Sercomm firmwares are encrypted with AES 256 CBC.
The key is generated with a custom algorithm from the firmware tag:
char key[32];
char version[32];
char iv[32];
char random[32];
char size[32];
Key must be generated with Sercomm's algorithm. However, the rest of the
header can be empty. IV and random are set to 0 on purpose.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[cut out of patch with different subject]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
These are in if statements (where they should be), and echo output that is
not piped to anything. These should be safe.
Found with shellcheck.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This is a temporary commit to have 'make config-clean' remove
temporary files from the previous scripts/config version.
The .gitignore file is updated to deal with the old files as well.
Cc: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Major changes include:
- Much more readable reverse dependencies separated in groups
- Improved recursive dependency report
- More readable .config files: add comments to signal end of menus
- More warnings for incorrect Config.in entries, such as a 'choice'
default not contained in the 'choice'
- Hability to properly display pseudographics with non-latin locales
- Recursive dependencies can optionally be treated as errors
Changes from failed dcf3e63a35 attempt:
- Recursive dependencies are treated as warnings by default
- The option to treat them as errors is implemented as a command-line
flag to scripts/config/conf instead of a compile-time definition
- fixed handling of select with umnet dependencies
Cc: Petr Štetiar <ynezz@true.cz>
Cc: Jo-Philip Wich <jow@mein.io>
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
OpenWrt now has a CDN for sources at sources.cdn.openwrt.org which
mirrors sources.openwrt.org.
Downloading sources outside Europe or US (mainland) could
result in low throughput, extremely slowing down the first compilation of
the build system.
This patch adds sources.cdn.openwrt.org as the first mirror to offer
worldwide fast download speeds by default. If the CDN goes down for
whatever reason, the script jumps to the next available mirror and
downloads requested files as before (in regional varying speed).
Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The JSON `WORK_DIR` ($(KDIR)/json_info_files) is only created if the new
image generation methods from `image.mk` are used. However some targets
like `armvirt` do not use it yet, so the folder is never created.
The `json_overview_image_info.py` script used to raise an error if the
given `WORK_DIR` isn't a folder, however it should just notify about
missing JSON files.
This patch removes the Python assert and exists with code 0 even if no
JSON files were found, as this is not necessarily an error but simply
not yet implemented. Using `glob` on an not existing `Path` results in
an empty list, therefore the for loop won't run.
Signed-off-by: Paul Spooren <mail@aparcar.org>
CC: Petr Štetiar <ynezz@true.cz>
This reverts commit dcf3e63a35.
The kconfig update requires further testing and refinement until it can
remain in tree. Main problems are:
- Recursive deps are now fatal instead of a warning
- Previously legal syntax now leads to hard failures
- It fails all package builds since multiple days
The updated kconfig implementation needs to cope with the current status
quo in the various package feeds before we can reconsider it for master.
It is not desirable that single broken packages can hard-fail the entire
build pipeline.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This reverts commit 3204430e38.
Reverting this commit in preparation for reverting
dcf3e63a35 ("build: scripts/config - update to kconfig-v5.6") which
introduces various unaddressed build breakages.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This reverts commit 8514b6b42c.
Reverting this commit in preparation for reverting
dcf3e63a35 ("build: scripts/config - update to kconfig-v5.6") which
introduces various unaddressed build breakages.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
kconfig-v5.6 disallowed a bool symbol to select another symbol that
'depends on m' (i.e. can be only 'm' on 'n'). It is, in fact, an unmet
dependency to have set to 'y'. However, openwrt depends on the previous
behavior, to be able to build a package that can be a module or built-in
depending on a bool config. This restores the previous behavior.
Ref: https://forum.openwrt.org/t/wireless-fails-on-snapshot-r12900-kernel-5-4-on-c2600-ipq806x
Tested-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [added forum ref]
This addes the option to treat recursive dependencies as warnings
instead of errors, by running make with WARN_RECURSIVE_DEP=1.
Note that the script/config targets will not get rebuilt when you add or
remove WARN_RECURSIVE_DEP while running make. One must run
'make config-clean' before building config with a different setting.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Major changes include:
- Much more readable reverse dependencies separated in groups
- Improved recursive dependency report
- More readable .config files: add comments to signal end of menus
- More warnings for incorrect Config.in entries, such as a 'choice'
default not contained in the 'choice'
- Hability to properly display pseudographics with non-latin locales
- Recursive dependencies are now treated as errors - this should make
it harder for them to creep in.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Instead of passing pkg-config location through a variable when building
qconf (make xconfig), prepend its parent directory to the PATH, as it is
being done for other conf targets.
