Hauke Mehrtens [Sun, 7 Aug 2022 11:24:59 +0000 (13:24 +0200)]
kernel: kmod-net-rtl8192su: Remove package
The R8712U driver depends on cfg80211. cfg80211 is provided by mac80211
backports, we can not build any in kernel drivers which depend on
cfg80211 which is an out of tree module in OpenWrt.
The cfg80211 dependency was added with kernel 5.9.
We could add rtl8192su to backports and build it from there.
Martin Schiller [Wed, 2 Nov 2022 06:41:04 +0000 (07:41 +0100)]
kernel: further cleanup of xfrm[4|6]_mode*
In my commit da5c45f4d886 ("kernel: remove handling of xfrm[4|6]_mode_*
modules") I missed a few default config options and description entries.
Those should be gone as well.
Fixes: da5c45f4d886 ("kernel: remove handling of xfrm[4|6]_mode_* modules") Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit 1e028ac51e4d033cc1a8a06850ca8c6469206761)
Add package supporting Bluetooth HCI interfaces connected over SDIO.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
[pepe2k@gmail.com: dropped rfkill dependency, other minor text fixes] Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit fb7547684538e5501c4b91ed62e5f66832e4d9bc)
David Bauer [Fri, 9 Dec 2022 00:58:03 +0000 (01:58 +0100)]
ath79: fix Teltonika RUT230 v1 MAC assignment
The MAC-Address setup for the Teltonika RUT230 v1 was swapped for the
LAN / WAN ports. Also the Label-MAC was assigned incorrect, as the WiFi
MAC is printed on the case as part of the SSID, however only the LAN
MAC-Address is designated as a MAC-Address.
Wavlink WS-WN572HP3 4G is an 802.11ac
dual-band outdoor router with LTE support.
Specifications;
* Soc: MT7621DAT
* RAM: 128MiB
* Flash: NOR 16MiB GD-25Q128ESIG3
* Wi-Fi:
* MT7613BEN: 5GHz
* MT7603EN: 2.4GHz
* Ethernet: 2x 1GbE
* USB: None - only used internally
* LTE Modem: Quectel EC200T-EU
* UART: 115200 baud
* LEDs:
* 7 blue at the front
* 1 Power
* 2 LAN / WAN
* 1 Status
* 3 RSSI (annotated 4G)
* 1 green at the bottom (4G LED)
* Buttons: 1 reset button
Installation:
* press and hold the reset button while powering on the device
* keep it pressed for ten seconds
* connect to 192.168.10.1 via webbrowser (chromium/chrome works, at
least Firefox 106.0.3 does not)
* upload the sysupgrade image, confirm the checksum, wait 2 minutes
until the device reboots
Revert to stock firmware:
* same as installation but use the recovery image for WL-WN572HP3
Hauke Mehrtens [Thu, 8 Dec 2022 00:15:11 +0000 (01:15 +0100)]
ustream-ssl: update to Git version 2022-12-07
9217ab4 ustream-openssl: Disable renegotiation in TLSv1.2 and earlier 2ce1d48 ci: fix building with i.MX6 SDK 584f1f6 ustream-openssl: wolfSSL: provide detailed information in debug builds aa8c48e cmake: add a possibility to set library version
CI: build: skip sdk adapt to external toolchain on cache hit
On cache hit, skip sdk adapt to external toolchain. This is needed because we
cache the already extracted sdk and that is already adapted to be used
as external toolchain.
Rerunning the adap step will result in the test to fail for missing file
as the file are already got wrapped to the external toolchain format.
Fixes: 42f0ab028e2e ("CI: build: fix use of sdk as toolchain") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 99eaedfe3966b1ca812e8a962197cf91286247f7)
The toolchain included in a sdk have a different format than an external
toolchain tar.
Since sdk is a more integrated setup doesn't use and include wrapper bin
that use the external toolchain config and use an alternative and more
standard way to include all the toolchain headers.
External toolchain use wrapper.sh to append the configured include
header when each tool is called.
Fix the sdk toolchain by reverting their own sdk wrapper scripts and to
simulate an external toolchain build copying what is done in the
toolchain target makefile.
This handle compilation error and warning caused by not using fortify
header on building packages.
