On Debian, busybox does have a time applet, but it does not support the -f
flag. Catch this in prereq check to give users to proper error message.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
An incorrect variable name was referenced in KERNEL_FILE_DEPENDS, leading
to the omission of the backport-* patch dirs in the generation of the
prepared stamp name.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Allow enabling/commenting/disabling each feed individually by using a
tristate config symbol.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Setting CONFIG_FEED_... symbols combined two different effects: Disabling
a feed in the generated opkg distfeeds.conf, and omitting the feed from
PACKAGE_SUBDIRS.
It does not make sense to omit built feeds from PACKAGE_SUBDIRS, as it will
only lead to packages that can be enabled in .config (and that will
consequently be built) not to be found during rootfs creation, breaking
the build. All feeds that packages are emitted to should simply always be
added to PACKAGE_SUBDIRS instead; the CONFIG_FEED_... only configure the
generated distfeeds.conf like this.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
build openwrt on centos 6 I should use devtoolset-3 to get gcc 4.9, but
it fail when make menuconfig. so I have to give option HOSTCC='gcc
-Wl,--copy-dt-needed-entries' to make. But it passed to sub make to
HOSTCC=gcc as micro SUBMAKE expand to HOSTCC=gcc
-Wl,--copy-dt-needed-entries. This patch fix this issue.
make -C build menuconfig HOSTCC='gcc -Wl,--copy-dt-needed-entries' V='1'
make: Entering directory `/work/openwrt/openwrt/build'
/opt/rh/devtoolset-3/root/usr/libexec/gcc/x86_64-redhat-linux/4.9.2/ld:
lxdialog/checklist.o: undefined reference to symbol 'acs_map'
//lib64/libtinfo.so.5: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
make[1]: *** [mconf] Error 1
make -s -C scripts/config all CC=gcc -Wl,--copy-dt-needed-entries: build
failed. Please re-run make with -j1 V=s to see what's going on
make: *** [scripts/config/mconf] Error 1
make: Leaving directory `/work/openwrt/openwrt/build'
Signed-off-by: 李国 <uxgood.org@gmail.com>
Rereshed all patches
Reworked patches to match upstream:
335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
- Make the code more GitHub-specific
- Requires mirror hash to work with .gitattributes
- Use different API depending on whether PKG_SOURCE_VERSION is a
complete commit id or other ref types like tags
- Fix removing symbolic link
- pre-clean dir_untar for possible leftovers from previous run
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Move SCAN_DEPS to scan.mk to eliminate redundancy with scripts/feeds
Add image/*.mk to SCAN_DEPS for targets to pick up newly added devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Seems like the python download.py dl_method call causes serious
performance regression for fresh "make defconfig" as reported in
FS#1621. GitHub tarball download will also be disabled with this
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Add a menuconfig option to set the HOME_URL exposed in
/usr/lib/os-release independent from the
LEDE_DEVICE_MANUFACTURER_URL.
Fixes: FS#1123
Signed-off-by: Mathias Kresin <dev@kresin.me>
A new python script scripts/download.py is added to fetch tarballs using
GitHub archive API [1], then repack in a reproducible way same as the
current DownloadMethod/git
GitHub imposes a 60 reqs/hour rate limit on unauthenticated API
access[2]. This affects fetching commit date for feeding tar --mtime=
argument. However, observation indicates that archive download is NOT
subject to this limit at the moment. In the rare cases where download
fails because of this, we will falback to using DownloadMethod/git
The missing piece in the GitHub API is that it cannot provide in the
tarball dependent submodules's source code. In that case, the
implementation will also fallback to using DownloadMethod/git
[1] Get archive link, https://developer.github.com/v3/repos/contents/#get-archive-link
[2] Rate limiting, https://developer.github.com/v3/#rate-limiting
v2 <- v1:
- allow passing multiple urls with --urls argument
- add commit ts cache. can be helpful on retry
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This patch adds support for ZyXEL NBG6617
Hardware highlights:
SOC: IPQ4018 / QCA Dakota
CPU: Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM: 256 MiB DDR3L-1600/1866 Nanya NT5CC128M16IP-DI @ 537 MHz
NOR: 32 MiB Macronix MX25L25635F
ETH: Qualcomm Atheros QCA8075 Gigabit Switch (4 x LAN, 1 x WAN)
USB: 1 x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
WLAN1: Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2: Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT: RESET Button, WIFI/Rfkill Togglebutton, WPS Button
LEDS: Power, WAN, LAN 1-4, WLAN 2.4GHz, WLAN 5GHz, USB, WPS
Serial:
WARNING: The serial port needs a TTL/RS-232 3.3v level converter!
The Serial setting is 115200-8-N-1. The 1x4 .1" header comes
pre-soldered. Pinout:
1. 3v3 (Label printed on the PCB), 2. RX, 3. GND, 4. TX
first install / debricking / restore stock:
0. Have a PC running a tftp-server @ 192.168.1.99/24
1. connect the PC to any LAN-Ports
2. put the openwrt...-factory.bin (or V1.00(ABCT.X).bin for stock) file
into the tftp-server root directory and rename it to just "ras.bin".
3. power-cycle the router and hold down the the WPS button (for 30sek)
4. Wait (for a long time - the serial console provides some progress
reports. The u-boot says it best: "Please be patient".
5. Once the power LED starts to flashes slowly and the USB + WPS LEDs
flashes fast at the same time. You have to reboot the device and
it should then come right up.
Installation via Web-UI:
0. Connect a PC to the powered-on router. It will assign your PC a
IP-address via DHCP
1. Access the Web-UI at 192.168.1.1 (Default Passwort: 1234)
2. Go to the "Expert Mode"
3. Under "Maintenance", select "Firmware-Upgrade"
4. Upload the OpenWRT factory image
5. Wait for the Device to finish.
It will reboot into OpenWRT without any additional actions needed.
To open the ZyXEL NBG6617:
0. remove the four rubber feet glued on the backside
1. remove the four philips screws and pry open the top cover
(by applying force between the plastic top housing from the
backside/lan-port side)
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6617> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6617>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6617> ATSE NBG6617
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6617> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6617> ATGU
|NBG6617#
Co-authored-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter.
Match using Linux Socket Filter. Expects a BPF program in decimal
format. This is the format generated by the nfbpf_compile utility.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Refresh patches.
Remove patch that can be reverse applied:
mvebu/patches-4.14/530-ATA-ahci_mvebu-enable-stop_engine-override.patch
mvebu/patches-4.14/531-ATA-ahci_mvebu-pmp-stop-errata-226.patch
Update patch that no longer applied:
ipq806x/patches-4.14/0035-clk-mux-Split-out-register-accessors-for-reuse.patch
Compiled-tested-for: lantiq, ramips
Run-tested-on: lantiq BT hh5a, ramips MIR3g
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Michael Yartys <michael.yartys@protonmail.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
Busybox time supports the GNU time '-f' syntax used by the build time
logging implemented in ff6e62b288, however the prerequisite check added
only works with GNU time installed as `time` or `gtime`.
