aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* build: switch VERSION_REPO to HTTPSPaul Spooren2020-08-312-2/+2
| | | | | | | | | | | The variable VERSION_REPO is used by opkg to download package(list)s. Now that the default installation support encrypted HTTP opkg should make use of it. Suggested-by: Petr Štetiar <ynezz@true.cz> Suggested-by: Baptiste Jonglez <baptiste@bitsofnetworks.org> Signed-off-by: Paul Spooren <mail@aparcar.org> Acked-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
* build: sort default packages and split by newlinesPaul Spooren2020-08-311-3/+32
| | | | | | | | The line of default packages became very long and it is easier to read one package per line, therefore split it by newlines and sort it alphabetically. Signed-off-by: Paul Spooren <mail@aparcar.org>
* build: add libustream and certs to default pkgsPaul Spooren2020-08-311-1/+1
| | | | | | | | | | | | | To allow HTTPS usage on a router it requires both certificates (ca-bundle) and a fitting libustream library (libustream-wolfssl) By adding both, uclient-fetch and wget can connect to encrypted HTTP. This allows opkg to update package lists in a more secure fashion. Suggested-by: Petr Štetiar <ynezz@true.cz> Suggested-by: Baptiste Jonglez <baptiste@bitsofnetworks.org> Signed-off-by: Paul Spooren <mail@aparcar.org>
* treewide: https for downloads.openwrt.org sourcesPaul Spooren2020-08-315-5/+5
| | | | | | | Instead of using http and https for source downloads from downloads.openwrt.org, always use https for it's better security. Signed-off-by: Paul Spooren <mail@aparcar.org>
* build: add whatdepends target to imagebuilderPaul Spooren2020-08-311-1/+9
| | | | | | | | | | | | | | | | The package manager `opkg` offers the function `whatdepends` to print packages that depend on a specific package. This feature is useful when used in a CI to not only build an upgraded package but all packages with a dependency. Usage: make whatdepends PACKAGE=libipset The resulting list can be fed into a SDK building all packages and warn if anything fails. Signed-off-by: Paul Spooren <mail@aparcar.org>
* build: store SourceDateEpoch in manifestPaul Spooren2020-08-312-1/+2
| | | | | | | | The usage of granular `SOURCE_DATE_EPOCH` for packages is an incrementing integer which could be useful for downstream tooling, therefore add it to the packages manifest. Signed-off-by: Paul Spooren <mail@aparcar.org>
* build: store granular timestamps in packagesPaul Spooren2020-08-312-9/+4
| | | | | | | | | | | | | | With the new `SOURCE` argument of `get_source_date_epoch` it is possible to set package timestamps based on actual package changes rather thane $TOPDIR changes. This commit adds a new variable PKG_SOURCE_DATE_EPOCH which is used by the `ipkg` build script. As a fallback the existing SOURCE_DATE_EPOCH is used or as last resort the current time. The redundant checks for `.git/` and `.svn/` are removed. Signed-off-by: Paul Spooren <mail@aparcar.org>
* build: get_source_date_epoch allow external reposPaul Spooren2020-08-311-6/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The SOURCE_DATE_EPOCH variable is used to make builds reproducible even if rebuild at different times. Instead of using the current timestamp, the time of the last source change is used. Created packages are `touch`ed with a specific timestamp so resulting packages have the same checksums. The `get_source_date_epoch.sh` script tries multiple ways (file, git, hg) to determine the correct timestamp. Until now the script would only consider the $TOPDIR instead of package specific changes. Resulting in packages with same versions but different timestamps, as $TOPDIR (openwrt.git) received changes not affecting package versions. This results in warning/erros in `opkg` as the package versions stay the same but checksums changed. This commit adds an optional argument to get the `SOURCE_DATE_EPOCH` of a specific path (e.g. package SOURCE) rather than the $TOPDIR. As a consequence this allows granular but still reproducible timestamps. As packages might be distributed over multiple repositories the check for `.git/` becomes unfeasible. Instead tell `git` and `hg` to change their working directories and automatically traverse the repo folder. Signed-off-by: Paul Spooren <mail@aparcar.org>
* build: Fix Shellcheck for get_source_date_epoch.shPaul Spooren2020-08-311-2/+5
