.gz' does
not exist.
Must remake target '.../dl/libxml2-2.9.12.tar.gz'.
...
Giving up on target file '...libxml2-2.9.12/.prepared_...'.
Giving up on target file '...libxml2-2.9.12/.configured_...'.
Giving up on target file '...libxml2-2.9.12/.built'.
Giving up on target file '...stamp/.libxml2_installed'.
Giving up on target file '.compile'.
Then the package is rebuilt even if it is not otherwise needed.
To fix this, instead of always forcing the download target to be remade,
check its hash first: if it matches, then the FORCE is not added.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
In order to genererate suitable kernel headers, a 5.10 kernel tree is
prepared with a default config for mips. The arch is forced to mips in
order to avoid issues with inline asm on various architectures in a way
that doesn't involve relying on the host toolchain/headers.
It also has the advantage of supporting both endian types
Signed-off-by: Felix Fietkau <nbd@nbd.name>
ELECOM WRC-X3200GST3 uses the same header/footer as WRC-GS/GST devices
in ramips/mt7621 subtarget, so move "Build/elecom-wrc-gs-factory" to
image-commands.mk to use from mediatek/mt7622 subtarget.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Deleted (upstreamed):
bcm27xx/patches-5.10/950-0145-xhci-add-quirk-for-host-controllers-that-don-t-updat.patch [1]
Manually rebased:
bcm27xx/patches-5.10/950-0355-xhci-quirks-add-link-TRB-quirk-for-VL805.patch
bcm53xx/patches-5.10/180-usb-xhci-add-support-for-performing-fake-doorbell.patch
Note: although automatically rebaseable, the last patch has been edited to avoid
conflicting bit definitions.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=b6f32897af190d4716412e156ee0abcc16e4f1e5
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
No package here depends on it. Furthermore, uClibc++ is a fairly buggy
C++ library and seems to be relatively inactive upstream.
It also lacks proper support for modern C++11 features.
The main benefit of it is size: 66.6 KB vs 287.3 KB on mips24kc. Static
linking and LTO can help bring the size down of packages that need it.
Added warning message to uclibc++.mk
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Host libraries are only build static, so let's pass --static to
pkg-config globally and remove the then unnecessary patches doing
exactly that individually.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Using Host/Exports doesn't work as intended, explicitly add the
required vars so that u-boot finds the required libraries when building
its tools.
Signed-off-by: Andre Heider <a.heider@gmail.com>
DEVICE_DTS_DELIMITER needs to be in the DEFAULT_DEVICE_VARS
list to work as expected. This was missing from the original
version and got overlooked.
Fixes: fd67908647 ("scripts: mkits.sh: Allow legacy @ mode for dts creation")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Removed upstreamed:
backport-5.4/070-v5.5-MIPS-BPF-Restore-MIPS32-cBPF-JIT.patch
All other patches automatically rebased.
Signed-off-by: John Audia <graysky@archlinux.us>
Until now, this feature was switched on via the kernel configuration
option KERNEL_SECCOMP.
The follwing change a7f794cd2a now requires that
the package procd-seccomp must also enabled for buildinmg.
However, this is not the case we have no dependency and the imagebuilder
cannot build the image, because of the implicit package selection.
This change adds a new configuration option CONFIG_SECCOMP.
The new option has the same behaviour as the configuration
option CONFIG_SELINUX.
If the CONFIG_SECCOMP is selected then the package procd-seccomp and
KERNEL_SECCOMP is enabled for this build.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
While the binary `python3.10` is correctly detected by the build system
the default `python3` binary is currently not detected if pointing to a
Python 3.10 installation.
Fix this by extending the grep regex.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Install ld-preload hooks allowing to add seccomp filters for arbitrary
services if kernel support for seccomp is present.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add procd-ujail to DEFAULT_PACKAGES if not building for
space-constraint (FEATURES:=small_flash) targets.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update install procedure based on upstream feedback. Normally, meson is
to be installed with pip. But as pip is not mandated by the build
system, it cannot be used. Upstream provides a nice script to pack meson
automatically.
Moved src/ to files/. No need to copy to BUILD_DIR.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Fix Fedora 34/35 issue where 'which' detection of 'which' wasn't working
because Fedora use alias and proc
Fixup of fca5ad55d2 prereq-build: fix `which` detection on Fedora
Reported-by: Jani Partanen <rtfm@iki.fi>
Suggest-by: Etienne Champetier <champetier.etienne@gmail.com>
Tested-by: Georgi Valkov <gvalkov@abv.bg>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Fix Fedora 34/35 issue where 'which' detection of 'which' wasn't working
because Fedora use alias and proc
Signed-off-by: Jani Partanen <rtfm@iki.fi>
[fix commit subject and message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Fedora 35 contains Python 3.10 as default version. Make use of it.
Signed-off-by: Marcin Juszkiewicz <marcin@juszkiewicz.com.pl>
[fix commit subject]
Signed-off-by: Paul Spooren <mail@aparcar.org>
commit 5ec60cbe9d ("scripts: mkits.sh: replace @ with - in nodes")
broke support for Meraki MR32 and this patch makes the replacement
configurable allowing for specifying the @ or - or whatever character
that is desired to retain backwards compatibility with existing devices.
For example, this patch includes the fix for the Meraki MR32 in
target/linux/bcm53xx/image for meraki_mr32:
DEVICE_DTS_DELIMITER := @
DEVICE_DTS_CONFIG := config@1
Fixes: 5ec60cbe9d ("scripts: mkits.sh: replace @ with - in nodes")
Signed-off-by: Damien Mascord <tusker@tusker.org>
[Added tags, checkpatch.pl fixes, noted that this is for old stuff]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
meson is a next generation build system designed to have good defaults,
simpler build files, and fast compilation.
It is built upon python and uses ninja for compilation. The latter
provides fast by default (parallel) and problem free compilation.
There are over 40 packages already successfully using meson. The next
commit will convert pkgconf to use meson compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Multiple profiles create artifacts, these should be stored in the JSON
file as well, allowing downstream tooling to show those files, too.
Artifacts don't have specific filesystems so only the fields `name`,
`type` and `sha256` are available.
Rename env variable names from IMAGE_ to FILE_ prefixes to reflect that
images, kernels and artifacts are added with the same command.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The option '-xattr' for mksquashfs4 should be '-xattrs' which lead to
build failure with SELinux enabled. Add the missing 's'.
Fixes: 4baf47b9a8 ("images: squashfs: xattrs should not depend on buld host")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When a target configuration has unser Kconfig symbols, the build will
fail when OpenWrt is compiled with V=s and stdin is connected to a tty.
In case OpenWrt is compiled without either of these preconditions, the
build will uscceed with the symbols in question being unset.
Modify the kernel configuration in a way it fails on unset symbols
regardless of the aformentioned preconditions.
Signed-off-by: David Bauer <mail@david-bauer.net>
Enable xattr for the generated squashfs only if needed for SELinux.
This eliminates warnings during boot on target when building
(non-SELinux) OpenWrt on SELinux-enabled hosts like Fedora.
Reported-by: fda77 <fda77@users.noreply.github.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add the new CONFIG_BATTERY_RT5033 to the generic configuration, as reported by
Paul Blazejowski. Resort the kconfig while at it.
No deleted or manually refreshed patches.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Manually rebased:
bcm27xx/patches-5.4/950-0089-cgroup-Disable-cgroup-memory-by-default.patch
All other patches automatically rebased.
Signed-off-by: John Audia <graysky@archlinux.us>
The ABIV_$(pkgname) variable already is formatted so return it as-is from
the GetABISuffix macro and only filter through FormatABISuffix if we read
the raw ABI version value from a version stamp file.
This ensures that binary intra-package dependencies on ABI versioned
libraries are properly formatted.
Ref: https://github.com/openwrt/packages/issues/15871
Fixes: f6a03bff5b ("build: prepend ABI suffixes with a dash if package name ends with digit")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Ensure that ABI suffixes are separated with a dash from the package name if
the name happens to end with a digit. This implementation detail got lost
during the recent refactoring of the ABI_VERSION handling in buildroot.
Ref: https://github.com/openwrt/packages/pull/14237#issuecomment-860473585
Fixes: c921650382 ("build: drop ABI version from metadata")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
tools/quilt requires GNU diffutils to compile. Failure can be simulated
by installing Alpine Linux without diffutils.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Speed goes from:
Executed in 178.08 secs fish external
usr time 20.16 mins 509.00 micros 20.16 mins
sys time 2.88 mins 39.00 micros 2.88 mins
To:
Executed in 175.90 secs fish external
usr time 20.19 mins 0.00 micros 20.19 mins
sys time 2.85 mins 497.00 micros 2.85 mins
Tested with "time make -j 12" on AMD Ryzen 3600
When building individual packages, the build time difference is often
significantly bigger than that.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
ninja is faster at building cmake packages than make, and according to reports
also more reliable at handling parallel builds
This commit includes a patch that adds GNU make jobserver support, in order to
allow more precise control over the number of parallel tasks
Enable parallel build by default for packages using ninja
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Don't attempt to copy initramfs images for devices which do not output
an initramfs image.
