Package archives built before commit e6bcf1e4ac
("build: add ABI_VERSION to binary package names") lack the SourceName
control file field which caused ipkg-remove to skip such archives.
Add fallback code that matches the files by their basename followed by
an underscore, similar to how the old cleanup code worked.
Fixes: #2067
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add the ABI_VERSION source makefile variable to the binary package basename
and resolve source dependencies on packages with ABI_VERSION set to such
expanded names.
If for example a package specifies DEPENDS:=libopenssl while the OpenSSL
Makefile specifies ABI_VERSION:=1.0.0, the resulting ipk control data
dependency will be "Depends: libopenssl1.0.0" and the libopenssl ipk file
will be called "libopenssl1.0.0_<version>_<arch>.ipk".
The next time a library such as OpenSSL is updated to an incompatible
version, the ABI_VERSION shall be changed accordingly to prevent opkg from
simply upgrading to an incompatible library without considering the
dependencies of already installed packages.
Also introduce another "SourceName" control field which is required by
the newly introduced "scritps/ipkg-remove" to determine the proper related
.ipk files to delete upon buildroot package clean operations.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Subdequent commits need this information to resolve the ABI version when
computing binary ipk dependencies.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Subsequent commits will put more auxiliary information into this file,
such as the per-package ABI version, so rename the metadata script
subcommand and file names accordingly.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tar will automatically record the user/group ID and name for
files/directories. This reduces the reproducibility of the sysupgrade.tar
because most of the people don't use the same username as the OpenWrt
buildserver.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The file ordering in the current sysupgrade depends on the order of file in
a filesystem. This is often already in a sane (alphabetical order) but this
is not always the case. For example, the OpenWrt build servers return a
different ordering.
This breaks the reproducibility of the sysupgrade tarballs significantly
and also resulted in images which cannot be used for upgrades on devices
like the OpenMesh A42/A62.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2efe776 introduces rpath checks with the commit message:
> Remove all rpath entries which do not point to a location below /lib or
> /usr/lib and which do not begin with '$ORIGIN'.
However the implementation failed to support rpath entries with only the
'$ORIGIN' token and no trailing slash, so allow these as well.
Signed-off-by: Yorkie Liu <yazhong.liu@rokid.com>
[reword commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When the SOURCE_DATE_EPOCH environment variable is set, use it to
override the timestamps of .ipk archive contents.
This ensures that .ipk archives built in environments without SCM
metadata (mainly the SDK) are reproducible between different runs.
Ref: https://github.com/openwrt/packages/issues/6954
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This updates these two files to commit 2fa97a8a0ed3 ("config.guess
(amd64:CYGWIN*:*:*, x86_64:CYGWIN*:*:*): Set master") which is the
current master of
https://git.savannah.gnu.org/gitweb/?p=config.git;a=summary
This contains updates for multiple architectures and will unbreak the
build on the x32 ABI.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The OM2P(-HS)v4 got a variant which uses a slightly different flash. The
standard versions used a flash with 256KB blocks which is no longer
available. The replacement flash uses a flash with 64K blocks.
The padding for the image rootfs is already for 64K and 256K and thus can
be flashed on the device without any problems. Unfortunately, the
bootloader will check $rootfs_size (rounded down to the nearest 64k block)
minus 1x 64k. But it is now possible that the new JFFS2 rootfs_data starts
even earlier and modifies the checked region. The check will then fail and
the backup image (when available) will be booted.
Just setting it to the same number of skipped blocks as other 64K models
avoids this problem.
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
When Package/xx/conffiles only contains directories that are empty at
package time, conffiles.resolved will be missing and the following
error messages will appear in the build log.
/home/yousong/git-repo/openwrt/openwrt/scripts/ipkg-build -c -o 0 -g 0 /home/yousong/git-repo/openwrt/openwrt/build_dir/target-mips_24kc_musl/linux-malta_be/openvswitch-2.10.0/ipkg-mips_24kc/openvswitch-common /home/yousong/git-repo/openwrt/openwrt/bin/packages/mips_24kc/packages
mv: cannot stat 'CONTROL/conffiles.resolved': No such file or directory
chmod: cannot access 'CONTROL/conffiles': No such file or directory
It will not break the ipkg-build process. The change is merely cosmetic
to not cause confusion when reading logs
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The need arises from building Open vSwitch kernel datapath modules, e.g.
- kmod-openvswitch from Linux upstream
- kmod-openvswitch-intree from openvswitch source code
where both provides virtual package "kmod-openvswitch" for userspace
packages to select and depend on
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Previous refactoring of the script moved the LDSO detection into a
file-not-exists condition, causing onyl the very first executable to
get bundled.
Solve the problem by unconditionally checking for LDSO again.
Fixes: 9030a78a71 ("scripts: bundle-libraries: prevent loading host locales")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The current make-ras.sh image generation script for the ZyXEL NBG6617
has portability issues with bash. Because of this, factory images are
currently not built correctly by the OpenWRT buildbots.
This commit replaces the make-ras.sh by C-written mkrasimage.
The new mkrasimage is also compatible with other ZyXEL devices using
the ras image-format.
