aboutsummaryrefslogtreecommitdiffstats
path: root/config
Commit message (Collapse)AuthorAgeFilesLines
* kernel: Use new symbol to deactivate MIPS FPU supportHauke Mehrtens2020-02-281-0/+5
| | | | | | | | | | | With kernel 5.4 the upstream kernel supports deactivating the FPU support on MIPS. Use this new upstream feature instead of our older patch which was removed when porting the kernel patches to kernel 5.4. This way both options are set which should work for older kernel versions and also new ones. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* base-files: add all buildinfo with INCLUDE_CONFIGXu Wang2020-02-271-1/+1
| | | | | | | | | | CONFIG_INCLUDE_CONFIG option is helpful for being able to rebuild the exact same firmware as you see on a live OpenWRT instance, but it's crucially missing feeds information, so we can't rebuild the exact same package versions. This commit fixes this by adding the remaining feeds (and version) buildinfo files to the image. Signed-off-by: Xu Wang <xwang1498@gmx.com>
* build: Add additional kernel debug optionsHauke Mehrtens2020-02-221-0/+68
| | | | | | | | Make it possible to activate some additional kernel debug options. This can be used to debug some problems in kernel drivers. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com> Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* build: Add KCOV kernel code coverage for fuzzingHauke Mehrtens2020-02-221-0/+33
| | | | | | | The adds an option to activate KCOV (Code coverage for fuzzing). Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com> Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* build: Add option KERNEL_KASANHauke Mehrtens2020-02-221-0/+52
| | | | | | | | The kernel kernel address sanitizer is able to detect some memory bugs in the kernel like out of range array accesses. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com> Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* build: Add option KERNEL_UBSANHauke Mehrtens2020-02-221-0/+35
| | | | | | | | The kernel Undefined Behavior Sanitizer is able to detect some memory bugs in the kernel like out of range array accesses. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com> Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* brcm2708: rename target to bcm27xxAdrian Schmutzler2020-02-142-2/+2
| | | | | | | | | | | | | | | | | This change makes the names of Broadcom targets consistent by using the common notation based on SoC/CPU ID (which is used internally anyway), bcmXXXX instead of brcmXXXX. This is even used for target TITLE in make menuconfig already, only the short target name used brcm so far. Despite, since subtargets range from bcm2708 to bcm2711, it seems appropriate to use bcm27xx instead of bcm2708 (again, as already done for BOARDNAME). This also renames the packages brcm2708-userland and brcm2708-gpu-fw. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
* buildsystem: Make PIE ASLR option tristateHauke Mehrtens2020-01-131-4/+18
| | | | | | | | | | | | | | | | | | | | | | | | This tristate choose allows to select to build only some applications with PIE enabled. On MIPS binaries are getting about 30% bigger when PIE is activated for the, which is a huge increase. Network exposed applications like dnsmasq should then be build with PIE enabled, but some applications which are normally not parsing data from the network do not have it activated. The regular option should give a good trade off between extra flash and RAM memory usage and security. This changes the default from building no applications with PIE to build some specifically marked applications with PIE enabled. This option is only activated for targets with bigger flash and RAM to not consume extra memory on the very small targets. On SDK builds the Regular option should always be selected, because some tiny targets share the applications with big targets and only the images for the tiny targets should contain the none PIE applications, but the images for the normal targets should use PIE. The shared packages should always use PIE when it should be normally activated. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Petr Štetiar <ynezz@true.cz>
* libcxx: Depenency fixesRosen Penev2019-12-231-0/+1
