Verify ucert signature chains in sysupgrade images in case ucert is
installed and $CHECK_IMAGE_SIGNARURE = 1.
Also make sure ucert host binary is present and generate a self-signed
ucert in case $TOPDIR/key-build.ucert is missing.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Make sure the Shell-expression returns true also in case of
key-build.ucert being absent.
Fixes commit 848b455d2e ("image: use ucert to append signature")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ad816fc set rpath to make bundle-libraries.sh happy
63ad591 blob_buf needs to be zero'd
Now that libubox, libjson-c and libblobms_json are installed into
STAGING_DIR_HOST we can properly bundle ucert in the ImageBuilder.
Follow-up commits will make use of it to include a signature-chain in
sysupgrade images using fwtool.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The referenced Git commit was made on the 25th of July, not June.
Fixes 432eaa940f ("libubox: fix mirror hash")
Fixes 5dc32620c4 ("libubox: update to latest git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Correct the mirror hash to reflect whats on the download server.
A locally produced libubox SCM tarball was also verified to yield an identical
checksum compared to the one currently on the download server.
Fixes FS#1707.
Fixes 5dc32620c4 ("libubox: update to latest git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
23a3f28 openssl, wolfssl: match mbedTLS ciphersuite list
450ada0 ustream-ssl: Revised security on mbedtls
34b0b80 ustream-ssl: add openssl-1.1.0 compatibility
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Use the same method for setting queue index pointers consistenly
throughout the source file.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
e29966f Allow disabling seccomp or changing the whitelist
5f57223 trace: Use properly sized type for PTRACE_GETEVENTMSG
747efb6 procd: fix ustream deadlock when there are 0 bytes or no newlines
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This reverts commit 42a3c6465a.
The change was apparently never build-tested with all kmods enabled. I took
a brief look but found no simple way to untangle this, so revert it.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This router is called Archer C7 and the tl was used to identify
TP-LINK. Since we have added tplink in dts/board name, the tl
prefix is useless now.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Change lan and it's LED to eth0
It's broken since c7c807cb8c
where I changed the dts but forgot to change default configurations.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
1. Swap eth0/eth1
Both devices are using AR9331, the builtin switch on AR9331 is
connected to gmac1 and gmac1 is named as eth1 in ath79.
PS: gmac1 is eth0 and gmac0 is eth1 in ar71xx because of the
reversed initialization order.
2. Fix the incorrect compatible string in dts
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
phy-handle is used to poll link status. They are useless when
we need fixed-link on these interfaces.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Jonas Gorski commented on the previous patch:
|This is actually the wrong fix and papers over an issue in one of our
|local patches.
|
|We intentionally allow regmap to be built as a module, see
|
|/target/linux/generic/hack-4.14/259-regmap_dynamic.patch
|[...]
|[The regulator code] optionally supports regmap thanks to the stubs
|provided if regmap is disabled - which breaks if you compile regmap
|as a module.
In order to mitigate this issue, this patch reverts the previous patch
and replaces the existing IS_ENABLED(CONFIG_REGMAP) with
IS_REACHABLE(CONFIG_REGMAP). This solves this particular issue as the
regulator code will now automatically fallback to the regmap stubs in
case the kmod-regmap module is enabled, but nothing else sets
CONFIG_REGMAP=y.
Note: There's still a potential issue that this patch doesn't solve:
If someone ever wants to make a OpenWrt kernel package for a
regulator module that requires the REGMAP feature for a target that
doesn't set CONFIG_REGMAP=y but has CONFIG_REGULATOR=y, the resulting
kmod-regulator-xyz package will not work on the target.
Luckily, there aren't any in-tree OpenWrt kernel module packages for
regulators at the moment. On the bright side: regmap is a critical
part nowadays and all new and upcoming architectures require it by
default. This will likely only ever be a problem for legacy targets
and devices that cannot afford to enable REGMAP.
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Cc: John Crispin <john@phrozen.org>
Fixes: d00913d121 ("kernel: modules: fix kmod-regmap")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
To share mdio addr for IntPHY and ExtPHY,
as described in the documentation (MT7620_ProgrammingGuide.pdf).
(refer: http://download.villagetelco.org/hardware/MT7620/MT7620_ProgrammingGuide.pdf)
when port4 setup to work as gmac mode, dts like:
&gsw {
mediatek,port4 = "gmac";
};
we should set SYSCFG1.GE2_MODE==0x0 (RGMII).
but SYSCFG1.GE2_MODE may have been set to 3(RJ-45) by uboot/default
so we need to re-set it to 0x0
before this changes:
gsw: 4FE + 2GE may not work correctly and MDIO addr 4 cannot be used by ExtPHY
after this changes:
gsw: 4FE + 2GE works and MDIO addr 4 can be used by ExtPHY
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
When PHY's are defined on the MDIO bus in the DTS, gigabit support was
being masked out for no apparent reason, pegging all such ports to 10/100.
If gigabit support must be disabled for some reason, there should be a
"max-speed" property in the DTS.
Reported-by: James McKenzie <openwrt@madingley.org>
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Mediatek has a reference platform that pairs an MT7620A with an MT7530W,
where the latter responds on MDIO address 0x1f while both chips respond on
0x0 to 0x4. The driver special-cases this arrangement to make sure it's
talking to the right chip, but two different ways in two different places.