As busybox is a multicall binary, the name of the symlink setup by
SetupHostCommand also must be changed from `gtime` to `time` to fix the
value of argv[0]. This causes a number of shells (including bash) to use
their builtin impelementation of time, so the sole invocation has been
changed to use `env time` to use the value found on the $PATH.
Signed-off-by: Andy Boyett <agb@agb.io>
Shorten the version string in Netgear factory image header in order
to enable u-boot TFTP recovery flash mode to work again.
Strip 'r7210-14cb05909a' into 'r7210' in the Netgear image header
by removing the hash (anything after "-").
background:
Some Netgear routers have recently been unable to flash Openwrt
factory image with the TFTP recovery flash mode provided by Netgear
u-boot. That is due to over-long Openwrt version string overflowing
into the router type string in u-boot code. Modern git versions
produce 10-digit short hashes for the Openwrt main repo, and that
causes the version string to be too long in the image header,
breaking the image ID verification by the TFTP flash routine.
(Other option could be to force a shorter hash in scripts/getver.sh,
but as the problem only concerns Netgear routers, let's patch just
them.)
More detailed explanations in FS#1583
Tested with WNDR3800
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Refresh patches.
Drop patches that have been upstreamed:
target/linux/ar71xx/patches-4.9/106-01-MIPS-ath79-fix-AR724X_PLL_REG_PCIE_CONFIG-offset.patch
target/linux/generic/backport-4.9/095-v4.12-ipv6-Need-to-export-ipv6_push_frag_opts-for-tunnelin.patch
target/linux/generic/pending-4.9/180-net-phy-at803x-add-support-for-AT8032.patch
target/linux/generic/pending-4.9/181-net-usb-add-lte-modem-wistron-neweb-d18q1.patch
target/linux/generic/pending-4.9/182-net-qmi_wwan-add-BroadMobi-BM806U-2020-2033.patch
Compile & run tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
When CONFIG_AUTOREMOVE is enabled, the build system touches an additional
".autoremove" stamp file in the cleaned build directory.
Since the autoremove stamp file is touched after the compile process
completed, it ends up being the most recent file of the package build
directory, causing the timestamp.pl check of depends.mk to erroneously
declare the ".built" and ".prepared" stamp files as stale, triggering
a forced clean-build submake process.
Fix the problem by using the ".built" stamp file as modification time
reference when touching the ".autoremove" stamp file.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
commit 138c763 ("build: add --force option to gzip in Build/gzip")
added the --force flag to the gzip invocation.
Under environments with busybox gzip (e.g Alpine Linux), this fails
as busybox only recognizes "-f".
Signed-off-by: Mathew McBride <matt@traverse.com.au>
Refreshed all patches
Added new ARM64 symbol: ARM64_ERRATUM_1024718
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The idea is to easily get the list of packages taking the most time to build,
and see if we can improve them
v1: Use SetupHostCommand as recommended by John
v2: add space after 'time:', remove useless /usr/bin/time from SetupHostCommand
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
This allows us to link the other tools against our libz and we do not
need the system zlib any more.
Only the static linked library is copied to the staging directory so we
have a statically linked library on all systems and not only on Linux.
This also adds the new dependencies of the packages which are depending
on zlib.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Merge the two existing functions and use a parameter for the type
header field.
It updates the syntax of the former mpc85xx fake ramdisk header
command to be compatible with mkimage from u-boot 2018.03 and fixes the
build error spotted by the build bot.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Use a syntax compatible with mkimage from u-boot 2018.03 to fix the
build errors spotted by the build bot.
The images are binary identical to the ones generated with mkimage from
u-boot 2014.10.
Signed-off-by: Mathias Kresin <dev@kresin.me>
kmod packages without FILES did not have an install step defined, leading
to no package being built. This affected netfilter/iptables packages, which
filter out builtin modules from FILES.
Not building a package that it is selected in .config is problematic, as
the generated empty package may be necessary to satisfy dependencies.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Split physdev match out of ipt-extra to allow installing ipt-extra without
pulling in br-netfilter.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Commit d6d3db0543 added more gcc version probes, exceeding the argument
limit of the SetupHostCommand macro, leading to failing GCC/LLVM tests
on OS X.
Extend the handled number of arguments to restore proper functionality.
Fixes FS#1470
Fixes d6d3db0543 ("build: Improve GCC version detection")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This now makes sure that the beginning of the version number gets checked
and "4.4.5" will not match was a supported version.
GCC 8 and GCC 9 are now marked as supported, but we probably have to fix
some problems for them.
Closes: FS#1433
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add initial support for Marvell MACCHIATObin, cortex-a72 based Marvell
ARMADA 8040 Community board. Comes in two forms: Single Shot and Double
Shot.
Specifications:
- Quad core Cortex-A72 (up to 2GHz)
- DDR4 DIMM slot with optional ECC and single/dual chip select support
- Dual 10GbE (1/2.5/10GbE) via copper or SFP
2.5GbE (1/2.5GbE) via SFP
1GbE via copper
- SPI Flash
- 3 X SATA 3.0 connectors
- MicroSD connector
- eMMC
- PCI x4 3.0 slot
- USB 2.0 Headers (Internal)
- USB 3.0 connector
- Console port (UART) over microUSB connector
- 20-pin Connector for CPU JTAG debugger
- 2 X UART Headers
- 12V input via DC Jack
- ATX type power connector
- Form Factor: Mini-ITX (170 mm x 170 mm)
More details at http://macchiatobin.net
Booting from micro SD card:
1. reset U-Boot environment:
env default -a
saveenv
2. prepare U-Boot with boot script:
setenv bootcmd "load mmc 1:1 0x4d00000 boot.scr; source 0x4d00000"
saveenv
or manually:
setenv fdt_name armada-8040-mcbin.dtb
setenv image_name Image
setenv bootcmd 'mmc dev 1; ext4load mmc 1:1 $kernel_addr $image_name;ext4load mmc 1:1 $fdt_addr $fdt_name;setenv bootargs $console root=/dev/mmcblk1p2 rw rootwait; booti $kernel_addr - $fdt_addr'
saveenv
Signed-off-by: Damir Samardzic <damir.samardzic@sartura.hr>
Netfilter flow offload has now started to become useful and suitable for
a wider testing audience. Configuring it via UCI is also integrated in
firewall3 by adding 'option flow_offloading 1' to the 'defaults'
section in /etc/config/firewall
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Right patch version this time, sorry!
* Patch 180-usb-xhci-add-support-for-performing-fake-doorbell.patch had to be adjusted slightly because of upstream adapted code.
* Refreshed patches.
