This reverts commit 6a56a6eb30 as several
users have reported unbootable systems.
Suggested-by: Roman Kuzmitskii <damex.pp@icloud.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Add procd-ujail and procd-seccomp to DEFAULT_PACKAGES if not building
for space-constraint (FEATURES:=small_flash) targets.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Rather than unconditionally adding busybox and procd to the set of
default packages, add busybox-selinux and procd-selinux in case
CONFIG_SELINUX is set.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
version_abbrev uses $(shell) and the ?= is causing make to run the command
over and over again, causing a significant build slowdown
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The buildroot and SDK both require the compilers (gcc, g++) to be
installed on the host system, however the ImageBuilder uses precompiled
binaries.
This patch changes the prerequirements checks to skip the checking for
the compilers if running as ImageBuilder. A similar change has been
made for libncurses-dev in 4a1a58a3e2.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
Acked-by: Paul Spooren <mail@aparcar.org>
Instead of hardcoding 'targeted' policy, evaluate /etc/selinux/config
in rootfs to choose according to which policy files in the rootfs got
to be labeled.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
By installing policycoreutils to host/bin it is also available within
the ImageBuilder and SDK, allowing to correctly label both filesystems
and packages.
Signed-off-by: Paul Spooren <mail@aparcar.org>
There are currently several variants of 'wpad' package but the 'iwinfo'
is included by default only if 'wpad', 'wpad-{basic*,mini}' or 'nas'
packages are included in {DEVICE,DEFAULT}_PACKAGES. Use 'wpad-*'
pattern to include 'iwinfo' with any 'wpad' variant.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
'setfiles' and others should be installed to $(STAGING_DIR_HOSTPKG)/bin
rather than $(...)/sbin which isn't in PATH.
Also using -Wl,-rpath to set library search location instead of setting
LD_LIBRARY_PATH when calling setfiles in image.mk.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Some bootloaders are really keen on just one special
fdt in a multi-image fit image. This is a problem, because
currently this is fixed to "fdt@1".
This patch introduces a new device variable:
DEVICE_FDT_NUM that allows to specify the right
fdt number.
If the value is absent "1" will be chosen.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
IMAGE_SIZE is widely used in many targets. Declare it in the default template to
clean up redundant code. This also prevents deriving IMAGE_SIZE unintentionally
from the previously defined device.
While at it, remove duplicate KERNEL_SIZE declaration.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
This file can be subsequently used to resolve symbolic user or group names
to their numeric IDs when packing ipk archives.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Currently the global variable PKG_FILE_MODES is used for all ipkg
creations. This works for Makefiles which output a single package, or
variants of a single package.
But if a Makefile outputs multiple packages that each contain different
files, setting PKG_FILE_MODES causes build failure when any of the files
in the variable do not exist in the folder that is currently being
packaged.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Adding inline shell invocations in per-target variables causes them to be
executed over and over again, which causes a significant slowdown.
Fix this by evaluating it only once per package directory
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Using fakeroot without passing the paths to libfakeroot.sh and faked
causes havoc. Use the $(FAKEROOT) Make variable which includes them.
Fixes: 353ce2e521 ("build: ipkg-build use fakeroot with PKG_FILE_MODES")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The variable VERSION_REPO is used by opkg to download package(list)s.
Now that the default installation support encrypted HTTP opkg should
make use of it.
Suggested-by: Petr Štetiar <ynezz@true.cz>
Suggested-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
The usage of granular `SOURCE_DATE_EPOCH` for packages is an
incrementing integer which could be useful for downstream tooling,
therefore add it to the packages manifest.
Signed-off-by: Paul Spooren <mail@aparcar.org>
With the new `SOURCE` argument of `get_source_date_epoch` it is possible
to set package timestamps based on actual package changes rather thane
$TOPDIR changes.
This commit adds a new variable PKG_SOURCE_DATE_EPOCH which is used by
the `ipkg` build script. As a fallback the existing SOURCE_DATE_EPOCH is
used or as last resort the current time.
The redundant checks for `.git/` and `.svn/` are removed.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The `ipkg-build` script converts a folder into a `opkg` installable
package. Until now it would use root:root for all packages and try to
preserve file modes.
This has the two drawbacks of packages want to add non-root files or add
SUID files, like the `sudo` package does.
To give more flexibility regarding file modes and avoid init script
hacks, a new variable called `PKG_FILE_MODES`. The variable contains a
list of files modes in the format `path:owner:group:mode`.
An example for the `sudo` package below:
```
PKG_FILE_MODES:=\
/usr/bin/sudo:root:root:4755 \
/etc/sudoers:root:root:0440
```
The `ipkg-build` now runs within a fakeroot environment to set any mode
and directly store it in the resulting `ipk` package archive.
