Create files in temporary directories within the build directory
instead manipulating files in the (final) output directory.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Due to the missing PROFILES all images are build, regardless of the
selected (or currently processed in case of a multi profile build).
Because of the race condition builds with eight parallel jobs fail,
which can be seen on the build bots as well.
Add the PROFILES variable for now, till the root cause is identified.
Signed-off-by: Mathias Kresin <dev@kresin.me>
When using Image Builder and building image for Cortex A53 or
A72 subtargets, it'll fail with following message:
Collected errors:
* opkg_install_cmd: Cannot install package mwlwifi-firmware-88w8864.
* opkg_install_cmd: Cannot install package mwlwifi-firmware-88w8964.
make[2]: *** [Makefile:153: package_install] Error 255
make[1]: *** [Makefile:114: _call_image] Error 2
This is beacuse both packages are available only for Cortex A9 subtarget
and are included in PACKAGES array in default profile. Instead patching
this, let's remove profiles completely, since all necessary packages are
specified in DEVICE_PACKAGES array for each device.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
This removes the misplaced UCI-network configuration for the MR33. The
LAN port is set in 01_leds while it is already correctly defined in
02_network.
This was most likely an oversight as no network configuration belongs
into 01_leds.
Signed-off-by: David Bauer <mail@david-bauer.net>
Enable support for 2nd USB port, which is available on Fritz!Box 7320
and 7330. It was run-tested on 7320 and 7330 as well.
Signed-off-by: Robert Resch <openwrt@webnmail.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This commit changes the model string and device title of all AVM boards
to fit the naming of the manufacturer.
Drop all provider-specific titles as they are re-used for every device
generation by 1&1. The original AVM model name is printed on the bottom
of every devices.
Exception applies for boards which are only supported by a specific
sub-revision.
Signed-off-by: David Bauer <mail@david-bauer.net>
Change the "status" LED to proper GPIO 12 and "red" naming.
Remove GPIO 2 from definition as a USB LED.
GPIO 2 is used to control power to the USB socket, not an LED.
As such, PWM on the line or typical LED triggers are inappropriate.
Users who wish to control the USB power for custom applications
can manipulate the GPIO through code, or for example, export it
through /sys/class/gpio/export.
Runtime-tested: GL.iNet AR300M-Lite
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
The library has an usual shared object file name, which caused the
install glob pattern to miss the actual so.
Fixes: #2082
Fixes; 0e70f69a35 ("treewide: revise library packaging")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This bumps ppp to latest git version.
There is one upstream commit, which changes DES encryption calls from
libcrypt / glibc to openssl.
As long as we don't use glibc-2.28, revert this commit.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
A missing upstream stable backport leads to the following build error:
CC drivers/mmc/host/sdhci-msm.o
drivers/mmc/host/sdhci-msm.c:1158:3: error: 'const struct sdhci_ops' has no member named 'write_w'
.write_w = sdhci_msm_write_w,
^~~~~~~
drivers/mmc/host/sdhci-msm.c:1158:13: warning: excess elements in struct initializer
.write_w = sdhci_msm_write_w,
^~~~~~~~~~~~~~~~~
drivers/mmc/host/sdhci-msm.c:1158:13: note: (near initialization for 'sdhci_msm_ops')
scripts/Makefile.build:326: recipe for target 'drivers/mmc/host/sdhci-msm.o' failed
Solve the issue by backporting commit
99d570da30 ("mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS")
from linux-stable.
Ref: 528508ae8b (commitcomment-32049231)
Fixes: 528508ae8b ("kernel: bump 4.14 to 4.14.95")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This adds the hardening options also to the toolchain build.
With this change the /usr/lib/libstdc++.so.6.0.24 library will have
stack canaries and the /lib/libgcc_s.so.1 library will have Full RELRO.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Both Build/sq201-images and Build/nas4220b-images scripts
are very similar. This patch unifies both methods at the
cost of renaming the produced sysupgrade file names, but
with the benifit of creating better reproducible files.
The patch also fixes a race in parallel builds in which case
the ImageInfo of one device could end up in both sysupgrade
files.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Currently, IMAGE_NAME is expanded at declaration time
and this causes strange filename in the builder's logs:
|cp: cannot stat '[...]/openwrt-gemini-dlink-dns-313-.': No such file or directory
|cp: cannot stat '[...]/openwrt-gemini-nas4220b-.': No such file or directory
|[...]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch replaces the current hack with a better
version of the RFC patch has been accepted upstream.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
- remove stray #address-cells / #size-cells
- fix partition unit-addresses in wd-mybooklive.dts
- remove index from MBL's gpio node name
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Initially this patch was introduced as a quick fix following
the removal of 936-ath10k_skip_otp_check.patch which caused
multiple ath10k pcie devices in various ipq806x and ar71xx/ath79
targets to malfunction.
Thankfully, the affected devices have been updated to utilize
the pre-caldata method. And finally with the switch to ath10k-ct,
which never had the patch or any reports of similar issues, I
think it's time to remove this patch since it is no longer needed.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch adds the boot-part feature which enables the brcm2708
target move from the custom boot partition size config option to
the generic CONFIG_TARGET_KERNEL_PARTSIZE.
Note:
For people using custom images: Just like with
CONFIG_TARGET_ROOTFS_PARTSIZE changing the value
can cause sysupgrade to repartition the device!
Make sure to have a backup in this case.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The ABI_VERSION:=1 tag will take care of transforming the binary
library package basename.