Use a Makefile pattern rule to group all 'scripts/config/%onf'
(currently conf, mconf, qconf) targets in a single rule. Add -O2 to
CFLAGS when building them as well.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
JSON info files contain machine readable information of built profiles
and resulting images. These files were added in commit 881ed09ee6
("build: create JSON files containing image info").
They are useful for firmware wizards and script checking for
reproducibility.
Currently all JSON files are stored next to the built images, resulting
in up to 168 individual files for the ath79/generic target.
This patch refactors the JSON creation to store individual per image
(not per profile) files in $(BUILD_DIR)/json_info_files and create an
single overview file called `profiles.json` in the target directory.
Storing per image files and not per profile solves the problem of
parallel file writes. If a profiles sysupgrade and factory image are
finished at the same time both processes would write to the same JSON
file, resulting in randomly broken outputs.
Some target like x86/64 do not use the image code yet, resulting in
missing JSON files. If no JSON info files were created, no
`profiles.json` files is created as it would be empty anyway.
As before, this creation is enabled by default only if `BUILDBOT` is set.
Tested via buildroot & ImageBuilder on ath79/generic, imx6 and x86/64.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[json_info_files dir handling in Make, if case refactoring]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Add EFI platform bootable images for x86 platforms. These images can
also boot from legacy BIOS platform.
EFI System Partition need to be fat12/fat16/fat32 (not need to load
filesystem drivers), so the first partition of EFI images are not ext4
filesystem any more.
GPT partition table has an alternate partition table, we did not
generate it. This may cause problems when use these images as qemu disk
(kernel can not find rootfs), we pad enough sectors will be ok.
Signed-off-by: 李国 <uxgood.org@gmail.com>
[part_magic_* refactoring, removed genisoimage checks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
qemustart allows easy testing of created images via `qemu`. The script
automatically selects created images and can setup e.g. networks.
As the x86 target now uses the generic image.mk the profile appears also
in the image name, this is *generic*.
Add the profile name to the qemustart script so it still finds the file.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Currently, a symbolic link whose target is a directory will not be
removed when cleaning packages from STAGING_DIR.
In the first cleaning pass in scripts/clean-package.sh, the -f test for
a directory symlink returns false (because the link target is a
directory) and so the symlink is not removed.
In the second pass, the -d test returns true for a directory symlink,
but the symlink is not removed by rmdir because rmdir only removes
(real) directories.
This updates clean-package.sh to remove all non-directories (including
symbolic links) in the first pass.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This replaces deprecated backticks by more versatile $(...) syntax.
Found with shellcheck.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[adjust commit title and message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This replaces deprecated backticks by more versatile $(...) syntax.
Found with shellcheck.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[slightly adjusted commit title, added commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This replaces deprecated backticks by more versatile $(...) syntax.
Found with shellcheck.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[adjust commit title and message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
apache mirrors holds only latest releases, to download
older releases, one must use archive.apache.org to get
them.
Signed-off-by: Jiri Kastner <cz172638@gmail.com>
UUID of ext4 volumes generated by make_ext4fs are determined by volume
label and it will all be 57f8f4bc-abf4-655f-bf67-946fc0f9f25b when label
is empty
Labeling them does not make them unique but tools like block command
from fstools have a better chance differentiating them
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Set the image sequence number to SOURCE_DATE_EPOCH.
If not set, ubinize will use rand() as image sequence.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
This script allows image signing indipendend of the actual build
process, to run on a master server after receiving freshly backed
images. Idea is to avoid storying private keys on third party builders
while still beeing to be able to sign packages.
Run ./scripts/sign_images.sh with the following env vars:
* TOP_DIR where to search for sysupgrade.bin images
* BUILD_KEY place of key-build{,.pub,.ucert}
* REMOVE_OTHER_SIGNATURES removes signatures added by e.g. buildbots
Only sysupgrade.bin files are touched as factory.bin signatures wouldn't
be evaluated on stock from.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The JSON info files contain details about the created firmware images
per device and are stored next to the created images.
The JSON files are stored as "$(IMAGE_PREFIX).json" and contain some
device/image meta data as well as a list of created firmware images.
