Remove references to /etc/, /lib/ and /usr/ from the bundled ld.so
interpreter using simple binary patching.
This is needed to prevent loading host system libraries such as
libnss_compat.so.2 on foreign systems, which may result in ld.so
inconsistency assertions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Prevent emitting broken dependency statements when resolving references
to non existing packages to an empty provider list.
Fixes: 47d6b05ad3 ("metadata: always resolve dependencies through provides list")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The logic for choice between source and binary packages was reversed.
Fixes: 52719c2b67 "metadata: scripts/feeds: distinguish between source
and binary packages, resolve virtual dependencies"
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Package "features" seem to be unused for some time. In any case, custom
Config.in snippets and package PROVIDES are a much more flexible way to
express similar options.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Properly resolve build depends to source packages and runtime depends to
binary packages. Dependencies on virtual packages are resolved to the first
provider now.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Instead of adding virtual packages to the normal package list, keep a
separate list for provides, make each package provide itself, and resolve
all dependencies through this list. This allows to use PROVIDES to replace
existing packages.
Fixes FS#837.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Runtime depends cannot have a buildtype suffix, and they never refer to
source package names. In addition, this adds warnings about unsatisfiable
dependencies.
Furthermore, this change fixes the generation of conditional build
dependencies for virtual packages provided by different source packages.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Target build depends are similar to host build depends in that they refer
to source packages rather than binary packages. Therefore, it makes sense
to handle them together, rather than putting them in a list together with
runtime depends and trying to figure out if the entries refer to source or
to binary packages afterwards.
This does lead to PKG_BUILD_DEPENDS entries referring to binary package
names not working anymore, which requires some fixes in the package
repositories.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This feature has been unused for years, and its scope is too limited to be
actually useful.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Every single reference to subdir was concatenated with the source package
name, so it makes sense to store the concatenated value instead.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
We often want to access fields of a source packages through pkg->{src}.
Allow accessing them directly instead of resolving the source hash through
srcpackages.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
All build dependencies are between source packages. Interating over source
rather than binary packages simplifies parts of the code and prepares
further improvement.
As a side effect, this changes the implicit default variant of a few
packages (the first defined is used now instead of the lexicographically
first).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Build types are a property of source rather than binary packages. This is a
preparation for followup cleanup.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Turn the srcpackage values into hashes to allow storing more information
than just binary package names.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Nothing explicitly depends on base-files, and even if it would, it would
not cause any problems. Remove the unused special case.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The new build commands operate on the input image and use it again as
output image. This conflicts with the way combined-ext-image.sh was
operating. It required that input and output files are different files and
and that it can write freely to the output file.
This can be avoided when all intermediate build steps by
combined-ext-image.sh are done in a temporary directory. The output file is
then only overwritten in the last step.
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
A self-dependency is not an error worth a warning; rather, it is very
common: whenever there are dependencies between different binary packages
originating from the same source package, such dependencies occur. Not
actually generating dependency rules is correct, but already handled a few
lines below.
A typo prevented this redundant rule from working, which is the reason the
warning was not actually printed.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
When calling a download target, hash verification is now completely
skipped if we set PKG_HASH=skip.
This allows to easily bump package version:
$ make package/<mypackage>/download PKG_HASH=skip V=s
$ make package/<mypackage>/check FIXUP=1 V=s
This will download the new version of the package, and then automatically
update PKG_HASH with the hash of the new version. Of course, it is still
the responsibility of the packager to ensure that the new tarball is
legitimate, because it is downloaded from a possibly untrusted source.
Fixes: b30ba14e ("scripts/download.pl: fail loudly if provided hash is unsupported")
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: John Crispin <john@phrozen.org>
This commit adds qconf related files to .gitignore.
The files to be tracked are qconf.cc, qconf.h, and images.c.
The files to be ignored are qconf*.o, qconf*, qconf.moc, and
.tmp_qtcheck.
Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
qconf is kconfig UI utilizing QT toolkit. This makes it possible to use
graphical interface interaction to configure LEDE build target.
This commit adds qconf target to ./script/config/Makefile to be used by
toplevel ``make xconfig`` later.
Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
Fix multiple syntax errors in shelscripts (of packages only)
These errors were causing many conditions to not working properly
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[increase PKG_RELEASE, drop command substitution from directip.sh]
Signed-off-by: Mathias Kresin <dev@kresin.em>
Currently, if the provided hash is unsupported (length different from 32
or 64 bytes), we happily download the requested file without any kind of
checksum verification.
This is quite dangerous and may provide a false sense of security, because
a single typo in the hash (e.g. one character deleted by mistake) may skip
checksum verification entirely.
Instead, fail immediately if we don't support the provided hash.
