The toolchain included in a sdk have a different format than an external
toolchain tar.
Since sdk is a more integrated setup doesn't use and include wrapper bin
that use the external toolchain config and use an alternative and more
standard way to include all the toolchain headers.
External toolchain use wrapper.sh to append the configured include
header when each tool is called.
Fix the sdk toolchain by reverting their own sdk wrapper scripts and to
simulate an external toolchain build copying what is done in the
toolchain target makefile.
This handle compilation error and warning caused by not using fortify
header on building packages.
Fixes: 006e52545d14 ("CI: build: add support to fallback to sdk for external toolchain") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 42f0ab028e2eae0d4e7acf9db7fd68b256f23503)
Hauke Mehrtens [Mon, 5 Dec 2022 23:17:35 +0000 (00:17 +0100)]
e2fsprogs: Fix CVE-2022-1304
This fixes CVE-2022-1304:
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.
This issue leads to a segmentation fault and possibly arbitrary code
execution via a specially crafted filesystem.
Hannu Nyman [Tue, 6 Dec 2022 08:36:56 +0000 (10:36 +0200)]
mvebu: disable also wrt32x due to broken switch
WRT32x has identical hardware as WRT3200ACM,
so handle the devices identically.
Reference to:
* FCC approval: WRT32x is a new name for WRT3200ACM hardware
https://fccid.io/Q87-WRT3200ACM#Grant-TCB-5
FCC IDENTIFIER: | Q87-WRT3200ACM
C2PC: - Adding a new model name: WRT32X;
* Linux switch definition:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=2716777b4f21649fb907b4a4fb96e1c8d0a5ec16
MV88E6176 is mostly compatible to MV88E6352 and is documented
in the same functional specification. Add support for it.
Fixes: a0bae2fef8 "mvebu: cortexa9: disable devices using broken mv88e6176 switch" Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Catalin Toda [Fri, 15 Jul 2022 17:18:23 +0000 (10:18 -0700)]
kernel: netconsole: add network console logging support
Accessing the console on many devices is difficult.
netconsole eases debugging on devices that crash
after the network is up.
Reference to the netconsole documentation in upstream Linux:
<https://www.kernel.org/doc/html/latest/networking/netconsole.html>
|
|netconsole=[+][src-port]@[src-ip]/[<dev>],[tgt-port]@<tgt-ip>/[tgt-macaddr]
|
| where
| + if present, enable extended console support
| src-port source for UDP packets (defaults to 6665)
| src-ip source IP to use (interface address)
| dev network interface (eth0)
| tgt-port port for logging agent (6666)
| tgt-ip IP address for logging agent
| tgt-macaddr ethernet MAC address for logging agent (broadcast)
OpenWrt specific notes:
OpenWrt's device userspace scripts are attaching the network
interface (i.e. eth0) to a (virtual) bridge (br-lan) device.
This will cause netconsole to report:
|network logging stopped on interface eth0 as it is joining a master device
(and unfortunately the traffic/logs to stop at this point)
As a workaround, the netconsole module can be manually loaded
again after the bridge has been setup with:
One way of catching errors before the handoff, try to
append the /etc/modules.conf file with the following extra line:
options netconsole netconsole=@/eth0,@192.168.1.x/MA:C...
and install the kmod-netconsole (=y) into the base image.
Signed-off-by: Catalin Toda <catalinii@yahoo.com>
(Added commit message from PR, added links to documentation) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 488b25f5ac5028923f67e3beade92dab0c2591f1)
Hauke Mehrtens [Sun, 7 Aug 2022 11:32:31 +0000 (13:32 +0200)]
kernel: kmod-w1-slave-ds2760: Remove package
The w1_ds2760.ko driver was merged into the ds2760_battery.ko driver.
The driver was removed and this package was never build any more.
This happened with kernel 4.19.
Petr Štetiar [Thu, 1 Dec 2022 09:36:01 +0000 (10:36 +0100)]
mvebu: cortexa9: disable devices using broken mv88e6176 switch
Several users have reported, that devices using mv88e6176 switch are
seriously broken, basically turning that switch into a hub. Until fixed
those devices should be disabled.
I've used TOH with "Switch 88E6176" filter, which provided me with the
following list of likely affected devices:
* Linksys WRT1200AC v1/v2, WRT1900AC v1/v2
* SolidRun ClearFog Pro
* Turris Omnia
That device list more or less corresponds with the list of devices
mentioned in the linked bug reports.