This was breaking builds for mpc85xx-p1010 since mid-march.
Signed-off-by: David Bauer <mail@david-bauer.net>
The variable was missing in the definition of DEFAULT_DEVICE_VARS which
caused it to contain wrong values, messing up the resulting JSON files.
This patch adds the variable DEVICE_PACKAGES to DEFAULT_DEVICE_VARS.
Suggested-by: Baptiste Jonglez <git@bitsofnetworks.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
This fixes a regression introduced with commit
5ed1e5140a ("build: build kernel image
before building modules/packages").
Before this commit the make target would always include "modules",
resulting in a MODPOST and a complete Module.symvers file. Since this
commit a MODPOST of the kernel modules is not guaranteed for kernels <
5.10. This results in some broken SDKs in which external packages that
depend on exported symbols from kernel modules fail to compile.
Adding "modules" back to the calls to the CompileImage defines fixes the
regression. For kernels > 5.10 this is not needed, but it doesn't cause
any harm either.
Tested with kernels 5.4.x and 5.10.x.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Remove \n that mangles output, and fix inconsistent version name check.
Example before:
Build dependency: Please install the GNU C++ Compiler (g++) 6 or later
Build dependency: \nPlease reinstall the GNU C++ Compiler (4.8 or later) - it appears to be broken
Build dependency: Please install ncurses. (Missing libncurses.so or ncurses.h)
Signed-off-by: Karl Palsson <karlp@tweak.net.au>
Use an 'if' so the absence of $(LINUX_DIR)/user_headers doesn't make the
line evaluate to false and cause the build to fail.
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Removed upstreamed:
generic/pending-5.4/770-02-net-ethernet-mtk_eth_soc-fix-rx-vlan-offload.patch
All other patches automatically rebased.
Build system: x86_64
Build-tested: ipq806x/R7800
Note that since I rebased the previous commit, I removed my Run-tested line
although I confirm building the image successfully.
Signed-off-by: John Audia <graysky@archlinux.us>
Removed upstreamed:
generic/backport-5.4/050-gro-fix-napi_gro_frags-Fast-GRO-breakage-due-to-IP-a.patch
bcm63xx/patches-5.4/434-nand-brcmnand-fix-OOB-R-W-with-Hamming-ECC.patch*
Removed/code was included upstream and therefore redundant:
ramips/patches-5.4/999-fix-pci-init-mt7620.patch
All other patches automatically rebased.
* update_kernel.sh did not flag this yet it was included in 5.4.119[1], as a
result of the rebase, I removed my testing lines since I did not go back to
test built or to run test 5.4.119 with the removed patch present.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.4.119&id=e5b3e69eb36ac1178a7a2392616fd29afd288c4e
Signed-off-by: John Audia <graysky@archlinux.us>
Before this commit, it was assumed that mkhash is in the PATH. While
this was fine for the normal build workflow, this led to some issues if
make TOPDIR="$(pwd)" -C "$pkgdir" compile
was called manually. In most of the cases, I just saw warnings like this:
make: Entering directory '/home/.../package/gluon-status-page'
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
[...]
While these were only warnings and the package still compiled sucessfully,
I also observed that some package even fail to build because of this.
After applying this commit, the variable $(MKHASH) is introduced. This
variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the
correct path.
Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
When building for MikroTik devices the kernel2minor tool will sometimes
fail with:
Can't get lstat from kernel file!: No such file or directory.
This is because kernel2minor expects paths no longer than 250 chars.
To work around this the include/image-commands.mk has been modified
to copy the kernel to a temporary file (/tmp/tmp.XXXXXXXXXX) before
calling kernel2minor.
Signed-off-by: François Chavant <francois@chavant.info>
OpenWRT requires a number of Perl modules to be installed. It wasn't checking on all of them.
This patch adds checks for Perl FindBin, File::Copy, File::Compare and Thread::Queue modules.
Failing to install these, will have the build break at some point. By adding these to the
prereq-build.mk script, they are checked on forehand.
Tested on a Fedora 33 and 34 (beta) that was freshly installed. Fedora appears to
break up Perl modules into small packages that need to be installed for the build to succeed.
Signed-off-by: Bas Mevissen <abuse@basmevissen.nl>
These have long been obsolete. For reference, here's the Linux version where
each symbol has been dropped:
CONFIG_IP6_NF_QUEUE - 3.5
CONFIG_IP6_NF_TARGET_LOG - 3.4
CONFIG_IP_NF_MATCH_DSCP - 2.6.19
CONFIG_NF_CONNTRACK_IPV4 - 4.19
CONFIG_NF_CONNTRACK_IPV6 - 4.19
CONFIG_NF_CONNTRACK_RTCACHE - out-of-tree, superseded by flow offloading
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Manually rebased*
generic/backport-5.4/700-v5.5-net-core-allow-fast-GRO-for-skbs-with-Ethernet-heade.patch
Added new backport*
generic/backport-5.4/050-gro-fix-napi_gro_frags-Fast-GRO-breakage-due-to-IP-a.patch
All others updated automatically.
The new backport was included based on this[1] upstream commit that will be
mainlined soon. This change is needed because Eric Dumazet's check for
NET_IP_ALIGN (landed in 5.4.114) causes huge slowdowns on drivers which use
napi_gro_frags().
Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
*Credit to Alexander Lobakin
1. https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7ad18ff6449cbd6beb26b53128ddf56d2685aa93
Signed-off-by: John Audia <graysky@archlinux.us>
The 'append-image-stage' command doesn't work when setting the
EXTRA_IMAGE_NAME option of the ImageBuilder as in that case
DEVICE_IMG_PREFIX is modified and no longer matches the value it had in
buildroot. Choose a filename independent of DEVICE_IMG_PREFIX for
images staged using 'append-image-stage' to fix that.
Fixes: de4b29dab9 ("image: introduce 'append-image-stage' build command")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Similar to 'append-image' this new command appends an existing binary.
'append-image-stage' also makes a copy of that binary and keeps it in
$(STAGING_DIR_IMAGE). When called from within the ImageBuilder, this
copy is used instead of expecting the binary to be present.
This is useful for artifacts which include the initramfs/recovery image
which is usually not included in the ImageBuilder.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Ran update_kernel.sh in a fresh clone without any existing toolchains. No
manual intervention needed.
Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
Removed upstreamed:
mvebu/patches-5.4/319-ARM-dts-turris-omnia-configure-LED-2--INTn-pin-as-interrupt-pin.patch
Build system : x86_64
Build-tested : ipq806x/R7800
Run-tested : ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
Manually rebased due to movement of rx-offload.c in 5.4.110:
layerscape/patches-5.4/802-can-0002-can-rx-offload-fix-long-lines.patch
layerscape/patches-5.4/802-can-0003-can-rx-offload-can_rx_offload_compare-fix-typo.patch
layerscape/patches-5.4/802-can-0004-can-rx-offload-can_rx_offload_irq_offload_timestamp-.patch
layerscape/patches-5.4/802-can-0005-can-rx-offload-can_rx_offload_reset-remove-no-op-fun.patch
layerscape/patches-5.4/802-can-0006-can-rx-offload-Prepare-for-CAN-FD-support.patch
layerscape/patches-5.4/802-can-0018-can-flexcan-use-struct-canfd_frame-for-CAN-classic-f.patch
Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Use update_kernel to refresh all patches, required manual updates to:
610-netfilter_match_bypass_default_checks.patch
611-netfilter_match_bypass_default_table.patch
762-net-bridge-switchdev-Refactor-br_switchdev_fdb_notif.patch
764-net-bridge-switchdev-Send-FDB-notifications-for-host.patch
Run-tested: x86_64
Nothing screamed out but any funny business with linux bridging should
suspect this update first.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
Manually rebased:
pending-5.4/611-netfilter_match_bypass_default_table.patch
The upstream change affecting this patch is the revert of an earlier
kernel commit. Therefore, we just revert our corresponding changes
in [1].
Build system: x86_64
Build-tested: ipq806x/R7800
[1] 9b1b89229f ("kernel: bump 5.4 to 5.4.86")
Signed-off-by: John Audia <graysky@archlinux.us>
[adjust manually rebased patch, add explanation]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The recent removal of usbutils from core and replacement by hwdata in
packages has exposed hwdata's requirement for certain GNU options on
'install' (-T) Other packages (sqm-scripts) have openwrt specific
makefile sections to avoid GNU options but I suspect this is going to
get harder in the future.
Add GNU install as a prerequisite and link into
$STAGING_DIR/host/etc/bin as per similar GNU utils
This resolves an issue building under MacOS which would otherwise use a
non-GNU options aware version of 'install'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
In case CONFIG_TARGET_MULTI_PROFILE is set, IMG_PREFIX cannot be
expanded. Use DEVICE_IMG_PREFIX instead and make sure it's defined.
