aboutsummaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* libcxx[abi]: removeRosen Penev2020-12-071-10/+2
| | | | | | | | | | | | This is a neat project, but offers no benefit to OpenWrt. The initial reason for it was to be a replacement for libstdcpp as it is smaller and lacks compatibility for C++98. Unfortunately, compiling several packages with it results in larger ipk sizes. While not a member of the packages feed, this will be moved to packages-abandoned to keep it somewhere. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* build: require rsyncStijn Tintel2020-12-071-0/+3
| | | | | | It seems to be required to build toolchain/kernel-headers. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* build: reduce cleanup binary calls in rootfs.mkPaul Spooren2020-12-051-11/+9
| | | | | | Both `find` and `rm` only need to be called once for folders and files. Signed-off-by: Paul Spooren <mail@aparcar.org>
* build: make testing kernel decompression more portableFelix Fietkau2020-12-051-1/+1
| | | | | | | On non-GNU systems, zcat often does not handle gzip decompression. Use gzip -dc like the regular unpack command Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: bump 5.4 to 5.4.81John Audia2020-12-041-2/+2
| | | | | | | | | | | | | | All modifications made by update_kernel.sh/no human intervention needed Build system: x86_64 Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711 Run-tested: ipq806x/R7800 No dmesg regressions, everything functional Signed-off-by: John Audia <graysky@archlinux.us> [another refresh] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* build: Extract trusted-firmware-a.mkHauke Mehrtens2020-12-021-0/+93
| | | | | | | | | | | | | | | | | | The include/trusted-firmware-a.mk file is based on the include/u-boot.mk file and should be used to build a Trusted Firmware-A (TFA) which was previously named Arm trusted firmware. This is useful for targets where the TFA is board specific like for Marvell SoCs and probably also NXP Layerscape SoCs. This also makes use of this abstraction in the arm-trusted-firmware-mvebu package to build board specific ATF binaries. The ATF binaries will be automatically activated and build when the board is selected in the normal build or all boards are selected. This should also activate the build when build bot creates images. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* README: mv logo.svg include/logo.{png,svg}Paul Spooren2020-12-012-0/+610
| | | | | | | | | | | | Some Git hoster (e.g. sr.ht) disable hosting of svg images (xml) to avoid XSS attacks. To show the logo correctly on all code hosters use a "safe" PNG image. Also move logo(s) to include/ folder to lower autocomplete churn with the `logs/` folder. While at it, replace absolute logo path and make it relative, as this may break other code hosters as well. Signed-off-by: Paul Spooren <mail@aparcar.org>
* cmake.mk,rules.mk: fix host builds using CMake and ccachePetr Štetiar2020-11-281-2/+16
| | | | | | | | | | | | | | Commit f98878e4c17d ("cmake.mk: set C/CXX compiler for host builds as well") has introduced regression as it didn't taken usage of ccache into the account so fix it by handling ccache use cases as well. In order to get this working we need to export HOSTCXX_NOCACHE in rules.mk as well. Fixes: f98878e4c17d ("cmake.mk: set C/CXX compiler for host builds as well") Reported-by: Ansuel Smith <ansuelsmth@gmail.com> Tested-by: Ansuel Smith <ansuelsmth@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* include/subdir: on build failure always print errorKarel Kočí2020-11-271-3/+3
| | | | | | | | | | | It is impossible to locate package that failed the build just from log once more build is run in parallel (that is more than one make job). The only way is to scout log files for failed package going back trough log. This change makes it so error is printed for package that failed every time. Signed-off-by: Karel Kočí <karel.koci@nic.cz>