References: https://github.com/openwrt/openwrt/issues/11077 Signed-off-by: Petr Štetiar <ynezz@true.cz>
CI: build: fix matching for openwrt release branch for toolchain parsing
The current match logic doesn't handle test for push events related to
stable release (example openwrt-22.03) but only fork with the related
prefix (example openwrt-22.03-fixup)
Fix wrong matching and while at it also add extra checks to other
matching (check if the branch name actually start with the requested
prefix)
Fixes: e24a1e6f6d7f ("CI: build: add support for external toolchains from stable branch") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit e3cf2b84e5f8708ca17d931ef60746516c8a2fe4)
CI: fix matching for openwrt release branch for container selection
The current match logic doesn't handle test for push events related to
stable release (example openwrt-22.03) but only fork with the related
prefix (example openwrt-22.03-fixup)
Fix wrong matching and while at it also add extra checks to other
matching (check if the branch name actually start with the requested
prefix)
Fixes: abe8a4824210 ("CI: build: add support for per branch tools container") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 65c3d19c4b28ccac0d08d916de0ffa4c0e7b3dc2)
Add support to push per branch container tools.
For anything not official stick to latest tag that correspond to test
run from master.
If we are testing something for one of the openwrt stable branch, parse
the branch name or the tag and push dedicated tools containers.
To use the stable container for local testing the branch needs to have
the prefix openwrt-[0-9][0-9].[0-9][0-9] (example openwrt-21.02-fixup)
Any branch that will match this pattern openwrt-[0-9][0-9].[0-9][0-9]
will refresh the tools container with the matching tag.
(example branch openwrt-22.03 -> tools:openwrt-22.03)
(example branch openwrt-22.03-test -> tools:openwrt-22.03)
Hauke Mehrtens [Sat, 3 Dec 2022 02:04:40 +0000 (03:04 +0100)]
CI: Build all boards and testing kernel
This adds options to build all boards of a selected target and an
additional option to build the testing kernel instead of the normal
kernel. This can be used by other trigger work flows.
Hauke Mehrtens [Sat, 5 Nov 2022 13:27:11 +0000 (14:27 +0100)]
CI: Allow building with internal toolchain
This adds an option to build with internal toolchain. This can be used
to build targets which are currently not build by the OpenWrt build bots
and which needs their own toolchain build for every build.
Building the toolchain takes about 30 minutes compared to using the
external toolchain which takes some seconds.
Hauke Mehrtens [Tue, 1 Nov 2022 18:10:01 +0000 (19:10 +0100)]
CI: Extract the OpenWrt building to own sub workflow
Extract the building of OpenWrt into an own workflow which is then
triggered by the kernel.yml and packages.yml workflow with different
inputs. This allows us to share much of the code of the workflow.
Hauke Mehrtens [Sun, 7 Aug 2022 16:46:11 +0000 (18:46 +0200)]
CI: packages: Add github CI job to build all packages
This will build OpenWrt for MIPS malta BE and x86 64 Bit with all
packages and kernel modules activated. It is triggered when something
changes in the build system or when a package definition is changed.
This task probably needs 90 minutes to execute, but I hope that it
will find build problems in pull requests early.
This intentionally does not activate the feeds, because building them
too would take too long. We only build x86/64 and malta/be to save
resources.
I would like to detect build problems when a package is changed. We
often had build breaks when a package version was increased sometime
even in other packages which used it as a dependency.
This is based on the .github/workflows/packages.yml workflow.
To actually use ccache cache on kernel test from pr, the kernel workflow
has to be run first from a push action.
This will permit as a side effect to test merged commits and catch commit
that may cause regression in kernel compilation even outside the github
system.
Alex Low [Mon, 19 Sep 2022 10:20:37 +0000 (12:20 +0200)]
build: harden GitHub workflow permissions
Grant pull-requests write permission to the labeler workflow and
read-only to everything else.
Signed-off-by: Alex Low <aleksandrosansan@gmail.com>
[ wrap to 80 columns and fix wrong author as requested by author itself ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 715259940776843d8799bc39de8eb50eb764189b)
Use ccache to speedup kernel compilation.
Ccache dir is cached across each build test. To refresh ccache directory
we generate an hash of the kernel include files, that includes the
kernel versions of every kernel supported and the kernel compile
includes.
Currently each Kernel compilation takes about 30 minutes of which 20
minutes are used to compile our tools. While the toolchain is downloaded
and instantly ready the tools are missing.
This commit starts uploading a Docker container including compiled tools
which are ready to use. It is automatically updated whenever any tools
are changed.