Fixes: 8f89b1ab0f ("image: add 'append-image' build command")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Commit 7ce1d9ce09 ("build: artifacts add dependency for built images")
now makes sure that sysupgrade and initramfs images are available at
the stage that artifacts are created.
Allow making use of that with a new build command 'append-image' to
be used in artifacts.
See the next commit for an example.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add possibility to use images and initramfs in artifacts.
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Straightforward refresh of patches using update_kernel.
Removed (reverse-applicable):
bmips/patches-5.10/010-v5.11-net-dsa-implement-a-central-TX-reallocation-procedur.patch
Run tested: x86_64 (apu2)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Straightforward refresh of patches using update_kernel.
Run tested: x86_64 (apu2)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
Manually rebased:
bcm27xx/950-0993-xhci-quirks-add-link-TRB-quirk-for-VL805.patch
layerscape/701-net-0231-enetc-Use-DT-protocol-information-to-set-up-the-port.patch
Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[remove accidental whitespace edit]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
FS#3574
Adding cgroup support enables adding rules on processes
to limit resources in terms of iptable policies
Signed-off-by: Supriya Mane <sm.supriya@globaledgesoft.com>
Add new target feature 'dt-overlay' which makes DTC keep the symbol
names in the generated dtb.
Make sure additional DT overlay sources specified by the new device
variable DEVICE_DTS_OVERLAY get compiled together with the main DTS
(currently overlays got to be in the same folder). Let Build/fit pass
the generated DT overlay blobs to mkits.sh.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
With the existence of ABI versions there is no clean way to determine
the package name without an attached ABI version. The Packages index is
stored on device to know what packages are installed.
The ABIVersion was recently removed in c921650382 "build: drop ABI
version from metadata", while ABI versions still exists. This becomes a
problem if a user tries to export installed packages via `ubus call
rpcd-sys packagelist` which would return package names including the ABI
version. Trying to find these packages in a later release with changes
ABI version is impossible.
This commits adds the `ABIVersion` field again. Knowing both the
combined (SourceName + ABIVersion) and the `ABIVersion` it is possible
to calculate the package `SourceName` without storing it in the
on-device package list.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Also add a new kconfig symbol (CONFIG_KCMP) to the generic config,
disabling the SYS_kcmp syscall (it was split from
CONFIG_CHECKPOINT_RESTORE, which is disabled by default, so the
previous behaviour is kept).
Removed (upstreamed) patches:
070-net-icmp-pass-zeroed-opts-from-icmp-v6-_ndo_send-bef.patch
081-wireguard-device-do-not-generate-ICMP-for-non-IP-pac.patch
082-wireguard-queueing-get-rid-of-per-peer-ring-buffers.patch
083-wireguard-kconfig-use-arm-chacha-even-with-no-neon.patch
830-v5.12-0002-usb-serial-option-update-interface-mapping-for-ZTE-P685M.patch
Manually rebased patches:
313-helios4-dts-status-led-alias.patch
104-powerpc-mpc85xx-change-P2020RDB-dts-file-for-OpenWRT.patch
Run tested:
ath79 (TL-WDR3600)
mvebu (Turris Omnia)
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
U-boot will reject all nodes with @ since commit:
79af75f777
This will cause the OpenWrt images to fail booting,
to rectify use the config-1 as default.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
5.4.102 backported a lot of stuff that our WireGuard backport already
did, in addition to other patches we had, so those patches were
removed from that part of the series. In the process other patches were
refreshed or reworked to account for upstream changes.
This commit involved `update_kernel.sh -v -u 5.4`.
Cc: John Audia <graysky@archlinux.us>
Cc: David Bauer <mail@david-bauer.net>
Cc: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
`which` utility is not shipped by default for example on recent Arch
Linux and then any steps relying on its presence fails, like for example
following Python3 prereq build check:
$ python3 --version
Python 3.9.1
$ make
/bin/sh: line 1: which: command not found
...
Checking 'python3'... failed.
So make `which` utility host build requirement.
References: PR#3820 FS#3525
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This reverts commit c7aec47e5e.
The original commit replaces 'which' with 'command'. Sadly most of
them are not equivalent and for 'which -a', there is no easy
replacements that would not reimplement PATH parsing logic. Hence
revert. Keeping a dependency on which is absolutely fine.
Signed-off-by: Clemens Fruhwirth <clemens@endorphin.org>
Currently minimal GNU supported GCC version is 7 (from May 2, 2017),
buildbots are using default GCC version 6 on Debian 9 (old stable),
current Debian stable has GCC version 8.3.0.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The previous approach of referencing artifacts in follow-up artifacts
can't work with parallel builds in the current way image.mk is built.
Refactor things so this is not needed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Write everything needed for eMMC install into the gaps between
partitions on SD card. In that way, installation to eMMC only needs
the SD card, no additional files need to be loaded via TFTP any more.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
autotools.mk does not have any protection currently that would prevent
it from being sourced multiple times. Note that both package.mk and
host-build.mk source autotools.mk. So any package Makefile that includes
both will cause hooks to be added twice (at least twice).
This is fixed by declaring a new variable, __autotools_inc, and only
continuing if this variable doesn't equal 1. The same is done by
rules.mk already.
Also, this commit does away with an ifneq that checks PKG_FIXUP (instead
of HOST_FIXUP) for patch-libtool before adding to the host pre-configure
hook. This does not make sense.
The second ifneq is amended. The current one manually does what the
define patch_libtool_host is already doing. It can just use the define.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional.
Signed-off-by: John Audia <graysky@archlinux.us>
We so far had two variables IMG_PREFIX and IMAGE_PREFIX with
different content. Since these names are obviously quite
confusing, this patch renames the latter to DEVICE_IMG_PREFIX,
as it's a device-dependent variable, while IMG_PREFIX is only
(sub)target-dependent.
For consistency, also rename IMAGE_NAME to DEVICE_IMG_NAME, as
that's a device-dependent variable as well.
Cc: Paul Spooren <mail@aparcar.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
That was a left-over from testing and should not have made it into the
tree. Remove it.
Fixes: 330bd380e8 ("image: allow building FIT and uImage with ramdisk")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[refresh again]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Previously, build would fail for targets containing devices with not
initramfs image (such as mpc85xx-p1010). Only generate the JSON image
info for the initramfs image when we have one to avoid breaking the
builds.
Fixes commit d3140d0529 ("build/json: generate json file for initramfs")
Signed-off-by: David Bauer <mail@david-bauer.net>
Instead of embedding the initrd cpio archive into the kernel, allow
for having an external ramdisk added to the FIT or uImage.
This is useful to overcome kernel size limitations present in many
stock bootloaders, as the ramdisk is then loaded seperately and doesn't
add to the kernel size. Hence we can have larger ramdisks to host ie.
installers with all binaries to flash included (or a web-based
firmware selector).
In terms of performance and total size the differences are neglectible.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Allow for single (external-data) FIT image to hold kernel, dtb and
squashfs. In that way, the bootloader verifies the system integrity
including the rootfs, because what's the point of checking that the
hash of the kernel is correct if it won't boot in case of squashfs
being corrupted? Better allow bootloader to check everything needed
to make it at least up to failsafe mode. As a positive side effect
this change also makes the sysupgrade process on nand potentially
much easier as it is now.
In short: mkimage has a parameter '-E' which allows generating FIT
images with 'external' data rather than embedding the data into the
device-tree blob itself. In this way, the FIT structure itself remains
small and can be parsed easily (rather than having to page around
megabytes of image content). This patch makes use of that and adds
support for adding sub-images of type 'filesystem' which are used to
store the squashfs. Now U-Boot can verify the whole OS and the new
partition parsers added in the Linux kernel can detect the filesystem
sub-images, create partitions for them, and select the active rootfs
volume based on the configuration in FIT (passing configuration via
device tree could be implemented easily at a later stage).
This new FIT partition parser works for NOR flash (on top of mtdblock),
NAND flash (on top of ubiblock) as well as classic block devices
(ie. eMMC, SDcard, SATA, NVME, ...).
It could even be used to mount such FIT images via `losetup -P` on a
user PC if this patch gets included in Linux upstream one day ;)
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The update to gettext 0.21 broke packages that use autotools and
gettext because the sed line was failing with the new version. Fix with
a better sed expression.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The initramfs images are missing from the profiles.json files.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
[fix code by exporting device variables]
Signed-off-by: Paul Spooren <mail@aparcar.org>
package/openwrt-packages is left over
from what is now a legacy repository
and has no other reference in the build tree
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Use approach suggested by Adrian Schmutzler instead of introducing
another device variable.
Also revert the unnecessary white-space changes accidentally introduced
by the previous commit.
Fixed: c067b1e79b ("mediatek: move out-of-tree DTS files to dedicated dts folder")
Suggested-by: Adrian Schmutzler <mail@adrianschmutzler.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use dedicated dts folder like on ramips to store device tree source
files for boards not already supported in vanilla Linux.
