Currently, if the provided hash is unsupported (length different from 32
or 64 bytes), we happily download the requested file without any kind of
checksum verification.
This is quite dangerous and may provide a false sense of security, because
a single typo in the hash (e.g. one character deleted by mistake) may skip
checksum verification entirely.
Instead, fail immediately if we don't support the provided hash.
In particular, if an external package repository decides to change the
hash algorithm one day, we will now fail loudly instead of skipping
checksum verification without complaints.
Note: if some users of scripts/download.pl knowingly provide an empty hash
because they don't need checksum verification, this change will break
them. This does not seem to be the case currently, but if this feature is
ever needed, an option should be added to download.pl instead of relying
on the hash being empty.
Fixes: eaa4eba10a ("scripts/download.pl: add SHA-256 support")
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
If CONFIG_DOWNLOAD_FOLDER is set to for example "~/dl", the download
script fails to create the .hash and .dl files with the following
errors:
Cannot create file ~/dl/dropbear-2017.75.tar.bz2.dl: No such file or directory
sh: 1: cannot create ~/dl/dropbear-2017.75.tar.bz2.hash: Directory nonexistent
If the tarball already exists in the ~/dl dir, it's properly found and
used, so this issue only affects the download.pl script.
This patch calls glob() on the target dir parameter, which will expand `~`.
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
When a package declares a PKG_BUILD_DEPENDENCY or HOST_BUILD_DEPENDENCY on
a not existing build type, the metadata script will emit a reference to an
unresolvable build target in tmp/.packagedeps, causing the make process to
fail hard in a way not catchable by the IGNORE_ERRORS mechanism.
In a situation where a package "test-a" declares a build dependency
"PKG_BUILD_DEPENDS:=test-b/host" while the Makefile of "test-b" does not
implement a HostBuild, make fails with an unrecoverable error in the form:
make[1]: Entering directory '...'
make[1]: *** No rule to make target 'package/test-b/host/compile',
needed by 'package/test-a/compile'. Stop.
make[1]: Leaving directory '...'
.../toplevel.mk:200: recipe for target 'package/test-a/compile' failed
make: *** [package/test-a/compile] Error 2
Extend the metadata generation script to catch such unresolved references
and emit a visable warning upon detection.
After this change, the script will emit a warning similar to:
WARNING: Makefile "package/test-a/Makefile" has a build dependency on
"test-b/host" but "package/test-b/Makefile" does not implement a
"host" build type
Fixes a global build cluster outage which occured after the "python-cffi"
feed package removed its HostBuild which the "python-cryptography" package
build-depended on.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Only mangle argv[0] of the first executed process and leave the argument
vector of subsequent invocations as-is to allow child programs to properly
discover resources relative to their binary locations.
Fixes "cc1" discovery when executing the host gcc through the bundled
"ccache" executable.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Internet2 isn't considered a trusted issuer meaning that https links to
rit.edu will fail.
The host mirror.csclub.uwaterloo.ca has a trusted SSL cert and peering
is good so it can replace rit.edu without performance issues.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[Jo-Philipp Wich: rewrapped commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commit 72d751cba9 "build: rework library bundling" introduced a new helper
binary "runas" whose sole purpose was mangling the argv vector passed to
the actual called ELF image so that the renamed executable could obtain the
proper name from argv[0].
This approach, however totally defeated the purpose of calling bundled ELF
executables through the shipped ld.so loader since the execv() invocation
performed by "runas" would cause the kernel the interprete the final program
image through the system ELF loader again.
To solve the problem, use an alternative approach of shipping a shared object
"runas.so" which uses an ELF ".init_array" function pointer to obtain the
argv[] vector of the to-be-executed main() function and mangle it in-place.
The actual argv[0] value to use is communicated out-of-band using an
environment variable "RUNAS_ARG0" by the shell wrapper script. The wrapper
script also takes care of setting LD_PRELOAD to instruct the shipped ELF
loader to preload the actual ELF program image with the "runas.so" helper
library.