* cmake.mk: set C/CXX compiler for host builds as wellRosen Penev2020-11-271-0/+2
| | | | | | | Without this, cmake will use whatever CC/CXX is set to, which could be clang. In that case, at least libjson-c/host will fail to compile. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* download: handle possibly invalid local tarballsPetr Štetiar2020-11-272-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently it's assumed, that already downloaded tarballs are always fine, so no checksum checking is performed and the tarball is used even if it might be corrupted. From now on, we're going to always check the downloaded tarballs before considering them valid. Steps to reproduce: 1. Remove cached tarball rm dl/libubox-2020-08-06-9e52171d.tar.xz 2. Download valid tarball again make package/libubox/download 3. Invalidate the tarball sed -i 's/PKG_MIRROR_HASH:=../PKG_MIRROR_HASH:=ff/' package/libs/libubox/Makefile 4. Now compile with corrupt tarball source make package/libubox/{clean,compile} Signed-off-by: Petr Štetiar <ynezz@true.cz>
* build: use mkhash for IPK metadata checksumsPaul Spooren2020-11-261-2/+2
| | | | | | | | | | | | | | | | | | | | When setting the option IPK_FILES_CHECKSUMS the build system stores checksums of all package file as metadata. In combination with pkg_check this allows to see if a package is broken, e.g. caused by bad flash. To create those checksums the tool `sha256sum` were used while the rest of OpenWrt uses `mkhash`, a small & fast implementation of sha256. As the build system does not check the existence of `sha256sum` and the stderr output is moved to /dev/null, a situation where the option is enabled but no actual checksum are created may occur. Instead of adding `sha256sum` as a requirement, this replaces it with `mkhash sha256` and adapts the `sed` pipe command to fit spacing. CC: Xu Wang <xwang1498@gmx.com> CC: Michal Hrusecky <Michal@Hrusecky.net> Signed-off-by: Paul Spooren <mail@aparcar.org>
* kernel: bump 5.4 to 5.4.80John Audia2020-11-261-2/+2
| | | | | | | | | | | | | | | | | Removed since could be reverse-applied by quilt and found to be included upstream: backport-5.4/789-net-usb-qmi_wwan-Set-DTR-quirk-for-MR400.patch All modifications made by update_kernel.sh Build system: x86_64 Build-tested: ipq806x/R7800, bcm27xx/bcm2711, ath79/generic Run-tested: ipq806x/R7800 No dmesg regressions, everything functional Signed-off-by: John Audia <graysky@archlinux.us> Tested-by: Curtis Deptuck <curtdept@me.com> [x86_64 build/run]
* build: add UIMAGE_MAGIC to device variablesSander Vanheule2020-11-252-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | Allow a device recipe to specify a custom UIMAGE_MAGIC value, as used by OpenWrt's -M flag for mkimage. This allows to automatically customize the magic bytes in all calls to Build/uImage for this device, similar to the behaviour of UIMAGE_NAME. Since the -M argument is inserted before the user arguments, it can be overriden. The following example would use 0x87654321 for the KERNEL image, but 0x12345678 for the KERNEL_INITRAMFS image: define Device/MyDevice UIMAGE_MAGIC := 0x87654321 KERNEL := ... | uImage lzma KERNEL_INITRAMFS := ... | uImage lzma -M 0x12345678 ... endef Fixes: df8e6be59a1f ("rtl838x: add new architecture") [UIMAGE_MAGIC was not declared as a device variable] Signed-off-by: Sander Vanheule <sander@svanheule.net> [rebase, improve formatting of "Fixes"] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* build: uImage: separate arguments into individual linesAdrian Schmutzler2020-11-251-4/+9
| | | | | | Having one line per argument increases overview dramatically. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* build: uImage: allow override of default argumentsSander Vanheule2020-11-251-2/+3
