aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* mpc85xx: overhaul WS-AP3825i LED setupDavid Bauer2022-04-172-12/+31
| | | | | | | | | | | | | As the LED controller is working now, we can make good use of the LEDs now. - Drop the model-name prefix - Rename eth0 / eth1 LEDs to LAN1 / LAN2, as they are labeled as such on the casing - Enable wired LEDs in userspace Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 9024f1e466f5ab64bc752d8a463d1867a2ba8d8e)
* image: strip metadata from images when used in other artifactsDaniel Golle2022-04-151-3/+11
| | | | | | | | | | Image metadata and signature is of no use for images which are included inside other artifacts (like an SD-card image). Strip them off before using images in artifacts or stashing them for the ImageBuilder as the contained signature breaks reproducibility. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 7a256d97d9ded84d1bfd531e775099774e7b6b06)
* mtools: update to version 4.0.39Daniel Golle2022-04-151-2/+2
| | | | | | | | | | Improvements since the 4.0.38 release are: - Rename strtoi to strosi (string to signed int). The strtoi function on BSD does something else (returns an intmax, not an int) Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 08ebc3881d3f351d2d4ca9202ca446c96b38a1e1)
* scripts/gen_image_generic.sh: fix order of files in EFI bootfsDaniel Golle2022-04-151-2/+19
| | | | | | | | | | | | | mtools recursive copy (mcopy -s ...) is using READDIR(3) to iterate over the directory entries, hence they end up in the FAT filesystem in traversal order which breaks reproducibility (rather than being added to the FAT filesystem in a reproducible order). Implement recursive copy in gen_image_generic.sh in Shell code instead, as in that way we can force files to be copied in reproducible order. Fixes: aece8f5ae8 ("scripts/gen_image_generic.sh: generate reproducible EFI filesystem") Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 4d289ae7e63893f90957b77962c6b60574d35441)
* netifd: relax check in dhcp proto handlerDaniel Golle2022-04-151-1/+1
| | | | | | | | | | Checking whether /sbin/udhcpc is a symbolic link breaks using the DHCP proto handler inside procd-ujail where bind-mounts are used for the resolved link. Check whether /sbin/udhcpc is executable instead to allow using the proto handler for DHCP-provisioned containers. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit c5f113c43f43c20555298c8500bf91bffbe1f58b)
* procd: update to git HEADDaniel Golle2022-04-151-3/+3
| | | | | | | | | 6343c3a procd: completely remove tmp-on-zram support 5c5e63f uxc: fix potential NULL-pointer dereference eb03f03 jail: include necessary files for per-netns netifd instance Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 2c8873033e3c0b5a5e8f6080ea3a73fde6a55f39)
* base-files: more robust sysupgrade on NANDDaniel Golle2022-04-151-4/+10
| | | | | | | | | | Make sure sysupgrade on NAND also works in case of UBI volumes having index >9. While at it, also make sure UBI device is detected and abort in case it isn't. Use Shell built-in shorthand ':' instead of 'true'. Fixes #9708 Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 0dbca1b2baf9c26514b517a1e5860f6a5b04d5ae)
* scripts/gen_image_generic.sh: generate reproducible EFI filesystemDaniel Golle2022-04-151-2/+3
| | | | | | | | | | Generate FAT filesystem for EFI boot in a reproducible way: * use '--invariant' option of mkfs.fat * set timestamps of all files to SOURCE_DATE_EPOCH * make sure files are ordered locale-independent Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit aece8f5ae8d15e5e79b8e34a176895209709afb6)
* scripts/gen_image_generic.sh: make ext4 bootfs reproducibleDaniel Golle2022-04-151-1/+1
| | | | | | | | Set fixed timestamp for kernel other files in /boot filesystem. This should help making x86 *combined* images reproducible. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 068ea2cde04e2666fb05731cea941bccfaeddc25)