| | | | | | | | If a `cd` to `TOPDIR` fails the script should quit. Also unify `try_mtime` function by storing it in a variable. Signed-off-by: Paul Spooren <mail@aparcar.org>
* busybox: Use PKG_FILE_MODES for SUIDPaul Spooren2020-08-311-4/+5
| | | | | | | Instead of using INSTALL_SUID use the more flexible PKG_FILE_MODES variable withn the Makefile to set the SUID bit. Signed-off-by: Paul Spooren <mail@aparcar.org>
* build: ipkg-build use fakeroot with PKG_FILE_MODESPaul Spooren2020-08-312-21/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `ipkg-build` script converts a folder into a `opkg` installable package. Until now it would use root:root for all packages and try to preserve file modes. This has the two drawbacks of packages want to add non-root files or add SUID files, like the `sudo` package does. To give more flexibility regarding file modes and avoid init script hacks, a new variable called `PKG_FILE_MODES`. The variable contains a list of files modes in the format `path:owner:group:mode`. An example for the `sudo` package below: ``` PKG_FILE_MODES:=\ /usr/bin/sudo:root:root:4755 \ /etc/sudoers:root:root:0440 ``` The `ipkg-build` now runs within a fakeroot environment to set any mode and directly store it in the resulting `ipk` package archive. Both options `-o` and `-g` are no longer required due to the introduction of the more flexible `-m` options, which takes the `PKG_FILE_MODES` as input. Lastly the option `-c` is removed as it's unused within the script. Signed-off-by: Paul Spooren <mail@aparcar.org>
* opkg: update to git HEADDaniel Golle2020-08-311-3/+3
| | | | | | | 4318ab1 opkg: allow to configure the path to the signature verification script cf44c2f libopkg: fix compiler warning Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* px5g: rename to px5g-mbedtlsPaul Spooren2020-08-312-2/+2
| | | | | | | | | | Two versions of `px5g` exists without sharing code. For clarification rename the previously existing MbedTLS based version to `px5g-mbedtls` to exists next to `px5g-wolfssl`. Rename code file of MbedTLS from `px5g.c` to `px5g-mbedtls.c`. Signed-off-by: Paul Spooren <mail@aparcar.org>
* px5g-wolfssl: add packagePaul Spooren2020-08-312-0/+404
| | | | | | | This package creates certificates and private keys, just like `px5g` does. Hower it uses WolfSSL rather than MbedTLS. Signed-off-by: Paul Spooren <mail@aparcar.org>
* wolfssl: add certgen config optionPaul Spooren2020-08-312-1/+6
| | | | | | The option allows to generate certificates. Signed-off-by: Paul Spooren <mail@aparcar.org>
* nghttp2: move to packages.gitHans Dedecker2020-08-311-44/+0
| | | | | | | | | As the package curl has been moved to packages.git and only libcurl depends on libnghttps move it as well to packages.git. This is based on the Hamburg 2019 decision that non essential packages should move outside base. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* refpolicy: new packageThomas Petazzoni2020-08-312-0/+87
| | | | | | Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [update to 2.20200229, adjust Makefile, and move to openwrt.git] Signed-off-by: W. Michael Petullo <mike@flyn.org>
* checkpolicy: new packageThomas Petazzoni2020-08-311-0/+51
| | | | | | Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [update to 3.1, make use of Python 3, and move to openwrt.git] Signed-off-by: W. Michael Petullo <mike@flyn.org>
* policycoreutils: new packageThomas Petazzoni2020-08-311-0/+83
| | | | | | Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [update to 3.1, make use of Python 3, use ALTERNATIVES, and move to openwrt.git] Signed-off-by: W. Michael Petullo <mike@flyn.org>
* kernel: add options needed for SELinuxThomas Petazzoni2020-08-312-0/+80
| | | | | | | | | | This adds a number of options to config/Config-kernel.in so that packages related to SELinux support can enable the appropriate Linux kernel support. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [rebase; add ext4, F2FS, UBIFS, and JFFS2 support; add commit message] Signed-off-by: W. Michael Petullo <mike@flyn.org>
* tools/squashfskit4: add xattr support to mksquashfs for SELinuxThomas Petazzoni2020-08-311-1/+1
| | | | | | | | SELinux uses extended attributes to store SELinux security contexts. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [rebase, add commit message] Signed-off-by: W. Michael Petullo <mike@flyn.org>
