Commit Graph

119 Commits (cd262f59cbf1bbf9af344196291d256e6a3351f1)

Author SHA1 Message Date
Jo-Philipp Wich 0a4a82a431 config: introduce separate CONFIG_SIGNATURE_CHECK option
Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value
of CONFIG_SIGNED_PACKAGES and thus is enabled by default.

This option is needed to support building target opkg with enabled
signature verification while having the signed package lists disabled.

Our buildbots currently disable package signing globally in the
buildroot and SDK to avoid the need to ship private signing keys to
the build workers and to prevent the triggering of random key generation
on the worker nodes since package signing happens off-line on the master
nodes.

As unintended side-effect, updated opkg packages will get built with
disabled signature verification, hence the need for a new override option.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f565f276e2)
2019-08-07 07:54:27 +02:00
Felix Fietkau 42dafa0ac5 build: add support for enabling the rootfs/boot partition size option via target feature
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from 00f030a9c6)
2018-12-18 11:28:12 +01:00
Hauke Mehrtens fc166931fa config: fix ARM64 dependency check
The ARM64 CPUs use aarch64 config symbol, fix the depends lines.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-10 20:16:39 +01:00
Yousong Zhou d76ad1dc79 lantiq: ase: turn off fpu emulator in default build
It was only enabled when the target was added back in commit 9b321bc
("lantiq: add Amazon-SE subtarget")

Leave pistachio alone as devices of this target are not likely have
small_flash or low_mem constraint

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-29 17:34:48 +08:00
Yousong Zhou 82ceb2ad2a build: add config option KERNEL_MIPS_FPU_EMULATOR
To make it more accessible for nodejs users to configure and run a build
on mips target lacking hardware fpu

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-29 15:06:53 +08:00
Julien Dusser 241e6dd3e9 build: cleanup SSP_SUPPORT configure option
Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh,
avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain
and depends it means 'build gcc with libssp'.

Musl no longer uses libssp (1877bc9d8f), it has internal support, so
SSP_SUPPORT was disabled leading some package to not use SSP.

No information why Glibc and uClibc use libssp, but they may also provide
their own SSP support. uClibc used it own with commit 933b588e25 but it was
reverted in f3cacb9e84 without details.

Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT
if either USE_MUSL or GCC_LIBSSP.

Signed-off-by: Julien Dusser <julien.dusser@free.fr>
2018-01-27 19:02:48 +01:00
Julien Dusser df0bd42fde build: add hardened builds with PIE (ASLR) support
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.

Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.

Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.

If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.

Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
2018-01-27 16:46:45 +01:00
Alexandru Ardelean ab6a96f3f5 Config-devel.in: rename symbol KERNEL_GIT_BRANCH -> KERNEL_GIT_REF
The Download/git rule will do a `git checkout <git-ref>`.
So, we can use any ref we want.

No need to limit just to branches.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2018-01-27 16:46:45 +01:00
Yousong Zhou dc555d003c build: disable BUILD_PATENTED by default
This is mainly for legal considerations and not promoting the usage of
and no redistribution of binaries of patented technologies seems to be
also the established practice in other linux distros.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-26 09:45:08 +08:00
Koen Vandeputte fce35bce0f config: support new symbol intro'd in kernel 4.12
Symbol CONFIG_INITRAMFS_FORCE allows to ignore the value passed by the
bootloader.

By default, all symbols containing INITRAMFS are wiped from the final
config and then re-added conditionally.

Add support for this symbol, as the build will stop otherwise
questioning the user about this option:

* Restart config...
*
*
* General setup
*
Cross-compiler tool prefix (CROSS_COMPILE) []
Compile also drivers which will not load (COMPILE_TEST) [N/y/?] n

...

Initial RAM filesystem and RAM disk (initramfs/initrd) support
(BLK_DEV_INITRD) [Y/n/?] y
Initramfs source file(s) (INITRAMFS_SOURCE) []
Ignore the initramfs passed by the bootloader (INITRAMFS_FORCE)
[N/y/?] (NEW)

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-13 16:27:45 +01:00
Matthias Schiffer ef27f15330
kernel: allow disabling multicast routing support
Multicast routing support is not needed in most setups, and increases the
size of the kernel considerably (>10K after LZMA). Add a config switch to
allow disabling it.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-11 11:51:24 +01:00
Sascha Paunovic d810a2aebf kernel: fix spelling in CONFIG_DEVTMPFS help text
Change "ti" to "to", as that's the correct spelling.