This patch consolidates the detection without the current requirement of
both tests to be separately satisfied in the DTS.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
This really simplifies debugging, if a package is not found or a feed is
not reachable, a proper stderr is printed. Currently it would only say
`_call_manifest` failed.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Sysupgrade shouldn't proceed, if the backup of the configuration
fails because tar (or gzip) exit with a non-zero code.
Signed-off-by: Andreas Ziegler <dev@andreas-ziegler.de>
Use Time::HiRes when available and fallback to raw syscall interface
when not. If that fails too, simply report 0, 0 as real time.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Replace the GNU time program invocation with a simple Perl script reporting
the timing values. Since we require Perl anyway for the build system, we can
as well use that instead of requiring a random GNU utility rarely installed
by default.
Fixes: ff6e62b288 ("build: log time taken by each packages/steps")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Starting with kernel 4.4, the use of partitions as direct subnodes of the
mtd device is discouraged and only supported for backward compatiblity
reasons.
Signed-off-by: Alex Maclean <monkeh@monkeh.net>
Fix space vs. tabs issue and trainling whitespaces. Use C style
comments or drop the comments if they explain what is already to see in
the devicetree parameters.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The hardware NAT node has the same reg/unit as the ethernet node. One
of them need to be a child of the other.
Make the hardware NAT node a child of the ethernet node since the it
"reference" the netdev in its properties.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Add the ranges property to the PCI bridges where missing. Add the unit
address to PCI bridge where missing.
Rework the complete rt3883 pci node. Drop the PCI unit nodes from the
dtsi. They are not used by any dts file and should be rather in the dts
than in the SoC dtsi. Express the PCI-PCI bridge in a clean devicetree
syntax. The ralink,pci-slot isn't used by any driver, drop it. Move the
pci interrupt controller out of the pci node. It doesn't share the same
reg and therefore should be an independent/SoC child node.
Move the pci related rt3883 pinctrl setting to the dtsi instead of
defining the very same for each rt3883 board.
If the device_type property is used for PCI units, the unit is treated
as pci bridge which it isn't. Drop it for PCI units.
Reference pci-bridges or the pci node defined in the dtsi instead of
recreating the whole node hierarchy. It allows to change the referenced
node in the dtsi without the need to touch all dts.
Fix the PCI(e) wireless unit addresses. All our PCI(e) wireless chips
are the first device on the bus. The unit address has to be the bus
address instead of the PCI vendor/device id.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Since commit c1e7738988f5 ("checks: add gpio binding properties check")
dtc treats any *-gpios and *-gpio property as phandle at least during
checks. The only whitelisted property is nr-gpio.
Use ralink,nr-gpio in favour of ralink,num-gpios to get rid of false
positive warnings.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The cpu interrupt controller doesn't have a reg property, hence we
can't use a unit address in the node name.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Without this patch you will get an error "gpio-export probe deferral
not supported" when you try to export i2c expander gpio pins.
gpio-export is probed long before i2c-bus and i2c expander are created
and it doesn't retry it so none pins are exported.
Signed-off-by: René van Dorst <opensource@vdorst.com>
apply the change to all instances of the gpio exports patch
Signed-off-by: Mathias Kresin <dev@kresin.me>
Revert 290c54473e ("ath79: fix TP-Link Archer C7 v2 wlan1 MAC address")
which obviously aims to have a distinct MAC address per interface.
Unfortunally it doesn't match what is used by the stock firmware and we
shouldn'z use MAC Adresses not reserverd for/assigned to a particular
board.
The correct MAC adress increments for this board are:
wlan0 (5GHz) : -1
wlan1 (2.4GHz) : 0
eth1 (LAN) : 0
eth0 (WAN) : 1
Fixes: FS#408
Signed-off-by: Mathias Kresin <dev@kresin.me>
Changelog taken from the version announcement
> == Changes ==
>
> * chacha20poly1305: selftest: split up test vector constants
>
> The test vectors are encoded as long strings -- really long strings -- and
> apparently RFC821 doesn't like lines longer than 998.
> https://cr.yp.to/smtp/message.html
>
> * queueing: keep reference to peer after setting atomic state bit
>
> This fixes a regression introduced when preparing the LKML submission.
>
> * allowedips: prevent double read in kref
> * allowedips: avoid window of disappeared peer
> * hashtables: document immediate zeroing semantics
> * peer: ensure resources are freed when creation fails
> * queueing: document double-adding and reference conditions
> * queueing: ensure strictly ordered loads and stores
> * cookie: returned keypair might disappear if rcu lock not held
> * noise: free peer references on failure
> * peer: ensure destruction doesn't race
>
> Various fixes, as well as lots of code comment documentation, for a
> small variety of the less obvious aspects of object lifecycles,
> focused on correctness.
>
> * allowedips: free root inside of RCU callback
> * allowedips: use different macro names so as to avoid confusion
>
> These incorporate two suggestions from LKML.
>
> This snapshot contains commits from: Jason A. Donenfeld and Jann Horn.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Daniel Golle
Jo-Philipp Wich
Hans Dedecker
Eneas U de Queiroz
Koen Vandeputte
Rosy Song
Chuanhong Guo
Christian Lamparter
Chen Minqiang
Daniel Gimpelevich
Paul Spooren
Andreas Ziegler
Alex Maclean
Mathias Kresin
René van Dorst
Jason A. Donenfeld