Compile-tested: ramips/mt7621, x86/64
Run-tested: ramips/mt7621, x86/64
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Tested-by: Rosen Penev <rosenp@gmail.com>
Some devices only boot when a special config is found in the image and
completely ignore the default entry during the selection. These devices can
now use the variable DEVICE_DTS_CONFIG in their device image definition.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
This reverts commit 43be5087a9.
The change is incompatible with the image builder code.
Luckily the RT-AC58U is no longer depending on the initramfs
being available for the target's image generation rules.
Reported-by: Venitex Aveon <aveon@aenote.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The image production rules does not have the initramfs-image
as a dependency. So, from make’s perspective initramfs
creation can run independently/in parallel with the image
generation code in the target's Makefile.
This is a problem for devices that have to use the initramfs
for the image creation and can lead to broken images.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Copying ./src/* would fail when src exists, but is empty or only contains
hidden files.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
In addition to removing redundant code, this fixes various issues in
IB-generated images that have been fixed in prepare_rootfs before,
including better handling of CONFIG_CLEAN_IPKG and enabling of initscripts
from FILES.
We also reuse the opkg macro and remove --force-... flags that have been
removed from rootfs.mk as well.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
/usr/lib/opkg/status must not be removed completely, otherwise the
packages' conffile lists will be missing. Replace it with a reduced version
only containing the conffile entries.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
When a user removes a preinstalled opkg package, the package's prerm script
(and in particular our default_prerm) should run.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This bumps the 4.4. kernel in master to 4.4.119.
Includes more Meltdown & Spectre mitigation.
* Refresh patches.
* Refresh x86/config for RETPOLINE.
* Deleted 8049-PCI-layerscape-Add-fsl-ls2085a-pcie-compatible-ID.patch (accepted upstream)
* Deleted 8050-PCI-layerscape-Fix-MSG-TLP-drop-setting.patch (accepted upstream)
* Deleted 650-pppoe_header_pad.patch (does not apply anymore (code was replaced)).
Bumps from 4.4.112 to 4.4.115 were handled by Kevin Darbyshire-Bryant.
Compile-tested on: ar71xx & oxnas.
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Tested-by: Rosen Penev <rosenp@gmail.com>
This patch bumps the 4.14 kernel to .23.
- Refreshed patches.
- Deleted bcm53xx/patches-4.14/089-PCI-iproc-Fix-NULL-pointer-dereference-for-BCMA.patch. Has been accepted upstream.
- Deleted generic/pending-4.14/821-usb-Remove-annoying-warning-about-bogus-URB.patch. The upstream URB code was changed,
the patch no longer applies. I discussed this with the patch author and removed it for now, we'll see how it goes.
Compile-tested on: ramips/mt7621, x86/64
Run-tested on: ramips/mt7621, x86/64
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
This makes it possible to add an iptables rule that offloads routing/NAT
packet processing to a software fast path. This fast path is much
quicker than running packets through the regular tables/chains.
Requires Linux 4.14
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When using pigz, a parallel gzip implementation, the gzip step in the
image build for some targets fails, because the image filename already
has the .gz extension. This results in an emtpy image file. Fix this by
adding the --force option to gzip in the Build/gzip macro.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Martin Schleier <drahemmaps@gmx.net>
The current image build code has a number of race conditions and interface
contract violations in the custom image build steps:
- Build/install-zImage, solely used by at91, relies on $(PROFILE_SANITIZED)
which is not available when building with CONFIG_TARGET_MULTI_PROFILE
- Build/at91-sdcard, which may run concurrently, creates scratch files at
fixed locations and manipulates target files directly which can lead
to file corruption and other unexpected failures
Rename the install-zImage macro to at91-install-zImage and move it to the
at91 image Makefile since this target is the sole user. Also utilize "$@"
as output file name and switch the usage of $(PROFILE_SANITIZED) to
$(DEVICE_NAME) in order to fix naming under multi profile builds.
Fix the at91-sdcard macro to construct scratch file paths relative to "$@",
which is guaranteed to be unique and store the final artifact output in "$@"
as well, instead of inside $(BIN_DIR). The generic image build code takes
care of moving a build steps "$@" output to the final destination in a
concurrency-safe manner.
Finally remove the broken install-zImage from the generic image-commands
Makefile.
Fixes: d7a679a036 ("at91: Install zImage.")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
In a profile, specifying -pkg in the list of PACKAGES will suppress
it even if it appears in the target's DEFAULT_PACKAGES list.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
It is currently possible to enable connlabel-support in iptables.
However, in order for connlabel to work properly, the kernel module must
also be present. This patch adds support for building the
connlabel-module, and selects it by default when connlabel-support is
enabled.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
This will make sure that the build system's
paths for linking are available.
This is needed mostly for linking with tools/libressl.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This would should up as `$$(HOSTCPPFLAGS)` in the host CFLAGS.
```
make --jobserver-fds=3,4 -j -C <openwrt>/build_dir/target-arm_cortex-a8+vfpv3_musl_eabi/u-boot-A10-OLinuXino-Lime/u-boot-2017.07 CROSS_COMPILE=arm-openwrt-linux-muslgnueabi- DTC="<openwrt>/build_dir/target-arm_cortex-a8+vfpv3_musl_eabi/linux-sunxi_cortexa8/linux-4.9.76/scripts/dtc/dtc" HOSTCC="gcc" HOSTCFLAGS='-O2 -I<openwrt>/staging_dir/host/include -I<openwrt>/staging_dir/host/usr/include -I<openwrt>/staging_dir/hostpkg/include -I<openwrt>/staging_dir/target-arm_cortex-a8+vfpv3_musl_eabi/host/include $$(HOSTCPPFLAGS)' HOSTLDFLAGS="" BL31=<openwrt>/staging_dir/target-arm_cortex-a8+vfpv3_musl_eabi/image/bl31.bin
```
And then it would complain with:
```
/bin/sh: 1: HOSTCPPFLAGS: not found
```
Also, HOSTCPPFLAGS does not exist.
The correct var is HOST_CPPFLAGS.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
We don't need two versions of this. The escaping quotes
is so that the sed commands aren't misinterpreted by shell;
it has nothing to do with the contents of the file, thus
one version is adequate.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
In addition to backslash and ampersand needing to be escaped for
simple sed RHS strings, we also need to escape comma since we're
using that as our s/// delimiter.
Pass everything through a macro filter to sanitize it.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
The nf_reject_ipv4 and nf_reject_ipv6 modules are moved into separate
packages, as they are a common dependency of ip(6)tables and nftables. This
avoids a dependency of nftables on kmod-nf-ipt(6). Also, fewer iptables
modules depend on nf-conntrack(6) now.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This fixes the following errors when doing "make package/install"
/home/yousong/git-repo/lede-project/lede/build_dir/target-mips_24kc_musl/root-malta/lib/functions/procd.sh: line 47: /home/yousong/git-repo/l
ede-project/lede/build_dir/target-mips_24kc_musl/root-malta/var/lock/procd_urandom_seed.lock: No such file or directory
flock: 1000: Bad file descriptor
Fixes FS#1260
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh,
avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain
and depends it means 'build gcc with libssp'.