Doing so instead of having them in files-* has several advantages:
* we don't need to duplicate them for several kernel versions
* changes to a device tree don't trigger a complete kernel rebuild
* the files are more obvious to find
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
No manual changes needed.
Build system: x86_64
Build-tested: bcm27xx/bcm2711
Signed-off-by: John Audia <graysky@archlinux.us>
GetABISuffix does not work for intra-package ABI version of provided symbols,
since ABIV_$(provided) is not set.
Fix ABI version by using $(ABIV_$(1)) directly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Fixes: FS#2086
The logic for IS_TTY was broken, because it was testing stdin
instead of stdout.
MAKE_TERMOUT was introduced in GNU Make version 4.1 (05 Oct 2014),
so it should be available everywhere nowadays.
Signed-off-by: R. Diez <rdiezmail-openwrt@yahoo.com>
FS#2086 "IS_TTY in the makefile is broken" reports flawed detection of
stdout piping to a file. The issue describes how e.g. terminal color
codes and up in log files if running make like `make > log.txt`.
The proposed solution uses the make variable "MAKE_TERMOUT", which was
introduced in make 4.1. All major distributions seem to updated to 4.1
or later, so this ideally dosen't break anything.
Signed-off-by: Paul Spooren <mail@aparcar.org>
This was accidentally dropped in 27a4a71c24
("metadata: handle ABI version rebuild tracking for transient dependencies")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This reverts commit b12288fa69.
The patchelf approach is too fragile, and the only users of this have been
converted to make patching unnecessary
Leave the abi_version_str variable in place in rules.mk
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Preparation for supporting dynamic ABI versions that depend on the runtime
configuration. Read the suffix from the staging dir pkginfo version files.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This makes it possible to declare a package ABI_VERSION independent from the
upstream soname by setting PKG_ABI_VERSION in the package makefile.
The library filename is fixed up for files installed to packages and to the
staging dir. References to the original from executables within the same
package are also fixed up
Signed-off-by: Felix Fietkau <nbd@nbd.name>
A stray comma was being appended to the last package version dependency,
causing it to be missed for ABI version checks
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The version string generated for ARM Trusted-Firmware-A was stated as
"OpenWRT". Fix that by changing it to the exact spelling "OpenWrt"
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Multiple sources are hosted on OpenWrts source server only. The source
URLs to point to the server vary based on different epochs in OpenWrts
history.
Replace all by @OPENWRT which is an "empty" mirror, therefore using the
fallback servers sources.cdn.openwrt.org and sources.openwrt.org.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The license folder is a core part of OpenWrt and all GPL-2.0 licensed.
Use SPDX license tags to allow machines to check licenses.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[rebase, keep some Copyright lines, sharpen commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
Removed upstreamed patches:
imx6: 303-ARM-dts-imx6qdl-gw52xx-fix-duplicate-regulator-namin.patch
Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
All modification made by update_kernel.sh in a fresh clone without
existing toolchains.
Build-tested: bcm27xx/bcm2711, ipq806x/R7800,
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Upon boot it now prints:
NOTICE: BL1: v2.4(release):OpenWRT v2.4-1 (espressobin-v3-v5-1gb-2cs) (Marvell-devel-18.12.0)
Signed-off-by: Andre Heider <a.heider@gmail.com>
A header used in ELECOM WRC-300GHBK2-I and WRC-1750GHBK2-I/C is also
used in ELECOM WRC-2533GHBK-I, so split the code to generate the header
and move it to image-commands.mk to use from ramips target.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Reviewed-by: Sungbo Eo <mans0n@gorani.run>
/lib/functions.sh was executable for no obvious reason and its
execute property was even checked in package-ipkg.mk just to
source it afterwards.
Remove the execute bit and shebang as this is clearly a library.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
The majority of our targets provide a default value for the variable
SUPPORTED_DEVICES, which is used in images to check against the
compatible on a running device:
SUPPORTED_DEVICES := $(subst _,$(comma),$(1))
At the moment, this is implemented in the Device/Default block of
the individual targets or even subtargets. However, since we
standardized device names and compatible in the recent past, almost
all targets are following the same scheme now:
device/image name: vendor_model
compatible: vendor,model
The equal redundant definitions are a symptom of this process.
Consequently, this patch moves the definition to image.mk making it
a global default. For the few targets not using the scheme above,
SUPPORTED_DEVICES will be defined to a different value in
Device/Default anyway, overwriting the default. In other words:
This change is supposed to be cosmetic.
This can be used as a global measure to get the current compatible
with: $(firstword $(SUPPORTED_DEVICES))
(Though this is not precisely an achievement of this commit.)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
All modification made by update_kernel.sh in a fresh clone without
existing toolchains.
Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86/64]
All modification made by update_kernel.sh in a fresh clone without
existing toolchains.
Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86/64]
Kerning seems to be very off-putting for some people so the logo
designer thankfully updated guidelines to something which is now
considered final.
Signed-off-by: Paul Spooren <mail@aparcar.org>
All modification made by update_kernel.sh in a fresh clone without
existing toolchains.
Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86/64]
Currently `qemu-img` is used to convert raw x86 images to VDI and VMDK
images, used for virtual machines.
Having `qemu-img` in tree requires us to maintain an ancient version of
`qemu-utils`, which recently required extra work to compile with newer
compiler version.
This commit prints a warning message in case `qemu-img` is missing.
As a next step the in-tree version of `qemu-img` can be removed.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Linux 5.9 introduces support for ZSTD ramdisk and initrd compression,
make sure we enable/disable the relevant options when building an
initramfs enabled kernel.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
When we use an external kernel tree which may not have been fully
cleaned, there may be user_headers left which do not match the target
architecture, leading to build failures for packages that do an explicit
inclusion of user_headers (such as iproute2 or iptables). Make sure we
delete them while preparing the directory.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
This keeps the configuration, like the size of the cache, and the
statistics intact. Move the removal of the cache directory to the
distclean target, but only delete the .ccache directory inside of our
build tree, as we should not mess with a user-configured external ccache
directory this destructively.
Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
clang's gcc emulation does the right thing with -print-file-name now,
drop the wrapper
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
`which` utility is not shipped by default for example on recent Arch
Linux and then any steps relying on its presence fails, like for example
following Python3 prereq build check:
$ python3 --version
Python 3.9.1
$ make
/bin/sh: line 1: which: command not found
/bin/sh: line 1: which: command not found
/bin/sh: line 1: which: command not found
...
Checking 'python3'... failed.
...
Fix this by switching to Bash builtin `command` which should provide
same functionality.
Fixes: FS#3525
Signed-off-by: Petr Štetiar <ynezz@true.cz>
With commit 2ca084cc ("build: improve ccache support") these variables
are being set globally and we don't need them for specific targets.
Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
While parsing the nm output, we need to account for the fact that 64-bit kernels
have 64-bit wide addresses. While at it, replace the grep | sed combo with a
single awk invocation and a stronger regex.
Fixes: 2ef0acc5fc "kernel-build: fix
STRIP_KERNEL_EXPORTS for recent kernels"
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Multiple prereq checks are only required within the build system but not
for the ImageBuilder. These checks are excluded by using ifndef IB.
This commit merges the three ifndef IB blocks together.
Signed-off-by: Paul Spooren <mail@aparcar.org>
All modifications made by update_kernel.sh run in a fresh clone
without any existing toolchains.
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Some images are created using different filesystems, most popular
squashfs and ext4. To allow downstream projects to distinguesh between
those, add the `filesystem` information to created json files.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Removed since included upstream and could be reverse-applied by quilt:
backport-5.4/315-v5.10-usbnet-ipeth-fix-connectivity-with-ios-14.patch
Remaining modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [build/run x86_64]
It was observed that the MD5 would not change after source files had been
modified, looking deeper into the build process it was discovered that
find_md5 build function makes a list of the files being built and then
passes the list to a summing utility on stdin. The resultant MD5 is of
the file list, not the contents of the files.
The MD5 would change if the ordering of the list changed, or items were
removed or deleted.
The proposed fix is to add the modification time after the filename and
then sort the list to prevent find returning files in a different order
falsely re-triggering a rebuild. The MD5 will now change when a file is
modified or files are added/removed from the list.
Using 'T@' to show time in epoch for timezone independent behaviour.
Signed-off-by: John Beckett <john.beckett@net2edge.com>
This is a neat project, but offers no benefit to OpenWrt. The initial
reason for it was to be a replacement for libstdcpp as it is smaller
and lacks compatibility for C++98. Unfortunately, compiling several
packages with it results in larger ipk sizes.
While not a member of the packages feed, this will be moved to
packages-abandoned to keep it somewhere.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
On non-GNU systems, zcat often does not handle gzip decompression.