This is not tested with the NBG6616 but it correctly builds the
header for ZyXEL factory image.
Signed-off-by: David Bauer <mail@david-bauer.net>
Binary patch the bundled glibc library to inhibit loading of host locale
archives in order to avoid triggering internal libc assertions when
invoking shipped, bundled executables.
The problem has been solved with upstream Glibc commit
0062ace229 ("Gracefully handle incompatible locale data") but we still
need to deal with older Glibc binaries for some time to come.
Fixes FS#1803
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Use Time::HiRes when available and fallback to raw syscall interface
when not. If that fails too, simply report 0, 0 as real time.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Replace the GNU time program invocation with a simple Perl script reporting
the timing values. Since we require Perl anyway for the build system, we can
as well use that instead of requiring a random GNU utility rarely installed
by default.
Fixes: ff6e62b288 ("build: log time taken by each packages/steps")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Compiler is producing the warning:
warning: format not a string literal and no format arguments
[-Wformat-security]
This patch makes the format a literal string in printf statements.
This with: gcc version 7.3.0 (Ubuntu 7.3.0-16ubuntu3) in Ubuntu 18.04
Signed-off-by: Paul Schulz <paul@mawsonlakes.org>
Allow enabling/commenting/disabling each feed individually by using a
tristate config symbol.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The src-dummy method does not actually obtain any feed, but it can be used
to insert addtional entries into the opkg distfeeds.conf. This is useful to
make package feeds available to users without requiring the corresponding
source feeds to be available during build.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
- Make the code more GitHub-specific
- Requires mirror hash to work with .gitattributes
- Use different API depending on whether PKG_SOURCE_VERSION is a
complete commit id or other ref types like tags
- Fix removing symbolic link
- pre-clean dir_untar for possible leftovers from previous run
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Move SCAN_DEPS to scan.mk to eliminate redundancy with scripts/feeds
Add image/*.mk to SCAN_DEPS for targets to pick up newly added devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
A new python script scripts/download.py is added to fetch tarballs using
GitHub archive API [1], then repack in a reproducible way same as the
current DownloadMethod/git
GitHub imposes a 60 reqs/hour rate limit on unauthenticated API
access[2]. This affects fetching commit date for feeding tar --mtime=
argument. However, observation indicates that archive download is NOT
subject to this limit at the moment. In the rare cases where download
fails because of this, we will falback to using DownloadMethod/git
The missing piece in the GitHub API is that it cannot provide in the
tarball dependent submodules's source code. In that case, the
implementation will also fallback to using DownloadMethod/git
[1] Get archive link, https://developer.github.com/v3/repos/contents/#get-archive-link
[2] Rate limiting, https://developer.github.com/v3/#rate-limiting
v2 <- v1:
- allow passing multiple urls with --urls argument
- add commit ts cache. can be helpful on retry
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This patch adds support for ZyXEL NBG6617
Hardware highlights:
SOC: IPQ4018 / QCA Dakota
CPU: Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM: 256 MiB DDR3L-1600/1866 Nanya NT5CC128M16IP-DI @ 537 MHz
NOR: 32 MiB Macronix MX25L25635F
ETH: Qualcomm Atheros QCA8075 Gigabit Switch (4 x LAN, 1 x WAN)
USB: 1 x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
WLAN1: Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2: Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT: RESET Button, WIFI/Rfkill Togglebutton, WPS Button
LEDS: Power, WAN, LAN 1-4, WLAN 2.4GHz, WLAN 5GHz, USB, WPS
Serial:
WARNING: The serial port needs a TTL/RS-232 3.3v level converter!
The Serial setting is 115200-8-N-1. The 1x4 .1" header comes
pre-soldered. Pinout:
1. 3v3 (Label printed on the PCB), 2. RX, 3. GND, 4. TX
first install / debricking / restore stock:
0. Have a PC running a tftp-server @ 192.168.1.99/24
1. connect the PC to any LAN-Ports
2. put the openwrt...-factory.bin (or V1.00(ABCT.X).bin for stock) file
into the tftp-server root directory and rename it to just "ras.bin".
3. power-cycle the router and hold down the the WPS button (for 30sek)
4. Wait (for a long time - the serial console provides some progress
reports. The u-boot says it best: "Please be patient".
5. Once the power LED starts to flashes slowly and the USB + WPS LEDs
flashes fast at the same time. You have to reboot the device and
it should then come right up.
Installation via Web-UI:
0. Connect a PC to the powered-on router. It will assign your PC a
IP-address via DHCP
1. Access the Web-UI at 192.168.1.1 (Default Passwort: 1234)
2. Go to the "Expert Mode"
3. Under "Maintenance", select "Firmware-Upgrade"
4. Upload the OpenWRT factory image
5. Wait for the Device to finish.
It will reboot into OpenWRT without any additional actions needed.
To open the ZyXEL NBG6617:
0. remove the four rubber feet glued on the backside
1. remove the four philips screws and pry open the top cover
(by applying force between the plastic top housing from the
backside/lan-port side)
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6617> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6617>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6617> ATSE NBG6617
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6617> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6617> ATGU
|NBG6617#
Co-authored-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
When sending script/env diff's output to a file or pipeline, you
don't want escape characters for ANSI color sequences fouling the
byte stream.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SourceForge has supported HTTPS for its downloads for a long time now.