Musl no longer uses libssp (1877bc9d8f), it has internal support, so
SSP_SUPPORT was disabled leading some package to not use SSP.
No information why Glibc and uClibc use libssp, but they may also provide
their own SSP support. uClibc used it own with commit 933b588e25 but it was
reverted in f3cacb9e84 without details.
Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT
if either USE_MUSL or GCC_LIBSSP.
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.
Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.
Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.
If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.
Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
In case there is an external git repo specified,
it could overwrite the kernel tarball that was
downloaded from kernel.org.
The only identifier for such a file is the
KERNEL_GIT_CLONE_URI & KERNEL_GIT_REF symbols,
so if we have to download it we'll use that
information [after some sanitization]
to create a different filename for the kernel tarball.
If KERNEL_GIT_REF symbol is empty, HEAD will be used
as mentioned in the description of KERNEL_GIT_REF.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The Download/git rule will do a `git checkout <git-ref>`.
So, we can use any ref we want.
No need to limit just to branches.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
In commit fce35bce0f ("config: support new symbol intro'd in kernel
4.12")
I forgot to remove the initial debug test line.
This clearly is wrong as the same symbol is defined conditionally in the
line below as it should be.
I looked over it as I just checked if the symbol was present now upon
testing it.
Fixes: fce35bce0f ("config: support new symbol intro'd in kernel
4.12")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Eventually the BUILDONLY package flag could be replaced by simply creating
a package Makefile without any BuildPackage calls. This will fail for now,
as BuildPackage also causes the Makefile's compile target etc. to do
something useful at all.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Package "features" seem to be unused for some time. In any case, custom
Config.in snippets and package PROVIDES are a much more flexible way to
express similar options.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This feature has been unused for years, and its scope is too limited to be
actually useful.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Symbol CONFIG_INITRAMFS_FORCE allows to ignore the value passed by the
bootloader.
By default, all symbols containing INITRAMFS are wiped from the final
config and then re-added conditionally.
Add support for this symbol, as the build will stop otherwise
questioning the user about this option:
* Restart config...
*
*
* General setup
*
Cross-compiler tool prefix (CROSS_COMPILE) []
Compile also drivers which will not load (COMPILE_TEST) [N/y/?] n
...
Initial RAM filesystem and RAM disk (initramfs/initrd) support
(BLK_DEV_INITRD) [Y/n/?] y
Initramfs source file(s) (INITRAMFS_SOURCE) []
Ignore the initramfs passed by the bootloader (INITRAMFS_FORCE)
[N/y/?] (NEW)
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Combined Extended Images V1 can be created easily via the new image
commands using
IMAGE/sysupgrade.bin/squashfs := append-rootfs | pad-rootfs | combined-ext-image
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
When generating per-device rootfs directories, the ./etc/opkg/ directory
is moved away prior to calling opkg install, opkg remove and rootfs_prepare.
After the opkg invocations and the rootfs_prepare macro call, the saved opkg
config directory is supposed to be moved back to its previous ./etc/opkg
location.
The mv command however can fail to properly restore the directory under
certain circumstances, e.g. when the prior opkg or files/ overlay copy
operations caused a new ./etc/opkg/ directory to be created.
In this case, the backed up directory (named target-dir-$hash.opkg) will be
moved into the preexisting ./etc/opkg/ directory instead, causing the opkg
configuration to be located in a wrong path on the final rootfs, e.g. in
/etc/opkg/target-dir-$hash.opkg/distfeeds.conf instead of
/etc/opkg/distfeeds.conf.
Solve this problem by replacing the naive "mv" command with a recursive
"cp -T" invocation which causes the backed up directory tree to get merged
with the destination directory in case it already exists.
Also perform the rootfs_prepare macro call after restoring the opkg
configuration, to allow users to override it again by using the files/
overlay mechanism.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Introduce a name-agnostic PROJECT_GIT variable poiting to
https://git.openwrt.org/ and declare LEDE_GIT and OPENWRT_GIT
as aliases to it.
After some transition time we can drop this alias variables.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Rename unwinder config symbols to match upstream changes.
Refresh patches.
Update patch that no longer applies: 202-reduce_module_size.patch
Also enable CONFIG_PAGE_TABLE_ISOLATION. This feature was backported
from 4.15 to the 4.14 stable series. It is enabled by default, so enable
it in OpenWrt as well.
Compile-tested on x86/64.
Runtime-tested on x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Some packages, e.g. busybox, explicitly remove old .configured stamps
before attempting configuration, rather than after the actual configuration
step. This seems like a good idea, as there will be no stamp left if
configuration fails. Change generic rules to work like this, so package-
specific rules can be dropped.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Kernel 4.14 has the version number 4.14 and not 4.14.0. This was
different in some older Linux kernel versions, This change makes it
possible to use kernel 4.14 without any minor version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds initial support for kernel 4.14 based on the patches for
kernel 4.9.
In the configuration I deactivated some of the new possible security
features like:
CONFIG_REFCOUNT_FULL
CONFIG_SLAB_FREELIST_HARDENED
CONFIG_SOFTLOCKUP_DETECTOR
CONFIG_WARN_ALL_UNSEEDED_RANDOM
And these overlay FS options are also deactivated:
CONFIG_OVERLAY_FS_INDEX
CONFIG_OVERLAY_FS_REDIRECT_DIR
I activated this:
CONFIG_FORTIFY_SOURCE
CONFIG_POSIX_TIMERS
CONFIG_SLAB_MERGE_DEFAULT
CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED
I am not sure if I did the porting correct for the following patches:
target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch
target/linux/generic/hack-4.14/220-gc_sections.patch
target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch
target/linux/generic/pending-4.14/305-mips_module_reloc.patch
target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch
target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
- use %d instead of %n for opkg feed identifiers
- remove %n / %N references from version files
Fixes bf5cef47b3 merge: release/banner: drop release name and update banner.
Fixes FS#1213.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Replace in router DEFAULT_PACKAGES odhcpd by odhcpd-ipv6only as
such there's no DHCPv4 server functionality overlap with dnsmasq
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Build dependency: Please install the GNU C Compiler (gcc) 4.8 or later cc
-dumpversion | grep -E '(4\.[8-9]|5\.[0-9]|6\.[0-9]|7\.[0-9])'
Build dependency: Please install the GNU C++ Compiler (g++) 4.8 or later
g++ -dumpversion | grep -E '(4\.[8-9]|5\.[0-9]|6\.[0-9]|7\.[0-9])'
Prerequisite check failed. Use FORCE=1 to override.