Fixes: 006e52545d14 ("CI: build: add support to fallback to sdk for external toolchain") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 42f0ab028e2eae0d4e7acf9db7fd68b256f23503)
Hauke Mehrtens [Mon, 5 Dec 2022 23:17:35 +0000 (00:17 +0100)]
e2fsprogs: Fix CVE-2022-1304
This fixes CVE-2022-1304:
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.
This issue leads to a segmentation fault and possibly arbitrary code
execution via a specially crafted filesystem.
Hannu Nyman [Tue, 6 Dec 2022 08:36:56 +0000 (10:36 +0200)]
mvebu: disable also wrt32x due to broken switch
WRT32x has identical hardware as WRT3200ACM,
so handle the devices identically.
Reference to:
* FCC approval: WRT32x is a new name for WRT3200ACM hardware
https://fccid.io/Q87-WRT3200ACM#Grant-TCB-5
FCC IDENTIFIER: | Q87-WRT3200ACM
C2PC: - Adding a new model name: WRT32X;
* Linux switch definition:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=2716777b4f21649fb907b4a4fb96e1c8d0a5ec16
MV88E6176 is mostly compatible to MV88E6352 and is documented
in the same functional specification. Add support for it.
Fixes: a0bae2fef8 "mvebu: cortexa9: disable devices using broken mv88e6176 switch" Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Catalin Toda [Fri, 15 Jul 2022 17:18:23 +0000 (10:18 -0700)]
kernel: netconsole: add network console logging support
Accessing the console on many devices is difficult.
netconsole eases debugging on devices that crash
after the network is up.
Reference to the netconsole documentation in upstream Linux:
<https://www.kernel.org/doc/html/latest/networking/netconsole.html>
|
|netconsole=[+][src-port]@[src-ip]/[<dev>],[tgt-port]@<tgt-ip>/[tgt-macaddr]
|
| where
| + if present, enable extended console support
| src-port source for UDP packets (defaults to 6665)
| src-ip source IP to use (interface address)
| dev network interface (eth0)
| tgt-port port for logging agent (6666)
| tgt-ip IP address for logging agent
| tgt-macaddr ethernet MAC address for logging agent (broadcast)
OpenWrt specific notes:
OpenWrt's device userspace scripts are attaching the network
interface (i.e. eth0) to a (virtual) bridge (br-lan) device.
This will cause netconsole to report:
|network logging stopped on interface eth0 as it is joining a master device
(and unfortunately the traffic/logs to stop at this point)
As a workaround, the netconsole module can be manually loaded
again after the bridge has been setup with:
One way of catching errors before the handoff, try to
append the /etc/modules.conf file with the following extra line:
options netconsole netconsole=@/eth0,@192.168.1.x/MA:C...
and install the kmod-netconsole (=y) into the base image.
Signed-off-by: Catalin Toda <catalinii@yahoo.com>
(Added commit message from PR, added links to documentation) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 488b25f5ac5028923f67e3beade92dab0c2591f1)
Hauke Mehrtens [Sun, 7 Aug 2022 11:32:31 +0000 (13:32 +0200)]
kernel: kmod-w1-slave-ds2760: Remove package
The w1_ds2760.ko driver was merged into the ds2760_battery.ko driver.
The driver was removed and this package was never build any more.
This happened with kernel 4.19.
Petr Štetiar [Thu, 1 Dec 2022 09:36:01 +0000 (10:36 +0100)]
mvebu: cortexa9: disable devices using broken mv88e6176 switch
Several users have reported, that devices using mv88e6176 switch are
seriously broken, basically turning that switch into a hub. Until fixed
those devices should be disabled.
I've used TOH with "Switch 88E6176" filter, which provided me with the
following list of likely affected devices:
* Linksys WRT1200AC v1/v2, WRT1900AC v1/v2
* SolidRun ClearFog Pro
* Turris Omnia
That device list more or less corresponds with the list of devices
mentioned in the linked bug reports.
