Commit Graph

254 Commits

Author SHA1 Message Date
Steven Barth
19810a5145 hardening: enable regular SSP support by default
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46020
2015-06-17 13:13:48 +00:00
Steven Barth
f8140c9caf hardening: enable RELRO by default
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46004
2015-06-16 17:28:05 +00:00
Steven Barth
11489a85cf hardening: enable format security checking by default
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46003
2015-06-16 17:27:59 +00:00
Felix Fietkau
ec73574027 build: enable package list signing by default
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45614
2015-05-05 21:16:13 +00:00
Felix Fietkau
beca028bd6 build: add integration for managing opkg package feed keys
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45286
2015-04-06 19:39:51 +00:00
John Crispin
3ec7ccf501 config: add an option to enable KPROBE
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>

SVN-Revision: 45212
2015-04-01 08:33:04 +00:00
Felix Fietkau
1496b95a0f x86: clean up default grub baudrate settings
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45113
2015-03-29 04:31:21 +00:00
Felix Fietkau
b872533e68 build: remove leftover olpc support code
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45084
2015-03-28 11:40:06 +00:00
John Crispin
006f8c9446 kernel: cleanup seccomp symbol selection
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45005
2015-03-26 10:57:51 +00:00
Jo-Philipp Wich
02e2548b84 x86: use PARTUUID instead explicitly specifying the device by default
This changes the x86 image generation to match x86_64, using the PARTUUID for
the rootfs instead of explicitly configuring the device.

It unbreaks KVM with VirtIO, which uses /dev/vda2 instead of /dev/sda2.

Tested in QEMU/KVM with VirtIO, VirtualBox and VMware.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>

SVN-Revision: 44966
2015-03-24 10:08:12 +00:00
Felix Fietkau
5d9eeab64a build: remove obsolete references to cris and avr32
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44965
2015-03-24 10:07:40 +00:00
John Crispin
f9f7c80cd2 kernel: Support kernel options required by systemd
These kernel options are all likely to be widely useful in this modern age, but
are immediately useful for systemd support.

c.f. http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-apps/systemd/systemd-9999.ebuild?&view=markup#l118

Adapted from a patch by Adam Porter.

Signed-off-by: Jeff Waugh <jdub@bethesignal.org>

SVN-Revision: 44929
2015-03-21 21:48:12 +00:00
John Crispin
7274db3b5a config: add function tracers
Adds menuconfig options for ftrace function tracers

Signed-off-by: Bryan Forbes <bryan@reigndropsfall.net>

SVN-Revision: 44878
2015-03-18 20:08:21 +00:00
Jonas Gorski
9dc137397f buildroot: make it easier to build all kmods
Split out kmods from ALL to make it easier to create local builds that
are compatible kmod-wise with releases.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 44830
2015-03-16 11:51:54 +00:00
John Crispin
b1953bdf27 kernel: enable open by fhandle syscalls
This is needed by many services to function properly and as
all modern distributions got it enabled, it starts to be a
de-facto standard, i.e. user-space starts to silently depend
on it.

This also pulls in EXPORTFS, however, the kernel binary size
increases only a little.
On ARM systems comes down to 800 bytes uncompressed and about
200 bytes compressed size.
On MIPS systems it's about 1.2 kB size increase of the LZMA
compressed kernel.

v2: use menuconfig option instead of just enabling the option

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 44765
2015-03-15 06:35:13 +00:00
John Crispin
3e2f578353 toolchain: The glorious return of glibc, ver 2.21
It's the eglibc packaging with a bit of spit-polishing. And testing. :-)

[blogic: merged glibc and eglibc into 1 and made eglibc a glibc variant]

Signed-off-by: Jeff Waugh <jdub@bethesignal.org>
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44701
2015-03-12 19:50:57 +00:00
Nicolas Thill
f87f373c9f config: disable kernel tracing on uml
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 44397
2015-02-11 11:31:26 +00:00
Jo-Philipp Wich
3f56785706 config: remove CONFIG_BUILD_STATIC_TOOLS
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44287
2015-02-06 00:00:51 +00:00
Nicolas Thill
f6433f63ef config: fix typo in Global build settings menu
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 44258
2015-02-05 05:10:44 +00:00
John Crispin
1c160bf082 config: fix typo in Global build settings menu
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 44163
2015-01-28 12:05:58 +00:00
John Crispin
491f3fc048 Support for building an hardened OpenWRT
Introduce configuration options to build an "hardened" OpenWRT.

Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.

uClibc makefile now automatically detects if SSP support is necessary.

hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.

Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.

Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.

Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>

SVN-Revision: 44005
2015-01-17 14:31:30 +00:00
Rafał Miłecki
757b45a32f config: enable EARLY_PRINTK on bcm53xx by default
It's useful for debugging and safe at the same time as we enable it per
device.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 43980
2015-01-16 14:50:51 +00:00
John Crispin
baad87ae3d kernel: add SECCOMP to menuconfig
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43888
2015-01-08 21:23:18 +00:00
John Crispin
f76755da3f packages: fix typo in OpenWrt name
Signed-off-by: Cezary Jackiewicz <cezary.jackiewicz@gmail.com>

SVN-Revision: 43542
2014-12-07 16:53:30 +00:00
Jo-Philipp Wich
1eb6640612 config: use PARTUUID by default on x86_64
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43086
2014-10-27 14:35:39 +00:00
Hauke Mehrtens
d041cb6e95 Kconfig: Fix missing help text in DEVEL config menu
This patch completes missing help text for some options under CONFIG_DEVEL.

Provides help for BINARY_FOLDER and DOWNLOAD_FOLDER, and reduces ambiguity in
the help for BUILD_SUFFIX with an example.

Signed-off-by: Andrew McDonnell <bugs@andrewmcdonnell.net>

SVN-Revision: 42520
2014-09-13 20:27:52 +00:00
Hauke Mehrtens
bdeda10f1c Kconfig: Various typo/grammar/line-length fixes in Config*.in files
Non-functional changes to config/Config-*.in files, including:

* spelling mistakes
* inconsistent terminology
* grammar
* overly long lines in "help" components

Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>

SVN-Revision: 42519
2014-09-13 20:27:25 +00:00
Luka Perkov
cc82f93251 config: enable cgroup freezer
This option will be enabled by default only when cgroups support is enabled.

Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 42464
2014-09-10 23:15:22 +00:00
John Crispin
7a1f4c50fa PKG_CHECK_FORMAT_SECURITY: add a menuconfig option, disable by default
The idea is still to enable it by default at some point
I've tested all ar71xx packages (except oldpackages) using CONFIG_ALL=y
Failing packages have been marked with PKG_CHECK_FORMAT_SECURITY:=0 for now
I can test more targets but i have no idea which are the most used

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>

SVN-Revision: 42282
2014-08-25 06:36:06 +00:00
Felix Fietkau
08f9168615 x86: add back a line accidentally removed in r41763
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41764
2014-07-20 08:20:14 +00:00
Felix Fietkau
c718d0b10c x86: remove the arbitrary limitation of vmware/virtualbox images to ext4, select TARGET_IMAGES_PAD instead
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41763
2014-07-20 08:18:50 +00:00
John Crispin
93fe29055f config/Config-images.in: enable zlib as the default ubi compression
http://patchwork.openwrt.org/patch/5686/

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 41329
2014-06-24 18:14:05 +00:00
Steven Barth
e64f122023 Disable crashlog for UML
SVN-Revision: 41153
2014-06-12 11:34:44 +00:00
Felix Fietkau
43dc78425c kernel: fix duplicate KERNEL_PERF_EVENTS with wrong dependency
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41030
2014-06-06 09:20:15 +00:00
Felix Fietkau
2f9a3c791b build: set default squashfs block size to 64k for low-memory systems
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40981
2014-06-02 17:04:41 +00:00
Felix Fietkau
5eecccd75e build: make the squashfs block size configurable
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40979
2014-06-02 17:04:34 +00:00
John Crispin
a810981e6b config/Config-images.in: the ext4 series introduced a regression
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 40951
2014-06-02 13:03:15 +00:00
John Crispin
34106f4a1a include: Allow git kernel branch selection
This allows the selection of a specific branch in the menuconfig
when using a kernel downloaded from GIT.

Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>

SVN-Revision: 40946
2014-06-02 12:45:22 +00:00
John Crispin
45e3540a3f config: Remove KERNEL_GIT_LOCAL_REPOSITORY option
The GIT_LOCAL_REPOSITORY option adds the --reference argument to the
git clone kernel command line, if KERNEL_GIT_CLONE_URI is set.

This option is intended to speed-up the repo creation by using local
objets rather than downloading it. However, a local repo can be cloned
much faster by setting GIT_LOCAL_REPOSITORY directly to the local tree.

In that case, git clone will bypass the normal "git aware" transport
mechanism and clone the repository by copying and hardlinking objects
rather than downloading it, resulting in a significant speed increase.

That makes the GIT_LOCAL_REPOSITORY option pretty useless so we'll just
remove it and recommand the usage of KERNEL_GIT_CLONE_URI directly.

Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>

SVN-Revision: 40944
2014-06-02 12:45:16 +00:00
John Crispin
14421bd7fb image: ext4: rename config options as these are only used for ext4 image creation
Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 40926
2014-06-02 12:44:10 +00:00
John Crispin
5fd7e00d9d image: ext4: allow creation of a journaling filesystem
Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 40925
2014-06-02 12:44:07 +00:00
John Crispin
fe20272ab1 image: ext4: allow to choose a block size for the rootfs
Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 40924
2014-06-02 12:44:04 +00:00
John Crispin
fbb05ce063 image: ext4: move ext4 specific options into submenu
Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 40923
2014-06-02 12:43:53 +00:00
Felix Fietkau
56702140b6 kernel: add a config option for enabling /proc/slabinfo
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40858
2014-05-25 22:39:54 +00:00
Felix Fietkau
86ddc3d489 kernel: add a config option for /proc page monitoring (useful for detailed memory usage info)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40855
2014-05-25 19:38:55 +00:00
Jo-Philipp Wich
33930d1745 config: don't use /dev/vda2 for kvm guest, its not used since a long time
SVN-Revision: 40756
2014-05-13 12:52:58 +00:00
John Crispin
76133009c9 sparse: add as a new package selectable from the config
This change does multiple things, all related to enable sparse usage as
a static analysis tool selectable from the OpenWrt configuration:
*add a KERNEL_SPARSE option in the config to add sparse to the kernel
 build (through the C=1 option usage)
*add sparse as a new host tools. It will get selected automatically when
 the above option will be enabled

Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>

SVN-Revision: 40490
2014-04-12 21:21:49 +00:00
Imre Kaloz
ecbcbeefae make printk, crashlog and swap support configurable
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 40361
2014-04-02 11:40:41 +00:00
Luka Perkov
64f3676a25 config: lxc: enable KERNEL_POSIX_MQUEUE
Recent lxc versions are not useful if this option is not enabled. That said,
enable KERNEL_POSIX_MQUEUE by default when KERNEL_LXC_MISC is selected.

Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 39385
2014-01-24 13:49:39 +00:00
Imre Kaloz
7aaa9bc91c add x86_64 target support
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 39208
2014-01-07 12:23:35 +00:00
Imre Kaloz
8603b30db5 virtualbox emulates the e1000 for a long time now
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 39207
2014-01-07 10:21:31 +00:00
Imre Kaloz
cc49f7c6e9 move most of the x86 image generation options to the main file
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 39206
2014-01-07 10:18:55 +00:00
Luka Perkov
ef5e13325e config: add KERNEL_DYNAMIC_DEBUG option
Useful when debugging kernel which uses this infrastructure, for
example ubi/ubifs.

Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 39007
2013-12-09 11:30:16 +00:00
Imre Kaloz
9fa3c68938 move menuconfig options into separate files
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 38895
2013-11-22 14:30:40 +00:00