Signed-off-by: Sascha Paunovic <azarus@posteo.net>
2017-12-11 12:43:29 +01:00
Chris Blake a92f73e922 mpc85xx: Enable initramfs for p1020 subtarget
The following patch enables building of initramfs images by default for
the P1020 subtarget in mpc85xx.

Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
2017-10-14 01:19:35 +02:00
Hauke Mehrtens 589621b1c0 config: make CONFIG_ALL_* select other CONIFG_ALL_* options
Select the other CONFIG_ALL_* options in the hierarchy when the master
option is selected. Currently CONFIG_ALL_KMODS is not selected when the
build bot selects CONFIG_ALL_NONSHARED for example.

Now the rtc kmods should get build when CONFIG_ALL_KMODS,
CONFIG_ALL_NONSHARED or CONFIG_ALL and CONFIG_RTC_SUPPORT are selected
like it is done by the build bots for targets with rtc support.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-08-26 14:59:20 +02:00
Felix Fietkau 7887a46f45 build: enable gzipping of images on x86 even if ext4 is disabled
There is lots of padding between the boot partition and the rootfs, so
gzipping is helpful here

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-07-06 11:30:33 +02:00
Florian Fainelli 90336ef4cd kernel: Make KERNEL_PERF_EVENTS selectable
The kernel itself allows enabling/disabling CONFIG_PERF_EVENTS, so allow
doing the same thing.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-26 15:42:25 -07:00
Florian Fainelli ce731158c8 kernel: Hide kernel options behind a menu
We are starting to add more and more kernel configurable options, to the
point where the Global build options menu is not really usable anymore,
hide all kernel-related configuration options behind a menu.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-26 15:42:13 -07:00
Daniel Golle 48d71ab502 kernel: enable CRASH_DUMP on supported platforms
While we have CRASHLOG on MIPS it makes sense to support 'classic'
kexec-based CRASH_DUMP on x86 and arm platforms.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-05-20 00:26:03 +02:00
Felix Fietkau 0b7ed65cec kernel: remove out of tree direct-io disable hack
Direct-IO support has to be enabled for the release build anyway, so
this hack is not worth keeping

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-26 10:27:45 +02:00
Philip Prindeville 7fe5963be0 build: allow specifying flow-control to grub on serial console
On the more sophisticated (i.e. deeper FIFO) serial controllers,
flow-control might be needed to avoid dropping output.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-04-03 08:51:02 +02:00
Vitaly Chekryzhev 01337ba472 build: add devel option to store build config in firmware
Store config.seed in firmware /etc/build.config

Signed-off-by: Vitaly Chekryzhev <13hakta@gmail.com>
2017-03-18 12:08:04 +01:00
David Woodhouse ab20c638b6 x86: Set default baud rate on Geode images to 115200
Prior to commit 1496b95a0 ("x86: clean up default grub baudrate
settings") we had three different baud rates for the Geode targets:
19200 for net5501, 38400 for alix2, and 115200 for Geos.

It doesn't seem that there's a very good reason for varying from our
default 115200 baud, so let's make the Geode target do that instead.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2017-02-17 10:30:38 +01:00
Felix Fietkau 9dcb921d90 build: add buildbot specific config option for setting defaults
This can be used to tweak the buildbot behavior without having to change
buildbot's configuration.
It will also allow us to add more aggressive clean steps (e.g. on
toolchain changes), which would break developers' workflows if enable
by default.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-14 14:18:35 +01:00
Hannu Nyman eaf3fef946 ccache, samba36: fix samba.org addresses to use https
samba.org has started to enforce https and
currently plain http downloads with curl/wget fail,
so convert samba.org download links to use https.

Modernise links at the same time.

