aboutsummaryrefslogtreecommitdiffstats
path: root/target/imagebuilder/files
Commit message (Collapse)AuthorAgeFilesLines
* imagebuilder: fix main entry makefilePaulo Machado2020-11-231-1/+1
| | | | | | | Remove a syntax error from ImageBuider Makefile Acked-by: Paul Spooren <mail@aparcar.org> Signed-off-by: Paulo Machado <pffmachado@yahoo.com>
* imagebuilder: add package signature verificationPaul Spooren2020-11-191-2/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ImageBuilder downloads pre-built packages and adds them to images. This process uses `opkg` which has the capability to verify package list signatures via `usign`, as enabled per default on running OpenWrt devices. Until now this was disabled for ImageBuilders because neither the `opkg` keys nor the `opkg-add` script was present during first packagelist update. To harden the ImageBuilder against *drive-by-download-attacks* both keys and verification script are added to the ImageBuilder allowing `opkg` to verify downloaded package indices. This commit adds `opkg-add` to the ImageBuilder scripts folder. The keys folder is added to ImageBuilder $TOPDIR to have an obvious place for users to store their own keys. The `option check_signature` is appended to the repositories.conf file. All of the above only happens if the Buildbot runs with the SIGNATURE_CHECK option. The keys stored in the ImageBuilder keys/ are the same as included in the openwrt-keyring package. To avoid the chicken-egg problem of downloading and verifying a package, containing signing keys, the keys are added during the ImageBuilder generation. They are same as in shipped images (stored at `/etc/opkg/keys/`). To allow a local package feed in which the user can add additional packages, a local set of `usign` and `ucert` keys is generated, same as building OpenWrt from source. The private key signs the local repository inside the packages/ folder. The local public key is added to the keys/ folder to be considered by `opkg` when updating repositories. This way a local package feed can be modified while requiring `opkg` to check signatures for remote feed, making HTTPS optional. The new option `ADD_LOCAL_KEY` allows to add the local key inside the created images, adding the advantage that sysupgrades can validate the ImageBuilders local key. Signed-off-by: Paul Spooren <mail@aparcar.org>
* build,IB: reload packages/ only if existingPaul Spooren2020-10-301-1/+4
| | | | | | | | | | | With the fix of external kmod feeds it is possible to ship the ImageBuilder without any packages except the pseudo packages kernel and libc. Therefore the local package feeds becomes optional. This commit adds a check to the package_reload function to only run if the local feed is existing. Signed-off-by: Paul Spooren <mail@aparcar.org>
* build,IB: include kmods only in local buildsPaul Spooren2020-10-301-2/+2
| | | | | | | | | | The buildbots generate a kmod archive which should be used instead of a local copy. This is possible due to the introduction of a kernelversion specific feed. This commit adds the ability of using only signed package feeds. Signed-off-by: Paul Spooren <mail@aparcar.org>
* build: add whatdepends target to imagebuilderPaul Spooren2020-08-311-1/+9
| | | | | | | | | | | | | | | | The package manager `opkg` offers the function `whatdepends` to print packages that depend on a specific package. This feature is useful when used in a CI to not only build an upgraded package but all packages with a dependency. Usage: make whatdepends PACKAGE=libipset The resulting list can be fed into a SDK building all packages and warn if anything fails. Signed-off-by: Paul Spooren <mail@aparcar.org>
* imagebuilder: Remove json_info_files/ before buildPaul Spooren2020-06-111-0/+1
| | | | | | | | | | | | | | The folder `json_info_files` contains multiple JSON files which describe created firmware images. The folder is not removed between builds as the ImageBuilder does not use `image.mk`. Not removing the JSON files result in a merged `profiles.json` file containing entries for outdated or non-existing images. This commit adds the `json_info_files/` cleanup step to the ImageBuilder Makefile. Signed-off-by: Paul Spooren <mail@aparcar.org>
* imagebuilder: pass IB=1 on checking requirementsPaul Spooren2020-06-111-1/+1
| | | | | | | | | | | The patch 4a1a58a3 build, imagebuilder: Do not require libncurses-dev was supposed to remove libncurses as a requirement for the ImageBuilder. However as the IB=1 is only exported during building, not for checking requirements, it did never actually work. This commit export IB=1 to the requirement check. Signed-off-by: Paul Spooren <mail@aparcar.org>