Fixes FS#909.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commit 6f5f328003 removed freebsd.sh
because it was outdated and bad practice. Let's be consistent and remove
openbsd.sh as well.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The script will now detect uid/gid collision and can generate a table of
current allocation
./scripts/package-metadata.pl usergroup tmp/.packageinfo \
| sort -k 1,1r -k 3,3n \
| column -t
This should ensure that no collision will happen for each single build
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
libthread-db is a package that can be configured for external
toolchains, so let's have the script probe for it.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
The script can be used to quickly spin up QEMU virtual machines with lan
and wan network. Please read the initial part of the script for
instructions about how to configure host machine
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Without this change the code checked if the string was contained in the
feature option and not if the string matches the complete word. This only
removes the nand option from the omap24xx target, the other changes are
only removing options which were added twice.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
The feeds script sets value of TOPDIR in a way that is inconsistent
with how toplevel Makefile sets it. The inconsistency manifests when I
use a "build directory" with symlinks to LEDE source (see below).
When make is invoked in such a directory, make's TOPDIR variable is
set to that directory, whereas scripts/feeds sets TOPDIR to the top of
LEDE source, which results in creating feeds directory inside the LEDE
source instead of in the build directory.
This patch changes the script so that it reuses the TOPDIR value form
the environment if it exists. The result is that 'make
package/symlinks' correctly fetches feeds to the build directory
instead in the source.
I use the following commands to create the build directory:
ln -s $SRC/config config
ln -s $SRC/Config.in Config.in
ln -s $SRC/feeds.conf.default feeds.conf.default
ln -s $SRC/include include
ln -s $SRC/Makefile Makefile
mkdir package
ln -s $SRC/package/base-files package/base-files
ln -s $SRC/package/boot package/boot
ln -s $SRC/package/devel package/devel
ln -s $SRC/package/firmware package/firmware
ln -s $SRC/package/kernel package/kernel
ln -s $SRC/package/libs package/libs
ln -s $SRC/package/Makefile package/Makefile
ln -s $SRC/package/network package/network
ln -s $SRC/package/system package/system
ln -s $SRC/package/utils package/utils
ln -s $SRC/rules.mk rules.mk
ln -s $SRC/scripts scripts
ln -s $SRC/target target
ln -s $SRC/toolchain toolchain
ln -s $SRC/tools tools
This allows me to easily test changes in LEDE on multiple targets.
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
Implement a new flag "-f" for the feeds update command which causes the
script to fall back to a more agressive git update strategy in case there
are locally modified files in the feeds directory.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This can be used to tweak the buildbot behavior without having to change
buildbot's configuration.
It will also allow us to add more aggressive clean steps (e.g. on
toolchain changes), which would break developers' workflows if enable
by default.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add a fallback case to get_source_date_epoch.sh which reports the modification
time of the script itself in case there is no SCM information available, e.g.
when downloading .tar.gz or .zip tarballs produced by Github.
Also fix the mercurial case while we're at it.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The short git hash suffix printed by getver.sh is taken from the
latest local commit, change this to use the hash from latest
upstream commit if available. This is considered the intended
behavior based on commit message a642a11fac,
introducing getver.sh.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Conditional dependencies use the '(!cond) || dep' syntax, whereas
conditional select uses 'dep if cond'.
Add an extra check to suppress emitting a conditional if an equal
conditional select already exists.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Rework the bundle-libraries.sh implementation to use a more robust approach
for executing host binaries through the shipped ELF loader and libraries.
The previous approach relied on symlinks pointing to a wrapper script which
caused various issues, especially with multicall binaries as the original
argv[0] name was not preserved through the ld.so invocation. Another down-
side was the fact that the actual binaries got moved into another directory
which caused executables to fail looking up resources with paths relative
to the executable location.