In particular, if an external package repository decides to change the
hash algorithm one day, we will now fail loudly instead of skipping
checksum verification without complaints.
Note: if some users of scripts/download.pl knowingly provide an empty hash
because they don't need checksum verification, this change will break
them. This does not seem to be the case currently, but if this feature is
ever needed, an option should be added to download.pl instead of relying
on the hash being empty.
Fixes: eaa4eba10a ("scripts/download.pl: add SHA-256 support")
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
If CONFIG_DOWNLOAD_FOLDER is set to for example "~/dl", the download
script fails to create the .hash and .dl files with the following
errors:
Cannot create file ~/dl/dropbear-2017.75.tar.bz2.dl: No such file or directory
sh: 1: cannot create ~/dl/dropbear-2017.75.tar.bz2.hash: Directory nonexistent
If the tarball already exists in the ~/dl dir, it's properly found and
used, so this issue only affects the download.pl script.
This patch calls glob() on the target dir parameter, which will expand `~`.
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
When a package declares a PKG_BUILD_DEPENDENCY or HOST_BUILD_DEPENDENCY on
a not existing build type, the metadata script will emit a reference to an
unresolvable build target in tmp/.packagedeps, causing the make process to
fail hard in a way not catchable by the IGNORE_ERRORS mechanism.
In a situation where a package "test-a" declares a build dependency
"PKG_BUILD_DEPENDS:=test-b/host" while the Makefile of "test-b" does not
implement a HostBuild, make fails with an unrecoverable error in the form:
make[1]: Entering directory '...'
make[1]: *** No rule to make target 'package/test-b/host/compile',
needed by 'package/test-a/compile'. Stop.
make[1]: Leaving directory '...'
.../toplevel.mk:200: recipe for target 'package/test-a/compile' failed
make: *** [package/test-a/compile] Error 2
Extend the metadata generation script to catch such unresolved references
and emit a visable warning upon detection.
After this change, the script will emit a warning similar to:
WARNING: Makefile "package/test-a/Makefile" has a build dependency on
"test-b/host" but "package/test-b/Makefile" does not implement a
"host" build type
Fixes a global build cluster outage which occured after the "python-cffi"
feed package removed its HostBuild which the "python-cryptography" package
build-depended on.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Only mangle argv[0] of the first executed process and leave the argument
vector of subsequent invocations as-is to allow child programs to properly
discover resources relative to their binary locations.
Fixes "cc1" discovery when executing the host gcc through the bundled
"ccache" executable.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Internet2 isn't considered a trusted issuer meaning that https links to
rit.edu will fail.
The host mirror.csclub.uwaterloo.ca has a trusted SSL cert and peering
is good so it can replace rit.edu without performance issues.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[Jo-Philipp Wich: rewrapped commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commit 72d751cba9 "build: rework library bundling" introduced a new helper
binary "runas" whose sole purpose was mangling the argv vector passed to
the actual called ELF image so that the renamed executable could obtain the
proper name from argv[0].
This approach, however totally defeated the purpose of calling bundled ELF
executables through the shipped ld.so loader since the execv() invocation
performed by "runas" would cause the kernel the interprete the final program
image through the system ELF loader again.
To solve the problem, use an alternative approach of shipping a shared object
"runas.so" which uses an ELF ".init_array" function pointer to obtain the
argv[] vector of the to-be-executed main() function and mangle it in-place.
The actual argv[0] value to use is communicated out-of-band using an
environment variable "RUNAS_ARG0" by the shell wrapper script. The wrapper
script also takes care of setting LD_PRELOAD to instruct the shipped ELF
loader to preload the actual ELF program image with the "runas.so" helper
library.
Fixes FS#909.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commit 6f5f328003 removed freebsd.sh
because it was outdated and bad practice. Let's be consistent and remove
openbsd.sh as well.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The script will now detect uid/gid collision and can generate a table of
current allocation
./scripts/package-metadata.pl usergroup tmp/.packageinfo \
| sort -k 1,1r -k 3,3n \
| column -t
This should ensure that no collision will happen for each single build
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
libthread-db is a package that can be configured for external
toolchains, so let's have the script probe for it.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
The script can be used to quickly spin up QEMU virtual machines with lan
and wan network. Please read the initial part of the script for
instructions about how to configure host machine
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Without this change the code checked if the string was contained in the
feature option and not if the string matches the complete word. This only
removes the nand option from the omap24xx target, the other changes are
only removing options which were added twice.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
The feeds script sets value of TOPDIR in a way that is inconsistent
with how toplevel Makefile sets it. The inconsistency manifests when I
use a "build directory" with symlinks to LEDE source (see below).
