Fix typos in comment and user-facing help text.
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
[split out config changes, adjust commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
No package here depends on it. Furthermore, uClibc++ is a fairly buggy
C++ library and seems to be relatively inactive upstream.
It also lacks proper support for modern C++11 features.
The main benefit of it is size: 66.6 KB vs 287.3 KB on mips24kc. Static
linking and LTO can help bring the size down of packages that need it.
Added warning message to uclibc++.mk
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
It can cause some magic errors with multiple-threads complation.
This reverts commit 9606209e4a.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 5fc7782dd4)
In OpenWrt, /var is symlinked to /tmp by default. This is done to reduce
the amount of writes to the flash chip, which often have not the
greatest durability. As a result, things like DHCP or UPnP lease files,
are not persistent across reboots.
Since OpenWrt can run on devices with more durable storage, it makes
sense to have an option for a persistent /var. Add an option to make
/var persistent. When enabled, /var will no longer be symlinked to /tmp,
but /var/run will be symlink to /tmp/run, as it should contains only
files that should not be kept during reboot. The option is off by
default, to maintain the current behaviour.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The file is a info file just like config.buildinfo, feeds.buildinfo and
version.buildinfo. It bundles these and more information in a machine
readable way.
This commit enables the creation of profiles.json by default and not
only for buildbots. By doing so it follow the behaviour of the
ImageBuilder which always creates the file, lastly this increases the
files visibility for downstream projects.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 181054bf79)
The grub2 and grub2-efi packages should only contain boot-related code.
grub-bios-setup is the same as grub-editenv, they are both grub2 tools
and should be placed in a separate package.
Signed-off-by: 李国 <uxgood.org@gmail.com>
[use AUTORELEASE and update to SPDX]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 5876d6a62f)
The code interprets these config values as Mebibytes rather than
Megabytes so modify the description accordingly.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
[fix commit title prefix]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
It's being used only in x86 target to produce combined images, where
it's mandatory to have padded images in order to produce working
squashfs combined images usable in QEMU.
Currently we're producing unusable x86 combined squashfs images
(18.06.1, 18.06.2 and snapshots) as we don't enable TARGET_IMAGES_PAD,
thus providing very small space for the overlay filesystem, leading to
the following with OpenWrt 18.06.1 r7258-5eb055306f images on x86 QEMU:
root@(none):/# mount | egrep 'root|overlay'
/dev/root on /rom type squashfs
/dev/loop0 on /overlay type ext4
overlayfs:/overlay on / type overlay
root@(none):/# df -h | egrep 'root|overlay|Size'
Filesystem Size Used Available Use% Mounted on
/dev/root 2.5M 2.5M 0 100% /rom
/dev/loop0 113.0K 8.0K 97.0K 8% /overlay
overlayfs:/overlay 113.0K 8.0K 97.0K 8% /
So we should rather ensure proper image padding in image generation code
and we shouldn't rely on config options in order to generate usable
images.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d03ef97c1b)
Add EFI platform bootable images for x86 platforms. These images can
also boot from legacy BIOS platform.
EFI System Partition need to be fat12/fat16/fat32 (not need to load
filesystem drivers), so the first partition of EFI images are not ext4
filesystem any more.
GPT partition table has an alternate partition table, we did not
generate it. This may cause problems when use these images as qemu disk
(kernel can not find rootfs), we pad enough sectors will be ok.
Signed-off-by: 李国 <uxgood.org@gmail.com>
[part_magic_* refactoring, removed genisoimage checks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit a6b7c3e672)
This commit introduces few related changes which need to be done in
single commit to keep images buildable between git revisions. In result
it retains all previous image creation possibilities with slight name
change of generated images. Brief summary of the commit:
* Split up image generation recipe to smaller chunks to make it more
generic and reusable.
* Make iso images x86 specific and drop their definition as root
filesystem.
* Convert image creation process to generic code specified in image.mk.
* Make geode subtarget inherit features from the main target instead of
redefining them.