* build: refactor JSON info files to `profiles.json`Paul Spooren2020-04-031-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | JSON info files contain machine readable information of built profiles and resulting images. These files were added in commit 881ed09ee6e2 ("build: create JSON files containing image info"). They are useful for firmware wizards and script checking for reproducibility. Currently all JSON files are stored next to the built images, resulting in up to 168 individual files for the ath79/generic target. This patch refactors the JSON creation to store individual per image (not per profile) files in $(BUILD_DIR)/json_info_files and create an single overview file called `profiles.json` in the target directory. Storing per image files and not per profile solves the problem of parallel file writes. If a profiles sysupgrade and factory image are finished at the same time both processes would write to the same JSON file, resulting in randomly broken outputs. Some target like x86/64 do not use the image code yet, resulting in missing JSON files. If no JSON info files were created, no `profiles.json` files is created as it would be empty anyway. As before, this creation is enabled by default only if `BUILDBOT` is set. Tested via buildroot & ImageBuilder on ath79/generic, imx6 and x86/64. Signed-off-by: Paul Spooren <mail@aparcar.org> [json_info_files dir handling in Make, if case refactoring] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* imagebuilder: fix `make info` for empty SUPPORTED_DEVICESPaul Spooren2019-08-141-1/+2
| | | | | | | | | For x86/64 (maybe more) target the SUPPORTED_DEVICES variable is empty which causes the `&&` junction to fail, producing a non zero exit code. Tested-by: Paul Spooren <mail@aparcar.org> Fixed-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Paul Spooren <mail@aparcar.org>
* imagebuilder: new DISABLED_SERVICES make variableRichard Musil2019-05-151-2/+4
| | | | | | | | | | | | Adds a new variable DISABLED_SERVICES to ImageBuilder Makefile, which defines a list of services (installed as /etc/init.d/*) to be disabled during the build of a custom image (normally all are enabled). It comes handy when a particular service should not be run under normal circumstances, but should be ready in the image for situations when it might be needed. Signed-off-by: Richard Musil <risa2000x@gmail.com>
* IB: include SUPPORTED_DEVICES in 'make info' outputDaniel Golle2019-03-111-2/+3
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ib: show current revision based on $(REVISION)Paul Spooren2019-03-081-0/+1
| | | | | | | | This is useful in for the attendedsyupsgrade server (asu) to distinguish between snapshot version. Currently asu can't tell devices requesting a snapshot build if the same build is already installed. Signed-off-by: Paul Spooren <mail@aparcar.org>
* ib: show unified target based on $(TARGETID)Paul Spooren2019-03-081-1/+1
| | | | | | | Instead of showing a slightly more readable target like "ar71xx (Generic)" print the more generic format "ar71xx/genric" Signed-off-by: Paul Spooren <mail@aparcar.org>
* ib: display whether profile comes with image metadataDaniel Golle2019-03-061-1/+1
| | | | | | | | Having image metadata (and signature) appended is a condition for semi-automated sysupgrade, hence IB needs to be able to tell which images will end up with metadata. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* imagebuilder: manifest function show stderrPaul Spooren2018-08-061-2/+2
| | | | | | | | This really simplifies debugging, if a package is not found or a feed is not reachable, a proper stderr is printed. Currently it would only say `_call_manifest` failed. Signed-off-by: Paul Spooren <mail@aparcar.org>
* imagebuilder: add function to show manifestPaul Spooren2018-07-301-2/+27
| | | | | | | | | | | | | | | | | | | | | | | | | Tested with 18.06.0-rc2/ar71xx/generic/tl-wdr4300-v1, image & list This PR is based on the work of @fewckert[1] with slight improvements. Add function `manifest` to show the manifest of the produced image, before actually building it. The manifest contains an orderd list of package name and version. This is usefull to check package dependencies but also determine a unique and reproducible image name before building the package. The sysupgrade server[2] builds images on request with individual package selection. To distignish between created images which contain differnt packages, the EXTRA_IMAGE_NAME is set to a shortend hash of the manifest's content. So far the image was renamed afterwards as the manifests content was unknown, however this corrupts the signed sha256sums. This patch allows a clean solution as to dtermine the manifest in advance and set the EXTRA_IMAGE_NAME accordingly. [1]: https://github.com/lede-project/source/pull/1591 [2]: https://github.com/aparcar/attendedsysupgrade-server Signed-off-by: Paul Spooren <mail@aparcar.org>