When make is invoked in such a directory, make's TOPDIR variable is
set to that directory, whereas scripts/feeds sets TOPDIR to the top of
LEDE source, which results in creating feeds directory inside the LEDE
source instead of in the build directory.
This patch changes the script so that it reuses the TOPDIR value form
the environment if it exists. The result is that 'make
package/symlinks' correctly fetches feeds to the build directory
instead in the source.
I use the following commands to create the build directory:
ln -s $SRC/config config
ln -s $SRC/Config.in Config.in
ln -s $SRC/feeds.conf.default feeds.conf.default
ln -s $SRC/include include
ln -s $SRC/Makefile Makefile
mkdir package
ln -s $SRC/package/base-files package/base-files
ln -s $SRC/package/boot package/boot
ln -s $SRC/package/devel package/devel
ln -s $SRC/package/firmware package/firmware
ln -s $SRC/package/kernel package/kernel
ln -s $SRC/package/libs package/libs
ln -s $SRC/package/Makefile package/Makefile
ln -s $SRC/package/network package/network
ln -s $SRC/package/system package/system
ln -s $SRC/package/utils package/utils
ln -s $SRC/rules.mk rules.mk
ln -s $SRC/scripts scripts
ln -s $SRC/target target
ln -s $SRC/toolchain toolchain
ln -s $SRC/tools tools
This allows me to easily test changes in LEDE on multiple targets.
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
Implement a new flag "-f" for the feeds update command which causes the
script to fall back to a more agressive git update strategy in case there
are locally modified files in the feeds directory.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This can be used to tweak the buildbot behavior without having to change
buildbot's configuration.
It will also allow us to add more aggressive clean steps (e.g. on
toolchain changes), which would break developers' workflows if enable
by default.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add a fallback case to get_source_date_epoch.sh which reports the modification
time of the script itself in case there is no SCM information available, e.g.
when downloading .tar.gz or .zip tarballs produced by Github.
Also fix the mercurial case while we're at it.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The short git hash suffix printed by getver.sh is taken from the
latest local commit, change this to use the hash from latest
upstream commit if available. This is considered the intended
behavior based on commit message a642a11fac,
introducing getver.sh.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Conditional dependencies use the '(!cond) || dep' syntax, whereas
conditional select uses 'dep if cond'.
Add an extra check to suppress emitting a conditional if an equal
conditional select already exists.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Rework the bundle-libraries.sh implementation to use a more robust approach
for executing host binaries through the shipped ELF loader and libraries.
The previous approach relied on symlinks pointing to a wrapper script which
caused various issues, especially with multicall binaries as the original
argv[0] name was not preserved through the ld.so invocation. Another down-
side was the fact that the actual binaries got moved into another directory
which caused executables to fail looking up resources with paths relative
to the executable location.
The new library wrapper implements the following improvements:
- Instead of symlinks pointing to a common wrapper, each ELF executable
is now replaced by a unqiue shell script which retains the original
program name getting called
- Instead of letting ld.so invoke the ELF executable directly, launch
the final ELF binary through a helper program which fixes up the argv[0]
argument for the target program
- Support sharing a common location for the bundled libraries instead of
having one copy in each directory containing wrapped binaries
Finally modify the SDK build to wrap the staging_dir and toolchain binaries
which allows to use the SDK on systems with a different glibc version.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This will be used to simplify the build system code for checking hashes.
Instead of using various variants of md5sum / openssl, use one simple
utility for all of them
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Because wget doesn't know how to do Negotiate authentication with a proxy
and curl does, use curl if it's present. The user is expected to have a
~/.curlrc that sets the options necessary for any proxy authentication.
A ~/.curlrc is completely optional however and curl will work in exactly
the same manner as wget without one.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
[Jo-Philipp Wich: Rework code to detect curl usability by checking --version,
Use vararg style open() to bypass the shell when downloading,
Use Text::ParseWords to decompose env vars into arguments]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The external script used to generate the package lists for the
LEDE wiki's table of packages [1] and package indexes [2] requires
a "Source:" field in the package lists to find package makefiles.
The package makefiles are used to read the package's Category and Submenu.
The "Source:" field was removed in commit
b4aa3c899c
to reduce package list sizes and lessen opkg issues in low ram devices.
Add a separate package list file with full data to be used by the wiki's script.
It's called Packages.manifest and isn't compressed as it's not necessary.
1. https://lede-project.org/packages/start
2. https://lede-project.org/packages/index/start
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
This will attempt to automatically fix common mistakes like using MD5
instead of SHA256, using the MD5SUM variable instead of HASH, or even a
missing mirror file hash.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
In the build system, flock will prevent multiple concurrent downloads
for the same file. However, if one download request for the same file is
waiting for another one to finish, it will result in downloading the
same file twice consecutively.