I have not been able to see any failures resulting from this change.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This allegedly fixes compilation of the library bundler preload library on
Apple OS X. The resulting executables have not been runtime tested due to a
lack of suitable test hardware.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* QCA IPQ4019
* 256 MB of RAM
* 32 MB of SPI NOR flash (s25fl256s1)
- 2x 15 MB available; but one of the 15 MB regions is the recovery image
* 2T2R 2.4 GHz
- QCA4019 hw1.0 (SoC)
- requires special BDF in QCA4019/hw1.0/board-2.bin with
bus=ahb,bmi-chip-id=0,bmi-board-id=20,variant=OM-A62
* 2T2R 5 GHz (channel 36-64)
- QCA9888 hw2.0 (PCI)
- requires special BDF in QCA9888/hw2.0/board-2.bin
bus=pci,bmi-chip-id=0,bmi-board-id=16,variant=OM-A62
* 2T2R 5 GHz (channel 100-165)
- QCA4019 hw1.0 (SoC)
- requires special BDF in QCA4019/hw1.0/board-2.bin with
bus=ahb,bmi-chip-id=0,bmi-board-id=21,variant=OM-A62
* multi-color LED (controlled via red/green/blue GPIOs)
* 1x button (reset; kmod-input-gpio-keys compatible)
* external watchdog
- triggered GPIO
* 1x USB (xHCI)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x gigabit ethernet
- phy@mdio3:
+ Label: Ethernet 1
+ gmac0 (ethaddr) in original firmware
+ 802.3at POE+
- phy@mdio4:
+ Label: Ethernet 2
+ gmac1 (eth1addr) in original firmware
+ 18-24V passive POE (mode B)
* powered only via POE
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.
The initramfs image can be started using
setenv bootargs 'loglevel=8 earlycon=msm_serial_dm,0x78af000 console=ttyMSM0,115200 mtdparts=spi0.0:256k(0:SBL1),128k(0:MIBIB),384k(0:QSEE),64k(0:CDT),64k(0:DDRPARAMS),64k(0:APPSBLENV),512k(0:APPSBL),64k(0:ART),64k(0:custom),64k(0:KEYS),15552k(inactive),15552k(inactive2)'
tftpboot 0x84000000 openwrt-ipq40xx-openmesh_a62-initramfs-fit-uImage.itb
set fdt_high 0x85000000
bootm 0x84000000
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Use the EVA bootloader to load a small linux system into the ram and boot
it from there:
./scripts/flashing/eva_ramboot.py 192.168.178.1 path/to/initramfs-kernel.bin
Signed-off-by: Valentin Spreckels <Valentin.Spreckels@Informatik.Uni-Oldenburg.DE>
Acked-by: John Crispin <john@phrozen.org>
[reworded commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Some devices only boot when a special config is found in the image and
completely ignore the default entry during the selection. These devices can
now use the variable DEVICE_DTS_CONFIG in their device image definition.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
/lib/functions.sh can deal with Require-User specifications that only
contain a group, but no user. Adjust metadata.pm to allow such
specifications as well.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
``make xconfig`` toplevel target will invoke ``make qconf`` inside
./scripts/config directory, which results a ``qconf`` executable.
This commit removes leftover ``qconf`` executable during ``make
config-clean``.
Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
Remove references to /etc/, /lib/ and /usr/ from the bundled ld.so
interpreter using simple binary patching.
This is needed to prevent loading host system libraries such as
libnss_compat.so.2 on foreign systems, which may result in ld.so
inconsistency assertions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Prevent emitting broken dependency statements when resolving references
to non existing packages to an empty provider list.
Fixes: 47d6b05ad3 ("metadata: always resolve dependencies through provides list")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The logic for choice between source and binary packages was reversed.
Fixes: 52719c2b67 "metadata: scripts/feeds: distinguish between source
and binary packages, resolve virtual dependencies"
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Package "features" seem to be unused for some time. In any case, custom
Config.in snippets and package PROVIDES are a much more flexible way to
express similar options.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Properly resolve build depends to source packages and runtime depends to
binary packages. Dependencies on virtual packages are resolved to the first
provider now.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Instead of adding virtual packages to the normal package list, keep a
separate list for provides, make each package provide itself, and resolve
all dependencies through this list. This allows to use PROVIDES to replace
existing packages.
Fixes FS#837.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Runtime depends cannot have a buildtype suffix, and they never refer to
source package names. In addition, this adds warnings about unsatisfiable
dependencies.
Furthermore, this change fixes the generation of conditional build
dependencies for virtual packages provided by different source packages.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Target build depends are similar to host build depends in that they refer
to source packages rather than binary packages. Therefore, it makes sense
to handle them together, rather than putting them in a list together with
runtime depends and trying to figure out if the entries refer to source or
to binary packages afterwards.
This does lead to PKG_BUILD_DEPENDS entries referring to binary package
names not working anymore, which requires some fixes in the package
repositories.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>