Also convert samba.org URL fields to have https.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-02-02 00:14:03 +01:00
Felix Fietkau 7a523569f7 build: add support for automatically removing build dir contents during build
This is used to save space on buildbot instances.
If any part of a package needs to be rebuild, the whole package is
rebuilt from scratch. Stamp files are preserved to allow dependency
checks to work

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-18 23:57:08 +01:00
Felix Fietkau 749918911d x86: disable crashlog
It could cause crashes with some forms of virtualization, and it is
unlikely to work properly with most systems.
It's safer to just disable it.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 15:15:09 +01:00
Felix Fietkau 1e1d735e52 build: remove obsolete parallel build related options
Always use the main make jobserver, which has been the default for ages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Hauke Mehrtens 6e7fdf07b7 kernel: add KERNEL_DEVMEM and KERNEL_DEVKMEM
These options are needed to create /dev/mem or /dev/kmem .
/dev/mem is needed by the io tool to access raw hardware memory, which
is helpful when debugging and developing drivers.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: John Crispin <john@phrozen.org>
2016-12-24 14:55:35 +01:00
Felix Fietkau 4cc1f1ac1c x86: revert default root size back to 256 MB
2 GB is overkill and was only added to allow unlimited ext4 resizing,
which is a pretty rare use case. 256 MB allows resizing up to 256 GB,
which should be good enough for almost all users.

A lot of this is mostly irrelevant anyway, since you can just use
squashfs + ext4 overlay.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-15 11:46:01 +01:00
Hauke Mehrtens c058f4f22d kernel: add KERNEL_DEBUG_PINCTRL and KERNEL_DEBUG_GPIO
This makes it possible to activate the gpio and the pinctl debugging
from LEDE menuconfig.

Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-10 16:06:34 +01:00
Felix Fietkau 426e4d93bb uml: clean up the kernel config and add squashfs+ext4/f2fs support
Replaces plain ext4 images

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-11-24 12:53:18 +01:00
Felix Fietkau 12a6e3cd05 x86: bump default kernel partition size to 16M
This leaves more room for sysupgrade config data or for having multiple
kernel images to choose from

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-11-09 12:17:52 +01:00
Jo-Philipp Wich dc6cc04016 config: ext4: increase x86 rootfs size to 2GB to support online resize2fs
The current default rootfs size of 256MB in conjunction with 4K blocks
produces an ext4 filesystem which lacks the appropriate amount of backup GDT
entries to support online-resizing.

For x86 targets, increase the default rootfs size to 2048MB which allows
online resizing the filesystem to up to 2TB which is the current theoretical
maximum for LEDE, due to missing GPT support on the root block device.

Note that the filesystem artefact will not occupy 2GB on the build system as
the make_ext4fs utility uses sparse files to generate the filesystem images,
so the actual disk usage is much lower. Furthermore the filesystem images
are gzip compressed, shrinking them to only a few megabytes on the download
server.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Michael Heimpold <mhei@heimpold.de>
2016-10-27 19:24:38 +02:00
Jo-Philipp Wich d1ae4c4958 config: ext4: drop option to set maximum number of inodes
There is very little practical use to limit the number of available inodes on
an ext4 filesystem and the make_ext4fs utility is able to calculate useful
defaults by itself.

Drop the option to make resulting ext4 filesystems more flexible by default.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Michael Heimpold <mhei@heimpold.de>
2016-10-27 19:24:38 +02:00
Matthias Schiffer 77f54eae45
config: enable shadow passwords unconditionally
Configurations without shadow passwords have been broken since the removal
of telnet: as the default entry in /etc/passwd is not empty (but rather
unset), there will be no way to log onto such a system by default. As
disabling shadow passwords is not useful anyways, remove this configuration
option.

The config symbol is kept (for a while), as packages from feeds depend on
it.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-26 17:57:56 +02:00
Felix Fietkau a1f83bad60 images: bump default rootfs size to 256 MB
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-08 15:28:39 +02:00
Josua Mayer 3242c07649 mvebu: add sdcard image creation script
Added gen_mvebu_sdcard_img.sh to facilitate creating an fixed-size sdcard image,
adding the bootloader and populating it with actual data.

Added the required rules for creating a 4GB sdcard image according to this layout:
p0: boot (fat32)
p1: rootfs (squashfs)
p2: rootfs_data (ext4)
This should be generic to any mvebu boards that can boot from block storage.