* build: add support for SELinux to include/image.mkThomas Petazzoni2020-08-312-1/+28
| | | | | | | | | This allows the build process to prepare a squashfs filesystem for use with SELinux. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [rebase, add commit message] Signed-off-by: W. Michael Petullo <mike@flyn.org>
* tools: add back lzma-old for ath79David Bauer2020-08-311-1/+1
| | | | | | | | | lzma-old host package is required for building ath79 images, as mksquashfs-lzma is required for generating netgear images. Fixes commit 4e4ee4649553 ("ar71xx: drop target") Signed-off-by: David Bauer <mail@david-bauer.net>
* tools/coreutils: update to 8.32Hannu Nyman2020-08-302-27/+2
| | | | | | | Update coreutils to version 8.32. Remove upstreamed patch. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* leds: add activity led trigger kernel module packageSven Wegener2020-08-301-0/+14
| | | | | | | The activity trigger flashes like the heartbeat trigger, but adjusts based on system load. Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
* kernel: add missing symbol NET_DSA_TAG_RTL4_AHannu Nyman2020-08-301-0/+1
| | | | | | | Fix build breakage caused by the missing kernel config symbol. Fixes: 8735997686a3 ("kernel: backport RTL8366RB patches") Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* ethtool: Update to version 5.8Hauke Mehrtens2020-08-301-2/+4
| | | | | | | | | | | | The ipk sizes for mips_24Kc change like this: old: ethtool_5.4-1_mips_24kc.ipk 101.909 new: ethtool_5.8-1_mips_24kc.ipk 109.699 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Tested-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: Update to version 5.8Hauke Mehrtens2020-08-306-89/+12
| | | | | | | | | | | | | | | The ipk sizes for mips_24Kc change like this: old: ip-full_5.7.0-2_mips_24kc.ipk 165.786 ip-tiny_5.7.0-2_mips_24kc.ipk 117.730 tc_5.7.0-2_mips_24kc.ipk 144.405 new: ip-full_5.8.0-1_mips_24kc.ipk 169.775 ip-tiny_5.8.0-1_mips_24kc.ipk 119.808 tc_5.8.0-1_mips_24kc.ipk 149.053 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Fix potential endless loopHauke Mehrtens2020-08-301-0/+31
| | | | | | Backport a fix from kernel 5.8.3. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ath79: increase kernel partition for ar9344 TP-Link CPE/WBSAdrian Schmutzler2020-08-303-26/+26
| | | | | | | | | | | | The kernel has become too big again for the ar9344-based TP-Link CPE/WBS devices which still have no firmware-partition splitter. Current buildbots produce a kernel size of about 2469 kiB, while the partition is only 2048 kiB (0x200000). Therefore, increase it to 0x300000 to provide enough room for this and, hopefully, the next kernel. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ar71xx: drop targetAdrian Schmutzler2020-08-30489-84828/+10
| | | | | | | | | | This target has been mostly replaced by ath79 and won't be included in the upcoming release anymore. Finally put it to rest. This also removes all references in packages, tools, etc. as well as the uboot-ar71xx and vsc73x5-ucode packages. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* wireguard-tools: add tunlink option for hostrouteAaron Goodman2020-08-302-2/+3
| | | | | | | | | | In a multi-wan setup, netifd may need guidance on which wan device to use to create the route to the remote peer. This commit adds a 'tunlink' option similar to other tunneling interfaces such as 6in4, 6rd, gre, etc. Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
* kernel: bump 5.4 to 5.4.61John Audia2020-08-3037-68/+65
| | | | | | | | | | | | | | | | | | | Manually merged: backport-5.4 011-kbuild-export-SUBARCH.patch layerscape 701-net-0262-net-dsa-ocelot-add-tagger-for-Ocelot-Felix-switches.patch All other modifications made by update_kernel.sh Build-tested: x86/64, lantiq/xrx200, ramips/mt7621 Run-tested: ipq806x (R7800), lantiq/xrx200, x86/64, ramips (RT-AC57U) No dmesg regressions, everything functional Signed-off-by: John Audia <graysky@archlinux.us> [minor commit message adjustments] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* apm821xx: fix typos in .dts filesChristian Lamparter2020-08-291-2/+2
| | | | | | | This patch fixes various typos or tab-vs-space issues in the APM821XX device targets Device-Tree source files. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* apm821xx: use SPDX-License-identifiersChristian Lamparter2020-08-298-50/+8
