Make it a choice menu which offers the 3 C libraries we know about: glibc,
uClibc and musl. While at it, make it possible for the external toolchain libc
to select USE_GLIBC, USE_UCLIBC or USE_MUSL which is used by several packages
to conditionally include specific CFLAGS (e.g: iproute2).
Because USE_GLIBC et al. can now be selected by external toolchains, we need to
restrict the per-libc menus to check on !EXTERNAL_TOOLCHAIN.
While at it, make musl the default C library for external toolchain to match
the internal toolchain.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This patch moves the ath10k firmware packages to the firmware submenu
in the buildroot, where it belongs.
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
ar71xx has an init-script for special devices where the ath10k OTP
calibration data is stored on the PCIe card's EEPROM (and thus can only
be read by ath10k). Unfortunately the OTP data uses the default mac
address (= all devices come with the same mac address, which leads to
problems when you have multiple of these devices in the same network).
To work around this the mac address is patched in the firmware during
the first boot of the device. To prevent flash wear this was only done
if the ath10k firmware matched a hardcoded md5sum.
However, if the md5sum does not match this can mean that either the mac
address was already patched (which is fine) - unfortunately it can also
mean that the firmware version was updated without updating the
hardcoded md5sum.
Change the "was the mac address already patched" check to actually
compare the mac address inside the ath10k firmware.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Use firmware version 10.2.4.70.54 from kvalo's git repository. The old
version (even though it's version number is greater) is an old version
from September 2015.
Using only the firmware versions from kvalo's git repo is recommended,
because those are tested by QCA's internal QCA.
The QCA988X directory received a small reorganization as a "hw2.0"
subdirectory was added - this patch also takes care of that as
board.bin was moved to that subdirectory.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
For 64-bit capable systems, a symbolic link is set up for /lib64 to point to
/lib, so make sure the installation goes into /lib, irrespective of where the C
library files come from in an external toolchain.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
There is a separate package kmod-crypto-echainiv for echainiv.ko. Selecting
both packages led to a conflict, so remove the file from kmod-crypto-iv.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This fixes bug that could cause WARNING on every add_key/del_key call.
It also replaces WARNING with a simple message. They may still occur
e.g. on station going out of range and A-MPDU stall in the firmware.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This patch adds support for Cisco's Z1.
Detailed instructions for the flashing the device can
be found in the OpenWrt wiki:
<https://wiki.openwrt.org/toh/meraki/z1>
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
Patches applied upstream:
* 301-fix_no_nextprotoneg_build.patch
* 302-Fix_typo_introduced_by_a03f81f4.patch
Security advisory: https://www.openssl.org/news/secadv/20160926.txt
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Adds Google's mirrors as primary source and kernel.org as fallback.
Discussed in #lede-dev on Freenode
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Within the Lua binding, use the same logic as the command line interface for
reporting the used WPA ciphers. Instead of printing the intersection of
pairwise and group ciphers, report both group and pairwise ciphers.
This fixes a case where a connection which uses CCMP for pairwise and TKIP
as groupwise cipher is getting reported as using the NONE cipher.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The Linux kernel uses two distinct fields to denote the routing table ID in
use by network routes; the 8 bit `rtm_table` member of `struct rtmsg` and the
32 bit `RTA_TABLE` netlink attribute.
If a routing table ID is larger than 255, the `RT_TABLE` attribute must be used
and the `rtm_table` field has to be set to the special `RT_TABLE_UNSPEC` value.
This commit adds a patch which...
- switches the *_n2a() and *_a2n() functions of rt_names.c to use dynamically
sized, name-sorted arrays instead of fixed arrays limited to 1024 slots in
order to support IDs up to 65535
- adds proper handling of high table IDs to iprule.c and iproute.c when
adding, removing and dumping ip rules and network routes
After this change, the Busybox ip applet fully supports IP rules with high ID
numbers, using the same logic as the full iproute2.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Remove an invalid local variable declaration in the tunnel update subshell
invocation. Local declarations outside of function scopes are illegal since
the Busybox update to version 1.25.0 .
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
All these patches are in wireless-drirvers-next. There is support for
hidden SSID, few new devices and many fixes.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The Gluon firmware framework [1] uses postinst scripts for sanity checks.
Make the build fail when a postinst script exits with an error to make
these sanity checks effective.
All postinst scripts in packages from the LEDE core and the packages feed
seem to work correctly with this change and will always return 0 unless
something is very broken.
[1] https://github.com/freifunk-gluon/gluon
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Especially --force-overwrite and --force-depends will often lead to broken
images; it's better to fail the build in such cases than to silently ignore
the errors.
Instead, ignore errors in the per-device rootfs opkg remove command, so
the build doesn't break when packages can't be removed because of
dependencies.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Some DEVICE_PACKAGES definitions replace one package variant with another
(e.g. wpad-mini is replaced with wpad). To avoid file conflicts, first
remove, then install packages.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
kmod-rt2x00-lib and kmod-mac80211 need to be removed, as they depend on
kmod-cfg80211. kmod-rt2800-pci should not be installed anyways.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Modifying the file permissions can be harmful, as it would make files
world-readable even if they weren't in the ipk packages. The
Image/mkfs/prepare step is removed completely, as it is redundant now (/tmp
and /overlay are already provided by base-files with the correct
permissions).
It has been verified that this change does not affect any permissions of
files in the default package set except /etc/ppp/chap-secrets, which was
world-readable before. All packages not in the default set are more likely
to be installed via opkg than being part of a base image and thus were
usually not affected by the permission modification anyways.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Now that we know that the password is in /etc/shadow and not in
/etc/passwd, we can properly fix the logic for the empty password check.
Only 'root::' is an empty password, 'root❌' and 'root:!:' allow no
password login at all.
This fixes the empty password warning still showing after the root password
has been locked using 'passwd -l root' (e.g. to allow public-key auth
only).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Configurations without shadow passwords have been broken since the removal
of telnet: as the default entry in /etc/passwd is not empty (but rather
unset), there will be no way to log onto such a system by default. As
disabling shadow passwords is not useful anyways, remove this configuration
option.
The config symbol is kept (for a while), as packages from feeds depend on
it.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Add and enable sysupgrade support for clearfog boards, based on how the
brcm2708 target does it.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Add a switch node to clearfog to probe and initialize it on Clearfog
Pro. This make the switch work and allows using all six switch ports.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
If the cpu port is connected through SGMII we need to enable SerDes for
it to work.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
The clearfog u-boot does not initialize the switch at all, so we need to
power up the phys ourselves.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Make the dts file match with what is upstream, to ensure it has the
latest changes and switching to newer kernels is easier.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Some of the PCIe and USB signals use a GPIO expander on I2C on ClearFog,
so enable the driver so that they can be configured to their required
values.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Uboot-mvebu isn't a real package, which will break the image builder
when it tries to install it during the packing step. Instead of cleafog
selecting it through its default packages, make it default to m if the
clearfog profile is selected.
This will ensure it is always build, but never added to the rootfs. This
fixes creating images for clearfog with IB.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
The clearfog image requires u-boot, so package it into KDIR to make sure
it is available in imageBuilder.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Some gcc versions seem to miscompile code using ternary operators,
work around this by just returning the result if exp is 0.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