| | | | | | | | | | | | | For some build recipes, the argument to Build/uImage is used to sneak in extra arguments for mkimage, whereas this appears to have been intended to specificy the compression method only. Use the first provided word for -C to be backwards compatible with current calls to Build/uImage. Use the rest of the call arguments to override the provided defaults. Only the input file name (-d) and the output file name cannot overriden. Signed-off-by: Sander Vanheule <sander@svanheule.net>
* prereq-build: add python 3.9 supportRosen Penev2020-11-241-0/+2
| | | | | | Fixes unmet dependency issue. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* kernel: bump 5.4 to 5.4.79John Audia2020-11-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | Manually rebased patches: ath79/patches-5.4/910-unaligned_access_hacks.patch bcm27xx/patches-5.4/950-0135-spi-spi-bcm2835-Disable-forced-software-CS.patch bcm27xx/patches-5.4/950-0414-SQUASH-Fix-spi-driver-compiler-warnings.patch ipq806x/patches-5.4/093-4-v5.8-ipq806x-PCI-qcom-Use-bulk-clk-api-and-assert-on-error.patch Removed since could be reverse-applied by quilt and found to be included upstream: ipq806x/patches-5.4/096-PCI-qcom-Make-sure-PCIe-is-reset-before-init-for-rev.patch All modifications made by update_kernel.sh Build system: x86_64 Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711 Run-tested: ipq806x/R7800 No dmesg regressions, everything functional Signed-off-by: John Audia <graysky@archlinux.us> [refresh altered targets after rebase] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* build: create $(PKG_SYMVERS_DIR) if non-existentSebastian Kemper2020-11-192-1/+1
| | | | | | | | | | | | | Commit 5d76065 moved the creation of the symvers directory to include/kernel-build.mk. This is fine when building from scratch. But when unpacking an SDK the directory doesn't exist and because the kernel won't be built (again) this directory will not be created by the build system, causing build failure if make tries to copy files into it. This moves the creation of the symvers directory back into include/kernel.mk so that the directory is created in any case. Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
* kernel: bump 5.4 to 5.4.77John Audia2020-11-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Manually rebased patches: bcm27xx/patches-5.4/950-0135-spi-spi-bcm2835-Disable-forced-software-CS.patch generic-backport/744-v5.5-net-sfp-soft-status-and-control-support.patch layerscape/patches-5.4/819-uart-0005-tty-serial-fsl_lpuart-enable-dma-mode-for-imx8qxp.patch mvebu/patches-5.4/521-arm64-dts-marvell-espressobin-Add-ethernet-switch-al.patch Removed: layerscape/patches-5.4/819-uart-0012-tty-serial-lpuart-add-LS1028A-support.patch All modifications made by update_kernel.sh Build system: x86_64 Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711, lantiq/Easybox 904 xDSL, x86_64 Run-tested: ipq806x/R7800, lantiq/Easybox 904 xDSL, x86_64 No dmesg regressions, everything functional Signed-off-by: John Audia <graysky@archlinux.us> Co-developed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* build: support cmake verbose for host buildsFelix Fietkau2020-11-141-0/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: detect broken make version on macOSFelix Fietkau2020-11-141-0/+6
| | | | | | | | | Apple ships a broken make version with the Xcode command line tools. Homebrew installs make as gmake by default in order to not collide with Apple's version. Exit with an error if the broken one is used accidentally Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: try to find getopt in macOS homebrew's standard locationFelix Fietkau2020-11-141-1/+2
| | | | | | It is not symlinked to /usr/local/bin by default Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: filter out more autogenerated kernel config optionsFelix Fietkau2020-11-132-7/+5
| | | | | | | Define wildcard patterns for filtering in target/linux/generic/config-filter Preparation for supporting newer kernels Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: pass KBUILD_EXTRA_SYMBOLS with symvers files for kernel module packagesFelix Fietkau2020-11-132-10/+3