Signed-off-by: Paul Spooren <mail@aparcar.org> Co-Developed-by: Christian Marangi <ansuelsmth@gmail.com> Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 25b65f548dfd93cae87781276bfff9a27cd3ebd4)
Paul Spooren [Sun, 20 Mar 2022 20:02:08 +0000 (20:02 +0000)]
CI: use buildbot container for building
Instead of using a fresh Linux installation which is setup every time
use the Buildbot container which is used for our own Buildbot
infrastructure, too.
While at it also tidy up the workflow to make it more consistent with
other workflow.
Signed-off-by: Paul Spooren <mail@aparcar.org> Co-Developed-by: Christian Marangi <ansuelsmth@gmail.com> Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3b23227d43ec720f810e6e261945530f7bc549f0)
Petr Štetiar [Mon, 22 Aug 2022 13:05:01 +0000 (15:05 +0200)]
ci: show build failures directly in job log output
Instead of waiting for complete workflow finish, then downloading the
artifacts, unpacking them and inspecting them, lets try to make the
build failure immediately visible in the log output:
====== Make errors from logs/target/linux/compile.txt ======
* Legacy (non-UHI/non-FIT) Boards
*
Support MIPS SEAD-3 boards (LEGACY_BOARD_SEAD3) [N/y/?] (NEW)
Error in reading or end of file.
Hauke Mehrtens [Mon, 8 Aug 2022 18:26:18 +0000 (20:26 +0200)]
CI: kernel: Checkout feeds from github
Instead of cloning the feeds from the default location at
git.openwrt.org use the github action to clone them directly from
github. We saw some error messages when cloning from git.openwrt.org,
probably related to some rate limiting applied. Cloning from github
within a github action should work more stable.
The "./scripts/feeds update -a" script will use the already checked out
feed repositories and not clone them again from git.openwrt.org, but it
will also not change the branch name.
Paul Spooren [Sun, 20 Mar 2022 15:31:24 +0000 (15:31 +0000)]
CI: run inside the buildbot docker container
Run github actions insider buildbot docker container.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[ run container under buildbot user ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 8a77adb0485aeb40f6550eb7fcdb461b3eaffe58)
Paul Spooren [Wed, 30 Mar 2022 00:43:17 +0000 (01:43 +0100)]
CI: usability improvements for tools
* Always store build logs
* Store .config as an artifact
* Rename job to `tools-{ os }` for log archive without spaces
* Run CI job on changes to the CI file itself
build: handle directory with whitespace in AUTOREMOVE clean
Package with whitespace in their build directory are not correctly
removed when CONFIG_AUTOREMOVE is enabled. This is caused by xargs that
use whitespace as delimiters. To handle this use \0 as the delimiter and
set find to use \0 as the delimiter.
While experimenting with the AUTOREMOVE option in search of a way to use
prebuilt host tools in different buildroot, it was discovered that the
md5 generated by find_md5 in depends.mk is not reproducible.
Currently the hash is generated by the path of the file in addition to
the file mod time. Out of confusion, probably, there was an idea that
such command was used on the package build_dir. Reality is that this
command is run on the package files. (Makefile, patches, src)
This is problematic because the package Makefile (for example) change at
each git clone and base the hash on the Makefile mtime doesn't really
reflect if the Makefile actually changes across a buildroot or not.
A better approach is to generate an hash of each file and then generate
an hash on the sort hash list. This way we remove the problem of git
clone setting a wrong mtime while keeping the integrity of checking if a
file changed for the package as any change will result in a different
hash.
Introduce a new kind of find_md5 function, find_md5_reproducible that
apply this new logic and limit it only with AUTOREMOVE option set to
prevent any kind of slowdown due to additional hash generation.
CI: labeler: fix wrong label for pr targeting stable branch
The label used for stable branch is in the form of
release/[0-9][0-9].[0-9][0-9]
Currently we apply the name of the target branch as the label, fix this
and correctly use the current label.
Add support to tag pr targeting stable branch matching the simple regex
of openwrt-[0-9][0-9].[0-9][0-9]. The tag that will be added will match
the pr target branch.