* mediatek/mt7622: enable accelerated crypto driversEneas U de Queiroz2022-04-151-0/+10
| | | | | | | | | | Use ARMv8 Crypto Extensions for AES, ghash and sha256. This results in a 16 times speed gain in speed for aes-128-ctr, 17x in aes-128-gcm, and 9 times in sha256. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit c9c2b01b8441195807e8b492c7d3e385e6c6afdc)
* ath79: add support for Yuncore A930Thibaut VARÈNE2022-04-153-0/+129
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specification: - QCA9533 (650 MHz), 64 or 128MB RAM, 16MB SPI NOR - 2x 10/100 Mbps Ethernet, with 802.3at PoE support (WAN) - 2T2R 802.11b/g/n 2.4GHz Flash instructions: If your device comes with generic QSDK based firmware, you can login over telnet (login: root, empty password, default IP: 192.168.188.253), issue first (important!) 'fw_setenv' command and then perform regular upgrade, using 'sysupgrade -n -F ...' (you can use 'wget' to download image to the device, SSH server is not available): fw_setenv bootcmd "bootm 0x9f050000 || bootm 0x9fe80000" sysupgrade -n -F openwrt-...-yuncore_...-squashfs-sysupgrade.bin In case your device runs firmware with YunCore custom GUI, you can use U-Boot recovery mode: 1. Set a static IP 192.168.0.141/24 on PC and start TFTP server with 'tftp' image renamed to 'upgrade.bin' 2. Power the device with reset button pressed and release it after 5-7 seconds, recovery mode should start downloading image from server (unfortunately, there is no visible indication that recovery got enabled - in case of problems check TFTP server logs) Signed-off-by: Clemens Hopfer <openwrt@wireloss.net> Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org> (cherry picked from commit a05dcb07241aa83a4416b56201e31b4af8518981)
* ath79: add support for Yuncore XD3200Thibaut VARÈNE2022-04-156-2/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specification: - QCA9563 (775MHz), 128MB RAM, 16MB SPI NOR - 2T2R 802.11b/g/n 2.4GHz - 2T2R 802.11n/ac 5GHz - 2x 10/100/1000 Mbps Ethernet, with 802.3at PoE support (WAN port) LED for 5 GHz WLAN is currently not supported as it is connected directly to the QCA9882 radio chip. Flash instructions: If your device comes with generic QSDK based firmware, you can login over telnet (login: root, empty password, default IP: 192.168.188.253), issue first (important!) 'fw_setenv' command and then perform regular upgrade, using 'sysupgrade -n -F ...' (you can use 'wget' to download image to the device, SSH server is not available): fw_setenv bootcmd "bootm 0x9f050000 || bootm 0x9fe80000" sysupgrade -n -F openwrt-...-yuncore_...-squashfs-sysupgrade.bin In case your device runs firmware with YunCore custom GUI, you can use U-Boot recovery mode: 1. Set a static IP 192.168.0.141/24 on PC and start TFTP server with 'tftp' image renamed to 'upgrade.bin' 2. Power the device with reset button pressed and release it after 5-7 seconds, recovery mode should start downloading image from server (unfortunately, there is no visible indication that recovery got enabled - in case of problems check TFTP server logs) Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org> (cherry picked from commit c91df224f54fdd44c9c0487a8c91876f5d273164)
* toolchain: musl: Update to version 1.2.3Hauke Mehrtens2022-04-132-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes: new features: - qsort_r function (POSIX-future) - pthread_getname_np extension function - hard float on SPE FPU for powerpc-sf - SEEK_DATA and SEEK_HOLE exposed in unistd.h (Linux extensions) compatibility: - free now preserves errno (POSIX-future requirement) - setjmp is declared explicitly with returns_twice for non-GCC compilers - macro version of isascii is no longer defined for C++ - dynamic linker now tolerates zero-length LOAD segments - epoll_[p]wait is now a cancellation point - pwd/grp functions no longer fail on systems without AF_UNIX support - POSIX TZ parsing is stricter to allow more names to fallback to files - NULL is now defined as nullptr when used in C++11 or later - gettext now accepts null pointer as argument bugs fixed: - old regression in wcwidth of Hangul combining (vowel/final) letters - duplocale used wrong malloc when malloc was replaced (1.2.2 regression) - fmaf rounded wrong on archs without FE_TOWARDZERO (all softfloat archs) - popen didn't honor requirement not to leak other popen pipe fds to child - aligned_alloc and variants crashed on allocation failure - dl_iterate_phdr reported incorrect module TLS pointers - mishandling of some inputs in acoshf and expm1f and functions using them - potentially wrong-sign zero in cproj functions at infinity - multiple bugs in legacy function cuserid - minor posix_spawn file actions API conformance issues - pthread_setname_np fd leak - out-of-bound read in zoneinfo handling with distant-past times - out-of-tree builds lacked generated debug cfi for x86 asm arch-specific bugs fixed: - powerpc (32-bit) struct shmid_ds layout was wrong for some fields - time64 struct layout was wrong in sound ioctl fallback (32-bit archs) In addition it contains the following improvements: * protect stack canary from leak via read-as-string by zeroing second byte * fix excessively slow TLS performance on some mips models Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Rui Salvaterra <rsalvaterra@gmail.com> Tested-by: Rui Salvaterra <rsalvaterra@gmail.com> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit 685ae2687bd1b199dc83ee1e16d47c05afca6102)
* mac80211: backport minstrel_ht fix for legacy ratesFelix Fietkau2022-04-121-0/+61
| | | | | | | Fixes OFDM rates on 5 GHz Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 5d5afd51772c9a992cb6bb9e0a9dce6feaa3fdef)
* musl-fts: add host buildRosen Penev2022-04-111-0/+2
| | | | | | | This will be used for libselinux. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 1fb099341e5879a8c5247020e5056676ba2f0745)
* kernel: Fix oob layout of XTX XT26G0xAFelix Matouschek2022-04-111-3/+3
| | | | | | | | | | | | | | | | The correct oob layout is: ECC: region->offset = 48; region->length = 16; Free: /* Reserve 1 byte for the BBM. */ region->offset = 1; region->length = 47; Signed-off-by: Felix Matouschek <felix@matouschek.org> (cherry picked from commit a5de91a88a8a33ced147bb5340fd45599f652d4d)
* kernel: Fix readid method of XTX XT26G0xAFelix Matouschek2022-04-111-3/+3
| | | | | | | The correct readid method is SPINAND_READID_METHOD_OPCODE_ADDR. Signed-off-by: Felix Matouschek <felix@matouschek.org> (cherry picked from commit 3711aee56d864fab066d76afadc9d04e1c18102e)
* nftables: add CONFLICT between versionsEneas U de Queiroz2022-04-111-1/+2
| | | | | | | Have nftables-json conflict with nftables-nojson. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 1135b75d1fd26049a0644b304b7199e4a73c6a08)
* mac80211: Update to version 5.15.33-1Hauke Mehrtens2022-04-1133-439/+85
| | | | | | | | | | | | | | | This updates mac80211 to version 5.15.33-1 which is based on kernel 5.15.33. The removed patches were applied upstream. This new release contains many fixes which were merged into the upstream Linux kernel. This also contains the following new drivers which are needed for ath11k: * net/qrtr/ * drivers/bus/mhi/ Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 3aa96efa24c13c6e0aafa5ad826f3f95a3bd74f9)
* wolfssl: bump to 5.2.0Eneas U de Queiroz2022-04-114-9/+7
| | | | | | | | | | | | | | | | | Fixes two high-severity vulnerabilities: - CVE-2022-25640: A TLS v1.3 server who requires mutual authentication can be bypassed. If a malicious client does not send the certificate_verify message a client can connect without presenting a certificate even if the server requires one. - CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS v1.3 server can have its certificate heck bypassed. If the sig_algo in the certificate_verify message is different than the certificate message checking may be bypassed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit e89f3e85eb1c1d81294e5d430a91b0ba625e2ec0)