* For subtargets create device definitions with basic packages set.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rebased]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The license folder is a core part of OpenWrt and all GPL-2.0 licensed.
Use SPDX license tags to allow machines to check licenses.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[rebase, keep some Copyright lines, sharpen commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The config setting was renamed to CONFIG_KPROBE_EVENTS.
Fixes: 97d3f800a8 ("config: kernel: Add KPROBE_EVENTS config option)
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Set CCACHE_DIR to $(TOPDIR)/.ccache and CCACHE_BASEDIR to $(TOPDIR).
This allows to do clean and dirclean. Cache hit rate for test build
after dirclean is ~65%.
If CCACHE is enabled stats are printed out at the end of building process.
CCACHE_DIR config variable allows to override default, which could be useful
when sharing cache with many builds.
cacheclean make target allows to clean the cache.
Changes from v1:
- remove ccache directory using CCACHE_DIR variable
- remove ccache leftovers from sdk and toolchain make files
- introduce CONFIG_CCACHE_DIR variable
- introduce cacheclean make target
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Enable CONFIG_KEYS by default on systems which are not marked as
flash-space constraint by the 'small_flash' feature.
CONFIG_KEYS is required by Docker, enabling it in our kernel allows
users to run Docker on stock OpenWrt.
It is also used of by some network file systems (such as NFSv4) to
store credentials as well as UID/GID mappings.
Adds about 50kB to vmlinux on ath79/generic (~18kB compressed)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add KERNEL_KEYS_REQUEST_CACHE option.
'tristate' (ie. module builds) are not valid in Config-kernel.in, hence
remove tristate KERNEL_ENCRYPTED_KEYS. It will be readded as a kernel
module in a follow-up commit.
Fixes: 39d817cf38 ("Add config symbols for kernel keyring support")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This is a neat project, but offers no benefit to OpenWrt. The initial
reason for it was to be a replacement for libstdcpp as it is smaller
and lacks compatibility for C++98. Unfortunately, compiling several
packages with it results in larger ipk sizes.
While not a member of the packages feed, this will be moved to
packages-abandoned to keep it somewhere.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Drop our local sstrip copy and use the current ELFKickers upstream
version.
Patch the original makefile in order to avoid building elftoc, since it
fails with musl's elf.h. This is fine, since we only need sstrip anyway.
Finally, add the possibility to pass additional arguments to sstrip and
pass -z (remove trailing zeros) by default, which matches the behaviour
of the previous version.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[shorten long commit msg lines]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Trivial cosmetic cleanup. This also helps for script that parse for
options in Config files.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Reviewed-by: Petr Štetiar <ynezz@true.cz>
This reverts commit 9eb9943f82.
Building the 'modular' variant requires 'semodule_package' from
'selinux-python' to be installed on the buildhost.
Apart from that, this change also broke the monolithic refpolicy
'targeted' build.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
JSON info files contain machine readable information of built profiles
and resulting images. These files were added in commit 881ed09ee6
("build: create JSON files containing image info").
They are useful for firmware wizards and script checking for
reproducibility.
Currently all JSON files are stored next to the built images, resulting
in up to 168 individual files for the ath79/generic target.
This patch refactors the JSON creation to store individual per image
(not per profile) files in $(BUILD_DIR)/json_info_files and create an
single overview file called `profiles.json` in the target directory.
Storing per image files and not per profile solves the problem of
parallel file writes. If a profiles sysupgrade and factory image are
finished at the same time both processes would write to the same JSON
file, resulting in randomly broken outputs.
Some target like x86/64 do not use the image code yet, resulting in
missing JSON files. If no JSON info files were created, no
`profiles.json` files is created as it would be empty anyway.
As before, this creation is enabled by default only if `BUILDBOT` is set.
Tested via buildroot & ImageBuilder on ath79/generic, imx6 and x86/64.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[json_info_files dir handling in Make, if case refactoring]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This adds a variant of refpolicy that builds the modular form of the
policy. While this requires more memory on the target device, along with
some tricks to deal with OpenWrt's volatile /var directory, it is useful
for experiementing with SELinux policy.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
In order to make it easier for users to build with SELinux, have a
single option in 'Global build settings' to enable all necessary
kernel features, userland packages and build-system hooks.