On my Fedora 26 machine gcc and g++ -dumpversion returns a whole number
'7' failing the regex introduced in commit:
b78de6207f
This change makes minor versions optional in the build dependency regex
for gcc and g++ whenever any minor version would be accepted and the
whole number version is sufficient as a dependency check. For versions
4.* a minor version is still required.
Signed-off-by: Justin Kilpatrick <jkilpatr@redhat.com>
Only test for supported versions of GCC
The version bump requirement for GCC is because gdb doesn't build with older
versions.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
At the moment, license information can only be specified on a
"per source package" level while other metadata fields (e.g. maintainer)
can be given for each binary package. Apply the same logic for license
fields as well. This can be used e.g. in cases where a library is
distributed under some license while related tools are distributed
under a different one.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
If PKG_BUILD_DIR contains symlinks, the generated Module.symvers will
contain the resolved paths, not the virtual path with the symlink name.
This breaks the filter for the module's own symbols, so to fix this
ensure we also grep for the resolved path.
Reported-by: Roman Yeryomin <roman@advem.lv>
Tested-by: Roman Yeryomin <roman@advem.lv>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Let the generic postinstall script invoke "kmodloader" when the just
installed package contains any /etc/module.d/ entries.
This allows us to skip the explicit "insert_module()" calls in the
package postinstall.
Due to the removed insert_module calls we do not need to assemble a
complete list of modules per package anymore, which allows for vast
simplification of the package generation code.
While we're at it, also support specifying default parameters for
modules using either the MODPARAM or MODPARAM.modulename variables
in KernelPackage.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
mpc85xx uses this for firmware image files, since the dtb data is not
directly part of the kernel image. This causes build failures in the
image builder.
Fix this by adding a separate build step that runs this call earlier,
reusing the generated file for any calls from kernel or image build
commands.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add xconfig target to include/toplevel.mk, so that ``make xconfig`` can
be invoked from $TOPDIR to use Qt based configuration tool to prepare
.config file.
The qconf related sources are taken from linux 4.9.13 archive.
Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
The creation was accidentally moved to the wrong hook, fix it by moving
it to the pre hook.
Fixes: e5e5c3f5fd ("build: ensure PKG_INFO_DIR exists before trying to use it")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
PKG_INFO_DIR is only created at the finish step of the first package
build, but kernel modules now use it at the start. Doing a parallel build
could cause a kernel module to be the first package, breaking the build.
Fix this by ensuring the directory exists.
Fixes: 2e496876c6 ("kernel: collect module symvers for external modules")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Collect module symvers for all external modules to make them available
for modpost. This fixes dependencies for most external modules.
Example:
Before:
root@LEDE:/# modinfo mt76
module: /lib/modules/4.4.74/mt76.ko
license: Dual BSD/GPL
depends:
After:
root@LEDE:/# modinfo mt76
module: /lib/modules/4.4.74/mt76.ko
license: Dual BSD/GPL
depends: mac80211,cfg80211
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
The package kmod-ipt-debug builds the module xt_TRACE, which allows
users to use '-j TRACE' as target in the chain PREROUTING of the table
raw in iptables.
The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so
that this feature which is implemented deep inside the linux IP stack
(for example in sk_buff) is compiled.
But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals
that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which
fails as this dynamic library is not present on the system.
I created the package iptables-mod-trace which takes care of that, and
target TRACE now works!
https://dev.openwrt.org/ticket/16694https://dev.openwrt.org/ticket/19661
Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
[Jo-Philipp Wich: also remove trace extension from builtin extension list
and depend on kmod-ipt-raw since its required for rules]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
During the initial configuration phases, we have not set-up the kernel
source directory, which would lead to such messages:
cat:
/local/users/fainelli/openwrt/trunk/build_dir/target-x86_64_musl/linux-uml/linux-4.9.58/include/config/kernel.release:
No such file or directory
Just silence it, since it does not create a functional problem.
Fixes: 8e0e0e7d8b ("include: Determine MODULES_DIR correctly for external/git kernels")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
The kernel calls both ppc64 and ppc32 "powerpc", so we need to fixup
LINUX_KARCH when building with ARCH=powerpc64.
Signed-off-by: Florian Larysch <fl@n621.de>
Starting with commit d5d332d3f7e8 ("devicetree: Move include prefixes
from arch to separate directory") included in 4.12 and newer relocated
the dt-bindings directory, so account for that while passing CPPFLAGS
before DTC runs.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
No patch refresh required.
Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on ar71xx - Archer C7 v2
Fixes the following CVEs:
- CVE-2017-15265
- CVE-2017-0786
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Refresh patches.
Compile-tested on brcm2708/bcm2708, octeon and x86/64.
Runtime-tested on brcm2708/bcm2708, octeon and x86/64.
Fixes the following CVEs:
- CVE-2017-1000252
- CVE-2017-12153
- CVE-2017-12154
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This patch adds all the board-specific values currently hardcoded
in mktplinkfw2.c back to the respective device declarations in the
makefiles.
The rationale is to avoid modifying the source code every time a
new board or board variant is added.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.
Fixes the following CVEs:
- CVE-2017-14106
- CVE-2017-14497
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Since $(DownloadMethod/unknown) is being invoked in the expansion of
$(call locked ...) anyway, you can't have an @ because the shell
doesn't know what to do with it.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Refresh patches.
Compile-tested on ipq8065/nbg6817 and x86/64.
Runtime-tested on ipq8065/nbg6817 and x86/64.
Fixes CVE-2017-1000251.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[adapt qcom_nandc.c patches to match upstream changes, test ipq8065/nbg6817]
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Delete a bunch of fixes that are already included.
Refresh patches.
Compile-tested on malta/mipsel
Runtime-tested on malta/mipsel
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.
Fixes CVE-2017-11600.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refresh patches.
Compile-tested on ramips/mt7621 and x86/64.
Runtime-tested on ramips/mt7621 and x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refresh patches.
Adapt 704-phy-no-genphy-soft-reset.patch.
Remove brcm2708/950-0005-mm-Remove-the-PFN-busy-warning.patch.
Compile-tested on brcm2708/bcm2708 and x86/64.
Runtime-tested on brcm2708/bcm2708 and x86/64.
Fixes the following vulnerabilities:
- CVE-2017-7533
- CVE-2017-1000111
- CVE-2017-1000112
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
We will need "mktplinkfw-combined" command also in the "ramips" target
for new MediaTek based TP-Link devices, with "safeloader" image type.
Also, rename the command to "tplink-v1-header", use "VERSION_DIST"
variable instead of "OpenWrt" and allow passing additional parameters.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
This change currently causes some issues with loading out of tree kernel modules
so revert that commit for now.
Reverts commit 34c01e68b5. Fixes FS#919.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Builtin modules are always present, and trying to load them will cause
modprobe to spew errors when installing the empty kmod packages.
Fix this by never generating any postinst module install instructions
for builtin modules.