* imagebuilder: export SOURCE_DATE_EPOCH to environmentDaniel Golle2022-04-101-0/+1
| | | | | | | | | Export SOURCE_DATE_EPOCH to environment so filesystem and image creation tools will make use of it. Fixes reproducibility of images generated with the ImageBuilder. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 5cf5dce05ae829ec848ad63a6da300c4fddcd510)
* arm-trusted-firmware-mediatek: remove no longer needed Configure stepDaniel Golle2022-04-101-4/+0
| | | | | | | | | As anyway only the default is called now we can as well also just remove the override for Build/Configure. Fixes: e2cffbb805 ("arm-trusted-firmware-mediatek: update to 2021-03-10") Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit dffad93d3e34275b87d97724e64447d8bde537ff)
* trusted-firmware-a.mk: make sure include directory existsDaniel Golle2022-04-101-0/+3
| | | | | | | | | | | | | ARM Trusted Firmware builds do not depend on any target libraries as they are bare-metal builds. However, the compiler aborts due to -Werror=missing-include-dirs if the include dir doesn't exists and this can happen when building with parallelisation as that makes it likely for arm-trusted-firmware-* to be build very early before any of the libraries which would implicitely create the directory. Fix this by making sure the include dir exists before building. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 738d44f5ea6f6450c2c8a29cf5836e22b479340b)
* kernel: bump 5.10 to 5.10.110John Audia2022-04-1058-211/+93
| | | | | | | | | | | | | | | | | | | Removed upstreamed: generic/backport-5.10/350-v5.18-MIPS-pgalloc-fix-memory-leak-caused-by-pgd_free.patch generic/pending-5.10/850-0014-PCI-aardvark-Fix-reading-PCI_EXP_RTSTA_PME-bit-on-em.patch ipq40xx/patches-5.10/105-ipq40xx-fix-sleep-clock.patch All patches automatically rebased. Build system: x86_64 Build-tested: bcm2711/RPi4B, mt7622/RT3200 Run-tested: bcm2711/RPi4B, mt7622/RT3200 Compile-/run-tested: ath79/generic (Archer C7 v2). Signed-off-by: Daniel Golle <daniel@makrotopia.org> [rebased in 22.03 tree] Signed-off-by: John Audia <graysky@archlinux.us> (cherry picked from commit b92ec82235b996ece32bc84af177adf1a4dcb90e)
* ipq40xx: add RT-AC2200 alternative name to RT-AC42U/RT-ACRH17Ray Wang2022-04-101-0/+2
| | | | | | | RT-AC2200 is the same device with a different name. The OEM firmwares have the same MD5. Signed-off-by: Ray Wang <raywang777@foxmail.com> (cherry picked from commit 3204906569768cabcbedb5eaa3a11e2fcb18cd48)
* ath79: Move TPLink WPA8630Pv2 to ath79-tiny targetJoe Mullally2022-04-109-42/+95
| | | | | | | | | | | | | | | | | | | | | | | | | | | | These devices only have 6MiB available for firmware, which is not enough for recent release images, so move these to the tiny target. Note for users sysupgrading from the previous ath79-generic snapshot images: The tiny target kernel has a 4Kb flash erase block size instead of the generic target's 64kb. This means the JFFS2 overlay partition containing settings must be reformatted with the new block size or else there will be data corruption. To do this, backup your settings before upgrading, then during the sysupgrade, de-select "Keep Settings". On the CLI, use "sysupgrade -n". If you forget to do this and your system becomes unstable after upgrading, you can do this to format the partition and recover: * Reboot * Press RESET when Power LED blinks during boot to enter Failsafe mode * SSH to 192.168.1.1 * Run "firstboot" and reboot Signed-off-by: Joe Mullally <jwmullally@gmail.com> Tested-by: Robert Högberg <robert.hogberg@gmail.com> (cherry picked from commit 44e1e5d153d00915a7e516c9af3f440cbd84cf78)
* dropbear: bump to 2022.82Konstantin Demin2022-04-109-66/+90