References: https://github.com/openwrt/openwrt/issues/11077 Signed-off-by: Petr Štetiar <ynezz@true.cz>
CI: build: fix matching for openwrt release branch for toolchain parsing
The current match logic doesn't handle test for push events related to
stable release (example openwrt-22.03) but only fork with the related
prefix (example openwrt-22.03-fixup)
Fix wrong matching and while at it also add extra checks to other
matching (check if the branch name actually start with the requested
prefix)
Fixes: e24a1e6f6d7f ("CI: build: add support for external toolchains from stable branch") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit e3cf2b84e5f8708ca17d931ef60746516c8a2fe4)
CI: fix matching for openwrt release branch for container selection
The current match logic doesn't handle test for push events related to
stable release (example openwrt-22.03) but only fork with the related
prefix (example openwrt-22.03-fixup)
Fix wrong matching and while at it also add extra checks to other
matching (check if the branch name actually start with the requested
prefix)
Fixes: abe8a4824210 ("CI: build: add support for per branch tools container") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 65c3d19c4b28ccac0d08d916de0ffa4c0e7b3dc2)
Add support to push per branch container tools.
For anything not official stick to latest tag that correspond to test
run from master.
If we are testing something for one of the openwrt stable branch, parse
the branch name or the tag and push dedicated tools containers.
To use the stable container for local testing the branch needs to have
the prefix openwrt-[0-9][0-9].[0-9][0-9] (example openwrt-21.02-fixup)
Any branch that will match this pattern openwrt-[0-9][0-9].[0-9][0-9]
will refresh the tools container with the matching tag.
(example branch openwrt-22.03 -> tools:openwrt-22.03)
(example branch openwrt-22.03-test -> tools:openwrt-22.03)
Hauke Mehrtens [Sat, 3 Dec 2022 02:04:40 +0000 (03:04 +0100)]
CI: Build all boards and testing kernel
This adds options to build all boards of a selected target and an
additional option to build the testing kernel instead of the normal
kernel. This can be used by other trigger work flows.
Hauke Mehrtens [Sat, 5 Nov 2022 13:27:11 +0000 (14:27 +0100)]
CI: Allow building with internal toolchain
This adds an option to build with internal toolchain. This can be used
to build targets which are currently not build by the OpenWrt build bots
and which needs their own toolchain build for every build.
Building the toolchain takes about 30 minutes compared to using the
external toolchain which takes some seconds.
Hauke Mehrtens [Tue, 1 Nov 2022 18:10:01 +0000 (19:10 +0100)]
CI: Extract the OpenWrt building to own sub workflow
Extract the building of OpenWrt into an own workflow which is then
triggered by the kernel.yml and packages.yml workflow with different
inputs. This allows us to share much of the code of the workflow.
Hauke Mehrtens [Sun, 7 Aug 2022 16:46:11 +0000 (18:46 +0200)]
CI: packages: Add github CI job to build all packages
This will build OpenWrt for MIPS malta BE and x86 64 Bit with all
packages and kernel modules activated. It is triggered when something
changes in the build system or when a package definition is changed.
This task probably needs 90 minutes to execute, but I hope that it
will find build problems in pull requests early.
This intentionally does not activate the feeds, because building them
too would take too long. We only build x86/64 and malta/be to save
resources.
I would like to detect build problems when a package is changed. We
often had build breaks when a package version was increased sometime
even in other packages which used it as a dependency.
This is based on the .github/workflows/packages.yml workflow.
To actually use ccache cache on kernel test from pr, the kernel workflow
has to be run first from a push action.
This will permit as a side effect to test merged commits and catch commit
that may cause regression in kernel compilation even outside the github
system.
Alex Low [Mon, 19 Sep 2022 10:20:37 +0000 (12:20 +0200)]
build: harden GitHub workflow permissions
Grant pull-requests write permission to the labeler workflow and
read-only to everything else.
Signed-off-by: Alex Low <aleksandrosansan@gmail.com>
[ wrap to 80 columns and fix wrong author as requested by author itself ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 715259940776843d8799bc39de8eb50eb764189b)
Use ccache to speedup kernel compilation.
Ccache dir is cached across each build test. To refresh ccache directory
we generate an hash of the kernel include files, that includes the
kernel versions of every kernel supported and the kernel compile
includes.
Currently each Kernel compilation takes about 30 minutes of which 20
minutes are used to compile our tools. While the toolchain is downloaded
and instantly ready the tools are missing.