Use gzip -dc like the regular unpack command
Signed-off-by: Felix Fietkau <nbd@nbd.name>
All modifications made by update_kernel.sh/no human intervention needed
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[another refresh]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The include/trusted-firmware-a.mk file is based on the
include/u-boot.mk file and should be used to build a Trusted Firmware-A
(TFA) which was previously named Arm trusted firmware.
This is useful for targets where the TFA is board specific like for
Marvell SoCs and probably also NXP Layerscape SoCs.
This also makes use of this abstraction in the
arm-trusted-firmware-mvebu package to build board specific ATF binaries.
The ATF binaries will be automatically activated and build when the
board is selected in the normal build or all boards are selected. This
should also activate the build when build bot creates images.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Some Git hoster (e.g. sr.ht) disable hosting of svg images (xml) to
avoid XSS attacks. To show the logo correctly on all code hosters use a
"safe" PNG image.
Also move logo(s) to include/ folder to lower autocomplete churn with
the `logs/` folder. While at it, replace absolute logo path and make it
relative, as this may break other code hosters as well.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Commit f98878e4c1 ("cmake.mk: set C/CXX compiler for host builds as
well") has introduced regression as it didn't taken usage of ccache into
the account so fix it by handling ccache use cases as well.
In order to get this working we need to export HOSTCXX_NOCACHE in
rules.mk as well.
Fixes: f98878e4c1 ("cmake.mk: set C/CXX compiler for host builds as well")
Reported-by: Ansuel Smith <ansuelsmth@gmail.com>
Tested-by: Ansuel Smith <ansuelsmth@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
It is impossible to locate package that failed the build just from log
once more build is run in parallel (that is more than one make job). The
only way is to scout log files for failed package going back trough log.
This change makes it so error is printed for package that failed every
time.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
Without this, cmake will use whatever CC/CXX is set to, which could be
clang. In that case, at least libjson-c/host will fail to compile.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Currently it's assumed, that already downloaded tarballs are always
fine, so no checksum checking is performed and the tarball is used even
if it might be corrupted.
From now on, we're going to always check the downloaded tarballs before
considering them valid.
Steps to reproduce:
1. Remove cached tarball
rm dl/libubox-2020-08-06-9e52171d.tar.xz
2. Download valid tarball again
make package/libubox/download
3. Invalidate the tarball
sed -i 's/PKG_MIRROR_HASH:=../PKG_MIRROR_HASH:=ff/' package/libs/libubox/Makefile
4. Now compile with corrupt tarball source
make package/libubox/{clean,compile}
Signed-off-by: Petr Štetiar <ynezz@true.cz>
When setting the option IPK_FILES_CHECKSUMS the build system stores
checksums of all package file as metadata. In combination with pkg_check
this allows to see if a package is broken, e.g. caused by bad flash.
To create those checksums the tool `sha256sum` were used while the rest
of OpenWrt uses `mkhash`, a small & fast implementation of sha256. As
the build system does not check the existence of `sha256sum` and the
stderr output is moved to /dev/null, a situation where the option is
enabled but no actual checksum are created may occur.
Instead of adding `sha256sum` as a requirement, this replaces it with
`mkhash sha256` and adapts the `sed` pipe command to fit spacing.
CC: Xu Wang <xwang1498@gmx.com>
CC: Michal Hrusecky <Michal@Hrusecky.net>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Removed since could be reverse-applied by quilt and found to be
included upstream:
backport-5.4/789-net-usb-qmi_wwan-Set-DTR-quirk-for-MR400.patch
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711, ath79/generic
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86_64 build/run]
Allow a device recipe to specify a custom UIMAGE_MAGIC value, as used by
OpenWrt's -M flag for mkimage. This allows to automatically customize
the magic bytes in all calls to Build/uImage for this device, similar to
the behaviour of UIMAGE_NAME. Since the -M argument is inserted before
the user arguments, it can be overriden.
The following example would use 0x87654321 for the KERNEL image, but
0x12345678 for the KERNEL_INITRAMFS image:
define Device/MyDevice
UIMAGE_MAGIC := 0x87654321
KERNEL := ... | uImage lzma
KERNEL_INITRAMFS := ... | uImage lzma -M 0x12345678
...
endef
Fixes: df8e6be59a ("rtl838x: add new architecture")
[UIMAGE_MAGIC was not declared as a device variable]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
[rebase, improve formatting of "Fixes"]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
For some build recipes, the argument to Build/uImage is used to sneak in
extra arguments for mkimage, whereas this appears to have been intended
to specificy the compression method only.
Use the first provided word for -C to be backwards compatible with
current calls to Build/uImage. Use the rest of the call arguments to
override the provided defaults. Only the input file name (-d) and the
output file name cannot overriden.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Manually rebased patches:
ath79/patches-5.4/910-unaligned_access_hacks.patch
bcm27xx/patches-5.4/950-0135-spi-spi-bcm2835-Disable-forced-software-CS.patch
bcm27xx/patches-5.4/950-0414-SQUASH-Fix-spi-driver-compiler-warnings.patch
ipq806x/patches-5.4/093-4-v5.8-ipq806x-PCI-qcom-Use-bulk-clk-api-and-assert-on-error.patch
Removed since could be reverse-applied by quilt and found to be included upstream:
ipq806x/patches-5.4/096-PCI-qcom-Make-sure-PCIe-is-reset-before-init-for-rev.patch
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[refresh altered targets after rebase]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Commit 5d76065 moved the creation of the symvers directory to
include/kernel-build.mk. This is fine when building from scratch. But
when unpacking an SDK the directory doesn't exist and because the kernel
won't be built (again) this directory will not be created by the build
system, causing build failure if make tries to copy files into it.
This moves the creation of the symvers directory back into
include/kernel.mk so that the directory is created in any case.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Apple ships a broken make version with the Xcode command line tools.
Homebrew installs make as gmake by default in order to not collide with
Apple's version.
Exit with an error if the broken one is used accidentally
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Define wildcard patterns for filtering in target/linux/generic/config-filter
Preparation for supporting newer kernels
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This replaces the previous (deprecated) method of collecting symvers data
in $(PKG_BUILD_DIR)/Module.symvers, which does not work on newer kernels
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This change adds the configuration option to build and include
the nft_queue kernel module, which allows traffic to be queued up
to userspace from an nftables rule
Tested-by: Sébastien Delafond sdelafond@gmail.com
Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
The source date epoch is the only reproducible date close to the actual
build date. It can be used for tooling like the firmware wizard to show
the image age.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Manually rebased patches:
bcm27xx:
patches-5.4/950-0267-xhci-add-quirk-for-host-controllers-that-don-t-updat.patch
bcm53xx:
patches-5.4/180-usb-xhci-add-support-for-performing-fake-doorbell.patch
layerscape:
patches-5.4/802-can-0025-can-flexcan-add-LPSR-mode-support-for-i.MX7D.patch
patches-5.4/808-i2c-0002-MLK-10893-i2c-imx-add-irqf_no_suspend.patch
patches-5.4/820-usb-0016-MLK-16735-usb-host-add-XHCI_CDNS_HOST-flag.patch
Removed since could be reverse-applied by quilt:
mediatek:
patches-5.4/0700-arm-dts-mt7623-add-missing-pause-for-switchport.patch
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711, x86_64
Run-tested: ipq806x/R7800, x86_64
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86_64]
Rebase of 802-can-0025-can-flexcan-add-LPSR-mode-support-for-i.MX7D.patch
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
This removes switches dependent on kernel version 4.19 as well as
several packages/modules selected only for that version.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
We use 5.4 on all targets by default, and 4.19 has never been released
in a stable version. There is no reason to keep it.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
LegacyDevice is not used anymore in our tree, so let's drop it
together with the relevant definitions and recipes.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The definitions in image-commands.mk seem to have no particular
order. Sort them alphabetically to make it easier to actually
find anything there. No other changes made beyond moving entire
blocks.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Build/combined-image is only used in ath25 target, and that defines
its own version. Thus, drop the unused definition in image-commands.mk.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This drops unused legacy recipes Image/Build/SysupgradeNAND and
Image/Build/UbinizeImage.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This reverts commit 7f94e2afcf.
Package kmod-nft-core is missing dependencies for the following libraries:
nft_reject.ko
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Nightly snapshot builds of OpenWrt change their kernels versions
frequently and lose thereby compatibility to kmods from the upstream
target specific packages feed.
To allow opkg to install packages over multiple days a kmod archive is
offered at $target/$subtarget/kmods/$kernelversion and added as a feed
to created snapshot images via a buildbot step[1].
Instead of using a buildstep add the kmod feed directly via
FeedSourcesAppend to be included in the ImageBuilder repositories.conf
as well. This is conditionally only done for SNAPSHOT builds and when
running as BUILDBOT. Releases are unaffected as they don't include
kernel version changes and local builds may use different kernel
versions or magics than available upstream.
This commit allows in a future step to ship ImageBuilders without a
locally stored kmod archive.