| | | | | | | This replaces the previous (deprecated) method of collecting symvers data in $(PKG_BUILD_DIR)/Module.symvers, which does not work on newer kernels Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netfilter: Add queue support for nftablesBrett Mastbergen2020-11-121-0/+1
| | | | | | | | | This change adds the configuration option to build and include the nft_queue kernel module, which allows traffic to be queued up to userspace from an nftables rule Tested-by: Sébastien Delafond sdelafond@gmail.com Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
* build: store SOURCE_DATE_EPOCH in JSON info filesPaul Spooren2020-11-121-0/+1
| | | | | | | | The source date epoch is the only reproducible date close to the actual build date. It can be used for tooling like the firmware wizard to show the image age. Signed-off-by: Paul Spooren <mail@aparcar.org>
* kernel: bump 5.4 to 5.4.75John Audia2020-11-101-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Manually rebased patches: bcm27xx: patches-5.4/950-0267-xhci-add-quirk-for-host-controllers-that-don-t-updat.patch bcm53xx: patches-5.4/180-usb-xhci-add-support-for-performing-fake-doorbell.patch layerscape: patches-5.4/802-can-0025-can-flexcan-add-LPSR-mode-support-for-i.MX7D.patch patches-5.4/808-i2c-0002-MLK-10893-i2c-imx-add-irqf_no_suspend.patch patches-5.4/820-usb-0016-MLK-16735-usb-host-add-XHCI_CDNS_HOST-flag.patch Removed since could be reverse-applied by quilt: mediatek: patches-5.4/0700-arm-dts-mt7623-add-missing-pause-for-switchport.patch All modifications made by update_kernel.sh Build system: x86_64 Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711, x86_64 Run-tested: ipq806x/R7800, x86_64 No dmesg regressions, everything functional Signed-off-by: John Audia <graysky@archlinux.us> Tested-by: Curtis Deptuck <curtdept@me.com> [x86_64] Rebase of 802-can-0025-can-flexcan-add-LPSR-mode-support-for-i.MX7D.patch Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com> Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* kernel: bump 5.4 to 5.4.74John Audia2020-11-021-2/+2
| | | | | | | | | | | | | | | | | | | Removed upstreamed patches: mvebu/patches-5.4 409-phy-marvell-comphy-Convert-internal-SMCC-firmware-re.patch All modifications made by update_kernel.sh Build system: x86_64 Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711, x86_64 Run-tested: ipq806x/R7800, x86_64, lantiq/Easybox 904 xDSL No dmesg regressions, everything functional Signed-off-by: John Audia <graysky@archlinux.us> Tested-by: Curtis Deptuck <curtdept@me.com> [x86_64 build/run] [added lantiq test report] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* kernel: bump 5.4 to 5.4.73John Audia2020-11-011-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Removed upstreamed patches: generic/pending-5.4 445-mtd-spinand-gigadevice-Only-one-dummy-byte-in-QUA.patch 446-mtd-spinand-gigadevice-Add-QE-Bit.patch pistachio/patches-5.4 150-pwm-img-Fix-null-pointer-access-in-probe.patch Manually rebased: layerscape/patches-5.4 801-audio-0011-Revert-ASoC-fsl_sai-add-of_match-data.patch 801-audio-0039-MLK-16224-6-ASoC-fsl_sai-fix-DSD-suspend-resume.patch 801-audio-0073-MLK-21957-3-ASoC-fsl_sai-add-bitcount-and-timestamp-.patch 820-usb-0009-usb-dwc3-Add-workaround-for-host-mode-VBUS-glitch-wh.patch All modifications made by update_kernel.sh Build system: x86_64 Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711, mvebu (mamba, rango), x86_64, ramips/mt7621 Run-tested: ipq806x/R7800, mvebu (mamba, rango), x86_64, ramips (RT-AC57U) No dmesg regressions, everything functional Signed-off-by: John Audia <graysky@archlinux.us> [alter 820-usb-0009-usb-dwc3-Add-workaround-for-host-mode-VBUS-glitch-wh] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* kernel: remove obsolete kernel version switches for 4.19Adrian Schmutzler2020-10-302-25/+8
| | | | | | | This removes switches dependent on kernel version 4.19 as well as several packages/modules selected only for that version. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* kernel: remove support for kernel 4.19Adrian Schmutzler2020-10-301-2/+0