Add a virtual PROVIDES:=libelf1 for packages still having libelf1
in their DEPENDS:=... lists.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
- Filter out potential duplicates with the package name
(e.g. when renaming libfoo1 w/ ABI_VERSION:=1 to libfoo)
- Use the GetABISuffix macro to properly separate the suffix
with a dash in case the basename ends with a number
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When a library package specifies additional provides, e.g. libncurses
which provides libncursesw, we should also append the abi version
suffix to each provide, since there may be more than one package
providing the virtual library.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Last incompatible change appeared to be 4924411
("http: add proper error handling to uclient_http_redirect()") which
changed the return value of uclient_http_redirect() from bool to int.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* tools: curve25519: handle unaligned loads/stores safely
This should fix sporadic crashes with `wg pubkey` on certain architectures.
* netlink: auth socket changes against namespace of socket
In WireGuard, the underlying UDP socket lives in the namespace where the
interface was created and doesn't move if the interface is moved. This
allows one to create the interface in some privileged place that has
Internet access, and then move it into a container namespace that only
has the WireGuard interface for egress. Consider the following
situation:
1. Interface created in namespace A. Socket therefore lives in namespace A.
2. Interface moved to namespace B. Socket remains in namespace A.
3. Namespace B now has access to the interface and changes the listen
port and/or fwmark of socket. Change is reflected in namespace A.
This behavior is arguably _fine_ and perhaps even expected or
acceptable. But there's also an argument to be made that B should have
A's cred to do so. So, this patch adds a simple ns_capable check.
* ratelimiter: build tests with !IPV6
Should reenable building in debug mode for systems without IPv6.
* noise: replace getnstimeofday64 with ktime_get_real_ts64
* ratelimiter: totalram_pages is now a function
* qemu: enable FP on MIPS
Linux 5.0 support.
* keygen-html: bring back pure javascript implementation
Benoît Viguier has proofs that values will stay well within 2^53. We
also have an improved carry function that's much simpler. Probably more
constant time than emscripten's 64-bit integers.
* contrib: introduce simple highlighter library
This is the highlighter library being used in:
- https://twitter.com/EdgeSecurity/status/1085294681003454465
- https://twitter.com/EdgeSecurity/status/1081953278248796165
It's included here as a contrib example, so that others can paste it into
their own GUI clients for having the same strictly validating highlighting.
* netlink: use __kernel_timespec for handshake time
This readies us for Y2038. See https://lwn.net/Articles/776435/ for more info.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Update to the latest version of iproute2; see https://lwn.net/Articles/776174/
for a full overview of the changes in 4.20.
Remove upstream patch 001-fix-print_0xhex-on-32-bit.patch and 002-tc-fix-xtables-incorrect-usage-of-LDFLAGS.patch
Introduce a patch to include <linux/limits.h> for XATTR_SIZE_MAX in tc
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Current code directly writes the FOE entry to hash_val+1 position
when hash collision occurs. However, it is found that this behavior
will cause the cache and the hardware FOE table to be inconsistent.
For example, there are three flows, and their hashed values are all
equal to 100. The first flow is written to the position of 100. The
second flow is written to the position of 100+1. Then, the logic of
the current code will also write the third flow to 100+1.
At this time, the cache has flow 1 and 2; and the hardware FOE table
has flow 1 and 3, where these two parts store different contents.
So it is necessary to check whether the hash_val+1 is also occupied
before writing. If hash_val+1 is also occupied, we won’t bind th
third flow to the FOE table.
Addition to that, we also cancel the processing of foe_entry removal
because the hardware has auto age-out ability. The hardware will
periodically iterate through the FOE table to find out the time-out
entry and set it as INVALID.
Signed-off-by: HsiuWen Yen <y.hsiuwen@gmail.com>
On musl based distributions, u-boot 2010.03 fails to build with:
u-boot-2010.03/include/u-boot/crc.h:29:50: error: unknown type name 'uint'
uint32_t crc32 (uint32_t, const unsigned char *, uint);
The issue was fixed in the newer u-boot-2018.03 version, this commit
backports the change to the older version used by ar71xx/ath79.
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
[add commit message from PR description]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Instead of silently downgrading any non-MD5 crypt() request to DES,
cleanly fail with return NULL and errno = ENOSYS. This allows callers
to notice the missing support instead of the unwanted silent fallback
to DES.
Also add a menuconfig toolchain option to optionally disable the crypt
size hack completely. This can be probably made dependant on SMALL_FLASH
or a similar feature indicator in a future commit.
Ref: https://github.com/openwrt/openwrt/pull/1331
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The crypt(3) function is allowed to fail with either EINVAL or ENOSYS when
the given salt is either invalid or when the requested algorithm is not
implemented.
In such a case, libbb's pw_encrypt() function will silently convert the
crypt() NULL return value into an empty string which is then processed
without further errors by utilities such as chpasswd or passwd, causing
them to set an empty password when an unsupported cipher is requested.
Patch the relevant users of pw_encrypt() to abort in case an empty hash
is returned by pw_encrypt() in order to mitigate the problem.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Since readline/host links ncurses/host now, we need to ensure that the
libncursesw.so host library is built with -fPIC.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Mathias Kresin
Tomasz Maciej Nowak
David Bauer
Robert Resch
Jeff Kletsky
Felix Fietkau
Jo-Philipp Wich
Martin Schiller
Hans Dedecker
Hauke Mehrtens
Christian Lamparter
Petr Štetiar
Koen Vandeputte
Jason A. Donenfeld
Deng Qingfang
HsiuWen Yen
Andy Walsh
Kuang Rufan