| | | | | | | | | | | | | Don't build with uClibc-ng. It's totally unsupported as several functions are missing. Make the musl libc support conditional. Fix hash with make check FIXUP=1. Apparently I based the Makefile off of libedit and forgot to fix the hash. Signed-off-by: Rosen Penev <rosenp@gmail.com> Fixes: 856ea2bad3b3 ("libcxx: Add package")
* libcxx: Add packageRosen Penev2019-12-231-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently in OpenWrt, there are two libc++: libstdcpp and uClibc++. The former is huge and the latter supports only C++98 with some basic support for C++11. Those C++ versions seem to be specific to the compiler version libcxx supports C++11 and above while being much smaller than libstdcpp. On mt7621, these are the sizes of the ipks that I get: libstdcpp: 460786 libcxx: 182881 uClibc++:67720 libcxx is faster than uClibc++ and is under active development as part of the LLVM project while uClibc++ is effectively dead. This PR modifies uclibc++.mk to expose the make menuconfig option. Further cleanup is beyond the scope of this PR. What that means is, this is not used by default. A g++-libcxx wrapper based on the uClibc++ one was added. Works the same way. Compile tested with all packages that use uclibc++.mk in their Makefiles under mipsel_24kc. kismet fails compilation but that package needs to be cleaned up and updated. Runtime tested with gddrescue, gdisk, dcwapd, bonnie++, and aircrack-ng on a TP-Link Archer C7v2. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* config: kernel: fix typo in HFSPLUG_FS_POSIX_ACLStijn Tintel2019-11-281-1/+1
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* Revert "build: separate signing logic"John Crispin2019-10-211-10/+2
| | | | | | | | This reverts commit 4a45e69d190f72ed94878487b271ed7651dd9efa. This broke the buildbots Signed-off-by: John Crispin <john@phrozen.org>
* build: separate signing logicPaul Spooren2019-10-211-2/+10
| | | | | | | | | | | | | | | | This separates the options for signature creation and verification * SIGNED_PACKAGES create Packages.sig * SIGNED_IMAGES add ucert signature to created images * CHECK_SIGNATURE add verification capabilities to images * INSTALL_LOCAL_KEY add local key-build to /etc/opkg/keys Right now the buildbot.git contains some hacks to create images that have signature verification capabilities while not storing private keys on buildbot slaves. This commit allows to disable these steps for the buildbots and only perform signing on the master. Signed-off-by: Paul Spooren <mail@aparcar.org>
* config: remove unused GCC_VERSION_4_8 config symbolsPaul Spooren2019-10-091-2/+0
| | | | | | | | | Lets remove unused GCC_VERSION_4_8 symbol after the series of patches which has switched to target gcc-8 by default. Signed-off-by: Paul Spooren <mail@aparcar.org> [refactored into separate commit] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* build: create JSON files containing image infoPaul Spooren2019-09-291-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The JSON info files contain details about the created firmware images per device and are stored next to the created images. The JSON files are stored as "$(IMAGE_PREFIX).json" and contain some device/image meta data as well as a list of created firmware images. An example of openwrt-ramips-rt305x-aztech_hw550-3g.json { "id": "aztech_hw550-3g", "image_prefix": "openwrt-ramips-rt305x-aztech_hw550-3g", "images": [ { "name": "openwrt-ramips-rt305x-aztech_hw550-3g-squashfs-sysupgrade.bin", "sha256": "db2b34b0ec4a83d9bf612cf66fab0dc3722b191cb9bedf111e5627a4298baf20", "type": "sysupgrade" } ], "metadata_version": 1, "supported_devices": [ "aztech,hw550-3g", "hw550-3g" ], "target": "ramips/rt305x", "titles": [ { "model": "HW550-3G", "vendor": "Aztech" }, { "model": "ALL0239-3G", "vendor": "Allnet" } ], "version_commit": "r10920+123-0cc87b3bac", "version_number": "SNAPSHOT" } Signed-off-by: Paul Spooren <mail@aparcar.org>
* rules: allow arbitrary log destinationPaul Spooren2019-09-291-0/+7
| | | | | | | | Add option BUILD_LOG_DIR to menuconfig to change log destination. The mix-up of *DIR* and *FOLDER* is confusing however. Signed-off-by: Paul Spooren <mail@aparcar.org>
* build: set TARGET_ROOTFS_PARTSIZE to make combined image fit in 128MBMatthias Schiffer2019-09-211-1/+1