* imagebuilder: reuse rootfs preparation from rootfs.mkMatthias Schiffer2018-03-071-37/+9
| | | | | | | | | | | | In addition to removing redundant code, this fixes various issues in IB-generated images that have been fixed in prepare_rootfs before, including better handling of CONFIG_CLEAN_IPKG and enabling of initscripts from FILES. We also reuse the opkg macro and remove --force-... flags that have been removed from rootfs.mk as well. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* merge: etc: update remaining filesZoltan HERPAI2017-12-081-1/+1
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* imagebuilder: don't rewrite package list outputDaniel Golle2017-06-171-1/+1
| | | | | | | | No longer rewrite opkg list output in package_list function, remove the awk call in the pipe (which was intended for a single specific use-case). Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* imagebuilder: clean package_listDaniel Golle2017-06-171-6/+6
| | | | | | | | | | | commit 19ac879954 (imagebuilder: add package_list function) introduced a new function 'package_list' to the imagebuilder Makefile. Unfortunately the package list was poluted by stdout noise of the Makefile itself as well as opkg. Redirect those outputs to stderr to make sure that the package_list returned doesn't contain progress info output but really only packages. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* imagebuilder: add package_list functionPaul Spooren2017-06-151-7/+14
| | | | | | | | | The imagebuilder can now list all available packages by using make package_list. This is usefull for scripts to retrieve a list of all packages with versions (and size) Signed-off-by: Paul Spooren <paul@spooren.de> [daniel@makrotopia.org: fixed commit message]
* build: get rid of host.mkFelix Fietkau2017-02-261-2/+1
| | | | | | Defined required host related variables in toplevel.mk instead Signed-off-by: Felix Fietkau <nbd@nbd.name>
* imagebuilder: make submake invocations less verboseJo-Philipp Wich2017-02-021-4/+4
| | | | | | | Use silent make invocations for sub-makes like build_image or checksum to avoid bloating the IB output with non-status info. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* imagebuilder: properly escape single quotes in device titlesJo-Philipp Wich2017-01-261-1/+1
| | | | | | | | | | | | | The name "Plat'Home OpenBlocks AX3" causes the imagebuilders "make info" command to fail with: bash: -c: line 0: syntax error near unexpected token `(' bash: -c: line 0: `echo; [...]' Makefile:99: recipe for target '_call_info' failed Properly escape single quotes to avoid breaking the echo commands. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* build: add checksum targetJo-Philipp Wich2016-08-011-0/+6
| | | | | | | | | | | | | | | Add a new "checksum" make target which generates an sha256sums file over the image files produced in bin/targets/ and automatically call it during make world after the package index generation. The advantage of this new target is that it is guaranteed to run after the images, the SDK and the ImageBuilder archives have been generated to ensure that they all end up in the checksum file. Fixes FS#51. Uses sed to postprocess the OpenSSL digest output into an sha256sum command compatible format. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* build: remove obsolete variables from opkg commandFelix Fietkau2016-07-291-3/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* imagebuilder: strip DEVICE_ prefix from profiles (FS#55)Felix Fietkau2016-07-211-3/+5
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: split scripts/metadata.pl into target-metadata.pl and package-metadata.plFelix Fietkau2016-06-071-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* imagebuilder: Fix sorting package list breaks opkg dependency handling for ↵Daniel Dickinson2016-05-181-1/+1
| | | | | | | | | | | | | | | | provides When imagebuild sorts package lists it breaks opkg's ability to realize that a providers for a Provides has already been installed, when the sort results in the provider being later in the list of packages that a package which depends on a Provides (and hence the provider is not yet installed for opkg to realize the provider was available doesn't not handle the case of a package that is to be installed satisfying a dependency, only one that is already installed (or which it schedules to be installed, which in the absence of an installed provider is whichever provider happens to be the default) Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