Pawel Dembicki [Sat, 29 Oct 2022 21:42:03 +0000 (23:42 +0200)]
layerscape: Fix SPI-NOR issues with vendor patches
For some reason LS1012A and LS1046A devboards don't work well with
Spansion SPI NOR flash. It cause read and write errors like:
[ 27.285887] jffs2: Newly-erased block contained word 0xc20031985 at offset 0x025ae000
[ 27.468922] jffs2: Newly-erased block contained word 0x0 at offset 0x02573000
[ 27.502615] jffs2: Newly-erased block contained word 0xe723f41e5823f110 at offset 0x02572000
[ 27.541550] jffs2: Newly-erased block contained word 0x1a7d266ee6 at offset 0x02571000
[ 27.577195] jffs2: Newly-erased block contained word 0x5d000bae8d52fec6 at offset 0x02570000
[ 27.611800] jffs2: Newly-erased block contained word 0x63515aee63515a4b at offset 0x0256f000
[ 27.651749] jffs2: Newly-erased block contained word 0xc20031985 at offset 0x0256e000
[ 27.825593] jffs2: Newly-erased block contained word 0xc20031985 at offset 0x0252e000
NXP have found workarround and applied in their vendor kernel version.
They force 1x tx and 1x rx lines in qspi. That method fix issues.
This patch ports patches from NXP LSDK tree.
Alex Low [Mon, 19 Sep 2022 10:20:37 +0000 (12:20 +0200)]
build: harden GitHub workflow permissions
Grant pull-requests write permission to the labeler workflow and
read-only to everything else.
Signed-off-by: Alex Low <aleksandrosansan@gmail.com>
[ wrap to 80 columns and fix wrong author as requested by author itself ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 715259940776843d8799bc39de8eb50eb764189b)
Piotr Dymacz [Mon, 20 Jun 2022 11:13:30 +0000 (13:13 +0200)]
CI: include automatic Pull Request Labeler
This adds GitHub CI action which makes use of 'Labeler', allowing
automatic labeling of new PRs, based on the modified files paths.
Below labels are supported and more can be added later:
- 'target/*'
- 'target/imagebuilder'
- 'kernel'
- 'core packages'
- 'build/scripts/tools'
- 'toolchain'
- 'GitHub/CI'
For more information:
https://github.com/marketplace/actions/labeler
Andrew Ammerlaan [Sun, 30 Oct 2022 14:56:14 +0000 (15:56 +0100)]
procd: service: pass all arguments to service
Passing all arguments to /etc/init.d/$service restores the
behaviour of openwrt 21.02. This is relevant for services
such as etherwake which take more then one argument, e.g.:
"service etherwake start <list of devices to wake>"
When compiling OpenWRT on a compressed btrfs volume the build fails in
libtool.
The file `libltdl/config/ltmain.m4sh` from `libtool-2.4.2.tar.xz` is
missing write permissions, therefore patch falls back to copying the
file and patching that. During this patch tries to preserve all file
attribute on the new copy.
However the attribute `btrfs.compression` is privileged and btrfs return
EACCES.
While patch ignores multiple other error codes during the copy of xattr
copy it is not prepared for EACCES and aborts.
EACCES should be ignored the same way as the other errors.
Nick Hainke [Wed, 16 Nov 2022 07:48:02 +0000 (08:48 +0100)]
wolfssl: update to v5.5.3
Remove "200-ecc-rng.patch" because it was upstramed by:
https://github.com/wolfSSL/wolfssl/commit/e2566bab2122949a6a0bb2276d0a52598794d7d0
Refreshed "100-disable-hardening-check.patch".
Will Moss [Thu, 10 Nov 2022 19:55:11 +0000 (19:55 +0000)]
ath79: D-Link DIR-825 B1 add factory.bin recipe
- Bring back factory.bin image which was missing after porting device to ath79 target
- Use default sysupgrade.bin image recipe
- Adjust max image size according to new firmware partition size after
"ath79: expand rootfs for DIR-825-B1 with unused space (aca8bb5)" changes
- Remove support of upgrading from version 19.07, because partition size changes mentioned above
ath79: disable image building for Ubiquiti EdgeSwitch 8XP
The downstream OpenWrt driver for the BCM53128 switch ceased to work,
rendering the 8 LAN ports of the device unusable. This commit disables
image building while the problem is being solved.
This patch is needed to handle interrupts by the second VPE on the Lantiq
ARX100, xRX200, xRX300 and xRX330 SoCs. Switching some ICU interrupts to
the second VPE results in a hang. Currently, the vsmp_init_secondary()
function is responsible for enabling these interrupts. It only enables
Malta-specific interrupts (SW0, SW1, HW4 and HW5).