This commit starts uploading a Docker container including compiled tools
which are ready to use. It is automatically updated whenever any tools
are changed.
Signed-off-by: Paul Spooren <mail@aparcar.org> Co-Developed-by: Christian Marangi <ansuelsmth@gmail.com> Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 25b65f548dfd93cae87781276bfff9a27cd3ebd4)
Paul Spooren [Sun, 20 Mar 2022 20:02:08 +0000 (20:02 +0000)]
CI: use buildbot container for building
Instead of using a fresh Linux installation which is setup every time
use the Buildbot container which is used for our own Buildbot
infrastructure, too.
While at it also tidy up the workflow to make it more consistent with
other workflow.
Signed-off-by: Paul Spooren <mail@aparcar.org> Co-Developed-by: Christian Marangi <ansuelsmth@gmail.com> Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3b23227d43ec720f810e6e261945530f7bc549f0)
Petr Štetiar [Mon, 22 Aug 2022 13:05:01 +0000 (15:05 +0200)]
ci: show build failures directly in job log output
Instead of waiting for complete workflow finish, then downloading the
artifacts, unpacking them and inspecting them, lets try to make the
build failure immediately visible in the log output:
====== Make errors from logs/target/linux/compile.txt ======
* Legacy (non-UHI/non-FIT) Boards
*
Support MIPS SEAD-3 boards (LEGACY_BOARD_SEAD3) [N/y/?] (NEW)
Error in reading or end of file.
Hauke Mehrtens [Mon, 8 Aug 2022 18:26:18 +0000 (20:26 +0200)]
CI: kernel: Checkout feeds from github
Instead of cloning the feeds from the default location at
git.openwrt.org use the github action to clone them directly from
github. We saw some error messages when cloning from git.openwrt.org,
probably related to some rate limiting applied. Cloning from github
within a github action should work more stable.
The "./scripts/feeds update -a" script will use the already checked out
feed repositories and not clone them again from git.openwrt.org, but it
will also not change the branch name.
Paul Spooren [Sun, 20 Mar 2022 15:31:24 +0000 (15:31 +0000)]
CI: run inside the buildbot docker container
Run github actions insider buildbot docker container.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[ run container under buildbot user ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 8a77adb0485aeb40f6550eb7fcdb461b3eaffe58)
Paul Spooren [Wed, 30 Mar 2022 00:43:17 +0000 (01:43 +0100)]
CI: usability improvements for tools
* Always store build logs
* Store .config as an artifact
* Rename job to `tools-{ os }` for log archive without spaces
* Run CI job on changes to the CI file itself
build: handle directory with whitespace in AUTOREMOVE clean
Package with whitespace in their build directory are not correctly
removed when CONFIG_AUTOREMOVE is enabled. This is caused by xargs that
use whitespace as delimiters. To handle this use \0 as the delimiter and
set find to use \0 as the delimiter.
While experimenting with the AUTOREMOVE option in search of a way to use
prebuilt host tools in different buildroot, it was discovered that the
md5 generated by find_md5 in depends.mk is not reproducible.
Currently the hash is generated by the path of the file in addition to
the file mod time. Out of confusion, probably, there was an idea that
such command was used on the package build_dir. Reality is that this
command is run on the package files. (Makefile, patches, src)
This is problematic because the package Makefile (for example) change at
each git clone and base the hash on the Makefile mtime doesn't really
reflect if the Makefile actually changes across a buildroot or not.
A better approach is to generate an hash of each file and then generate
an hash on the sort hash list. This way we remove the problem of git
clone setting a wrong mtime while keeping the integrity of checking if a
file changed for the package as any change will result in a different
hash.
Introduce a new kind of find_md5 function, find_md5_reproducible that
apply this new logic and limit it only with AUTOREMOVE option set to
prevent any kind of slowdown due to additional hash generation.
CI: labeler: fix wrong label for pr targeting stable branch
The label used for stable branch is in the form of
release/[0-9][0-9].[0-9][0-9]
Currently we apply the name of the target branch as the label, fix this
and correctly use the current label.
Add support to tag pr targeting stable branch matching the simple regex
of openwrt-[0-9][0-9].[0-9][0-9]. The tag that will be added will match
the pr target branch.