Added the new sdcard image to the Clearfog image profile.

Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
2016-09-02 14:43:52 +02:00
Nathaniel Wesley Filardo 39d817cf38 Add config symbols for kernel keyring support
Enable selection of the kernel key retention framework and some of its
additional facilities; see Documentation/security/keys.txt and
security/keys/Kconfig for details

Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
2016-09-02 14:43:52 +02:00
Christian Lamparter 08257a4053 apm821xx: use lzma compression for the initramfs images
The MR24's u-boot takes it sweet time decompressing the
LZMA-packed initramfs image. A user reported that
compared to the old gzip method in v2: it "takes a ton
longer to decompress like 4\x the old boot time for
decompression".

This patch also fixes a issue with the WNDR4700's initramfs
image getting to big and causing the following u-boot crash
during the decompression:

"Uncompressing Multi-File Image ... Error: inflate() returned -5
out-of-mem or overwrite error - must RESET board to recover"

This patch fixes both issues by reverting the MR24's initramfs
compression method back to gzip. And choosing to compress the
initramfs within the initramfs image as LZMA by default.

Cc: chrisrblake93@gmail.com
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2016-07-25 10:38:11 +02:00
Felix Fietkau 673004f9bc config: remove options for including kernel/dtb in rootfs
These options were a big design flaw to begin with

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-20 10:13:50 +02:00
Felix Fietkau d7b185128d build: make TARGET_ROOTFS_JFFS2 depend on USES_JFFS2
If jffs2 support was not enabled by the target, jffs2 are quite likely
to be broken, so we shouldn't build them.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-20 10:13:50 +02:00
Felix Fietkau a4e90e2cac toolchain: get rid of GCC_VERSION_5 config symbol
Replace it with !GCC_VERSION_4_8 to be more future compatible

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-15 14:17:40 +02:00
Daniel Dickinson b9952797e6 kernel: Move POSIX ACL and attr support options into submenu
Make global options menuconfig cleaner by moving POSIX ACL
and attr support options into a submenu.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
2016-07-05 22:59:14 +02:00
Daniel Dickinson e408abd7fb kernel: Add option to make using filesystem ACL support the default
This adds a configuration options that allows to make filesystem ACL support
the default in the kernel, except for old nfs.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
2016-06-30 22:48:39 +02:00
John Crispin 30acacb0af config: add a small_flash feature
this causes KALLSYMS to be off by default

Signed-off-by: John Crispin <john@phrozen.org>
2016-06-13 22:51:43 +02:00
Daniel Golle 2aa818a0bb kernel: add missing symbol
Add missing symbol When building kernel with profiling enabled and ARM
or ARM64 targets.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2016-05-16 18:00:34 +02:00
Felix Fietkau 42d2eb7628 build: remove leftover dependenices on TARGET_rdc
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-12 17:43:48 +02:00
Jo-Philipp Wich 941fc5e8c8 global: introduce ALL_NONSHARED symbol
Introduce a new symbol ALL_NONSHARED which selects all non-sharable packages
by default. This option is mainly intented for buildbot setups to build the
target dependant software subset only.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-13 17:24:12 +02:00
Felix Fietkau be9e991b88 build: don't add -fno-plt for ARC
Curent ARC toolchain fails to build libstdc++ if -fno-plt is used.
Lots of following error messages appear:
------------------->8------------------
...
staging_dir/toolchain-arc_arc700_gcc-arc-2015.06_uClibc-1.0.9/arc-openwrt-linux-uclibc/bin/ld:
BFD (GNU Binutils) 2.23.2 assertion fail elf32-arc.c:2786
collect2: error: ld returned 1 exit status
------------------->8------------------

In newer binutils (still in development) for ARC rewritten from
scratch this seem to not happen, so once new binutils for ARC hit
the street this patch might be reverted.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Felix Fietkau <nbd@openwrt.org>
Cc: Jo-Philipp Wich <jow@openwrt.org>
Cc: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 48642
2016-02-07 13:29:16 +00:00
Florian Fainelli 312367665a buildroot: add options to build the kernel for NFS boot
Add the basic set of kernel options to allow it from mounting a NFS root
and boot from it.

Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 48590
2016-02-01 01:06:39 +00:00