aboutsummaryrefslogtreecommitdiffstats
path: root/config
Commit message (Collapse)AuthorAgeFilesLines
* config: Activate SECCOMP also on MIPS 64Hauke Mehrtens2021-11-031-1/+1
| | | | | | | | This activates SECCOMP also on mips64 and mips64el. This was working fine in a basic test in qemu. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* build: add HOST_OS_LINUX and HOST_OS_MACOS config symbolsFelix Fietkau2021-11-011-0/+1
| | | | | | This can be used to simplify host os tests in various places Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: fix various typosJosh Soref2021-10-312-2/+2
| | | | | | | | Fix typos in comment and user-facing help text. Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> [split out config changes, adjust commit message] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* uclibc++: removeRosen Penev2021-10-241-14/+0
| | | | | | | | | | | | | | | No package here depends on it. Furthermore, uClibc++ is a fairly buggy C++ library and seems to be relatively inactive upstream. It also lacks proper support for modern C++11 features. The main benefit of it is size: 66.6 KB vs 287.3 KB on mips24kc. Static linking and LTO can help bring the size down of packages that need it. Added warning message to uclibc++.mk Signed-off-by: Rosen Penev <rosenp@gmail.com> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* buildsystem: add CONFIG_SECCOMPFlorian Eckert2021-10-161-0/+12
| | | | | | | | | | | | | | | | | | | | | Until now, this feature was switched on via the kernel configuration option KERNEL_SECCOMP. The follwing change a7f794cd2aa104fdbd4c6e38f9b76373bf9b96e1 now requires that the package procd-seccomp must also enabled for buildinmg. However, this is not the case we have no dependency and the imagebuilder cannot build the image, because of the implicit package selection. This change adds a new configuration option CONFIG_SECCOMP. The new option has the same behaviour as the configuration option CONFIG_SELINUX. If the CONFIG_SECCOMP is selected then the package procd-seccomp and KERNEL_SECCOMP is enabled for this build. Signed-off-by: Florian Eckert <fe@dev.tdt.de> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* build: Replace KERNEL_LOCKUP_DETECTOR with KERNEL_SOFTLOCKUP_DETECTORHauke Mehrtens2021-09-131-16/+4
| | | | | | | | | | | | | The LOCKUP_DETECTOR configuration option split into the SOFTLOCKUP_DETECTOR and HARDLOCKUP_DETECTOR configuration option some time ago. The HARDLOCKUP_DETECTOR option is only working on some architectures, but SOFTLOCKUP_DETECTOR should work everywhere. Replace KERNEL_LOCKUP_DETECTOR with KERNEL_SOFTLOCKUP_DETECTOR. LOCKUP_DETECTOR will be selected by SOFTLOCKUP_DETECTOR automatically. Fixes: b951f53fbae3 ("build: Add additional kernel debug options") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* base-files: add option to make /var persistentStijn Tintel2021-08-221-0/+8
| | | | | | | | | | | | | | | | In OpenWrt, /var is symlinked to /tmp by default. This is done to reduce the amount of writes to the flash chip, which often have not the greatest durability. As a result, things like DHCP or UPnP lease files, are not persistent across reboots. Since OpenWrt can run on devices with more durable storage, it makes sense to have an option for a persistent /var. Add an option to make /var persistent. When enabled, /var will no longer be symlinked to /tmp, but /var/run will be symlink to /tmp/run, as it should contains only files that should not be kept during reboot. The option is off by default, to maintain the current behaviour. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* build: create profiles.json per defaultPaul Spooren2021-06-211-1/+1
| | | | | | | | | | | | | The file is a info file just like config.buildinfo, feeds.buildinfo and version.buildinfo. It bundles these and more information in a machine readable way. This commit enables the creation of profiles.json by default and not only for buildbots. By doing so it follow the behaviour of the ImageBuilder which always creates the file, lastly this increases the files visibility for downstream projects. Signed-off-by: Paul Spooren <mail@aparcar.org>
* grub2: make grub2-bios-setup as a separate package李国2021-06-201-0/+2
| | | | | | | | | | The grub2 and grub2-efi packages should only contain boot-related code. grub-bios-setup is the same as grub-editenv, they are both grub2 tools and should be placed in a separate package. Signed-off-by: 李国 <uxgood.org@gmail.com> [use AUTORELEASE and update to SPDX] Signed-off-by: Paul Spooren <mail@aparcar.org>
* build: Config-images: fix unit of partition sizesPaul Fertser2021-06-201-2/+2
| | | | | | | | | The code interprets these config values as Mebibytes rather than Megabytes so modify the description accordingly. Signed-off-by: Paul Fertser <fercerpav@gmail.com> [fix commit title prefix] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* treewide: fix spelling 'seperate' -> 'separate'Daniel Golle2021-02-281-8/+8
| | | | | | | This popular spelling mistake was also introduced by myself lately. Fix it everywhere. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* image: improve Kconfig for seperate ramdisk optionDaniel Golle2021-02-251-1/+2
| | | | | | | * show only if target supports it (ie. seperate_ramdisk feature set) * select XZ compression by default of ramdisk is seperate Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* image: allow building FIT and uImage with ramdiskDaniel Golle2021-02-241-5/+16
| | | | | | | | | | | | | Instead of embedding the initrd cpio archive into the kernel, allow for having an external ramdisk added to the FIT or uImage. This is useful to overcome kernel size limitations present in many stock bootloaders, as the ramdisk is then loaded seperately and doesn't add to the kernel size. Hence we can have larger ramdisks to host ie. installers with all binaries to flash included (or a web-based firmware selector). In terms of performance and total size the differences are neglectible. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* build: make zstd initramfs selectableFelix Fietkau2021-02-161-0/+4
| | | | | | fix typo in kernel initramfs zstd compression option Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: use SPDX license tagsPaul Spooren2021-02-054-16/+8
| | | | | | | | | The license folder is a core part of OpenWrt and all GPL-2.0 licensed. Use SPDX license tags to allow machines to check licenses. Signed-off-by: Paul Spooren <mail@aparcar.org> [rebase, keep some Copyright lines, sharpen commit message] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* kernel: add defaults for new SELinux optionsDaniel Golle2021-02-051-0/+10
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* config: drop CONFIG_KPROBE_EVENT unused since kernel 4.9Tony Ambardar2021-01-251-4/+0
| | | | | | | The config setting was renamed to CONFIG_KPROBE_EVENTS. Fixes: 97d3f800a8 ("config: kernel: Add KPROBE_EVENTS config option) Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* kernel: make lwtunnel support optionalRui Salvaterra2021-01-141-2/+3
| | | | | | | | | | Not everyone will want to bloat their kernel by 24 kiB for such a niche feature. Fixes: a1a7f3274e0ed27511d45f62ee20281d8d57c7af "kernel: enable SRv6 support by enabling lwtunnel" Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* kernel: drop unneeded kernel version dependencyAndy Walsh2021-01-141-1/+0
| | | | | | | | | | | The current master only supports kernel 5.4, and there is no reason to remove KERNEL_IO_URING for future kernels. Drop the unneeded dependency. Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com> [improve commit title/message] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* kernel: enable SRv6 support by enabling lwtunnelNick Hainke2021-01-111-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | Enable the ability to use segment routing based on IPv6. It allows the packet to specify a path that the packet should take through the network. Lwtunnel allow an easy encapsulation of a package. You can just install ip-full package and use it: ip -6 route add 2003::/64 dev eth0 encap seg6 mode encap \ segs 2001::1,2002::2 An IPv6 package looks like this: [IPv6 HDR][IPv6 RH][IPv6 HDR][Data...] Netifd support: https://git.openwrt.org/?p=project/netifd.git; a=commit;h=458b1a7e9473c150a40cae5d8be174f4bb03bd39 Increases imagesize by 24.125 KiB. Therefore, only enable for devices with enough flash. Signed-off-by: Nick Hainke <vincent@systemli.org>
* kernel: only strip proc for small flash devicesNick Hainke2020-12-221-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, you are not able to get statistics about IPv4 and IPv6 usage. This information can be collected via the snmp and snmp6. However, in the current state this interface is disabled as you can read in the "902-debloat_proc.patch": "Strip non-essential /proc functionality to reduce code size" Tools like netstat use the snmp/6 interface to collect interface statistics. Some prometheus exporters also mention this: - prometheus-collectors/netstat.lua - prometheus-collectors/snmp6 (still a PR) - collectd/snmp6 (still a PR) PRs: - https://github.com/collectd/collectd/pull/3789 - https://github.com/openwrt/packages/pull/14158 Instead of enabling it as default for all devices we condition it default y if SMALL_FLASH A test shows it needs around 16 kiB. Signed-off-by: Nick Hainke <vincent@systemli.org> [fixed whitespace issue] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: add KERNEL_IO_URING optionAndy Walsh2020-12-221-0/+5