| | | | | | | | | | | | Change TARGET_ROOTFS_PARTSIZE from 128 to 104 MiB, so the whole image (bootloader + boot + root) will fit on a 128MB CF card by default. With these settings, the generated images (tested on x86-generic and x86-64) have 126,353,408 bytes; the smallest CF card marketed as "128MB" that I found a datasheet for (a Transcend TS128MCF80) has 126,959,616 bytes. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* config: kernel: only enable container features if !SMALL_FLASHDaniel Golle2019-09-121-2/+2
| | | | | | | | | | | | KERNEL_DEVPTS_MULTIPLE_INSTANCES and KERNEL_POSIX_MQUEUE were previously enabled by default only if KERNEL_LXC_MISC was selected. KERNEL_LXC_MISC was enabled only if the SMALL_FLASH (anti-)feature was not selected. Now that KERNEL_LXC_MISC no longer exists, make sure that those options are also only enabled by default for !SMALL_FLASH targets. Fixes: 4f94a331 ("config: kernel: remove KERNEL_LXC_MISC") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* config: kernel: remove KERNEL_LXC_MISCYousong Zhou2019-09-121-33/+22
| | | | | | | | | | Kernel features are neutral. The two cascaded features can also be useful for other container related tools It's also less error-prone if only kconfig symbols from the kernel are prefixed KERNEL_ Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* config: kernel: add KERNEL_X86_VSYSCALL_EMULATIONYousong Zhou2019-09-121-0/+18
| | | | | | | | | Binaries in container images may need this. E.g. nginx:1.7.9 used in k8s default deployment manifest file for demostration [1] [1] https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#creating-a-deployment Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* build: add buildinfo files for reproducibilityPaul Spooren2019-08-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | generate feeds.buildinfo and version.buildinfo in build dir after containing the feed revisions (via ./scripts/feeds list -sf) as well as the current revision of buildroot (via ./scripts/getver.sh). With this information it should be possible to reproduce any build, especially the release builds. Usage would be to move feeds.buildinfo to feeds.conf and git checkout the revision hash of version.buildinfo. Content of feeds.buildinfo would look similar to this: src-git routing https://git.openwrt.org/feed/routing.git^bf475d6 src-git telephony https://git.openwrt.org/feed/telephony.git^470eb8e ... Content of version.buildinfo would look similar to this: r10203+1-c12bd3a21b Without the exact feed revision it is not possible to determine installed package versions. Also rename config.seed to config.buildinfo to follow the recommended style of https://reproducible-builds.org/docs/recording/ Signed-off-by: Paul Spooren <mail@aparcar.org>
* config: introduce separate CONFIG_SIGNATURE_CHECK optionJo-Philipp Wich2019-08-061-0/+4
| | | | | | | | | | | | | | | | | | | Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value of CONFIG_SIGNED_PACKAGES and thus is enabled by default. This option is needed to support building target opkg with enabled signature verification while having the signed package lists disabled. Our buildbots currently disable package signing globally in the buildroot and SDK to avoid the need to ship private signing keys to the build workers and to prevent the triggering of random key generation on the worker nodes since package signing happens off-line on the master nodes. As unintended side-effect, updated opkg packages will get built with disabled signature verification, hence the need for a new override option. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* brcm2708: add linux 4.19 supportÁlvaro Fernández Rojas2019-07-141-1/+1
| | | | | | Boot tested on Raspberry Pi B+ (BCM2708) and Raspberry Pi 2 (BCM2709) Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* Make linux kernel builds reproducible when BUILDBOT selectedAlexander Couzens2019-07-021-0/+2
| | | | | | | | | | | The linux kernel is not reproducible because the build user and domain is included into the kernel. Set the build user to `builder` and build domain to buildhost. It's also possible to build reproducible builds by setting KERNEL_BUILD_USER KERNEL_BUILD_DOMAIN to static values. Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* build: enable gzipped images for armvirt and maltaPetr Štetiar2019-06-251-1/+1