Fixes#842.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
If TARGET_PER_DEVICE_ROOTFS and DEVICE_PACKAGES are used for ar71xx
legacy images:
- an already jffs2 padded squashfs rootfs is overwritten
with an unpadded/raw one.
- the squashfs-raw and squashfs-64k rootfs are not replaced by the
ones including the DEVICE_PACKAGES
Call Image/Build/squashfs after the DEVICE_PACKAGES are added to the
base squashfs rootfs to fix the issues.
Fixes: FS#904
Signed-off-by: Mathias Kresin <dev@kresin.me>
- Refreshed all patches
- Removed upstreamed
- Adapted 4 patches:
473-fix-marvell-phy-initialization-issues.patch
-----------------------------------------------
Removed hunk 5 which got upstreamed
403-net-phy-avoid-setting-unsupported-EEE-advertisments.patch
404-net-phy-restart-phy-autonegotiation-after-EEE-advert.patch
--------------------------------------------------------------
Adapted these 2 RFC patches, merging the delta's from an upstream commit
(see below) which made it before these 2.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-
stable.git/commit/?h=v4.9.36&id=97ace183074d306942b903a148aebd5d061758f0
180-usb-xhci-add-support-for-performing-fake-doorbell.patch
-----------------------------------------------------------
- Moved fake_doorbell bitmask due to new item
Compile tested on: cns3xxx, imx6
Run tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw
-I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to
become full when a packet flood with randomly selected source IP addresses
is received from the lan side.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
There are already two targets (lantiq, ramips) which use mktplinkfw2
tool for creating images. This de-duplicates code, introduces two new
build commands: tplink-v2-header, tplink-v2-image and makes use of
them in place of old, (sub)target specific ones.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
- Refreshed all patches
- Adapted 1 (0031-mtd-add-SMEM-parser-for-QCOM-platforms.patch)
Compile tested on: brcm2708, cns3xxx, imx6
Run tested on: brcm2708, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[Compile and run tested on brcm2708]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Specifications:
* SoC: AR7242 (Virian 400MHz)
* RAM: 64 MB DDR (W9751G6JB-25)
* Flash: 16MB SPI flash (S25FL129PIF)
* WiFi: AR9382 (2.4/5GHz) + 2x SE2595L
* LAN: 1x1000M (PEF7071V)
To install LEDE via EVA bootloader, a FTP connection need to be
established to 192.168.178.1 within the first seconds after power on:
ftp> quote USER adam2
ftp> quote PASS adam2
ftp> binary
ftp> debug
ftp> passive
ftp> quote MEDIA FLSH
ftp> put lede-ar71xx-generic-fritz300e-squashfs-sysupgrade.bin mtd1
Signed-off-by: Mathias Kresin <dev@kresin.me>
When an external kernel tree is used the version should not get
modified by the LEDE build scripts. This was added by Florian some time
ago.
The commit 0aed054bec ("build: add KERNEL_MAKE and
KERNEL_MAKE_FLAGS variables and move to kernel.mk") breaks this feature
introduced in b6746a6ffb ("include: Do not alter KERNELRELEASE for
external/git kernels").
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
When git-https request a service (e.g. github) which ask for credentials
git will pass this request to the user resulting download.pl to wait for
user input. Set GIT_ASKPASS to stop asking.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
It ensures that make download can parallelize downloads, even when some
packages download the same files (e.g. gcc/initial, gcc/final)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The previous commit f4a4f324cb ("kernel: update kernel 4.4 to
4.4.71") missed the line which changes the kernel version, add it now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commit 86c966a8ae caused HOST_LOADLIBES to
include -lncurses. This was added for fixing build issues on macOS.
This introduces issues on Linux when wide-character ncurses is being
used for compiling, but the non-wide-character version is linked in.
Fix this by adding the extra override for HOST_LOADLIBES only on macOS.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This allows packages to use kernel make options without the forced
-C $(LINUX_DIR). It also makes it more clear that it to be called from
kernel module packages directly.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Override {HOST_}QUILT before making decisions based on it, else it will
cause target/linux/refresh to fail on first run.
Fixes: 36ba6237d6 ("build: fix quilt for mixed package/host builds")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
This commit contains the following changes
- Use local shell var where appliable
- The $(sort $$$$$$$$mods) call will have no expected effect
- Avoid EEXIST when creating symlinks in /etc/modules-boot.d/
- Avoid duplicate arguments for insert_modules() in postinst-pkg
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This causes various issues in other places that assume that host
binaries are staged in STAGING_DIR_HOST.
Since all the right places use HOST_BUILD_PREFIX, override that instead.
This fixes some issues with quilt on toolchain dirs
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When using external or git cloned kernels, any kind of modifications
will alter KERNELRELEASE. LEDE still tries to stage modules in
lib/modules/$(LINUX_UNAME_VERSION) and LINUX_UNAME_VERSION is based on
KERNEL_PATCHVER (indirectly) so this does not work, and we lose all
kinds of automatic modules loading.
To remedy that, just cat $(LINUX_DIR)/include/config/kernel.release
which is late enough the kernel has prepared this file, and is correctly
tracking changes done throughout the kernel.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
In case we use external and/or git cloned kernels, let the kernel
determine the appropriate KERNELRELEASE. We cannot used
LINUX_UNAME_VERSION because that one gets determined at a later time,
when the kernel is already built proper.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
This reverts commit 0df2c6563a since it
gets in the way of identifying properly which kernel we are running.
This is particularly important if LEDE is using external kernels/git
cloned kernels. We want to make sure we only load modules from that
specific kernel.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Refresh patches. A number of patches have landed upstream & hence are no
longer required locally:
062-[1-6]-MIPS-* series
042-0004-mtd-bcm47xxpart-fix-parsing-first-block
Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup
as it was incorrectly included upstream thus dropped from LEDE.
As it has now been reverted upstream it needs to be included again for
LEDE.
Run tested ar71xx Archer C7 v2 and lantiq.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[update from 4.4.68 to 4.4.69]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Some files (e.g. /etc/dropbear) need to be owned by root. Add cpio
option to ensure that.
Other image types (at least targz and squashfs) already have this.
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
When running "make {config|defconfig|oldconfig}" with symlinked .config
(e.g. to env/.config) it renames symlink to .config.old, creates new
.config file, and writes the updated configuration into it.
This breaks the desired workflow when changes in the configuration can
be checked using "scripts/env diff" and commited using "scripts/env
save". Since the env/.config file is not updated.
The things become even worse when working with feeds, since feeds script
quite often silently invokes "make {oldconfig|defconfig}" and breaks the
symlink.
Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces
mconf to overwrite the .config content, instead of renaming it and
creating a new file. This variable is set only if .config is a symlink,
otherwise the variable is not exported and the old behaviour is
preserved.