The new library wrapper implements the following improvements:
- Instead of symlinks pointing to a common wrapper, each ELF executable
is now replaced by a unqiue shell script which retains the original
program name getting called
- Instead of letting ld.so invoke the ELF executable directly, launch
the final ELF binary through a helper program which fixes up the argv[0]
argument for the target program
- Support sharing a common location for the bundled libraries instead of
having one copy in each directory containing wrapped binaries
Finally modify the SDK build to wrap the staging_dir and toolchain binaries
which allows to use the SDK on systems with a different glibc version.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This will be used to simplify the build system code for checking hashes.
Instead of using various variants of md5sum / openssl, use one simple
utility for all of them
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Because wget doesn't know how to do Negotiate authentication with a proxy
and curl does, use curl if it's present. The user is expected to have a
~/.curlrc that sets the options necessary for any proxy authentication.
A ~/.curlrc is completely optional however and curl will work in exactly
the same manner as wget without one.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
[Jo-Philipp Wich: Rework code to detect curl usability by checking --version,
Use vararg style open() to bypass the shell when downloading,
Use Text::ParseWords to decompose env vars into arguments]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The external script used to generate the package lists for the
LEDE wiki's table of packages [1] and package indexes [2] requires
a "Source:" field in the package lists to find package makefiles.
The package makefiles are used to read the package's Category and Submenu.
The "Source:" field was removed in commit
b4aa3c899c
to reduce package list sizes and lessen opkg issues in low ram devices.
Add a separate package list file with full data to be used by the wiki's script.
It's called Packages.manifest and isn't compressed as it's not necessary.
1. https://lede-project.org/packages/start
2. https://lede-project.org/packages/index/start
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
This will attempt to automatically fix common mistakes like using MD5
instead of SHA256, using the MD5SUM variable instead of HASH, or even a
missing mirror file hash.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
In the build system, flock will prevent multiple concurrent downloads
for the same file. However, if one download request for the same file is
waiting for another one to finish, it will result in downloading the
same file twice consecutively.
Prevent this issue by exiting immediately if the file has already been
downloaded
Signed-off-by: Felix Fietkau <nbd@nbd.name>
We have switched opkg to sha256 a long time ago, and shrinking package
lists is useful for systems that are running low on RAM
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Change getver.sh to append a short Git commit hash to the end of the artifical
revision number. This way we still have order- and comparable commit numbers
but also a direct relation to the Git commit.
The new output format will look like "r2400+2-882472e" for dirty trees or like
"r2402-882472e" for clean ones.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The SDK Makefile still trys to copy the docs folder which was removed
with 882f4d2d63. This causes an SDK build
error.
All other removals are just cleanup.
Signed-off-by: Mathias Kresin <dev@kresin.me>
If something goes wrong and script can't find upstream revision it will
return something like:
r2220
which looks like a valid upstream revision 2220. We cant' distinguish it
from e.g. 2200 upstream commits and 20 local ones.
The new format still provides revision number but also points clearly
that is may be not the upstream one:
r0+2220
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: John Crispin < john@phrozen.org>
So far we were displaying "local" which could be misinterpreted. It
wasn't possible e.g. to say if src-link feed was initialized or not.
Hopefully "X" makes (a bit) more sense.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
It's always hard to find a reasonable width that will make everyone
happy. This one at least makes "telephony" (one of default feeds) name
fit the column and hopefully isn't too big.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
So far, package-metadata.pl always considered the first provider of a virtual
package to be the default variant which might deviate from what buildroot
considers to be the default.
Change the Kconfig dependency / select code generation for virtual package
providers to consider the DEFAULT_VARIANT to be the primary provider and only
fall back to the first provider if no default variant was explicitely tagged.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Currently the code emitting dependencies for provide candidates is overwriting
the specification calculated by the previous conditional dependency handling
code, rendering dependencies on virtual PROVIDES packages in conjunction with
conditional dependencies unusable.
Instead of overwriting, append the PROVIDES dependency spec in order to fix
using DEPENDS on virtual provider packages in conjunction with conditions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This is outdated and bad practice, general dependencies should be documented and leave the rest up to the user.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
When selecting devices from the Target Devices menu, the brand choices
of naming makes it confusing to find particular devices by name, as the
sorting is case sensitve. AirTight came after ALFA, and devolo and
jjPlus both came after Zyxel.