[1]: https://git.openwrt.org/?p=buildbot.git;a=blob;f=phase1/master.cfg;h=3ba7a1606e89b095b10555e703ea96e93295deec;hb=HEAD#l1025
Signed-off-by: Paul Spooren <mail@aparcar.org>
The mips kernel vmlinux image supports adding an empty ELF section
for DTB to be later inserted into with MIPS_ELF_APPENDED_DTB.
This ELF + inserted DTB image can then be directly booted on some
devices.
Example usage:
image/subtarget.mk:
KERNEL_NAME := vmlinux.elf
KERNEL_INITRAMFS_NAME := vmlinux-initramfs.elf
KERNEL := kernel-bin | append-dtb-elf
On mt7621 memory size needed to be manually specified.
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
Kernel commit 1ac89d20150e ("netfilter: nat: merge nf_nat_redirect into
nf_nat") made the redirect module part of the nat core and changed the
CONFIG_NF_NAT_REDIRECT option to a boolean, without prompt, affecting
kernel 4.18 onwards. CONFIG_NF_NAT_REDIRECT now can only be selected by
CONFIG_NFT_REDIR or NETFILTER_XT_TARGET_REDIRECT
Fixes: FS#2476
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2476
Fixes: FS#2990 (partial)
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2990
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
[note that the option has no prompt and can only be selected by other
kconfig options]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
It was removed in upstream linux commit faec18db ("netfilter: nat:
remove l4proto->manip_pkt"). This happened since linux 5.0
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Kernel commit 22fc4c4c9fd6 ("netfilter: conntrack: gre: switch module to
be built-in") moved the CT GRE code into the core nf_conntrack.ko module
and changed the CONFIG_NF_CT_PROTO_GRE option to boolean for kernel 5.1
and onwards.
CONFIG_NF_CT_PROTO_GRE at the moment has no prompt and can only be
selected by NF_CONNTRACK_PPTP
Fixes: FS#2990 (partial)
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2990
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
[note that the option now can not be enabled on its own]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The upstream linux commit is 3bf195ae ("netfilter: nat: merge
nf_nat_ipv4,6 into nat core"). It was included since linux 5.1
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
CONFIG_IP_NF_TARGET_REDIRECT is a compat option since upstream commit
2cbc78a2 ("netfilter: combine ipt_REDIRECT and ip6t_REDIRECT"). That
happened since linux 3.10
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
CONFIG_IP_NF_TARGET_MASQUERADE and its counterpart
CONFIG_IP6_NF_TARGET_MASQUERADE are "backwards-compat option for the
user's convenience"
Related commit d22c1755 ("netfilter: fix NAT packaging with kernels
5.2+")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Add procd-ujail and procd-seccomp to DEFAULT_PACKAGES if not building
for space-constraint (FEATURES:=small_flash) targets.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Rather than unconditionally adding busybox and procd to the set of
default packages, add busybox-selinux and procd-selinux in case
CONFIG_SELINUX is set.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
* add d-link_dgs-1210-10p support
* make sure mips16 is disabled
* add a generic sub target
* add proper cflags
Signed-off-by: John Crispin <john@phrozen.org>
This reverts commit ef7c34c1d1.
The commit seems to break all buildbots with messages like:
/builder/shared-workdir/build/include/toplevel.mk:15:
/builder/shared-workdir/build/include/toplevel-vars.mk: No such file or directory
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
version_abbrev uses $(shell) and the ?= is causing make to run the command
over and over again, causing a significant build slowdown
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Usage of current R1 ISA is inconsistent with the MIPS32 subtarget, little
used and has limited utility for testing.
Many distros target a minimum R2 ISA. Debian MIPS 32-bit/64-bit ports all
use MIPS R2 ISA since Stretch, for example. Fedora's MIPS arch also targets
the R2 ISA for 32-bit/64-bit.
Widely used MIPS64 platforms like Octeon are based on the MIPS R2 ISA or
later, and benefit from having a compatible test platform in OpenWRT.
While Linux does support MIPS64 R1 targets, its usefulness for development
and testing is limited. As an example, the modern Linux eBPF JIT requires
a MIPS R2 ISA or later.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
[Refresh config and fix README]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
The buildroot and SDK both require the compilers (gcc, g++) to be
installed on the host system, however the ImageBuilder uses precompiled
binaries.
This patch changes the prerequirements checks to skip the checking for
the compilers if running as ImageBuilder. A similar change has been
made for libncurses-dev in 4a1a58a3e2.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
Acked-by: Paul Spooren <mail@aparcar.org>
Seemingly unneeded based on new upstream code so manually deleted:
layerscape:
820-usb-0007-usb-dwc3-gadget-increase-timeout-value-for-send-ep-c.patch
Manually merged:
generic-hack:
251-sound_kconfig.patch
All other modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800, lantiq/Easybox 904 xDSL
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[add lantiq test report, minor commit message clarification]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The former nft_chain_nat_ipv4 and nft_chain_nat_ipv6 modules have been merged
into a common nft_chain_nat module starting with Linux 5.1.
Ensure that this common module is shipped along with kmod-nft-nat on recent
kernels.
While we're at it, also apply version constraints to other nft modules that
have been merged into the core with newer kernels.
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2815#comment8016
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Instead of hardcoding 'targeted' policy, evaluate /etc/selinux/config
in rootfs to choose according to which policy files in the rootfs got
to be labeled.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
By installing policycoreutils to host/bin it is also available within
the ImageBuilder and SDK, allowing to correctly label both filesystems
and packages.
Signed-off-by: Paul Spooren <mail@aparcar.org>
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x, ath79/generic, bcm72xx/bcm2711
Run-tested: ipq806x (R7800)
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
There are currently several variants of 'wpad' package but the 'iwinfo'
is included by default only if 'wpad', 'wpad-{basic*,mini}' or 'nas'
packages are included in {DEVICE,DEFAULT}_PACKAGES. Use 'wpad-*'
pattern to include 'iwinfo' with any 'wpad' variant.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
'setfiles' and others should be installed to $(STAGING_DIR_HOSTPKG)/bin
rather than $(...)/sbin which isn't in PATH.
Also using -Wl,-rpath to set library search location instead of setting
LD_LIBRARY_PATH when calling setfiles in image.mk.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Some bootloaders are really keen on just one special
fdt in a multi-image fit image. This is a problem, because
currently this is fixed to "fdt@1".
This patch introduces a new device variable:
DEVICE_FDT_NUM that allows to specify the right
fdt number.
If the value is absent "1" will be chosen.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x, lantiq/xrx200 and ath79/generic
Run-tested: ipq806x (R7800), lantiq (Easybox 904 xDSL)
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[add test on lantiq]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
All modifications made by update_kernel.sh/no manual intervention needed
Run-tested: ipq806x (R7800), ath79 (Archer C7v5), x86/64
No dmesg regressions, everything appears functional
Signed-off-by: John Audia <graysky@archlinux.us>
[add run test from PR]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This reverts commit 34cc2c9a99.
The reverted shell code is a very poor reimplementation of the existing
package-metadata.pl usergroup subcommand and the resulting file is not
used anymore, so drop this code.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This file can be subsequently used to resolve symbolic user or group names
to their numeric IDs when packing ipk archives.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Multiple packages contain a USERID variable defining required user and
group for the package to run. With the recent addition of
"PKG_FILE_MODES" it is possible to define user and group of specific
files, replacing (possibly insecure) post-inst scripts. These modes are
set during build time and put directly into the packages.
To allow user and group names rather than the numeric values, a mapping
like `/etc/passwd` is required by the `ipkg-build` script, mapping names
defined in "PKG_FILE_MODES" to a numeric value, as the build system does
not create any users during build.
This commit adds a single line to the `prepare-tmpinfo` target, so that
everytime the feeds are updated the *passwd like* content of
`./tmp/userids` is updated.
Signed-off-by: Paul Spooren <mail@aparcar.org>
All modifications made by update_kernel.sh/no manual intervention needed
Build-tested: x86_64
Run-tested: ipq806x (R7800)
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Currently the global variable PKG_FILE_MODES is used for all ipkg
creations. This works for Makefiles which output a single package, or
variants of a single package.
But if a Makefile outputs multiple packages that each contain different
files, setting PKG_FILE_MODES causes build failure when any of the files
in the variable do not exist in the folder that is currently being
packaged.
Example:
/openwrt/staging_dir/host/bin/fakeroot -l /openwrt/staging_dir/host/lib/libfakeroot.so -f /openwrt/staging_dir/host/bin/faked /openwrt/scripts/ipkg-build -m "/usr/lib/mariadb/plugin/auth_pam_tool_dir:root:376:0750" /openwrt/build_dir/target-mips_24kc_musl/mariadb-10.4.13/ipkg-mips_24kc/mariadb-server-plugin-disks /openwrt/bin/packages/mips_24kc/packages
+chown: cannot access '/openwrt/build_dir/target-mips_24kc_musl/mariadb-10.4.13/ipkg-mips_24kc/mariadb-server-plugin-disks//usr/lib/mariadb/plugin/auth_pam_tool_dir': No such file or directory
This commit changes the file mode handling a bit. The file mode can now
be set either globally via PKG_FILE_MODES (no behavior change) or on a
per-package basis via FILE_MODES. This way specific file modes can be
used for any particular package.