Both options `-o` and `-g` are no longer required due to the introduction
of the more flexible `-m` options, which takes the `PKG_FILE_MODES` as
input.
Lastly the option `-c` is removed as it's unused within the script.
Signed-off-by: Paul Spooren <mail@aparcar.org>
This allows the build process to prepare a squashfs filesystem for use
with SELinux.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, add commit message]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
CMake provides a user package registry (stored in ~/.cmake/packages) and
a system package registry (not available on non-Windows platforms).
The "export(PACKAGE)" command may store information in the user package
registry, and the "find_package()" command may search both user and
system package registries for information.
This sets various variables to disable the use of these package
registries (both saving and retrieval of package information).
This also sets deprecated variables that perform similar functions, in
case external toolchains include older versions of CMake.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Add package which provides size optimized wpad with support for just
WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[adapt to recent changes, add dependency for WPA_WOLFSSL config]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The README file is displayed on "make help", but updating the
command has been overlooked during the README -> README.md
rename.
Fix it.
Fixes: d0113711a3 ("README: port to 21st century")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Fix shellcheck SC2230
> which is non-standard. Use builtin 'command -v' instead.
Using `command -v` is POSIX compliant while `which` is not. Also to
mention, `command -v` is a shell builtin whereas `which` is a separate
busybox applet.
Once applied to everything concerning OpenWrt we can disable the busybox
feature `which` and save 3.8kB.
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Paul Spooren <mail@aparcar.org>
[also replace cases in zram-swap]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Instead of just printing a warning that an image is too big, also
print both actual size and limit in the string:
WARNING: Image file somename.bin is too big: 2096101 > 1048576
Since the kernel size is checked via the same function (if
KERNEL_SIZE is specified), this will also apply to the kernel
image size check.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The recipe check-kernel-size is not used in the entire tree. Instead,
we already check the size of the kernel image in Device/Build/kernel
in image.mk via check-size function if KERNEL_SIZE is defined.
Therefore, drop the function. Using it would be redundant anyway.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
In most cases check-size is used with IMAGE_SIZE and vice versa. Let check-size
use IMAGE_SIZE by default.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Instead of using xargs to pass a huge number of files to
script/ipkg-remove, which will usually pick only one, use a more
restrictive wildcard so that, currently, at the most 325 files are
examined, instead of up to over 2,300. The 325-file package is python,
which is picking up python3* ipks. It is about to be removed.
Runner-up is ddns-scripts with 7 files.
This makes a second run of make package/luci/compile go from
real 16.40s; user 17.42s; sys 2.73s
to
real 10.71s; user 9.51s; sys 1.27s
There is a caveat though: if one were to remove the ABI_VERSION of a
package that ends in a digit [0-9], then the old package ipk will not be
removed from the bin directory by make package/abc2/clean.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The wildcard call to clean up luci package (luci*) can pick up over
2,300 files when the full tree is built. Running make package/luci/clean
or a second run of make package/luci/compile would fail with an
'Argument list too long' error.
To avoid that, a maybe_use_xargs function was created that runs the
command straight as usual if the number of arguments is < 512, or saves
the list in a temporary file and feeds it to xargs otherwise.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Instead of calling $(wildcard) to check if the removal list is empty,
then calling it again to actually remove the files, define a function so
that the arguments are expanded only once when it gets called.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
f4f8f4a180 broke ffmpeg compilation with x86
The reason is that ffmpeg's x86 assembly requires at least MMX, which the
pentium CPU_TYPE was preventing.
Fixes ffmpeg compilation on x86_legacy and x86_geode.
Ref: https://github.com/openwrt/openwrt/pull/3061
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Add support for make target nconfig (ncurses)
Reviewed-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Sergio E. Nemirowski <sergio@outerface.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixes:
- CVE-2020-10757
The "mtd: rawnand: Pass a nand_chip object to nand_release()" commit was
backported which needed some adaptations to other code.
Run tested: ath79
Build tested: ath79
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Lets add GCC 10 detection to the build system as distributions like Fedora 32 have started shipping with it.
Some tools like mtd-utils need work to compile under GCC10, but that will be next step.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Removes the standalone implementation of stack smashing protection
in gcc's libssp in favour of the native implementation available
in glibc and uclibc. Musl libc already uses its native ssp, so this
patch does not affect musl-based toolchains.
Stack smashing protection configuration options are now uniform
across all supported libc variants.
This also makes kernel-level stack smashing protection available
for x86_64 and i386 builds using non-musl libc.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
The buildroot and SDK both require `libncurses-dev` to be installed on
the system, however the ImageBuilder uses precompiled binaries.