| | | | | | | Please note that the DTS are based on really old .DTS from vendors themselves. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* apm821xx: apm821xx.dtsi fix comment stylesChristian Lamparter2020-08-291-2/+4
| | | | Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* apm821xx: MX60W: enumerate PCIe in device-treeChristian Lamparter2020-08-291-0/+19
| | | | | | | This patch adds the pcie-switch and bridge configuration for the Meraki MX60W. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* apm821xx: WNDR4700: delete wndr4700 board fileChristian Lamparter2020-08-295-115/+1
| | | | | | | Thanks to the PCIE OF enumeration patch, this is technically no longer needed. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* apm821xx: MR24: enumerate PCIe in device-treeChristian Lamparter2020-08-291-0/+51
| | | | | | | This patch adds the pcie-switch and bridge configuration for the Meraki MR24. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* apm821xx: add missing cells-values for IIC1Christian Lamparter2020-08-291-0/+2
| | | | | | These are copied over from the IIC0. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* apm821xx: DTB: fix warnings related to sata-port warningsChristian Lamparter2020-08-291-0/+4
| | | | | | | | | This patch silences the following warnings: >netgear-wndr4700.dts:168.3-13:Warning (reg_format): /plb/sata@bffd1800/sata-port@0:reg:property has invalid length (4 bytes) (#address-cells == 2, #size-cells == 1) >netgear-wndr4700.dts:167.26-170.4: Warning (avoid_default_addr_size):/plb/sata@bffd1800/sata-port@0: Relying on default #address-cells value >netgear-wndr4700.dts:167.26-170.4: Warning (avoid_default_addr_size):/plb/sata@bffd1800/sata-port@0: Relying on default #size-cells value Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* apm821xx: WNDAP6x0: enumerate PCIe in device-treeChristian Lamparter2020-08-292-0/+75
| | | | | | | This patch adds the pcie-switch and bridge configuration of the WNDAP620 and WNDAP660. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* apm821xx: WNDR4700: enumerate PCIe in device-treeChristian Lamparter2020-08-294-34/+106
| | | | | | | | | | This patch adds the pcie-switch and bridge configuration of the WNDR4700. This allows to get rid of the legacy firmware monikers and drop the usbport LED declaration. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* oxnas: kd20: revert accedintally commited changeDaniel Golle2020-08-291-0/+4
| | | | | | | | | Changing the factory image of KD20 was used during testing and wasn't intended to be included in the commit fixing a SATA bug on oxnas. Revert that part of the commit. Fixes: 5793112f75 ("oxnas: reduce size of ATA DMA descriptor space") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mvebu: LS421DE: add linkstation poweroff driverDaniel González Cabanelas2020-08-282-15/+2
| | | | | | | | | | | Compile the Linkstation poweroff module for the Buffalo LS421DE. Without this driver the device remains forever halted if a power off command is executed. The driver will also allow to use the WoL feature, which wasn't availabe in the stock firmware. Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
* mvebu: backport linkstation-poweroff upstream driverDaniel González Cabanelas2020-08-282-0/+198
| | | | | | | | | | Backport the Linkstation poweroff driver from the kernel upstream (commit a7f79f99541ef) This driver is required by the Buffalo LinkStation LS421DE for a correct power off operation. It also allows to use the WoL feature. Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
* ramips: rt3883: use lzma-loader for DIR-645Perry Melange2020-08-281-0/+1
| | | | | | | | | The DIR-645 fails to boot if the kernel is large. Enabling lzma-loader resolves the issue. Run-tested on D-Link DIR-645. Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
* ramips: add support for Wavlink WL-WN531A6Georgi Vlaev2020-08-283-0/+194