This does _not_ apply to the Target Profile list, as that includes
"Default - all profiles" inside the profile list.
Signed-off-by: Karl Palsson <karlp@etactica.com>
TARGET_MULTI_PROFILE and TARGET_PER_DEVICE_ROOTFS get some help text to
try and clarify their behaviour.
Signed-off-by: Karl Palsson <karlp@etactica.com>
If core packages are overridden, CONFIG_OVERRIDE_PKGS is set
based on the scan order of packages, which eventually causes
that config value to be modified on each build and with
that causes the build process to warn for configuration
being out of sync.
This commit changes the CONFIG_OVERRIDE_PKGS to be sorted
and prevents that false warning.
Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
Add a new option to each device in multi-profile mode, allowing to provide
a list of packages to add or remove. In case of added packages, the user
must take care that these are selected to be built.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Dependencies on purely virtual packages (satisfied by PROVIDES) that were
not using "selects" ("+" flag) would be prepended with the prefix
"PACKAGE_" twice, breaking the first alternative.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Move the "which svn" and "which git" calls next to the timestamp commands
using those tools to not prematurely fail on systems where svn or git are
not present.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
9pfs is used by kvm to share files between host and guest,
add proper config option to enable it.
Signed-off-by: Matteo Croce <matteo.croce@canonical.com>
Fix the scripts/remote-gdb script when CONFIG_BUILD_SUFFIX is set.
CONFIG_BUILD_SUFFIX extends the name of the folder build_dir/target*
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Now that the "sysupgrade-nand" step is used by non-NAND targets as well,
rename it to "sysupgrade-tar" to make it more generic.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Older git versions seem output the original argument to stdout if there
is no upstream, presumably because they try to do things with it
internally. This can be prevented by passing --verify to it, which
should be safe on newer git versions.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Instead of assuming master is the current branch and origin the right
upstream, try to get both dynamically. If the current branch is not
tracking any upstream, use the origin of the master branch.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
This is not a valid option in older git version, used in e.g. RHEL6.
Reported-by: Steven Haigh <netwiz@crc.id.au>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Change the revision output to r<upstream-revision>+<local commits> so
it is easier to get the base revision (and see if there are local
commits).
Example:
$ ./scripts/getver.sh
r794+3
$
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Instead of ignoring all metadata for package/kernel/linux, process it
and only suppress emitting config data to tmp/.config-package.in
This ensures that packages that select kmod-* packages can inherit their
depdendencies.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This patch adds support of Mikrotik yaffs2 filesystem image for kernel file
and tools/kernel2minor package.
We neede this to boot kernel through RouterBoot on new Mikrotik NOR flash devices.
Signed-off-by: Sergey Sergeev <adron@yapic.net>
When using scripts/feeds upgrade the .config needs to be
updated but the code to do so was also autocreating a
.config if one didn't exist. This is counter-productive
when you have not yet used menuconfig (or other config targets)
because things like selecting or deselecting CONFIG_ALL
(to build all package by default) only works if the
package selection has not already been done via an
existing .config selection.
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
Provide HTTPS URL when possible, try to keep 8 mirrors per entry and spread
over several locations of the world. Since most active contributors are in
US/CA and/or EU prioritize mirrors that are within those regions if possible.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Apparently symlink-tree has not been used in quite some time as it
fails to symlink the always required config dir
Also, if we pulled from git but .git is missing we get
many error messages on the symlinked tree without this
patch (which symlinks .git, if present)
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
According to gzip 1.7 release note:
The GZIP environment variable is now obsolescent; gzip now warns if
it is used, and rejects attempts to use dangerous options or operands.
You can use an alias or script instead.
Fix this warning by using pipe instead
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
Introduce a new symbol ALL_NONSHARED which selects all non-sharable packages
by default. This option is mainly intented for buildbot setups to build the
target dependant software subset only.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add a new string symbol "CONFIG_TARGET_SUBTARGET" which contains the name of
the chosen subtarget or "generic" if there are no subtargets available.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>