Prevent this issue by exiting immediately if the file has already been
downloaded
Signed-off-by: Felix Fietkau <nbd@nbd.name>
We have switched opkg to sha256 a long time ago, and shrinking package
lists is useful for systems that are running low on RAM
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Change getver.sh to append a short Git commit hash to the end of the artifical
revision number. This way we still have order- and comparable commit numbers
but also a direct relation to the Git commit.
The new output format will look like "r2400+2-882472e" for dirty trees or like
"r2402-882472e" for clean ones.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The SDK Makefile still trys to copy the docs folder which was removed
with 882f4d2d63. This causes an SDK build
error.
All other removals are just cleanup.
Signed-off-by: Mathias Kresin <dev@kresin.me>
If something goes wrong and script can't find upstream revision it will
return something like:
r2220
which looks like a valid upstream revision 2220. We cant' distinguish it
from e.g. 2200 upstream commits and 20 local ones.
The new format still provides revision number but also points clearly
that is may be not the upstream one:
r0+2220
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: John Crispin < john@phrozen.org>
So far we were displaying "local" which could be misinterpreted. It
wasn't possible e.g. to say if src-link feed was initialized or not.
Hopefully "X" makes (a bit) more sense.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
It's always hard to find a reasonable width that will make everyone
happy. This one at least makes "telephony" (one of default feeds) name
fit the column and hopefully isn't too big.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
So far, package-metadata.pl always considered the first provider of a virtual
package to be the default variant which might deviate from what buildroot
considers to be the default.
Change the Kconfig dependency / select code generation for virtual package
providers to consider the DEFAULT_VARIANT to be the primary provider and only
fall back to the first provider if no default variant was explicitely tagged.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Currently the code emitting dependencies for provide candidates is overwriting
the specification calculated by the previous conditional dependency handling
code, rendering dependencies on virtual PROVIDES packages in conjunction with
conditional dependencies unusable.
Instead of overwriting, append the PROVIDES dependency spec in order to fix
using DEPENDS on virtual provider packages in conjunction with conditions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This is outdated and bad practice, general dependencies should be documented and leave the rest up to the user.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
When selecting devices from the Target Devices menu, the brand choices
of naming makes it confusing to find particular devices by name, as the
sorting is case sensitve. AirTight came after ALFA, and devolo and
jjPlus both came after Zyxel.
This does _not_ apply to the Target Profile list, as that includes
"Default - all profiles" inside the profile list.
Signed-off-by: Karl Palsson <karlp@etactica.com>
TARGET_MULTI_PROFILE and TARGET_PER_DEVICE_ROOTFS get some help text to
try and clarify their behaviour.
Signed-off-by: Karl Palsson <karlp@etactica.com>
If core packages are overridden, CONFIG_OVERRIDE_PKGS is set
based on the scan order of packages, which eventually causes
that config value to be modified on each build and with
that causes the build process to warn for configuration
being out of sync.
This commit changes the CONFIG_OVERRIDE_PKGS to be sorted
and prevents that false warning.
Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
Add a new option to each device in multi-profile mode, allowing to provide
a list of packages to add or remove. In case of added packages, the user
must take care that these are selected to be built.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Dependencies on purely virtual packages (satisfied by PROVIDES) that were
not using "selects" ("+" flag) would be prepended with the prefix
"PACKAGE_" twice, breaking the first alternative.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Move the "which svn" and "which git" calls next to the timestamp commands
using those tools to not prematurely fail on systems where svn or git are
not present.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
9pfs is used by kvm to share files between host and guest,
add proper config option to enable it.
Signed-off-by: Matteo Croce <matteo.croce@canonical.com>
Fix the scripts/remote-gdb script when CONFIG_BUILD_SUFFIX is set.
CONFIG_BUILD_SUFFIX extends the name of the folder build_dir/target*
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Now that the "sysupgrade-nand" step is used by non-NAND targets as well,
rename it to "sysupgrade-tar" to make it more generic.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Older git versions seem output the original argument to stdout if there
is no upstream, presumably because they try to do things with it
internally. This can be prevented by passing --verify to it, which
should be safe on newer git versions.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Instead of assuming master is the current branch and origin the right
upstream, try to get both dynamically. If the current branch is not
tracking any upstream, use the origin of the master branch.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
This is not a valid option in older git version, used in e.g. RHEL6.
Reported-by: Steven Haigh <netwiz@crc.id.au>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Change the revision output to r<upstream-revision>+<local commits> so
it is easier to get the base revision (and see if there are local
commits).
Example:
$ ./scripts/getver.sh
r794+3
$
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>