Add a partially random O= item to the certificate subject in order
to make the automatically generated certificates' subjects unique.
Firefox has problems when several self-signed certificates
with CA:true attribute and identical subjects have been
seen (and stored) by the browser. Reference to upstream bugs:
https://bugzilla.mozilla.org/show_bug.cgi?id=1147544https://bugzilla.mozilla.org/show_bug.cgi?id=1056341https://bugzilla.redhat.com/show_bug.cgi?id=1204670#c34
Certificates created by the OpenSSL one-liner fall into that category.
Avoid identical certificate subjects by including a new 'O=' item
with CommonName + a random part (8 chars). Example:
/CN=LEDE/O=LEDEb986be0b/L=Unknown/ST=Somewhere/C=ZZ
That ensures that the browser properly sees the accumulating
certificates as separate items and does not spend time
trying to form a trust chain from them.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Prefer the old default 'px5g' for certificate creation
as Firefox seems to dislike OpenSSL-created certs.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
This option, defined by RFC3442, allows a DHCP server to send static
routes to a client. But the client has to request this option
explicitely.
Static routes are useful when the gateway configured by DHCP cannot be
in the same subnet as the client. This happens, for instance, when
using DHCP to hand out addresses in /32 subnets.
A new configuration option "classlessroute" is available, allowing
users to disable this feature (the option defaults to true).
Other DHCP clients already request this option by default (dhcpcd, for
instance, and possibly Windows). If a DHCP server does not support
this option, it will simply ignore it.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
moved px5g-standalone to Encryption submenu of Utilities.
Fixed title by removing the first "standalone" word from title.
The name is now consistent with other px5g packages, it is also shorter and will be shown in make menuconfig.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
moved px5g to Encryption submenu of Utilities, in an effort to tidy up a bit the Utilities section of make menuconfig.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
mkfs.ext4 und losetup are needed for sysupgrade support on mmc devices
with automatic rootfs split (loopback device usage).
Signed-off-by: André Valentin <avalentin@marcant.net>
CPU: 2x1.8GHz ARM, RAM: 512MiB
Storage: 4MiB serial Flash, 3.9GiB MMC
NIC: 2x1GBit/s, Switch with 5 external and 2 internal ports
WiFi: Dualband, ath10k 2.4GHz, 5GHz MU-MIMO
For installation copy xx-mmcblk0p4-kernel.bin and xx-mmcblk0p5-rootfs-full.bin
to device. Then run:
cat xx-mmcblk0p4-kernel.bin > /dev/mmc0blk0p4
cat xx-mmcblk0p5-rootfs-full.bin > /dev/mmc0blk0p5
reboot -f
For debugging serial console is easily visible on board, no soldering needed.
Signed-off-by: André Valentin <avalentin@marcant.net>
This bugfix enables FXS support on dabube based devices.
Changed "compatible" attribute from "vmmc" to "vmmc-xway".
The vmmc driver uses "vmmc-xway".
Signed-off-by: Stefan Koch <stefan.koch10@gmail.com>
While enable zynq uboot:
CONFIG_PACKAGE_uboot-zynq-zc702
CONFIG_PACKAGE_uboot-zynq-zed
CONFIG_PACKAGE_uboot-zynq-zybo
make will arise dtc error:
./scripts/dtc-version.sh: line 17: dtc: command not found
./scripts/dtc-version.sh: line 18: dtc: command not found
*** Your dtc is too old, please upgrade to dtc 1.4 or newer
make[4]: *** [checkdtc] Error 1
Pass the kernel dtc to uboot for compile.
Signed-off-by: Yutang Jiang <yutang.jiang@nxp.com>
because boot loaders are in Boot Loaders, not in Utilities -> Boot Loaders
Also moved brub2-editenv in Utilities -> Boot Loaders
Part of a wider housekeeping effort on the packages repository.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Boot Loaders submenu of Utilities is the most logical place to find fconfig and other bootloader tools.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Boot Loaders submenu of Utilities is the most logical place to find rbcfg and other bootloader tools.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
This patch adds support solely for version 1 of the TP-Link WR802N.