Also add better descriptions and help messages while at it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The LSM (Linux security mechanism) list is the successor of the now
legacy *major LSM*. Instead of defining a single security mechanism the
LSM symbol is a comma separated list of mechanisms to load.
Until recently OpenWrt would only support DAC (Unix discretionary access
controls) which don't require an additional entry in the LSM list. With
the newly introduced SELinux support the LSM needs to be extended else
only a manual modified Kernel cmdline (`security=selinux`) would
activate SELinux.
As the default OpenWrt Kernel config sets DAC as default security
mechanism, SELinux is stripped from the LSM list, even if
`KERNEL_DEFAULT_SECURITY_SELINUX` is activated. To allow SELinux without
a modified cmdline this commit sets a specific LSM list if
`KERNEL_SECURITY_SELINUX` is enabled.
The upstream Kconfig adds even more mechanisms
(smack,selinux,tomoyo,apparmor), but until they're ported to OpenWrt,
these can be ignored.
To compile SELinux Kernel support but disable it from loading, the
already present options `KERNEL_SECURITY_SELINUX_DISABLE` or
`KERNEL_SECURITY_SELINUX_BOOTPARAM` (with custom cmdline `selinux=0`)
can be used. Further it's possible to edit `/etc/selinux/config`.
Signed-off-by: Paul Spooren <mail@aparcar.org>
This adds a number of options to config/Config-kernel.in so that
packages related to SELinux support can enable the appropriate Linux
kernel support.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase; add ext4, F2FS, UBIFS, and JFFS2 support; add commit message]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
This allows the build process to prepare a squashfs filesystem for use
with SELinux.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, add commit message]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
The symbol KERNEL_CGROUP_HUGETLB is always used whenever KERNEL_CGROUPS is enabled.
The absence of this notation will cause the user to be asked to enter this parameter the first time it is compiled.
Signed-off-by: Yuan Tao <ty@wevs.org>
Remapping the local build path in debug information makes debugging
using ./scripts/remote-gdb harder, because files no longer refer to the full
path on the build host.
For local builds, debug information does not need to be reproducible,
since it will be stripped out of packages anyway.
For buildbot builds, it makes sense to keep debug information reproducible,
since the full path is not needed (nor desired) anywhere.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Enabling KERNEL_TRANSPARENT_HUGEPAGE exposes 2 missing symbols:
* CONFIG_READ_ONLY_THP_FOR_FS
* TRANSPARENT_HUGEPAGE_ALWAYS
* TRANSPARENT_HUGEPAGE_MADVISE
The first one was added in 5.4, and is marked experimental there so just
disable it in the generic config.
For the latter two, we should not force the user to use either of them,
so add them as build-configurable kernel options.
Fixes: d1a8217d87 ("kernel: clean-up build-configurable kernel config symbols")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
It was removed from target defaults though it didn't exist in the
build-systems kernel configuration options. Add it there.
Fixes: d1a8217d87 ("kernel: clean-up build-configurable kernel config symbols")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Don't explicitely disable options in target/linux/generic/config-* if
they are already controlled in config/Config-kernel.in.
Add a bunch of new symbols and prepare defaults for using only unified
hierarchy (ie. cgroup2). Update symbol dependencies while at it
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Currently the user space stack cookies work well also when the kernel
stack cookies are not activated. This is handled completely in user
space and does not need kernel support.
This dependency was probably needed some years ago when the libc did not
support stack cookies.
Reviewed-by: Ian Cooper <iancooper@hotmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Removes the standalone implementation of stack smashing protection
in gcc's libssp in favour of the native implementation available
in glibc and uclibc. Musl libc already uses its native ssp, so this
patch does not affect musl-based toolchains.
Stack smashing protection configuration options are now uniform
across all supported libc variants.
This also makes kernel-level stack smashing protection available
for x86_64 and i386 builds using non-musl libc.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