| | | | | | | | | | | | | | | | | | | | | | | - update dropbear to latest stable 2022.82; for the changes see https://matt.ucc.asn.au/dropbear/CHANGES - use $(AUTORELEASE) in PKG_RELEASE - use https for all uris - refresh all patches - rewrite patches: - 100-pubkey_path.patch - 130-ssh_ignore_x_args.patch binary/pkg size changes: - ath79/generic, mips: - binary: 215112 -> 219228 (+4116) - pkg: 111914 -> 113404 (+1490) - ath79/tiny, mips: - binary: 172501 -> 172485 (-16) - pkg: 89871 -> 90904 (+1033) Tested-by: Stijn Segers <foss@volatilesystems.org> Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> (cherry picked from commit 65256aee23a5104eb0c78411fdc73640c0b757ea)
* libmnl: update to 1.0.5Nick Hainke2022-04-101-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes: Duncan Roe (5): nlmsg: Fix a missing doxygen section trailer build: doc: "make" builds & installs a full set of man pages build: doc: get rid of the need for manual updating of Makefile build: If doxygen is not available, be sure to report "doxygen: no" to ./configure src: doc: Fix messed-up Netlink message batch diagram Fernando Fernandez Mancera (1): src: fix doxygen function documentation Florian Westphal (1): libmnl: zero attribute padding Guillaume Nault (1): callback: mark cb_ctl_array 'const' in mnl_cb_run2() Kylie McClain (1): examples: nfct-daemon: Fix test building on musl libc Laura Garcia Liebana (4): examples: add arp cache dump example examples: fix neigh max attributes examples: fix print line format examples: reduce LOCs during neigh attributes validation Pablo Neira Ayuso (3): doxygen: remove EXPORT_SYMBOL from the output include: add MNL_SOCKET_DUMP_SIZE definition build: libmnl 1.0.5 release Petr Vorel (1): examples: Add rtnl-addr-add.c Stephen Hemminger (1): examples: rtnl-addr-dump: fix typo igo95862 (1): doxygen: Fixed link to the git source tree on the website. Signed-off-by: Nick Hainke <vincent@systemli.org> (cherry picked from commit c3b738933981de601389794152534628b04555dc)
* libnfnetlink: update to 1.0.2Nick Hainke2022-04-102-23/+3
| | | | | | | | | | | | | | | | | | | | | | | | Changes: c63f193 bump version to 1.0.2 3cffa84 libnfnetlink: Check getsockname() return code 90ba679 include: Silence gcc warning in linux_list.h bb4f6c8 Make it clear that this library is deprecated e46569c Minimally resurrect doxygen documentation 5087de4 libnfnetlink: hide private symbols 62ca426 autogen: don't convert __u16 to u_int16_t efa1d8e src: Use stdint types everywhere 7a1a07c include: Sync with kernel headers 7633f0c libnfnetlink: initialize attribute padding to resolve valgrind warnings 94b68f3 configure: uclinux is also linux 617fe82 src: get source code license header in sync with current licensing terms 97a3960 build: resolve automake-1.12 warnings Removed the patch 100-missing_include.patch, libnfnetlink compiles fine with musl without this patch. Signed-off-by: Nick Hainke <vincent@systemli.org> (cherry picked from commit aecf088b3792d556c717510304729fa542ceb770)
* gpio-button-hotplug: fix data raceAndrey Erokhin2022-04-101-1/+1
| | | | | | | | bh_event_add_var can be called by multiple threads concurrently, so it shall not use a static char buffer Signed-off-by: Andrey Erokhin <a.erokhin@inango-systems.com> (cherry picked from commit 1e991e09b73c309321d21b9cb706bd5139d952d2)
* tools/meson: update to 0.61.4Rosen Penev2022-04-104-2/+6
| | | | | | | | Override python to use the one in host instead of hostpkg. There's no need to use the latter. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 19f3fcc884cab348cfba823f1175baf7aa4de15f)
* tools/cmake: fix download urlleo chung2022-04-101-1/+1
| | | | | | | fix the cmake.org download url Signed-off-by: leo chung <gewalalb@gmail.com> (cherry picked from commit 56f091d4677feb693d37959a3fa4af845dcce82e)
* libselinux: add missing host-build dependency on libsepol/hostDaniel Golle2022-04-101-1/+1