| | | | | | | | | | | | | | | | | | | | | | * add KERNEL_IO_URING option NOTES: Adds configurable support for the io_uring interface (CONFIG_IO_URING) via KERNEL_IO_URING option. The kernel only zImage grows by about 5-9KB ? I would like to enable this by default for all 5.4 kernels, so i can use the new io_uring samba-4.12.x vfs module by default. The associated liburing was already submitted and merged. The kernel + liburing was tested on ARM/mvebu via samba4 vfs_io_uring module and i have no issues so far. Some extra reads on it and why we should enable it by default, since i expect more packages to use this in the future. https://wiki.samba.org/index.php/Samba_4.12_Features_added/changed#.27io_uring.27_vfs_module https://lwn.net/Articles/810414/ https://kernel.dk/io_uring.pdf https://www.phoronix.com/scan.php?page=news_item&px=Linux-5.6-IO-uring-Tests Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* build: Add IRQSOFF and PREEMPT TRACER kernel config optionHauke Mehrtens2020-12-161-0/+34
| | | | | | | | | | | | | This adds the CONFIG_IRQSOFF_TRACER and the CONFIG_PREEMPT_TRACER kernel configuration option to the OpenWrt menu. This can be used to debug latencies in the system. The CONFIG_PREEMPT_TRACER option needs the CONFIG_PREEMPT option which is supposed to be used for Low-Latency Desktop and not used by many targets in OpenWrt. The help text is copied from the Linux kernel Kconfig. Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
* kernel: enable kernel keyring by default on !SMALL_FLASHDaniel Golle2020-12-141-1/+1
| | | | | | | | | | | | | Enable CONFIG_KEYS by default on systems which are not marked as flash-space constraint by the 'small_flash' feature. CONFIG_KEYS is required by Docker, enabling it in our kernel allows users to run Docker on stock OpenWrt. It is also used of by some network file systems (such as NFSv4) to store credentials as well as UID/GID mappings. Adds about 50kB to vmlinux on ath79/generic (~18kB compressed) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* kernel: update and clean kernel keyring optionsDaniel Golle2020-12-141-13/+13
| | | | | | | | | | Add KERNEL_KEYS_REQUEST_CACHE option. 'tristate' (ie. module builds) are not valid in Config-kernel.in, hence remove tristate KERNEL_ENCRYPTED_KEYS. It will be readded as a kernel module in a follow-up commit. Fixes: 39d817cf38 ("Add config symbols for kernel keyring support") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* config: add big EXPERIMENTAL optionDaniel Golle2020-12-101-1/+15
| | | | | | | | | | | | As discussed in the today's (2020-12-10) meeting, add a new option to menuconfig to group the selection of all experimental features to be selected by default. Developers are recommended to make use of this new symbol to guard new features. Other developers and community members should feel encouraged to build with this flag enabled to help testing and provide feedback. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libcxx[abi]: removeRosen Penev2020-12-071-4/+0
| | | | | | | | | | | | This is a neat project, but offers no benefit to OpenWrt. The initial reason for it was to be a replacement for libstdcpp as it is smaller and lacks compatibility for C++98. Unfortunately, compiling several packages with it results in larger ipk sizes. While not a member of the packages feed, this will be moved to packages-abandoned to keep it somewhere. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* toolchain: kernel-headers: kernel Git tree mirror hashPetr Štetiar2020-11-271-0/+5
| | | | | | Allow setting of mirror hash for Git kernel tree. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* tools/sstrip: update to latest versionRui Salvaterra2020-11-261-0/+8
| | | | | | | | | | | | | | | | Drop our local sstrip copy and use the current ELFKickers upstream version. Patch the original makefile in order to avoid building elftoc, since it fails with musl's elf.h. This is fine, since we only need sstrip anyway. Finally, add the possibility to pass additional arguments to sstrip and pass -z (remove trailing zeros) by default, which matches the behaviour of the previous version. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> [shorten long commit msg lines] Signed-off-by: Paul Spooren <mail@aparcar.org>
* config: clean double whitespace in Config-build.inPaul Spooren2020-11-251-2/+2
| | | | | | | | Trivial cosmetic cleanup. This also helps for script that parse for options in Config files. Signed-off-by: Paul Spooren <mail@aparcar.org> Reviewed-by: Petr Štetiar <ynezz@true.cz>
* Revert "refpolicy: add variant that builds modular policy"Daniel Golle2020-11-221-6/+0