| | | | | | | We use 5.4 on all targets by default, and 4.19 has never been released in a stable version. There is no reason to keep it. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* image: drop obsolete legacy image recipesAdrian Schmutzler2020-10-302-104/+0
| | | | | | | LegacyDevice is not used anymore in our tree, so let's drop it together with the relevant definitions and recipes. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* image: sort image-commands.mk alphabeticallyAdrian Schmutzler2020-10-301-214/+215
| | | | | | | | | The definitions in image-commands.mk seem to have no particular order. Sort them alphabetically to make it easier to actually find anything there. No other changes made beyond moving entire blocks. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* image: drop combined-image build recipeAdrian Schmutzler2020-10-301-8/+0
| | | | | | | Build/combined-image is only used in ath25 target, and that defines its own version. Thus, drop the unused definition in image-commands.mk. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* image: drop unused legacy NAND build recipesAdrian Schmutzler2020-10-301-29/+0
| | | | | | | This drops unused legacy recipes Image/Build/SysupgradeNAND and Image/Build/UbinizeImage. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* Revert "kmod-nft-reject: Fix for "nft_reject_ipv4.ko missing" warning"Daniel Golle2020-10-301-1/+1
| | | | | | | | | This reverts commit 7f94e2afcf090f751c9f7f7ea46e8ef8d93ee84b. Package kmod-nft-core is missing dependencies for the following libraries: nft_reject.ko Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* build: FeedSourcesAppend add kmod feed to snapshotPaul Spooren2020-10-301-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | Nightly snapshot builds of OpenWrt change their kernels versions frequently and lose thereby compatibility to kmods from the upstream target specific packages feed. To allow opkg to install packages over multiple days a kmod archive is offered at $target/$subtarget/kmods/$kernelversion and added as a feed to created snapshot images via a buildbot step[1]. Instead of using a buildstep add the kmod feed directly via FeedSourcesAppend to be included in the ImageBuilder repositories.conf as well. This is conditionally only done for SNAPSHOT builds and when running as BUILDBOT. Releases are unaffected as they don't include kernel version changes and local builds may use different kernel versions or magics than available upstream. This commit allows in a future step to ship ImageBuilders without a locally stored kmod archive. [1]: https://git.openwrt.org/?p=buildbot.git;a=blob;f=phase1/master.cfg;h=3ba7a1606e89b095b10555e703ea96e93295deec;hb=HEAD#l1025 Signed-off-by: Paul Spooren <mail@aparcar.org>
* kmod-nft-reject: Fix for "nft_reject_ipv4.ko missing" warningPhilip Prindeville2020-10-301-1/+1
| | | | | | | | | | Seeing the following: ERROR: module '/home/philipp/lede/build_dir/target-x86_64_musl/linux-x86_64/linux-5.4.33/net/ipv4/netfilter/nft_reject_ipv4.ko' is missing. modules/netfilter.mk:1068: recipe for target '/home/philipp/lede/bin/targets/x86/64/packages/kmod-nft-core_5.4.33-1_x86_64.ipk' failed make[3]: *** [/home/philipp/lede/bin/targets/x86/64/packages/kmod-nft-core_5.4.33-1_x86_64.ipk] Error 1 Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* build: image: add append-dtb-elf helperJohn Thomson2020-10-291-0/+7
| | | | | | | | | | | | | | | | | | The mips kernel vmlinux image supports adding an empty ELF section for DTB to be later inserted into with MIPS_ELF_APPENDED_DTB. This ELF + inserted DTB image can then be directly booted on some devices. Example usage: image/subtarget.mk: KERNEL_NAME := vmlinux.elf KERNEL_INITRAMFS_NAME := vmlinux-initramfs.elf KERNEL := kernel-bin | append-dtb-elf On mt7621 memory size needed to be manually specified. Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
