For now we only want to ensure that the group permission mask is permissive
enough to not clobber required permissions on the rootfs, so allow less
strict masks as well.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When building LEDE with umask values other than 022, the resulting packages
will embed improper permissions, which may lead to random errors or non-
functional scripts on the target.
In order to make users aware of this problem, add a build-prereq check to
assert a correct umask setting before starting the build.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The nf_reject_* and nf_nat_masquerade_* modules are moved into the
corresponding kmod-nf- packages. Appropriate dependencies are added to the
kmod-nft- packages.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on brcm2708/bcm2710 only.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Forgot to update kernel-version.mk, so updated patch. Compile-tested on x86/64 and ar71xx; run-tested on x86/64 and ar71xx.
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
The Gluon firmware framework [1] uses postinst scripts for sanity checks.
Make the build fail when a postinst script exits with an error to make
these sanity checks effective.
All postinst scripts in packages from the LEDE core and the packages feed
seem to work correctly with this change and will always return 0 unless
something is very broken.
[1] https://github.com/freifunk-gluon/gluon
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Especially --force-overwrite and --force-depends will often lead to broken
images; it's better to fail the build in such cases than to silently ignore
the errors.
Instead, ignore errors in the per-device rootfs opkg remove command, so
the build doesn't break when packages can't be removed because of
dependencies.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Some DEVICE_PACKAGES definitions replace one package variant with another
(e.g. wpad-mini is replaced with wpad). To avoid file conflicts, first
remove, then install packages.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Modifying the file permissions can be harmful, as it would make files
world-readable even if they weren't in the ipk packages. The
Image/mkfs/prepare step is removed completely, as it is redundant now (/tmp
and /overlay are already provided by base-files with the correct
permissions).
It has been verified that this change does not affect any permissions of
files in the default package set except /etc/ppp/chap-secrets, which was
world-readable before. All packages not in the default set are more likely
to be installed via opkg than being part of a base image and thus were
usually not affected by the permission modification anyways.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Running prepare_rootfs on TARGET_DIR deletes the opkg state when
CONFIG_CLEAN_IPKG is enabled, making the per-device rootfs package install
fail.
To avoid this, create a copy of the TARGET_DIR before prepare_rootfs is run
and use this as basis for per-device rootfs generation.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Add a new option to each device in multi-profile mode, allowing to provide
a list of packages to add or remove. In case of added packages, the user
must take care that these are selected to be built.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
opkg's -l option is always interpreted relative to the installation root.
This leads to very weird paths inside the rootfs (containing the whole path
to the LEDE tree on the build machine) and causes the subsequent deletion
of the list directory to fail (cluttering the resulting images).
Instead, use the default list directory and remove its contents in
prepare_rootfs.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Using pad-to instead of passing the optional padding to append-kernel
or append-rootfs. It could be that the value of a variable is passed.
In case the variable is empty no error is thrown.
Furthermore the purpose of the extra parameter is hard to get without
reading the code.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Only add them where they are actually required.
Should help with compatibility issues with stock U-Boot images that
access UBI
Signed-off-by: Felix Fietkau <nbd@nbd.name>
At the moment the padding steps are hardcoded. Especially images for
devices with a 4K sector size can be unnecessarily bloated using the
hardcoded padding steps.
It has been observed that 192Kb of padding was added to the image of a
4MB device, albeit due to the 4K sector size the minimum required extra
padding for the jffs2 rootfs_data is 20Kb.
In worst case it means that the image-size check could fail albeit
there is enough space for all selected packages
For device build code not exposing the blocksize, use the hardcoded
padding further on.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Allows to use the same unit for all definitions of the blocksize to be
consistent regardless of the used filesystem.
Signed-off-by: Mathias Kresin <dev@kresin.me>
A few linux BSP's create a manifest file of installed packages for a given
target in order to help them understand exactly what's on their images. Create
one here as well as a build artifact since many users have an affinity to
prune down on packages to save valuable flash space.
Signed-off-by: Pushpal Sidhu <psidhu@gateworks.com>
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
1004kc is just a SMP capable 34kc, and GCC treats 24kc and 34kc exactly
the same and will generate identical code, so there is no need to tune
to 1004kc instead of 24kc.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Refresh patches for all targets that support kernel 4.4.
Compile-tested on all targets that use kernel 4.4 and aren't marked broken.
Runtime-tested on ar71xx, octeon and x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Pass KERNEL_FILE_DEPENDS to rdep instead of PKG_FILE_DEPENDS, which is
empty. Also don't pass $(CURDIR) as the directory to timestamp, as it
would also pick up non kernel related changes like image building code.
Should fix kernel being rebuild for unrelated changes, as well as not
being rebuild for changes in target/linux/generic.
Fixes: 22ef1c83b3 ("kernel: make the kernel build auto-clean the build dir like package build")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
When the kernel build picks up a localversion file in the source tree,
that string is unconditionally appended to LOCALVERSION and affects the
uname string.
Make sure to delete any such file.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
When building the kernel from a git repository, the kernel build appends
either a + or a short commit hash to localversion.
This behaviour can be prevented by passing the empty LOCALVERSION variable
to make.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
Similar how we fix the file times in the filesystems, fix the build time
of the kernel, and make the build number static. This should allow the
kernel build to be reproducable when combined with setting the
KERNEL_BUILD_USER and _DOMAIN in case of different machines.
The reproducability only applies to non-initramfs kernels, those still
require additional changes.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
9pfs is used by kvm to share files between host and guest,
add proper config option to enable it.
Signed-off-by: Matteo Croce <matteo.croce@canonical.com>
Since the only difference between 24Kec and 24Kc is the addition of DSP
ASE support, and we don't use it anymore, there is no need to keep 24Kec
as a separate cpu type.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
There does not seem to be any meaningful difference in generated code.
This will save some time and space on snapshot builds
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Now that we globally calculate sha256sums over the bin/ directory we can remove
the target image specific checksum handling.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