| | | | | | | | | | This reverts commit 9eb9943f82e0b2d5e32ffe1c63f5a82caca5094d. Building the 'modular' variant requires 'semodule_package' from 'selinux-python' to be installed on the buildhost. Apart from that, this change also broke the monolithic refpolicy 'targeted' build. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* refpolicy: add variant that builds modular policyW. Michael Petullo2020-11-091-0/+6
| | | | | | | | | This adds a variant of refpolicy that builds the modular form of the policy. While this requires more memory on the target device, along with some tricks to deal with OpenWrt's volatile /var directory, it is useful for experiementing with SELinux policy. Signed-off-by: W. Michael Petullo <mike@flyn.org>
* kernel: Activate KERNEL_MIPS_FP_SUPPORT for pistachio targetHauke Mehrtens2020-11-011-0/+1
| | | | | | | | | The pistachio target uses a MIPS CPU with FPU and OpenWrt uses a toolchain with hard FPU support. MIPS FPU support needs the FPU emulation code in the kernel. Fixes: ac5671f46cb4 ("kernel: remove obsolete kernel version switches for 4.19") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: remove obsolete kernel version switches for 4.19Adrian Schmutzler2020-10-301-7/+0
| | | | | | | This removes switches dependent on kernel version 4.19 as well as several packages/modules selected only for that version. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* config: clean up SELinux optionsDaniel Golle2020-10-162-3/+23
| | | | | | | | | In order to make it easier for users to build with SELinux, have a single option in 'Global build settings' to enable all necessary kernel features, userland packages and build-system hooks. Also add better descriptions and help messages while at it. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* config: add option for dssp selinux policyDaniel Golle2020-10-091-1/+4
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* config: prepare for choice of SELinux policyDaniel Golle2020-09-291-1/+12
| | | | | | Only 'targeted' from refpolicy is supported for now. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* config: add KERNEL_LSM symbolPaul Spooren2020-09-031-11/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The LSM (Linux security mechanism) list is the successor of the now legacy *major LSM*. Instead of defining a single security mechanism the LSM symbol is a comma separated list of mechanisms to load. Until recently OpenWrt would only support DAC (Unix discretionary access controls) which don't require an additional entry in the LSM list. With the newly introduced SELinux support the LSM needs to be extended else only a manual modified Kernel cmdline (`security=selinux`) would activate SELinux. As the default OpenWrt Kernel config sets DAC as default security mechanism, SELinux is stripped from the LSM list, even if `KERNEL_DEFAULT_SECURITY_SELINUX` is activated. To allow SELinux without a modified cmdline this commit sets a specific LSM list if `KERNEL_SECURITY_SELINUX` is enabled. The upstream Kconfig adds even more mechanisms (smack,selinux,tomoyo,apparmor), but until they're ported to OpenWrt, these can be ignored. To compile SELinux Kernel support but disable it from loading, the already present options `KERNEL_SECURITY_SELINUX_DISABLE` or `KERNEL_SECURITY_SELINUX_BOOTPARAM` (with custom cmdline `selinux=0`) can be used. Further it's possible to edit `/etc/selinux/config`. Signed-off-by: Paul Spooren <mail@aparcar.org>
* kernel: remove obsolete kernel version switches for 4.14Adrian Schmutzler2020-09-021-1/+1
| | | | | | | | | | This removes switches dependent on kernel version 4.14 as well as several packages/modules selected only for that version. This also removes sched-cake-virtual, which is not required anymore now that we have only one variant of cake. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* rb532: drop targetAdrian Schmutzler2020-09-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This target is still on kernel 4.14, and recent attempts to move it to kernel 5.4 have not led to success. The device tester reported that it wouldn't boot with the following messages: From sysupgrade: Press any key within 4 seconds to enter setup.... loading kernel from nand... OK setting up elf image... OK jumping to kernel code At this point the system hangs. From CompactFlash: Press any key within 4 seconds to enter setup.... Booting CF Loading kernel... done setting up elf image... kernel out of range kernel loading failed The tester reported that the same was observed with current master (kernel 4.14) as well. This looks like some kernel size restriction. Since this target is quite old and only supports one device, and since nobody else seemed interested in working on this for quite some time, I decided to not put further work into analyzing the problem and drop this together with the other 4.14-only targets. Patchwork series: https://patchwork.ozlabs.org/project/openwrt/list/?series=197066&state=* Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* kernel: add options needed for SELinuxThomas Petazzoni2020-08-311-0/+55