* target/imagebuilder: fix using new device profilesFelix Fietkau2016-05-131-13/+9
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* imagebuilder: rename OpenWrt into LEDEAlexander Couzens2016-05-051-1/+1
| | | | Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* images imagebuilder: Allow to add sanitized extra nameFelix Fietkau2016-01-031-2/+2
| | | | | | | | | | | | | For final output image names allow user to add an extra string (which is sanitized). This is particularly useful with ImageBuilder where you may generate multiple images from the same base and for the same board, with different package selections and additional files (via FILES=). Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com> SVN-Revision: 48083
* imagebuilder: store package lists in cache directoryJo-Philipp Wich2015-09-141-0/+2
| | | | | | | | | | Force opkg to store the downloaded repository indizes into the cache directory as well, this way the IB can be used in an offline setting once all required files have been cached. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 46912
* imagebuilder: run build prereq checks before building image to set up host ↵Felix Fietkau2015-09-101-1/+16
| | | | | | | | commands properly Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 46840
* build: Prevent more gzip timestampsJohn Crispin2015-07-141-1/+1
| | | | | | | | | To improve reproducibility, prevent the inclusion of timestamps in the gzip header. Signed-off-by: Reiner Herrmann <reiner@reiner-h.de> SVN-Revision: 46361
* imagebuilder: create cache directory if needed (#18629)Jo-Philipp Wich2015-06-011-7/+7
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 45866
* IB: use online repositoriesJo-Philipp Wich2015-05-272-4/+2
| | | | | | | | | | | | Change the IB packaging to only embed libc, kernel and kmod packages by default and generate repositories.conf to refer to the remote package repositories. Introduce a new config option CONFIG_IB_STANDALONE which restores the old behaviour of building self contained IB archives. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 45772
* imagebuilder: fail with error if the passed profile name does not existJo-Philipp Wich2015-01-101-0/+8
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 43916
* postinst trigger: the new postinst trigger broke IBJohn Crispin2014-09-161-4/+5
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 42571
* imagebuilder: remove postinst files before generating imageFelix Fietkau2014-08-311-0/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 42339
* build: introduce per feed repository supportJo-Philipp Wich2014-08-051-2/+2
| | | | | | | | | This changeset implements a new menuconfig option to generate separate repositories for each enabled package feed instead of one monolithic one. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 42002
* imagebuilder: use file_copy to deploy files/ in the image generation phaseJo-Philipp Wich2012-12-021-9/+1
| | | | SVN-Revision: 34439
* imagebuilder: merge r25078 to align files/ handling with current buildrootJo-Philipp Wich2012-11-221-0/+8
| | | | SVN-Revision: 34301
* package/index: filter out the libc package from the indexFelix Fietkau2012-06-111-0/+1
| | | | SVN-Revision: 32187
* imagebuilder: explicitly install the kernel .ipk before installing anything ↵Felix Fietkau2012-05-141-0/+1
| | | | | | else, it is no longer part of the package index (fixes #11450) SVN-Revision: 31711
* build: rework verbosity level selectionFelix Fietkau2012-04-261-1/+1
| | | | | | | | | | | | | V=99 and V=1 are now deprecated in favor of a new verbosity class system, though the old flags are still supported. You can set the V variable on the command line (or OPENWRT_VERBOSE in the environment) to one or more of the following characters: - s: stdout+stderr (equal to the old V=99) - c: commands (for build systems that suppress commands by default, e.g. kbuild) - w: warnings/errors only (equal to the old V=1) SVN-Revision: 31484
* populate repositories.conf from version.mkJo-Philipp Wich2012-04-121-2/+2
| | | | SVN-Revision: 31268
* ImageBuilder: respect the PROFILE parameterGabor Juhos2012-01-241-4/+5
| | | | | | Based on a patch from #10766 SVN-Revision: 29877
* Various enhancements from Manuel Munz <freifunk@somakoma.de> - don't ↵Jo-Philipp Wich2011-09-091-2/+9
| | | | | | regenerate Package index unless the packagedir changes - remove opkg lists from rootfs, saves > 1MB uncompressed - don't direct errors on index creation into packagelist SVN-Revision: 28205
* imagebuilder: clean opkg files if requested (patch from #9866)Felix Fietkau2011-08-011-0/+1
| | | | SVN-Revision: 27872