| | | | | | | | As we're now going to pad all images by default to 128MiB let's enable compression of the images for armvirt and malta in order to save some space and bandwidth. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* build: make TARGET_ROOTFS_PARTSIZE 128MiB by defaultPetr Štetiar2019-06-251-1/+1
| | | | | | | | | | | As we're now going to pad all images by default, lets decrease the default rootfs partition size from 256MiB to 128MiB in order to save some space. I'm keeping it above 100MiB in order to keep current behavior, where overlay filesystem is using F2FS. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* build: remove TARGET_IMAGES_PAD optionPetr Štetiar2019-06-251-7/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | It's being used only in x86 target to produce combined images, where it's mandatory to have padded images in order to produce working squashfs combined images usable in QEMU. Currently we're producing unusable x86 combined squashfs images (18.06.1, 18.06.2 and snapshots) as we don't enable TARGET_IMAGES_PAD, thus providing very small space for the overlay filesystem, leading to the following with OpenWrt 18.06.1 r7258-5eb055306f images on x86 QEMU: root@(none):/# mount | egrep 'root|overlay' /dev/root on /rom type squashfs /dev/loop0 on /overlay type ext4 overlayfs:/overlay on / type overlay root@(none):/# df -h | egrep 'root|overlay|Size' Filesystem Size Used Available Use% Mounted on /dev/root 2.5M 2.5M 0 100% /rom /dev/loop0 113.0K 8.0K 97.0K 8% /overlay overlayfs:/overlay 113.0K 8.0K 97.0K 8% / So we should rather ensure proper image padding in image generation code and we shouldn't rely on config options in order to generate usable images. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* config: enable some useful features on !SMALL_FLASH devicesDaniel Golle2019-06-121-16/+16
| | | | | | | | | | enable kernel features needed for procd-ujail, procd-seccomp, lxc and more on devices with big enough flash. Those packages are currently useless in binary builds due to missing kernel features. Enable the features on devices which can bare with the extra space consumption. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* lantiq/xrx200: enable initramfs imagesStijn Segers2019-05-151-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | Commit eae6cac6a3 ("lantiq: add support for AVM FRITZ!Box 7362 SL"), but one needs an initramfs image to flash OpenWrt from stock firmware (as described in the commit log). This patch has the initramfs image built by default. Thanks to blogic (for pointing to the FEATURES declaration in the target Makefiles) and Musashino on the forum for suggesting config/Config-images.in needed editing too. While at it, reorder the TARGET_INITRAMFS_COMPRESSION_LZMA declarations alphabetically. This patch will result in initramfs images for all lantiq subtargets that have the ramdisk flag set. I tested on the falcon and ase subtargets, which lack that flag, to confirm they don't produce any initramfs images with this patch - which they do not. Given the limited scope of the lantiq (sub)target(s), blogic indicated this should be OK. Signed-off-by: Stijn Segers <foss@volatilesystems.org> Signed-off-by: Petr Štetiar <ynezz@true.cz> [fixed the wrong reference to eae6cac6a3 commit]
* build: add a config option for enabling a testing version of the target kernelFelix Fietkau2019-05-111-0/+9
| | | | | | | If the target supports a newer kernel version that is not used by default yet, it can be enabled with this option Signed-off-by: Felix Fietkau <nbd@nbd.name>
* config: kernel: Add KPROBE_EVENTS config optionPetr Štetiar2019-05-051-0/+4
| | | | | | | | | | | | | | | | | | | | | | | Upstream has renamed KPROBE_EVENT to KPROBE_EVENTS in the following commit: commit 6b0b7551428e4caae1e2c023a529465a9a9ae2d4 Author: Anton Blanchard <anton@samba.org> Date: Thu Feb 16 17:00:50 2017 +1100 perf/core: Rename CONFIG_[UK]PROBE_EVENT to CONFIG_[UK]PROBE_EVENTS We have uses of CONFIG_UPROBE_EVENT and CONFIG_KPROBE_EVENT as well as CONFIG_UPROBE_EVENTS and CONFIG_KPROBE_EVENTS. Consistently use the plurals. So I'm adding this plural option in order to make kconfig happy and stop asking about it if kernel is compiled with verbose logging: Enable kprobes-based dynamic events (KPROBE_EVENTS) [Y/n/?] (NEW) Signed-off-by: Petr Štetiar <ynezz@true.cz>