This change uses the same behaviour as "make menucofig", which has
already been fixed in commit 5bf98b1acc.
Also make a tiny cosmetic update to the "make menuconfig" target code
layout to make it look like other config handling targets.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Significantly reduces time spent processing those targets and should
also silence some log clutter which could confuse buildbot
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Otherwise ipkg packages may wrongly take on alternatives specs of
another package sharing the same package Makefile
Fixes FS#753
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
It's a list of specs of the following form seprated by commas to
describe alternatives provided by this package
<prio>:<path>:<altpath>
<path> will be a symbolic link to <altpath> of the highest <prio>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
When running "make menuconfig" with symlinked .config (e.g. to
env/.config) it renames symlink to .config.old, creates new .config file
and writes updated configuration here.
This breaks the desired workflow when changes in the configuration could
be checked using "scripts/env diff" and commited with
"scripts/env save". Since the env/.config file is not updated.
Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces
mconf to overwrite the .config content, instead of renaming it and
creating a new file. This variable is set only if .config is a symlink,
otherwise the variable is not exported and the old behaviour is
preserved.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Not sure since when the issue emerged, but according to the current doc of gcc
and as, armv8-a is intended as argument of -march
The change will affect at the moment arm64 and layerscape/64b
Below is the relevant error messages when building toolchain
Assembler messages:
Error: unknown cpu `armv8-a'
Error: unrecognized option -mcpu=armv8-a
/home/yousong/git-repo/lede-project/lede/build_dir/toolchain-aarch64_armv8-a_gcc-5.4.0_musl/gcc-5.4.0/libgcc/libgcc2.c:1:0: error: unknown value 'armv8-a' for -mcpu
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Recent attempts to use it have shown that it does not work properly
except for a few undocumented cases. It's better to remove this now to
avoid having more people fall into the same trap
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Keeping it in base-files was resulting in adding it to the base-files
package. This file is meant to be included manually for initramfs
images only.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
If someone creates a target and indicates a CPU_TYPE, but there's
no corresponding support for that CPU_TYPE's flags in include/target.mk
then that should probably be indicated rather than silently ignored.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
quilt.mk needs to be included first, to ensure that STAMP_PREPARED does
not include the hash if quilt is used.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This can be used to indicate that a target does not support the optional mips16
extension even when it is a mips32r2 or later CPU.
This will generate a separate toolchain and a separate package folder,
e.g. mips_24kc_nomips16
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
KERNELRELEASE contains a $(shell) call which is evaluated over and over
again.
The call to checksyscalls.sh is unnecessary for LEDE and also takes a
few seconds to complete.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This patch makes specifying NETGEAR_REGION optional, in which case
mkchkimage will default to region 1 (WW).
Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
Bump kernel from 4.4.50 to 4.4.52
Refresh patches
Compile tested all 4.4. targets
Run tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Instead of using a separate .clean stamp file, remove the install info
file on compile, then append the install package list afterwards
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Bump kernel from 4.4.49 to 4.4.50
Compile tested: All targets
Run tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
The @ sign in front of the "mv" command was significantly suppressing
output to stdout. When reviewing the make/build logs it was tricking
me a whole lot and it mad me lose time. Removing the @ sign will get
stdout and logs right about what happened when.
Signed-off-by: Thomas Reifferscheid <thomas@reifferscheid.org>
cmake checks the build system and its variables on its own to detect if
the makefiles need to be regenerated.
Unfortunately this can invalidate overrides passed in the
Build/Configure step. On non-Linux systems this breaks the build when
switching between targets of the same package architecture.
Fix this by forcibly disabling the build system check and relying on the
LEDE build system to take care of these things
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When running "make kernel_menuconfig" in a clean tree, it fails with:
make[1]: *** No rule to make target 'tools/quilt/install'. Stop.
Replacing the dependency with 'tools/quilt/compile' fixes the issue (quilt
and all its prerequisites will be built, and quilt will be installed in
staging_dir).
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
-mXXX option is deprecated already in arc-2016.03 toolchain
and removed completely starting from arc-2016.09.
Direct replacement is -mcpu=XXX which is already supported by
arc-2016.03 used today in Lede.
With that change we'll be ready for ARC toolchain update still
keeping everything working with current tools.
Signed-off-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
Cc: John Crispin <john@phrozen.org>
Refresh patches for all targets that support kernel 4.4.
Compile-tested on all targets that use kernel 4.4 and aren't marked
broken, except arc770 and arch38 due to broken toolchain.
Runtime-tested on ar71xx, octeon, ramips and x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This patch moves the fakeroot code required by some devices to
`image-commands.mk`.
Create the fakeroot on the fly by using the undocumented -s (skip copy)
parameter of mkimage.
Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
[remove unused NETGEAR_KERNEL_MAGIC, remove workarounds to have a dummy
rootfs for mkimage]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Refreshed patches for all supported targets.
Compile-tested on ar71xx, cns3xxx, imx6, mt7621, oxnas and x86/64.
Run-tested on ar71xx, cns3xxx, imx6 and mt7621.
Tested-by: Stijn Segers <francesco.borromini@inventati.org>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Since the main stamp file depends on the _check stampfile, the _check
stampfile needs to be created on the first run as well.
Fixes spurious rebuilds with CONFIG_AUTOREBUILD=y
Signed-off-by: Felix Fietkau <nbd@nbd.name>
some of Buffalo DHP series use slightly different trx magic, buffalo-enc,
buffalo-tag, and factory image begin with 'bgn'.
this patch adds support for building those images.
Signed-off-by: FUKAUMI Naoki <naobsd@gmail.com>
Bump kernel to 4.4.44. Compile-tested on ar71xx, ramips/mt7621 and x86/64.
.44 has been run-tested on the 17.01 branch here on ar71xx and mt7621.
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
If the base-files package is not selected, we will fail executing the
very first postinst script:
make[3]: Leaving directory `/local/users/fainelli/openwrt/trunk'
cp -fpR
/local/users/fainelli/openwrt/trunk/build_dir/target-arm_xscale_musl-1.1.15_eabi/root-orion
/local/users/fainelli/openwrt/trunk/build_dir/target-arm_xscale_musl-1.1.15_eabi/root.orig-orion
./usr/lib/opkg/info/busybox.postinst: line 3:
/local/users/fainelli/openwrt/trunk/build_dir/target-arm_xscale_musl-1.1.15_eabi/root-orion/lib/functions.sh:
No such file or directory
./usr/lib/opkg/info/busybox.postinst: line 4: default_postinst: command
not found
postinst script ./usr/lib/opkg/info/busybox.postinst has failed with
exit code 127
make[2]: *** [package/install] Error 1
Check for the existence of lib/functions.sh, and if it does not exist,
just bail out gracefully.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Require-User is handled by /etc/uci-defaults/13_fix_group_user on first
boot, so we need to keep these when removing all opkg data with
CONFIG_CLEAN_IPKG.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
According to some reports, -march=pentium-mmx is a better choice for
older Geode CPUs than -march=geode anyway.