| | | | | | | | | | This adds a number of options to config/Config-kernel.in so that packages related to SELinux support can enable the appropriate Linux kernel support. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [rebase; add ext4, F2FS, UBIFS, and JFFS2 support; add commit message] Signed-off-by: W. Michael Petullo <mike@flyn.org>
* build: add support for SELinux to include/image.mkThomas Petazzoni2020-08-311-0/+10
| | | | | | | | | This allows the build process to prepare a squashfs filesystem for use with SELinux. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [rebase, add commit message] Signed-off-by: W. Michael Petullo <mike@flyn.org>
* ar71xx: drop targetAdrian Schmutzler2020-08-301-1/+0
| | | | | | | | | | This target has been mostly replaced by ath79 and won't be included in the upcoming release anymore. Finally put it to rest. This also removes all references in packages, tools, etc. as well as the uboot-ar71xx and vsc73x5-ucode packages. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* config: kernel: fix missed CGROUP_HUGETLB symbolYuan Tao2020-08-241-2/+2
| | | | | | | The symbol KERNEL_CGROUP_HUGETLB is always used whenever KERNEL_CGROUPS is enabled. The absence of this notation will cause the user to be asked to enter this parameter the first time it is compiled. Signed-off-by: Yuan Tao <ty@wevs.org>
* kernel: further clean-up options and defaultsDaniel Golle2020-08-101-11/+11
| | | | | | | | | | | | Remove `if !SMALL_FLASH` in places which are anyway already augmented by `if !SMALL_FLASH`. Always enable CONFIG_BLK_DEV_THROTTLING on !SMALL_FLASH devices rather than just enabling it on bcm27xx. Enabled CPU bandwidth provisioning for FAIR_GROUP_SCHED on !SMALL_FLASH devices as CONFIG_FAIR_GROUP_SCHED is already enabled and becomes more useful for cgroups with that option enbled as well. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* build: make prefix mapping of debug information optionalFelix Fietkau2020-08-061-0/+9
| | | | | | | | | | | | | | Remapping the local build path in debug information makes debugging using ./scripts/remote-gdb harder, because files no longer refer to the full path on the build host. For local builds, debug information does not need to be reproducible, since it will be stripped out of packages anyway. For buildbot builds, it makes sense to keep debug information reproducible, since the full path is not needed (nor desired) anywhere. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: fix missing TRANSPARENT_HUGEPAGE symbolsStijn Tintel2020-08-011-0/+12
| | | | | | | | | | | | | | | | Enabling KERNEL_TRANSPARENT_HUGEPAGE exposes 2 missing symbols: * CONFIG_READ_ONLY_THP_FOR_FS * TRANSPARENT_HUGEPAGE_ALWAYS * TRANSPARENT_HUGEPAGE_MADVISE The first one was added in 5.4, and is marked experimental there so just disable it in the generic config. For the latter two, we should not force the user to use either of them, so add them as build-configurable kernel options. Fixes: d1a8217d87bf ("kernel: clean-up build-configurable kernel config symbols") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: add menuconfig entry for kernel CONFIG_CGROUP_NET_CLASSIDDaniel Golle2020-07-311-0/+4
| | | | | | | | It was removed from target defaults though it didn't exist in the build-systems kernel configuration options. Add it there. Fixes: d1a8217d87 ("kernel: clean-up build-configurable kernel config symbols") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* build: add option to mark devices as BROKENAdrian Schmutzler2020-07-301-1/+1
| | | | | | | | | | | By specifying "BROKEN := 1" or "BROKEN := y" for a device, it will be hidden (and deselected) by default. By that, it provides a stronger option to "disable" a device beyond just using DEFAULT := n. To make these devices visible, just enable the BROKEN option in developer settings as already implemented for targets and packages. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* kernel: clean-up build-configurable kernel config symbolsDaniel Golle2020-07-301-10/+39
| | | | | | | | | Don't explicitely disable options in target/linux/generic/config-* if they are already controlled in config/Config-kernel.in. Add a bunch of new symbols and prepare defaults for using only unified hierarchy (ie. cgroup2). Update symbol dependencies while at it Signed-off-by: Daniel Golle <daniel@makrotopia.org>