It is based on Rick Pannen's patch posted on the OpenWrt devel list.
Signed-off-by: Julius Schulz-Zander <julius@inet.tu-berlin.de>
Remove redundant code: merge boards/cases that share
the same network configuration.
Also fix the alphabetical ordering of the cases.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
These boards do not have a switch, so they should have never been added
to this file in the first place.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
On the stock Meraki Firmare for the MR12/MR16, a chunk of SPI space
after u-boot-env is used to store the boards Mac address. Sadly as this
was removed on any device already on OpenWRT/LEDE, moving forward a new,
64k partition named "mac" will be used to store the mac address for the
device (which is the minimum size). This allows users to properly set
the correct MAC, without editing the ART partition (which holds the same
MAC for all devices).
The reason the space is taken from kernel instead of rootfs is currently
kernels are only 1.3MB, so that way we can leave the current rootfs
space alone for users who fully utilize the available storage space.
Once this partition is added to a device, you can set your MAC doing the
following:
mtd erase mac
echo -n -e '\x00\x18\x0a\x33\x44\x55' > /dev/mtd5
sync && reboot
Where 00:18:0a:33:44:55 is your MAC address.
This was tested, and confirmed working on both the MR12 and MR16.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
This moves the Meraki MR12 and Meraki MR16 to the new generic target.
Tested and verified working on both devices.
Note that kernel/rootfs images are still generated. This is because they
are used for the inital flashing process due to the fun pace at which
UBoot erases/writes to SPI.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Otherwise if we use ds1307 as kernel module, hctosys fails as ds1307 is
being initialized later then hctosys:
[ 2.427349] hctosys: unable to open rtc device (rtc0)
[ 3.714263] snvs_rtc 20cc000.snvs:snvs-rtc-lp: rtc core: registered 20cc000.snvs:snvs-r as rtc1
[ 8.990061] rtc-ds1307 3-006f: rtc core: registered mcp7941x as rtc0
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Build the RTC driver into the kernel, (and remove the optional module), in order
to make hctosys working. (Currently the module is loaded after hctosys has failed previously)
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
The special prefix of "/" should match any url by definition but the final
assertion which ensures that the matched prefix ends in '\0' or '/' is causing
matches against the "/" prefix to fail.
Update to current HEAD in order to fix this particular case.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Refresh patches for all targets supporting 3.18 and not marked broken.
Compile-tested on all targets using 3.18 and not marked broken.
Changes to generic/610-netfilter_match_bypass_default_checks.patch based
on 84d489f64f.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refresh patches for all targets supporting 4.1 and not marked broken.
Compile-tested on all targets using 4.1 and not marked broken.
Changes to generic/610-netfilter_match_bypass_default_checks.patch based
on 84d489f64f.
Changes to generic/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch based
on a90ee92337.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Kernel 4.4 was ready for brcm47xx for almost a year now but I kept
postponing the bump due to problems with Linksys WRT300N v1.0. OpenWrt
and LEDE with 4.4 were hanging at the booting with the:
> Starting program at 0x80001000
(the last CFE message).
This was a permanent state, "make distclean" wasn't helping, I spent
hours debugging this and I was reliably reproducing the issue every
time. I also reported it on linux-mips ML in the thread:
> BCM4704 stopped booting with 4.4 (due to vmlinux size?)
After ~month I started working on WRT300N again. I got hangs as expected
every time I switched from 4.1 to 4.4. I started experimenting with:
1) TRX content (I tried dropping rootfs partition)
2) BZ_TEXT_START of lzma-loader
3) Flashing other variants of image: lzma compressed kernel (without a
loader), gzip compressed one, uncompressed one.
At some point I got rootfs-less image booting and after that I couldn't
reproduce problem anymore, even with a complete firmware. It seems like
hardware was in some locked/unstable state that got magically fixed.
I have LEDE working now, tested it even with "make distclean", it seems
we can bump kernel now. I'll keep testing it on WRT300N for some time.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Linksys WRT300N V1 has pretty bugged CFE bootloader (it crashes in a lot
of situations) that doesn't accept .bin image.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>