This behavior is already used for other OpenWrt variables, hence it is
familiar:
PKG_MAINTAINER vs MAINTAINER
PKG_SOURCE_SUBDIR vs SUBDIR
PKG_LICENSE vs LICENSE
...
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Manually merged:
hack-5.4
230-openwrt_lzma_options.patch
bcm27xx
950-0283-hid-usb-Add-device-quirks-for-Freeway-Airmouse-T3-an.patch
x86
011-tune_lzma_options.patch
Remove upstreamed patches in collaboration with Ansuel Smith:
ipq806x
093-1-v5.8-ipq806x-PCI-qcom-Add-missing-ipq806x-clocks-in-PCIe-driver.patch
093-2-v5.8-ipq806x-PCI-qcom-Change-duplicate-PCI-reset-to-phy-reset.patch
093-3-v5.8-ipq806x-PCI-qcom-Add-missing-reset-for-ipq806x.patch
All other modifications made by update_kernel.sh
Build-tested: bcm27xx/bcm2708, ipq806x, x86/64
Run-tested: ipq806x (R7800), x86/64
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[update commit message/tested]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adding inline shell invocations in per-target variables causes them to be
executed over and over again, which causes a significant slowdown.
Fix this by evaluating it only once per package directory
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This removes switches dependent on kernel version 4.14 as well as
several packages/modules selected only for that version.
This also removes sched-cake-virtual, which is not required anymore
now that we have only one variant of cake.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Using fakeroot without passing the paths to libfakeroot.sh and faked
causes havoc. Use the $(FAKEROOT) Make variable which includes them.
Fixes: 353ce2e521 ("build: ipkg-build use fakeroot with PKG_FILE_MODES")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The variable VERSION_REPO is used by opkg to download package(list)s.
Now that the default installation support encrypted HTTP opkg should
make use of it.
Suggested-by: Petr Štetiar <ynezz@true.cz>
Suggested-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
The line of default packages became very long and it is easier to read
one package per line, therefore split it by newlines and sort it
alphabetically.
Signed-off-by: Paul Spooren <mail@aparcar.org>
To allow HTTPS usage on a router it requires both certificates
(ca-bundle) and a fitting libustream library (libustream-wolfssl)
By adding both, uclient-fetch and wget can connect to encrypted HTTP.
This allows opkg to update package lists in a more secure fashion.
Suggested-by: Petr Štetiar <ynezz@true.cz>
Suggested-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
The usage of granular `SOURCE_DATE_EPOCH` for packages is an
incrementing integer which could be useful for downstream tooling,
therefore add it to the packages manifest.
Signed-off-by: Paul Spooren <mail@aparcar.org>
With the new `SOURCE` argument of `get_source_date_epoch` it is possible
to set package timestamps based on actual package changes rather thane
$TOPDIR changes.
This commit adds a new variable PKG_SOURCE_DATE_EPOCH which is used by
the `ipkg` build script. As a fallback the existing SOURCE_DATE_EPOCH is
used or as last resort the current time.
The redundant checks for `.git/` and `.svn/` are removed.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The `ipkg-build` script converts a folder into a `opkg` installable
package. Until now it would use root:root for all packages and try to
preserve file modes.
This has the two drawbacks of packages want to add non-root files or add
SUID files, like the `sudo` package does.
To give more flexibility regarding file modes and avoid init script
hacks, a new variable called `PKG_FILE_MODES`. The variable contains a
list of files modes in the format `path:owner:group:mode`.
An example for the `sudo` package below:
```
PKG_FILE_MODES:=\
/usr/bin/sudo:root:root:4755 \
/etc/sudoers:root:root:0440
```
The `ipkg-build` now runs within a fakeroot environment to set any mode
and directly store it in the resulting `ipk` package archive.
Both options `-o` and `-g` are no longer required due to the introduction
of the more flexible `-m` options, which takes the `PKG_FILE_MODES` as
input.
Lastly the option `-c` is removed as it's unused within the script.
Signed-off-by: Paul Spooren <mail@aparcar.org>
This allows the build process to prepare a squashfs filesystem for use
with SELinux.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, add commit message]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
CMake provides a user package registry (stored in ~/.cmake/packages) and
a system package registry (not available on non-Windows platforms).
The "export(PACKAGE)" command may store information in the user package
registry, and the "find_package()" command may search both user and
system package registries for information.
This sets various variables to disable the use of these package
registries (both saving and retrieval of package information).
This also sets deprecated variables that perform similar functions, in
case external toolchains include older versions of CMake.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This PR is a blend of several kernel bumps authored by ldir taken from his
staging tree w/ some further adjustments made by me and update_kernel.sh
Summary:
Deleted upstreamed patches:
generic:
742-v5.5-net-sfp-add-support-for-module-quirks.patch
743-v5.5-net-sfp-add-some-quirks-for-GPON-modules.patch
bcm63xx:
022-v5.8-mtd-rawnand-brcmnand-correctly-verify-erased-pages.patch
024-v5.8-mtd-rawnand-brcmnand-fix-CS0-layout.patch
mediatek:
0402-net-ethernet-mtk_eth_soc-Always-call-mtk_gmac0_rgmii.patch
Deleted patches applied differently upstream:
generic:
641-sch_cake-fix-IP-protocol-handling-in-the-presence-of.patch
Manually merged patches:
generic:
395-v5.8-net-sch_cake-Take-advantage-of-skb-hash-where-appropriate.patch
bcm27xx:
950-0132-lan78xx-Debounce-link-events-to-minimize-poll-storm.patch
layerscape:
701-net-0231-enetc-Use-DT-protocol-information-to-set-up-the-port.patch
Build system: x86_64
Build-tested: ath79/generic, bcm27xx/bcm2708, bcm27xx/bcm2711,
imx6, mvebu/cortexa9, sunxi/a53
Run-tested: Netgear R7800 (ipq806x)
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-By: Lucian Cristian <Lucian.cristian@gmail.com> [mvebu]
Tested-By: Curtis Deptuck <curtdept@me.com> [x86/64]
[do not remove 395-v5.8-net-sch_cake-Take-advantage-... patch,
adjust and refresh patches, adjust commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-By: John Audia <graysky@archlinux.us> [ipq806x]
The README file is displayed on "make help", but updating the
command has been overlooked during the README -> README.md
rename.
Fix it.
Fixes: d0113711a3 ("README: port to 21st century")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Fix shellcheck SC2230
> which is non-standard. Use builtin 'command -v' instead.
Using `command -v` is POSIX compliant while `which` is not. Also to
mention, `command -v` is a shell builtin whereas `which` is a separate
busybox applet.
Once applied to everything concerning OpenWrt we can disable the busybox
feature `which` and save 3.8kB.
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Paul Spooren <mail@aparcar.org>
[also replace cases in zram-swap]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
It has been reported that the current message displayed during
upgrade with compat_version change is misleading for "legacy"
devices, i.e. those without the "new" fwtool. This is partially
caused by the fact that we need to exploit the supported_devices
string to get some message text displayed for these devices.
This patch modifies the message to make it more helpful and
include additional information, e.g.
Device linksys,wrt3200acm not supported by this image
Supported devices: linksys,wrt3200acm linksys-whateverelse - Image
version mismatch: image 1.1, device 1.0. Please wipe config during
upgrade (force required) or reinstall. Reason: Config cannot be
migrated from swconfig to DSA
Note that the line breaks (except the one before Supported devices)
are added manually here, I hesitate to hack \n into the
supported_devices as well. The "Reason:" will only be displayed if
DEVICE_COMPAT_MESSAGE is set for the device, otherwise
"Please check documentation ..." will be shown instead.
While at it, also rearrange the code in image-commands.mk to
make lines shorter and remove the double filter-out command.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Add package which provides size optimized wpad with support for just
WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[adapt to recent changes, add dependency for WPA_WOLFSSL config]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Instead of just printing a warning that an image is too big, also
print both actual size and limit in the string:
WARNING: Image file somename.bin is too big: 2096101 > 1048576
Since the kernel size is checked via the same function (if
KERNEL_SIZE is specified), this will also apply to the kernel
image size check.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The recipe check-kernel-size is not used in the entire tree. Instead,
we already check the size of the kernel image in Device/Build/kernel
in image.mk via check-size function if KERNEL_SIZE is defined.