The MIPS core has 8 interrupts defined. On Lantiq SoCs, hardware
interrupts are wired to an ICU instance. Each VPE has an independent
instance of the ICU. The mapping of the ICU interrupts is shown below:
SW0(IP0) - IPI call,
SW1(IP1) - IPI resched,
HW0(IP2) - ICU 0-31,
HW1(IP3) - ICU 32-63,
HW2(IP4) - ICU 64-95,
HW3(IP5) - ICU 96-127,
HW4(IP6) - ICU 128-159,
HW5(IP7) - timer.
This patch enables all interrupt lines on the second VPE.
This problem affects multithreaded SoCs with a custom interrupt controller.
SOCs with 1004Kc core and newer use the MIPS GIC. At this point, I am aware
that the Realtek RTL839x and RTL930x SoCs may need a similar fix. In the
future, this may be replaced with some generic solution.
Daniel Golle [Tue, 15 Nov 2022 18:45:52 +0000 (18:45 +0000)]
kernel: modules: package Marvell gigE PHY driver
Some copper SFP modules come with Marvell's 88E1xxx PHY and need this
module to function. Package it, so users can easily install this PHY
driver and use e.g. FINISAR CORP. FCLF-8521-3-HC SFP.
Without marvell PHY driver:
sfp sfp2: module FINISAR CORP. FCLF-8521-3-HC rev A sn XXXXXXX dc XXXXXX
mt7530 mdio-bus:1f sfp2: validation with support 0000000,00000000,00000000 failed: -22
sfp sfp2: sfp_add_phy failed: -22
With marvell PHY driver:
sfp sfp2: module FINISAR CORP. FCLF-8521-3-HC rev A sn XXXXXXX dc XXXXXX
mt7530 mdio-bus:1f sfp2: switched to inband/sgmii link mode
mt7530 mdio-bus:1f sfp2: PHY [i2c:sfp2:16] driver [Marvell 88E1111] (irq=POLL)
mt7530 mdio-bus:1f sfp2: Link is Up - 1Gbps/Full - flow control rx/tx
John Audia [Sat, 19 Nov 2022 13:41:25 +0000 (08:41 -0500)]
bcm27xx: disable duplicate sdhost driver
Enabling both CONFIG_MMC_BCM2835 and CONFIG_MMC_BCM2835_SDHOST causes this
error in dmesg:
Error: Driver 'sdhost-bcm2835' is already registered, aborting...
Disabling CONFIG_MMC_BCM2835 and leaving CONFIG_MMC_BCM2835_SDHOST enabled
avoids this error.
Rafał Miłecki [Tue, 8 Nov 2022 11:22:51 +0000 (12:22 +0100)]
kernel: support "linux,rootfs" DT property for splitting rootfs
OpenWrt's support for splitting rootfs (to create an extra "rootfs_data"
partition) is limited to partitions called "rootfs". Upstream kernel
allows any name partition to be rootfs if it has "linux,rootfs" property
set. Add split support to such partitions in OpenWrt code.
Rafał Miłecki [Mon, 7 Nov 2022 18:24:48 +0000 (19:24 +0100)]
kernel: backport support for "linux,rootfs" in DT
This DT property allows marking flash partition that Linux should use as
a root device. It's useful for devices that don't use U-Boot and cmdline
parser for partitioning. It may be used with "fixed-partitions" or some
dynamic partitioning based on flash content.
Rafał Miłecki [Mon, 7 Nov 2022 22:39:52 +0000 (23:39 +0100)]
kernel: split out mtd hack for CONFIG_FIT_PARTITION + rootfs
This is some hack on top of our old hack. Use separated patch for it so
it's easier to understand and actually possible to describe. We should
ideally get rid of this (and we actually did with kernels 5.15+).
Lech Perczak [Sun, 13 Nov 2022 12:02:36 +0000 (13:02 +0100)]
ipq40xx: ZTE MF286D: fix DEVICE_PACKAGES
Backporting ZTE MF289F introduced an override of DEVICE_PACKAGES for
MF286D, which removed packages needed for built-in modem support.
Fix assignment type to restore those.
Shiji Yang [Sat, 5 Nov 2022 11:52:08 +0000 (19:52 +0800)]
ramips: improve compatibility for Youku YK-L2 and YK-L1 series
Add UIMAGE_NAME and UIMAGE_MAGIC to allow users to directly install
initramfs-kernel.bin from the stock firmware Web UI. At the same time,
this change makes it possible to boot OpenWrt with the official u-boot.
Notice:
Since the stock firmware is based on OpenWrt and the configuration
will be retained by default during the upgrade process, so we must use
initramfs-kernel.bin to do a initial installation. After the system
restarts, install sysupgrade.bin and do not retain any configuration.
projects / thirdparty / openwrt.git / log