* netfilter.mk: remove now obsolete kmod nf_nat_redirectYousong Zhou2020-10-241-1/+0
| | | | | | Now that the minimal kernel version maintained here is 4.19 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* netfilter.mk: add version conditional around nf_nat_redirect modYousong Zhou2020-10-241-1/+1
| | | | | | | | | | | | | | | | | | | Kernel commit 1ac89d20150e ("netfilter: nat: merge nf_nat_redirect into nf_nat") made the redirect module part of the nat core and changed the CONFIG_NF_NAT_REDIRECT option to a boolean, without prompt, affecting kernel 4.18 onwards. CONFIG_NF_NAT_REDIRECT now can only be selected by CONFIG_NFT_REDIR or NETFILTER_XT_TARGET_REDIRECT Fixes: FS#2476 Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2476 Fixes: FS#2990 (partial) Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2990 Signed-off-by: Tony Ambardar <itugrok@yahoo.com> [note that the option has no prompt and can only be selected by other kconfig options] Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* netfilter.mk: add version conditional around CONFIG_NF_NAT_PROTO_GREYousong Zhou2020-10-241-1/+1
| | | | | | | It was removed in upstream linux commit faec18db ("netfilter: nat: remove l4proto->manip_pkt"). This happened since linux 5.0 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* netfilter.mk: add version conditional for CONFIG_NF_CT_PROTO_GRETony Ambardar2020-10-241-1/+1
| | | | | | | | | | | | | | | | | Kernel commit 22fc4c4c9fd6 ("netfilter: conntrack: gre: switch module to be built-in") moved the CT GRE code into the core nf_conntrack.ko module and changed the CONFIG_NF_CT_PROTO_GRE option to boolean for kernel 5.1 and onwards. CONFIG_NF_CT_PROTO_GRE at the moment has no prompt and can only be selected by NF_CONNTRACK_PPTP Fixes: FS#2990 (partial) Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2990 Signed-off-by: Tony Ambardar <itugrok@yahoo.com> [note that the option now can not be enabled on its own] Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* netfilter.mk: add version conditional for nf_nat_ipv4,6Yousong Zhou2020-10-241-2/+2
| | | | | | | The upstream linux commit is 3bf195ae ("netfilter: nat: merge nf_nat_ipv4,6 into nat core"). It was included since linux 5.1 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* netfilter.mk: use CONFIG_NETFILTER_XT_TARGET_REDIRECTYousong Zhou2020-10-241-1/+1
| | | | | | | | CONFIG_IP_NF_TARGET_REDIRECT is a compat option since upstream commit 2cbc78a2 ("netfilter: combine ipt_REDIRECT and ip6t_REDIRECT"). That happened since linux 3.10 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* netfilter.mk: use CONFIG_NETFILTER_XT_TARGET_MASQUERADEYousong Zhou2020-10-241-1/+1
| | | | | | | | | | | CONFIG_IP_NF_TARGET_MASQUERADE and its counterpart CONFIG_IP6_NF_TARGET_MASQUERADE are "backwards-compat option for the user's convenience" Related commit d22c1755 ("netfilter: fix NAT packaging with kernels 5.2+") Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* Revert "target: select procd-{ujail,seccomp} if !SMALL_FLASH"Petr Štetiar2020-10-221-4/+0
| | | | | | | | | This reverts commit 6a56a6eb30799fcec9eecc3ee860dc4d8a5d952a as several users have reported unbootable systems. Ref: https://lists.openwrt.org/pipermail/openwrt-devel/2020-October/031838.html Suggested-by: Roman Kuzmitskii <damex.pp@icloud.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* target: select procd-{ujail,seccomp} if !SMALL_FLASHDaniel Golle2020-10-211-0/+4
| | | | | | | Add procd-ujail and procd-seccomp to DEFAULT_PACKAGES if not building for space-constraint (FEATURES:=small_flash) targets. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* target: include selinux-variants if CONFIG_SELINUX is setDaniel Golle2020-10-211-1/+7
| | | | | | | | Rather than unconditionally adding busybox and procd to the set of default packages, add busybox-selinux and procd-selinux in case CONFIG_SELINUX is set. Signed-off-by: Daniel Golle <daniel@makrotopia.org>