Bump the minimum architecture of the legacy target from i486 to
pentium-mmx. Anything older is not worth supporting anyway.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This avoids repeatedly unpacking and rebuilding packages that are
failing the build. Re-running the failing step should be much faster.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Calling the clean target removes all .ipk files and un-stages the
package. Add a new target just for clearing the build dir and call that
one instead of the full clean target
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This is used to save space on buildbot instances.
If any part of a package needs to be rebuild, the whole package is
rebuilt from scratch. Stamp files are preserved to allow dependency
checks to work
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This makes the build slightly more efficient by avoiding the need to
re-stage packages on every full build run.
It is also necessary for the upcoming CONFIG_AUTOREMOVE feature
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This makes the build slightly more efficient by avoiding the need to
re-stage packages on every full build run.
It is also necessary for the upcoming CONFIG_AUTOREMOVE feature
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The make target does not rewrite the file if the contents didn't
change. This causes make to always consider the target old.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Before SUBDIR was set to $(PATCHVER) which may
or may not include the minor version number of
the linux kernel version. Usually it doesn't.
So the git-clone'd linux kernel was packed without
the minor version number taken into account, which
broke further processing, as it expected the
extracted dir being named linux-$(LINUX_VERSION)
(=with minor version) rather than linux-$(PATCHVER)
(=without minor version).
Changing SUBDIR to $(LINUX_VERSION) creates
consistent behaviour here.
Signed-off-by: Mirko Vogt <mirko-openwrt@nanl.de>
Using a single host package staging dir (and build dir) significantly speeds up
builds when multiple targets are built in succession, especially for large host
packages like NodeJS.
$(STAGING_DIR)/host is kept in addition to $(STAGING_DIR_HOSTPKG) in most
places; it is still used as destination for host files in Build/InstallDev.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Currently system log is always included as a part of ubox. Add logd as a
seperate package and add it to default packages list.
Signed-off-by: Andrej Vlasic <andrej.vlasic@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
Make sure binaries install to STAGING_DIR_HOSTPKG are still found when
this variable is eventually modified.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This reduces the amount of hacks in the makefile code.
Remove the apm821xx code to do the same - it was broken and left both
compressed and uncompressed images in $(BIN_DIR)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The generated 'its' is passed to mkimage which expects linux arch
strings rather than the full arch (e.g. mips not mipsel).
It currently works in some cases where LINUX_KARCH == ARCH but
otherwise you get an unknown arch build error.
Signed-off-by: Ian Pozella <Ian.Pozella@imgtec.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The removal of the ".+Package" pattern in scan.mk also caused the build
system to skip over Makefiles defining only kmods. Adjust the grep pattern
to consider packages with "call KernelPackage" signatures as well.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commit af0b91c "allow scan.mk to find python packages introduced in [8639]"
added some special casing to scan.mk to accomodate some nonstandard python
packages.
Nowadays this pattern is not needed anymore and produces false positives
when using the LEDE source repository as feed within the SDK since the
metadata scanning wrongly picks up target/imagebuilder/Makefile as package,
leading to an "ERROR: please fix feeds/base/target/imagebuilder/Makefile"
message.
Remove the now uneeded pattern to fix such stray errors during metadata
scanning.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Instead of passing HOST_CONFIGURE_VARS as arguments to the configure script,
pass it as environment variables which brings the logic in line with the
behaviour of package-defaults.mk.
The change is needed since passing environment variables as configure
parameters only works with GNU autoconf which evaluates command line arguments
looking like variable assignments. Doing the same with non-autoconf configure
scripts is not guaranteed to work since such scripts might terminate due to
unknown argument errors.
One example case is the cmake configure script which bails out when called
as "./configure LDFLAGS=..." but not when called as "LDFLAGS=... ./configure".
Also change the SHELL override to CONFIG_SHELL in the default
HOST_CONFIGURE_VARS as the former is not properly propagated through the
various GNU configure invocations since it gets lost when configure re-
executes itself.
A prior attempt to change the variable placement had to be reverted due to
the missing SHELL -> CONFIG_SHELL change, leading to misgenerated libtool
executables in various packages.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This reverts commit 8395b63aac616f72fd835c59240fc2a4a6b28106.
Various host builds currently rely on the broken behaviour of
HOST_CONFIGURE_VARS so roll back to the previous state.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Ensure that HOST_CONFIGURE_VARS are set before the actual configure command
instead of passing them as configure command arguments.
This change brings host-build.mk in line with package-defaults.mk and makes
host configure environment variables work as expected.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This will be used to simplify the build system code for checking hashes.
Instead of using various variants of md5sum / openssl, use one simple
utility for all of them
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add a call to KernelPackage/$(1)/$(BOARD)/$(SUBTARGET) to the
KernelPackage macro. This allows to add kernel packages for x86/64,
without breaking x86. It's not possible to do this with BOARD, as
BOARD=x86 for x86_64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Looks like this was meant to workaround some limitations with
non-GNU tar variants (like BSD-tar which are present on Mac os BSD hosts).
Though, I cannot find any use of that `+s` option that's mentioned
in the comment.
Last hash of this I found was 24faf55360
In my case, it now this fails for `python-setuptools` on Mac OS X (the host-build with):
```
trapret 2 tar -C <home-dir>/work/sources-work/lede/build_dir/target-i386_pentium4_musl-1.1.15/python-setuptools-27.2.0 --strip-components=1 -xzf <home-dir>/work/sources-work/lede/dl/setuptools-27.2.0.tar.gz
bash: trapret: command not found
```
So, I was thinking maybe it's time to remove this workaround (9 years later).
I could also fix the `python-setuptools` host build. If that's more preferred.
[ Btw, I just recently transitioned to a Mac machine for dev-ing,
so a lot of (this Mac) stuff I'm finding out is new to me too. ]
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This makes it easier to unify versioning of git based package downloads.
PKG_SOURCE_DATE along with an 8-character abbreviation of the git hash
is used as PKG_VERSION, PKG_RELEASE should be used like normal packages.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This adds support for install-overlay define. When used in package it
allows installing files to a special directory that gets copied to the
root when installing it.
It allows overwriting files provided by other packages.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Bump & refresh patches for all 4.4 targets.
Compile & run tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
This will attempt to automatically fix common mistakes like using MD5
instead of SHA256, using the MD5SUM variable instead of HASH, or even a
missing mirror file hash.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This is intended to be used for a wide array of package sanity checks.
The first check that is implemented is for the hash of downloaded files.
It checks:
- Missing hash
- Use of SHA256 instead of MD5
- dl/<file> hash not matching hash in makefile
- deprecated MD5SUM variable
The deprecated MD5SUM variable check is skipped for feeds/ until OpenWrt
is updated as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>