This patch changes the prerequirements checks to skip the
`libncurses-dev` part if running as ImageBuilder.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Required for installation of autoconf:
make[5]: Entering directory `/openwrt/build_dir/host/autoconf-2.69'
Making all in bin
make[6]: Entering directory `/openwrt/build_dir/host/autoconf-2.69/bin'
autom4te_perllibdir='..'/lib AUTOM4TE_CFG='../lib/autom4te.cfg'
../bin/autom4te -B '..'/lib -B '..'/lib --language M4sh --cache
'' --melt ./autoconf.as -o autoconf.in
Can't locate Data/Dumper.pm in @INC (@INC contains: ../lib
/usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl
/usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at
../lib/Autom4te/C4che.pm line 33.
BEGIN failed--compilation aborted at ../lib/Autom4te/C4che.pm line 33.
Compilation failed in require at ../bin/autom4te line 40.
BEGIN failed--compilation aborted at ../bin/autom4te line 40.
make[6]: *** [autoconf.in] Error 2
Signed-off-by: Rosen Penev <rosenp@gmail.com>
zstd with its default settings (compression level -3) compresses better
than bzip2 -9 (which is the default setting), and is an order of magnitude
faster.
I made the following measurements for the most common compression tools
(all standard Debian Buster versions, default flags unless noted
otherwise), using the debug information of a large x86-64 kernel with
ALL_KMODS:
* kernel-debug.tar: 376M
* kernel-debug.tar.gz: 101M, compressed in ~12s
* kernel-debug.tar.bz2: 91M, compressed in ~15s
* kernel-debug.tar.xz: 57M, compressed in ~101s
* kernel-debug.tar.zst: 86M, compressed in ~1s
With zstd, there is still some room for improvement by increasing the
compression, but the slight increase in compression ratio
(22.83% -> 19.46%) does not justify the significant increase in
compression time (about 5 times on my machine) in my opinion.
Note that multithreaded compression (-T argument) does not affect
reproducibility with zstd.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Running make with RECURSIVE_DEP_IS_ERROR=1 will cause a hard failure
when a recursive dependency is detected. This is useful to apply
stricter Ci tests, for example.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Instead of passing pkg-config location through a variable when building
qconf (make xconfig), prepend its parent directory to the PATH, as it is
being done for other conf targets.
Use a Makefile pattern rule to group all 'scripts/config/%onf'
(currently conf, mconf, qconf) targets in a single rule. Add -O2 to
CFLAGS when building them as well.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
This information already exists in some makefiles. In order for the
information to be processed further, it should also be added to the
manifest file and the control file of ipkg packages.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
undefine was added in make 3.82 which is now some 10 years ago, some
make scripts are beginning to use 'undefine'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
ftp can cause problems on some networks switch primary download location
to https and add another mirror
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
There is a restriction in the number of parameters(10) that may be passed to
the SetupHostCommand macro so continually adding explicit gcc'n' version
checks ends up breaking the compiler check for the later versions and
oddballs like Darwin as was done in 835d1c68a0 which added gcc10.
Drop all the explicitly specified gcc version checks. If a suitable gcc
compiler is not found, it may be specified at the dependency checking
stage after which that version will be symlinked into the build staging
host directory.
eg. 'CC=gccfoo CXX=g++foo make prereq'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Lets add GCC 10 detection to the build system as distributions like Fedora 32 have started shipping with it.
Some tools like mtd-utils need work to compile under GCC10, but that will be next step.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
getopt is the only command where /usr/local/bin is specified explicitly.
All other commands are assumed to exist in the PATH in one form or
another. Remove this exception and require gnugetopt/getopt to be in
the user's PATH.
In the case of macos Homebrew, getopt is 'keg only' hence not linked
into /usr/local/bin whilst other commands are linked and likely found by
virtue of /usr/local/bin being in PATH.
Since 2019 Homebrew is very reluctant to install links that have
potential to override default OS behaviour, eg: following instructions
on our current 'how to build on macos' wiki page:
$ brew ln gnu-getopt --force
Warning: Refusing to link macOS-provided software: gnu-getopt
If you need to have gnu-getopt first in your PATH run:
echo 'export PATH="/usr/local/opt/gnu-getopt/bin:$PATH"' >> ~/.zshrc
A better option for macos is to link getopt as 'gnugetopt' in
/usr/local/bin, thus the build system will find 'gnugetopt' but other
applications looking for just 'getopt' will find the original macos
binary.
Ultimately it makes sense that 'GNU' dependencies are placed in
/usr/local/bin and /usr/local/bin is included in the user's PATH.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* download.pl: add jsDelivr mirror for GitHub and add utsc mirrors
* m520: fix 'hlos' not found
* dependence: add python3
* netfilter: Revert delete support for kernel 4.9
* scons: move to packages feed
This commit sync target ath79 from openwrt master, and revert some commit which will causes wireless to not work.
Use ath10k-ct-smallbuffers by default, so that small memory devices can normal work.