| | | | | | | | | The host-build of libselinux requires libsepol/host. Add the libsepol/host to HOST_BUILD_DEPENDS to allow build on hosts which don't have libsepol installed. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 0d3850dc5af4896ab3679dc4d8ef9a664e5e705f)
* dnsmasq: add procd interface index trackingValentyn Datsko2022-04-101-0/+5
| | | | | | | | | | | | | | Problem exist when dnsmasq is exclusively bind to particular interface. After reconfiguring or restarting this interface, its index changes, but dnsmasq uses the old one. When this problem occurs, dnsmasq does not listen on the correct interface so DHCP does not work, and clients do not get an IP address. Procd netdev param can be added to restart dnsmasq when the interface index is changed. Signed-off-by: Valentyn Datsko <valikk.d@gmail.com> [combined into a single &&-connected statement] Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 76f55e3c3f32dea63a385e9b3c8eaed1322089c7)
* libselinux: use musl-fts for host buildsRosen Penev2022-04-101-2/+5
| | | | | | | | | Fixes compilation under musl based distros like Alpine Linux. Also add pcre/host as a build dependency as it's needed. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit abb2683de36ffe7b29a1b6ea5a8d7edf73719152)
* at91: Automatically detect USB featureHauke Mehrtens2022-04-071-1/+1
| | | | | | | | | | | The sama7 sub target does not have USB support, the feature should not be activated there. OpenWrt can automatically detect if the target supports USB by using the scripts/target-metadata.pl script. With the automatic detection USB support will only get activated on subtargest which actually support USB like sam9x and sama5. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit f6d566301ee3dc12fd41e131f89dfc4777b002f3)
* at91/sama7: Do not build in BluetoothHauke Mehrtens2022-04-071-6/+0
| | | | | | | | | | Bluetooth should be activated as an optional kmod package instead of compiling it into the kernel. Tested-by: Claudiu Beznea <claudiu.beznea@microchip.com> Reviewed-by: Claudiu Beznea <claudiu.beznea@microchip.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 3296881a1d631bc6db38fe72ab73adaa27af6f8c)
* at91/sama7: Use ext4 driver for ext2 and ext3Hauke Mehrtens2022-04-071-6/+0
| | | | | | | | | | Use the ext4 driver for ext2 and ext3 too. This feature is activated in the OpenWrt generic configuration. Tested-by: Claudiu Beznea <claudiu.beznea@microchip.com> Reviewed-by: Claudiu Beznea <claudiu.beznea@microchip.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 6709b67265d04ee82b1e79e2a6c8eaeca9d5dfe4)
* at91/sama7: Deactivate certification and key systemHauke Mehrtens2022-04-071-16/+0
| | | | | | | | | | This was probably activated by mac80211 which was activated before. mac80211 is build from backports in OpenWrt. Tested-by: Claudiu Beznea <claudiu.beznea@microchip.com> Reviewed-by: Claudiu Beznea <claudiu.beznea@microchip.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit ac2bc4b893999709776bc93c46e907147aef3a44)
* at91/sama7: Do not activate cgroups and namespacesHauke Mehrtens2022-04-071-17/+0
| | | | | | | | | | cgroups and namespaces should be configured by the generic OpenWrt configuration and not for a specific target. Tested-by: Claudiu Beznea <claudiu.beznea@microchip.com> Reviewed-by: Claudiu Beznea <claudiu.beznea@microchip.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit a2f1db99f62554699b30de5d379f5b16c1138f41)
* at91/sama7: Remove config options build as moduleHauke Mehrtens2022-04-071-38/+2
| | | | | | | | | | | | | | Remove the configuration options which are building modules for the sub target configuration. These kernel modules are not packaged. Kernel options should only be build as a module when they are selected by a kmod package and not by setting them to =m in the target kernel configuration. Tested-by: Claudiu Beznea <claudiu.beznea@microchip.com> Reviewed-by: Claudiu Beznea <claudiu.beznea@microchip.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 5a84a8764d9f6e753eb6f11f214b0a3e5cb5ff80)