An example of openwrt-ramips-rt305x-aztech_hw550-3g.json
{
"id": "aztech_hw550-3g",
"image_prefix": "openwrt-ramips-rt305x-aztech_hw550-3g",
"images": [
{
"name": "openwrt-ramips-rt305x-aztech_hw550-3g-squashfs-sysupgrade.bin",
"sha256": "db2b34b0ec4a83d9bf612cf66fab0dc3722b191cb9bedf111e5627a4298baf20",
"type": "sysupgrade"
}
],
"metadata_version": 1,
"supported_devices": [
"aztech,hw550-3g",
"hw550-3g"
],
"target": "ramips/rt305x",
"titles": [
{
"model": "HW550-3G",
"vendor": "Aztech"
},
{
"model": "ALL0239-3G",
"vendor": "Allnet"
}
],
"version_commit": "r10920+123-0cc87b3bac",
"version_number": "SNAPSHOT"
}
Signed-off-by: Paul Spooren <mail@aparcar.org>
`make xconfig` fails with following linking error of qconf binary:
g++ -lQt5Widgets -lQt5Gui -lQt5Core -o qconf qconf.o zconf.tab.o
/usr/bin/ld: qconf.o: in function ConfigList::metaObject() const': qconf.cc:(.text+0x3eb): undefined reference to QObjectData::dynamicMetaObject() const'
/usr/bin/ld: qconf.o: in function `ConfigList::qt_metacast(char const*)': link error.
which is caused by the wrong order of the linked objects/libraries so
this patch reorders the linker's arguments which makes the qconf compile
again.
Signed-off-by: leo chung <gewalalb@gmail.com>
[commit subject and message tweaks, whitespace fix]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
On a recent Gentoo Linux installation, invoking `make menuconfig`, `make
kernel_menuconfig` or `make kernel_nconfig` in the build system fails,
whereas for example `make menuconfig` in the kernel tree alone works as
expected.
This is happening because STAGING_PREFIX is not defined when kernel's
{menu,n}config target calls pkg-config from the toolchain/host and thus
pkg-config returns an empty value, and the fallback values in the kernel
config script are applied but those are off and the linking fails.
Solution is to use system's pkg-config for all ncurses based menu config
targets in order to provide proper compiler/linker flags.
Ref: FS#2423
Cc: Thomas Albers <thomas.gameiro@gmail.com>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
If no device tree is given there is no node generated, but
the configuration does still include the name of the missing node.
This will result in a successful build fit image, but bootm does
throw a error message if we want to boot the bad configuration.
Signed-off-by: Johann Neuhauser <jneuhauser@dh-electronics.com>
SquashFS has a minimum block size of at least 1k, so we need to make
sure the last data block is also at least that big.
This is not an issue on NOR or SD CARD devices, since their rootfs
partitions go all the way to the end of the usable space.
But on NAND with ubiblock, the rootfs partition will be the exact space,
rounded up to LEB size. Unfortunately, some NAND chips with small sub
pages have a LEB size of x.5 kiB. This can cause the the last data block
to be less than 1k, which will cause the last block to be inaccessible,
causing boot failures as seen on MR24:
[ 1.532960] block ubiblock0_3: created from ubi0:3(rootfs)
[ 1.538457] ubiblock: device ubiblock0_3 (rootfs) set to be root filesystem
[ 1.552847] SQUASHFS error: squashfs_read_data failed to read block 0x621472
[ 1.559896] squashfs: SQUASHFS error: unable to read id index table
[ 1.566474] VFS: Cannot open root device "(null)" or unknown-block(254,0): error -5
Since on most NOR devices, the start of the squashfs partition is not
aligned. Since the start of the rootfs_data partition there is dependend
on the SquashFS size, we cannot just always pad it, as the padding could
creep into the rootfs_data partition, breaking jffs2.
So fix this by ensuring a squashfs rootfs is always a multiple of 1k
only for UBI and NAND sysupgrade images.
Fixes#2460 without affecting NOR devices.
Tested-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Álvaro Fernández Rojas
Rosen Penev
Eneas U de Queiroz
Paul Spooren
Jo-Philipp Wich
李国
Jeffery To
Adrian Schmutzler
Jiri Kastner
Yousong Zhou
Alexander Couzens
leo chung
Petr Štetiar
Johann Neuhauser
Felix Fietkau
Jonas Gorski