* mvebu: make bootfs size for sdcard image configurableTomasz Maciej Nowak2019-04-061-1/+1
| | | | | | | Let's take this oportunity to implement boot-part and rootfs-part feature flags. Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
* build: remove leftovers from previous x86 commitsTomasz Maciej Nowak2019-02-171-6/+3
| | | | | | | | | | | | | | | | | VBoxManage is not used and the image is created with proper permisions: 0f5d0f6 image: use internal qemu-img for vmdk and vdi images drop host dependencies on qemu-utils and VirtualBox Unreachable config symbols: 9e0759e x86: merge all geode based subtargets into one No need to define those symbols since x86_64 is subtarget of x86: 196fb76 x86: make x86_64 a subtarget instead of a standalone target Unreachable config symbols, so remove GRUB_ROOT: 371b382 x86: remove the xen_domu subtarget Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
* config: kernel: Fix missing symbol on brcm2708 with CGROUPSDaniel F. Dickinson2019-02-171-0/+14
| | | | | | | | | | | | | | When CGROUP block io is enabled a new symbol is exposed and needs to be set or unset else kernel oldconfig hangs waiting for input during normal OpenWrt builds. Therefore add sane defaults for this symbol in that case. Also, the defaults brcm2708 are different than generic defaults because the platform's defconfig enables BLK_DEV_THROTTLING by default (in defconfig config from the patches used to match upstream's kernel, not in OpenWrt config-4.xx). Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com> [make KERNEL_BLK_DEV_THROTTLING_LOW depend on KERNEL_BLK_DEV_THROTTLING] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* omap: fix build without ext4 rootfsAndre Heider2019-01-311-1/+1
| | | | | | Same fix as 7b76219e, just for omap. Signed-off-by: Andre Heider <a.heider@gmail.com>
* brcm2708: boot-part feature integrationChristian Lamparter2019-01-241-0/+1
| | | | | | | | | | | | | | This patch adds the boot-part feature which enables the brcm2708 target move from the custom boot partition size config option to the generic CONFIG_TARGET_KERNEL_PARTSIZE. Note: For people using custom images: Just like with CONFIG_TARGET_ROOTFS_PARTSIZE changing the value can cause sysupgrade to repartition the device! Make sure to have a backup in this case. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* build: Optionally provide file checksums in package metadataMichal Hrusecky2019-01-221-0/+8
| | | | | | | This may be useful if you don't entirely trust your flash and want to be able to check for corruptions. Signed-off-by: Michal Hrusecky <Michal@Hrusecky.net>
* apm821xx: sata: boot-part feature integrationChristian Lamparter2019-01-011-0/+1
| | | | | | | | | | | | This patch adds the boot-part feature to the apm82181 sata target. This makes it possible to configure the boot partition size with the generic CONFIG_TARGET_KERNEL_PARTSIZE symbol. Please note: For people using custom images: Just like with CONFIG_TARGET_ROOTFS_PARTSIZE changing the value can cause sysupgrade to repartition the device! Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* kernel: Fix KERNEL_STACKPROTECTOR on kernel 4.19Hauke Mehrtens2018-12-261-0/+8
| | | | | | | | | | | | The configuration option was renamed with kernel 4.19 from CONFIG_CC_STACKPROTECTOR to CONFIG_STACKPROTECTOR adapt the code to set both options. CONFIG_STACKPROTECTOR now sets the regular stack protector and CONFIG_STACKPROTECTOR_STRONG activates the additional protection of more functions. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* sunxi: fix build without ext4 rootfsAndre Heider2018-09-291-1/+1
| | | | | | | | | | | | The sdcard image generation uses CONFIG_TARGET_ROOTFS_PARTSIZE, which is currently bound to TARGET_ROOTFS_EXT4FS on this target. Since the rootfs is squashfs anyway, allow deselecting of the ext4fs one. Sort the target list alphabetically while here. Signed-off-by: Andre Heider <a.heider@gmail.com>