Pawel Dembicki [Sat, 29 Oct 2022 21:42:03 +0000 (23:42 +0200)]
layerscape: Fix SPI-NOR issues with vendor patches
For some reason LS1012A and LS1046A devboards don't work well with
Spansion SPI NOR flash. It cause read and write errors like:
[ 27.285887] jffs2: Newly-erased block contained word 0xc20031985 at offset 0x025ae000
[ 27.468922] jffs2: Newly-erased block contained word 0x0 at offset 0x02573000
[ 27.502615] jffs2: Newly-erased block contained word 0xe723f41e5823f110 at offset 0x02572000
[ 27.541550] jffs2: Newly-erased block contained word 0x1a7d266ee6 at offset 0x02571000
[ 27.577195] jffs2: Newly-erased block contained word 0x5d000bae8d52fec6 at offset 0x02570000
[ 27.611800] jffs2: Newly-erased block contained word 0x63515aee63515a4b at offset 0x0256f000
[ 27.651749] jffs2: Newly-erased block contained word 0xc20031985 at offset 0x0256e000
[ 27.825593] jffs2: Newly-erased block contained word 0xc20031985 at offset 0x0252e000
NXP have found workarround and applied in their vendor kernel version.
They force 1x tx and 1x rx lines in qspi. That method fix issues.
This patch ports patches from NXP LSDK tree.
Alex Low [Mon, 19 Sep 2022 10:20:37 +0000 (12:20 +0200)]
build: harden GitHub workflow permissions
Grant pull-requests write permission to the labeler workflow and
read-only to everything else.
Signed-off-by: Alex Low <aleksandrosansan@gmail.com>
[ wrap to 80 columns and fix wrong author as requested by author itself ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 715259940776843d8799bc39de8eb50eb764189b)
Piotr Dymacz [Mon, 20 Jun 2022 11:13:30 +0000 (13:13 +0200)]
CI: include automatic Pull Request Labeler
This adds GitHub CI action which makes use of 'Labeler', allowing
automatic labeling of new PRs, based on the modified files paths.
Below labels are supported and more can be added later:
- 'target/*'
- 'target/imagebuilder'
- 'kernel'
- 'core packages'
- 'build/scripts/tools'
- 'toolchain'
- 'GitHub/CI'
For more information:
https://github.com/marketplace/actions/labeler
Andrew Ammerlaan [Sun, 30 Oct 2022 14:56:14 +0000 (15:56 +0100)]
procd: service: pass all arguments to service
Passing all arguments to /etc/init.d/$service restores the
behaviour of openwrt 21.02. This is relevant for services
such as etherwake which take more then one argument, e.g.:
"service etherwake start <list of devices to wake>"
When compiling OpenWRT on a compressed btrfs volume the build fails in
libtool.
The file `libltdl/config/ltmain.m4sh` from `libtool-2.4.2.tar.xz` is
missing write permissions, therefore patch falls back to copying the
file and patching that. During this patch tries to preserve all file
attribute on the new copy.
However the attribute `btrfs.compression` is privileged and btrfs return
EACCES.
While patch ignores multiple other error codes during the copy of xattr
copy it is not prepared for EACCES and aborts.
EACCES should be ignored the same way as the other errors.
Nick Hainke [Wed, 16 Nov 2022 07:48:02 +0000 (08:48 +0100)]
wolfssl: update to v5.5.3
Remove "200-ecc-rng.patch" because it was upstramed by:
https://github.com/wolfSSL/wolfssl/commit/e2566bab2122949a6a0bb2276d0a52598794d7d0
Refreshed "100-disable-hardening-check.patch".
Will Moss [Thu, 10 Nov 2022 19:55:11 +0000 (19:55 +0000)]
ath79: D-Link DIR-825 B1 add factory.bin recipe
- Bring back factory.bin image which was missing after porting device to ath79 target
- Use default sysupgrade.bin image recipe
- Adjust max image size according to new firmware partition size after
"ath79: expand rootfs for DIR-825-B1 with unused space (aca8bb5)" changes
- Remove support of upgrading from version 19.07, because partition size changes mentioned above
projects / thirdparty / openwrt.git / log