* kernel: bump 5.10 to 5.10.109Hauke Mehrtens2022-04-073-9/+9
| | | | | | | | | Patches automatically rebased. Compile-tested: lantiq/xrx200 Run-tested: lantiq/xrx200 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* scripts: make sure sort-order is independent from localeDaniel Golle2022-04-061-1/+1
| | | | | | | | | Set LC_ALL=C environment variable when calling 'sort' as the sort order otherwise depends on the locale set. Fixes: 56ce110b73 ("scripts: make sure conffiles are sorted") Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 1d77dca3b32dd883bcc2213675cf21111ac1beca)
* kernel: set SOURCE_DATE_EPOCH for initramfs root dirDaniel Golle2022-04-061-1/+1
| | | | | | | | | Make sure the timestamp of the root directory of the initramfs is set to SOURCE_DATE_EPOCH as well. Fixes: 29d7461d11 ("kernel: set options to make external initramfs reproducible") Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 54bcf586b0beb510345fdbac731ce1c04b6fa56b)
* build: store sha256_unsigned in JSONPaul Spooren2022-04-063-7/+16
| | | | | | | | | | | | | Introduce `sha256_unsigned` which is a checksum of the image _before_ a signature is attached. This is helpful to compare image reproducibility. Since the `.sha256sum` file is located in the $(KDIR) folder, switch $(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR) itself is not stored inside the resulting JSON file, so it can be replaced. Signed-off-by: Paul Spooren <mail@aparcar.org> (cherry picked from commit 8822a8d850ba2df69b81289758959bb90643a696)
* kernel: fix initramfs reproducibilityDaniel Golle2022-04-061-1/+1
| | | | | | | | | | Make sure xz uses at least 2 threads so compression always runs in multi-threaded mode as the resulting file in single-threaded mode differs. Fixes: 29d7461d11 ("kernel: set options to make external initramfs reproducible") Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit fc6a83e63b187ecfd0e427c062ae09e3c104e291)
* image: let mksquashfs4 use all processorsStijn Tintel2022-04-061-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Drop the -processors argument from the mksquashfs4 call, so it will use all available processors. This dramatically reduces the time to create squashfs filesystems. The times below are observed when building an image for my main router, the WatchGuard Firebox M300 (qoriq target): Before: real 4m45,973s After: real 0m23,497s With this commit `mksquashfs` may use more cores than defined via `-j`. This is the same behaviour as for archive creation of ImageBuilder, SDK or toolchain. There is no trivial way to limit `mksquashfs` CPU core usage to the amount of "free" make jobs since two running `mksquashfs` instances would each run with the total allowed number (-j) of threads. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> [extended reasoning in commit message] Signed-off-by: Paul Spooren <mail@aparcar.org> (cherry picked from commit df2ae8826ced4f374bcb693b44d8a113ad150d70)
* scripts: make sure conffiles are sortedPaul Spooren2022-04-061-1/+2
| | | | | | | | | | It may happen that conffiles are in different order on different builds. Make sure they have the same order by sorting them. FIX: #9612 Signed-off-by: Paul Spooren <mail@aparcar.org> (cherry picked from commit 56ce110b73970bcd65d309440baada84c8e1504b)
* toolchain: reproducible libstdcppPaul Spooren2022-04-061-1/+2
| | | | | | | | A Python script containing an unreproducible path is copied by default. Remove it before generating the package. Signed-off-by: Paul Spooren <mail@aparcar.org> (cherry picked from commit 950bd40a275d1a834c95d8f9830e1bfed4737a82)
* grub2: add missing licensePaul Spooren2022-04-051-1/+3
| | | | | | | | The PKG_LICENSE field was missing. While at it, normalize the Makefile a bit. Signed-off-by: Paul Spooren <mail@aparcar.org> (cherry picked from commit 839b1ff1fc0d6bcd74131a78fb9286df7f3b7b97)