* build: add support for enabling the rootfs/boot partition size option via ↵Felix Fietkau2018-09-031-2/+2
| | | | | | target feature Signed-off-by: Felix Fietkau <nbd@nbd.name>
* x86: add support to set GRUB menu entry titleKjel Delaey2018-07-301-0/+8
| | | | | | | | $ make menuconfig Target Images -> Title for the menu entry in GRUB Signed-off-by: Kjel Delaey <kjel_delaey@hotmail.com>
* config: extend small_flash featureAlex Maclean2018-07-122-3/+9
| | | | | | | | | | Extend the small_flash feature to disable swap, core dumps, and kernel debug info, and change the squashfs block size to 1024KiB. Also change squashfs fragment cache to 2 for small_flash to ease memory usage. Signed-off-by: Alex Maclean <monkeh@monkeh.net>
* kernel: only optimized for size if small_flashMathias Kresin2018-07-121-0/+22
| | | | | | | | | | | | | | | | | | | | | | | | Add a new config option to allow to select the default compile optimization level for the kernel. Select the optimization for size by default if the small_flash feature is set. Otherwise "Optimize for performance" is set. Add the small_flash feature flag to all (sub)targets which had the optimization for size in their default kernel config. Remove CC_OPTIMIZE_FOR_* symbols from all kernel configs to apply the new setting. Exceptions to the above are: - lantiq, where the optimization for size is only required for the xway_legacy subtarget but was set for the whole target - mediatek, ramips/mt7620 & ramips/mt76x8 where boards should have plenty of space and an optimization for size doesn't make much sense - rb532, which has 128MByte flash Signed-off-by: Mathias Kresin <dev@kresin.me>
* config: add config option for KERNEL_TASKSTATSJeremiah McConnell2018-07-071-0/+21
| | | | | | | | | | In order for monitoring tools such as atop and htop to track and report i/o data, kernel support for task statistics and io accounting is required. Add a config option to enable building this support in the kernel. Signed-off-by: Jeremiah McConnell <miah@miah.com>
* config: fix ARM64 dependency checkHauke Mehrtens2018-02-101-2/+2
| | | | | | The ARM64 CPUs use aarch64 config symbol, fix the depends lines. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* lantiq: ase: turn off fpu emulator in default buildYousong Zhou2018-01-291-1/+1
| | | | | | | | | | It was only enabled when the target was added back in commit 9b321bc ("lantiq: add Amazon-SE subtarget") Leave pistachio alone as devices of this target are not likely have small_flash or low_mem constraint Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* build: add config option KERNEL_MIPS_FPU_EMULATORYousong Zhou2018-01-291-0/+5
| | | | | | | To make it more accessible for nodejs users to configure and run a build on mips target lacking hardware fpu Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* build: cleanup SSP_SUPPORT configure optionJulien Dusser2018-01-271-2/+2
| | | | | | | | | | | | | | | | | | Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh, avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain and depends it means 'build gcc with libssp'. Musl no longer uses libssp (1877bc9d8f), it has internal support, so SSP_SUPPORT was disabled leading some package to not use SSP. No information why Glibc and uClibc use libssp, but they may also provide their own SSP support. uClibc used it own with commit 933b588e25 but it was reverted in f3cacb9e84 without details. Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT if either USE_MUSL or GCC_LIBSSP. Signed-off-by: Julien Dusser <julien.dusser@free.fr>
* build: add hardened builds with PIE (ASLR) supportJulien Dusser2018-01-271-0/+16
| | | | | | | | | | | | | | | | | | Introduce a configuration option to build a "hardened" OpenWrt with ASLR PIE support. Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR) by building Position Independent Executables (PIE). This new option protects against "return-to-text" attacks. Busybox need a special care, link is done with ld, not gcc, leading to unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE. If other failing packages were found, PKG_ASLR_PIE:=0 should be added to their Makefiles. Original Work by: Yongkui Han <yonhan@cisco.com> Signed-off-by: Julien Dusser <julien.dusser@free.fr>