Therefore, drop the function. Using it would be redundant anyway.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
So far, the compatibility mechanism only works if both device and
image are already updated to the new routines. This patch extends
the sysupgrade metadata and fwtool_check_image() to account for
"older" images as well:
The basic mechanism for older devices to check for image compatibility
is the supported_devices entry. This can be exploited by putting
a custom message into this variable of the metadata, so older FW
will produce a mismatch and print the message as it thinks it's the
list of supported devices. So, we have two cases:
device 1.0, image 1.0:
The metadata will just contain supported_devices as before.
device 1.0, image 1.1:
The metadata will contain:
"new_supported_devices":["device_string1", "device_string2", ...],
"supported_devices":["Image version 1.1 incompatible to device: ..."]
If the device is "legacy", i.e. does not have the updated fwtool.sh,
it will just fail with image check and print the content of
supported_devices. If DEVICE_COMPAT_MESSAGE is set, this will be
printed on old devices as well through the same mechanism. Otherwise
a generic "Please check documentation ..." is appended.
Upgrade can still be performed with -F like when
SUPPORTED_DEVICES has been removed to prevent bricking.
If the device has updated fwtool.sh (but is 1.0), it will just use
the new_supported_devices instead, and work as intended (flashing
with -n will work, flashing without will print the appropriate
warning).
This mechanism should provide a fair tradeoff between simplicity
and functionality.
Since we touched a lot of fields in metadata, this also bumps
metadata_version to 1.1.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
We regularly encounter the situation that devices are subject to
changes that will make them incompatible to previous versions.
Removing SUPPORTED_DEVICES will not really be helpful in most of these
cases, as this only helps after a rename.
To solve this situation, this patchset introduces a compatibility
version for devices. It will be implemented via a per-device
Make variable DEVICE_COMPAT_VERSION, which will be set to 1.0
globally by default and then can be overwritten as needed.
Furthermore, a variable DEVICE_COMPAT_MESSAGE is added, where
a message to be displayed during sysupgrade may be specified
optionally.
This patch only implements the build variables and adds them
to the sysupgrade metadata, the evaluation will be addressed
in a subsequent patch.
To set it, one would just need to add the following to a device node:
define Device/somedevice
...
DEVICE_COMPAT_VERSION := 1.1
DEVICE_COMPAT_MESSAGE := Config cannot be migrated from swconfig to DSA
endef
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
By specifying "BROKEN := 1" or "BROKEN := y" for a device, it will be
hidden (and deselected) by default. By that, it provides a stronger
option to "disable" a device beyond just using DEFAULT := n.
To make these devices visible, just enable the BROKEN option in
developer settings as already implemented for targets and packages.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
update_kernel.sh refreshed all patches, no human interaction was needed
Build system: x86_64
Run-tested: Netgear R7800 (ipq806x)
Signed-off-by: John Audia <graysky@archlinux.us>
Set CCACHE_DIR to $(TOPDIR)/.ccache and CCACHE_BASEDIR to $(TOPDIR).
This allows to do clean and dirclean. Cache hit rate for test build
after dirclean is ~65%.
If CCACHE is enabled stats are printed out at the end of building process.
CCACHE_DIR config variable allows to override default, which could be useful
when sharing cache with many builds.
cacheclean make target allows to clean the cache.
Changes from v1:
- remove ccache directory using CCACHE_DIR variable
- remove ccache leftovers from sdk and toolchain make files
- introduce CONFIG_CCACHE_DIR variable
- introduce cacheclean make target
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Instead of using xargs to pass a huge number of files to
script/ipkg-remove, which will usually pick only one, use a more
restrictive wildcard so that, currently, at the most 325 files are
examined, instead of up to over 2,300. The 325-file package is python,
which is picking up python3* ipks. It is about to be removed.
Runner-up is ddns-scripts with 7 files.
This makes a second run of make package/luci/compile go from
real 16.40s; user 17.42s; sys 2.73s
to
real 10.71s; user 9.51s; sys 1.27s
There is a caveat though: if one were to remove the ABI_VERSION of a
package that ends in a digit [0-9], then the old package ipk will not be
removed from the bin directory by make package/abc2/clean.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The wildcard call to clean up luci package (luci*) can pick up over
2,300 files when the full tree is built. Running make package/luci/clean
or a second run of make package/luci/compile would fail with an
'Argument list too long' error.
To avoid that, a maybe_use_xargs function was created that runs the
command straight as usual if the number of arguments is < 512, or saves
the list in a temporary file and feeds it to xargs otherwise.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Instead of calling $(wildcard) to check if the removal list is empty,
then calling it again to actually remove the files, define a function so
that the arguments are expanded only once when it gets called.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
f4f8f4a180 broke ffmpeg compilation with x86
The reason is that ffmpeg's x86 assembly requires at least MMX, which the
pentium CPU_TYPE was preventing.
Fixes ffmpeg compilation on x86_legacy and x86_geode.
Ref: https://github.com/openwrt/openwrt/pull/3061
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Add support for make target nconfig (ncurses)
Reviewed-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Sergio E. Nemirowski <sergio@outerface.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Only enable the testing-kernel feature for the target when the testing
kernel version does not match the stable kernel version.
This way, the option for building the testing kernel in the build config
menu is only exposed when there's a testing kernel available.
Signed-off-by: David Bauer <mail@david-bauer.net>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Fixes:
- CVE-2020-10757
The "mtd: rawnand: Pass a nand_chip object to nand_release()" commit was
backported which needed some adaptations to other code.
Run tested: ath79
Build tested: ath79
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fixes:
- CVE-2020-10757
The "mtd: rawnand: Pass a nand_chip object to nand_release()" commit was
backported which needed some adaptations to other code.
Build tested: ramips
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
With this commit the `profiles.json` contain both the target specific
`default_packages` as well as the device specific `device_packages` as a
array of strings.
This information is required for downstream projects like the various
web-based interactive firmware generators.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Removes the standalone implementation of stack smashing protection
in gcc's libssp in favour of the native implementation available
in glibc and uclibc. Musl libc already uses its native ssp, so this
patch does not affect musl-based toolchains.
Stack smashing protection configuration options are now uniform
across all supported libc variants.
This also makes kernel-level stack smashing protection available
for x86_64 and i386 builds using non-musl libc.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
The buildroot and SDK both require `libncurses-dev` to be installed on
the system, however the ImageBuilder uses precompiled binaries.
This patch changes the prerequirements checks to skip the
`libncurses-dev` part if running as ImageBuilder.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Required for installation of autoconf:
make[5]: Entering directory `/openwrt/build_dir/host/autoconf-2.69'
Making all in bin
make[6]: Entering directory `/openwrt/build_dir/host/autoconf-2.69/bin'
autom4te_perllibdir='..'/lib AUTOM4TE_CFG='../lib/autom4te.cfg'
../bin/autom4te -B '..'/lib -B '..'/lib --language M4sh --cache
'' --melt ./autoconf.as -o autoconf.in
Can't locate Data/Dumper.pm in @INC (@INC contains: ../lib
/usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl
/usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at
../lib/Autom4te/C4che.pm line 33.
BEGIN failed--compilation aborted at ../lib/Autom4te/C4che.pm line 33.
Compilation failed in require at ../bin/autom4te line 40.
BEGIN failed--compilation aborted at ../bin/autom4te line 40.
make[6]: *** [autoconf.in] Error 2
Signed-off-by: Rosen Penev <rosenp@gmail.com>
While the effective "default" based on frequent use is "router", the
DEVICE_TYPE variable actually provides a "basic" configuration without
selecting any additional packages.
This is currently set up with the identifier "bootloader", which seems
to be not used at all. However, the only targets not using "router" or
"nas" are actually archs38 and arc770, which use their own value
"developerboard" for DEVICE_TYPE which seems to have been invented when
these targets where added. The latter is not implemented in target.mk,
though, and will fall back to the "basic" set of packages then.
So, to clean this up and make it more readable, let's just define a
DEVICE_TYPE "basic" and use it for the aforementioned cases.
Cc: Christian Lamparter <chunkeey@gmail.com>
Cc: Sungbo Eo <mans0n@gorani.run>
Cc: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
zstd with its default settings (compression level -3) compresses better
than bzip2 -9 (which is the default setting), and is an order of magnitude
faster.
I made the following measurements for the most common compression tools
(all standard Debian Buster versions, default flags unless noted
otherwise), using the debug information of a large x86-64 kernel with
ALL_KMODS:
* kernel-debug.tar: 376M
* kernel-debug.tar.gz: 101M, compressed in ~12s
* kernel-debug.tar.bz2: 91M, compressed in ~15s
* kernel-debug.tar.xz: 57M, compressed in ~101s
* kernel-debug.tar.zst: 86M, compressed in ~1s
With zstd, there is still some room for improvement by increasing the
compression, but the slight increase in compression ratio
(22.83% -> 19.46%) does not justify the significant increase in
compression time (about 5 times on my machine) in my opinion.
Note that multithreaded compression (-T argument) does not affect
reproducibility with zstd.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Running make with RECURSIVE_DEP_IS_ERROR=1 will cause a hard failure
when a recursive dependency is detected. This is useful to apply
stricter Ci tests, for example.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>