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds support for Wavlink WL-WN531A6 (Quantum D6). Specifications: -------------- * SoC: Mediatek MT7621AT 2C2T, 880MHz * RAM: 128MB DDR3, Nanya NT5CB64M16GP-EK * Flash: 16MB SPI NOR flash, GigaDevice GD25Q127CSIG * WiFi 5GHz: Mediatek MT7615N (4x4:4) on mini PCIE slot. * WiFi 2.4GHz: Mediatek MT7603EN (2x2:2) on mini PCIE slot. * Ethernet: MT7630, 5x 1000Base-T * LED: Power, WAN, LAN(x4), WiFi, WPS, dual color "WAVLINK" LED logo on the top cover. * Buttons: Reset, WPS, "Turbo", touch button on the top cover via RH6015C touch sensor. * UART: UART1: serial console (57600 8n1) on the J4 header located below the top heatsink. UART2: J12 header, located on the right side of the board. * USB: One USB3 port. * I2C: J9 header, located below the top heatsink. Backup the OEM Firmware: ----------------------- There isn't any firmware released for the WL-WN531A6 on the Wavlink web site. Reverting back to the OEM firmware is not possible unless we have a backup of the original OEM firmware. The OEM firmware is stored on /dev/mtd4 ("Kernel"). 1) Plug a FAT32 formatted USB flash drive into the USB port. 2) Navigate to "Setup->USB Storage". Under the "Available Network folder" you can see part of the mount point of the newly mounted flash drive filesystem - e.g "sda1". The full mount point is prefixed with "/media", so in this case the mount point becomes "/media/sda1". 3) Go to http://192.168.10.1/webcmd.shtml . 4) Type the following line in the "Command" input box: dd if=/dev/mtd4ro of=/media/sda1/firmware.bin 5) Click "Apply" 6) After few seconds, in the text area should appear this output: 30080+0 records in 30080+0 records out 7) Type "sync" in the "Command" input box and click "Apply". 8) At this point the OEM firmware is stored on the flash drive as "firmware.bin". The size of the file is 15040 KB. Installation: ------------ * Flashing instructions (OEM web interface): The OEM web interface accepts only files with names containing "WN531A6". It's also impossible to flash the *-sysupgrade.bin image, so we have to flash the *-initramfs-kernel.bin first and use the OpenWrt's upgrade interface to write the sysupgrade image. 1) Rename openwrt-ramips-mt7621-wavlink_wl-wn531a6-initramfs-kernel.bin to WN531A6.bin. 2) Connect your computer to the one of the LAN ports of the router with an Ethernet cable and open http://192.168.10.1 3) Browse to Setup -> Firmware Upgrade interface. 4) Upload the (renamed) OpenWrt image - WN531A6.bin. 5) Proceed with the firmware installation and give the device a few minutes to finish and reboot. 6) After reboot wait for the "WAVLINK" logo on the top cover to turn solid blue, and open http://192.168.1.1 7) Use the OpenWrt's "Flash Firmware" interface to write the OpenWrt sysupgrade image: openwrt-ramips-mt7621-wavlink_wl-wn531a6-squashfs-sysupgrade.bin * Flashing instructions (u-boot TFTP): 1) Configure a TFTP server on your computer and set its IP to 192.168.10.100 2) Rename the OpenWrt sysupgrade image to firmware.bin and place it in the root folder of the TFTP server. 3) Power off the device and connect an Ethernet cable from one of its LAN ports your computer. 4) Press the "Reset" button (and keep it pressed) 5) Power on the device. 6) After a few seconds, when the connected port LAN LED stops blinking fast, release the "Reset" button. 7) Flashing OpenWrt takes less than a minute, system will reboot automatically. 8) After reboot the WAVLINK logo on the top cover will indicate the current OpenWrt running status (wait until the logo tunrs solid blue). Revert to the OEM Firmware: -------------------------- * U-boot TFTP: Follow "Flashing instructions (u-boot TFTP)" and use the "firmware.bin" backup image. * OpenWrt "Flash Firmware" interface: Upload the "firmware.bin" backup image and select "Force update" before continuing. Notes: ----- * The MAC address shown on the label at the back of the device is assigned to the 2.4G WiFi adapter. MAC addresses assigned by the OEM firmware: 2.4G: *:XX (label): factory@0x0004 5G: *:XX + 1 : factory@0x8004 WAN: *:XX - 1 : factory@0xe006 LAN: *:XX - 2 : factory@0xe000 * The I2C bus and UART2 are fully functional. The headers are not populated. Signed-off-by: Georgi Vlaev <georgi.vlaev@konsulko.com>
* curl: move package to packages.gitPaul Spooren2020-08-274-402/+0
| | | | | | | | curl is replaced by uclient-fetch within the OpenWrt build system and we can therefore move curl to packages.git. This is based on the Hamburg 2019 decision that non essential packages should move outside base. Signed-off-by: Paul Spooren <mail@aparcar.org>
* tools/mpc: update to 1.2.0Hannu Nyman2020-08-271-2/+2
| | | | | | Update mpc to version 1.2.0. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>