OpenWrt uses ancient u-boot thats not reproducible.
There are multiple upstream changes that introduce
reproducible builds like:
859e92b775fd8ebcfacc591eaf621b677c95b6f7
(not used here - the CMD_DATE/TIMESTAMP functionality
seems to be disabled by config)
70d39f57146a6cb94736db39c770c3d95e07bedb
f3f431a712729a1af94d01bd1bfde17a252ff02c
2d9efa1227262249d381ed5d9d341cbdba76e62d
Instead of changing the Makefile too much
this changeset just tries to use the
changes in Makefile from current upstream git f5fd45f
*Should* fix issue reported by reproducible lede page:
https://tests.reproducible-builds.org/lede/lede.html
Compile tested only
(verified w. hexdump & md5sum)
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
Tested with VDSL on TP-Link WD8970, I see full 1500-byte PPP data
frames, which end up being 1526 byte Ethernet frames (including
Ethernet+VLAN headers) on the wire.
Fixes: FS#210
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Switch to xz tarball, there's no point pulling two different tarballs of the same source code (tools/libtool uses xz).
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
luci using ustream-mbedtls is extremely slow vs ustream-polarssl.
polarssl alias mbedtls v1 is configured to use NIST prime speed
optimisation, so no longer disable the default optimisation for
mbedtls v2.
Compile & run tested: Archer C7v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[Jo-Philipp Wich: refresh patch to use common format]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Adds per-host leasetime support
Various bugfixes :
-Prioritize ifname resolving via ubus
-Free interface if ifindex cannot be resolved
-...
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [update mirror sha256]
This fixes the following error when mounting a ext4 filesystem
----
[ 166.240000] EXT4-fs (sda1): Cannot load crc32c driver.
----
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
Commit 8f24ee6382 ("uqmi: Add proper IPv6 support") changed the code
to fetch the IPv4 address via QMI by default instead of using DHCP to
make it consistent with the IPv6 codepath.
This breaks on at least some Sierra Wireless cards, where data exchanges
fail to work until the host has fetched a DHCP lease.
Leave v6 as it is, but always use DHCP for v4.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
nf_tproxy_core was removed during 3.12 development with kernel commit
fd158d79d33d3c8b693e3e2d8c0e3068d529c2dc. The code was moved
to xt_TPROXY.c.
Fixes FS#212
Signed-off-by: Mathias Kresin <dev@kresin.me>
Adds the latest patches from Jes Sorensen for rtl8xxxu, which improve
rtl8732bu, rtl8192eu and rtl8188eu support.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* Change git packages to xz
* Update mirror checksums in packages where they are used
* Change a few source tarballs to xz if available upstream
* Remove unused lines in packages we're touching, requested by jow- and blogic
* We're relying more on xz-utils so add official mirror as primary source, master site as secondary.
* Add SHA256 checksums to multiple git tarball packages
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Quote resolveip hostname argument to avoid bad shell injections.
While at it fix pattern match logic in case multiple IPv6 addresses
are returned for a hostname as they're seperated by newline by
resolveip and not a white space
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Adds u-boot for the at91 platform and a couple of boards.
The build honours COPTS to benefit from fortify source et al.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Now that the uhttpd init script can generate certificates using openssl as
well, update the section name and related comment to be more generic.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Before a configuration is generated, an empty file is created to store
it in. (required by UCI)
If something happens during config generation
(power cut, interruption, ..) an empty file exists and it is never
regenerated again, causing some daemons to fail starting
(NTPD, logread, ..)
Fix this by also generating new configs if a critical file
is empty.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The kmod-sound-hda-core module attempts to package snd-hda-core.ko which
does not exist in Linux 3.18, therfore only use it for kernels >= 4.1
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Support the usage of the OpenSSL command-line tool for generating
the SSL certificate for uhttpd. Traditionally 'px5g' based on
PolarSSL (or mbedTLS in LEDE), has been used for the creation.
uhttpd init script is enhanced by adding detection of an installed
openssl command-line binary (provided by 'openssl-util' package),
and if found, the tool is used for certificate generation.
Note: After this patch the script prefers to use the OpenSSL tool
if both it and px5g are installed.
This enables creating a truly OpenSSL-only version of LuCI
without dependency to PolarSSL/mbedTLS based px5g.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Prior to kernel 4.4, the hda-intel module depends on the hda-controller
utility submodule so bundle it for the older kernel versions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This patch removes the non-working wifi driver filter for
the wifi detection script.
I figured that rather than replacing ${2:-$DRIVERS} with
${1:-$DRIVERS}, it would be better to remove it. Nobody
needed it in the previous years.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
vfat filesystem fails to mount due to missing codepages with
factory-formatted flash drives. Depend on cp437 iso8559-1 and
utf8 nls modules as this covers most factory-formatted vfat
filesystems.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
This patch set adds support for PCI Intel HD Audio
sound devices. This is useful for multimedia packages
in the packages feed that one may use to create audio
servers.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
We have to remove the FPU check, it will run in an endless loop on LEDE
when compile without FPU emulation support.
The second patch fixes this problem: valgrind: mmap(0x400000, 303104)
failed in UME with error 22 (Invalid argument).
valgrind still does not support mips16, build LEDE without mips16 support.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The nf_reject_* and nf_nat_masquerade_* modules are moved into the
corresponding kmod-nf- packages. Appropriate dependencies are added to the
kmod-nft- packages.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Since the kernel makefile is using .ONESHELL, we need to add -e to
.SHELLFLAGS so errors are not ignored.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fix rt_names build failure when FORTIFY_SOURCE disabled.
Include limits.h which otherwise gets automatically included
by fortify headers.
Solves FS #194
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Now that the firmware for BCM43430 has been submitted to linux-firmware use it
and remove RPiDistro package.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This patch moves the ath10k firmware packages to the firmware submenu
in the buildroot, where it belongs.
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
Use firmware version 10.2.4.70.54 from kvalo's git repository. The old
version (even though it's version number is greater) is an old version
from September 2015.
Using only the firmware versions from kvalo's git repo is recommended,
because those are tested by QCA's internal QCA.
The QCA988X directory received a small reorganization as a "hw2.0"
subdirectory was added - this patch also takes care of that as
board.bin was moved to that subdirectory.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
For 64-bit capable systems, a symbolic link is set up for /lib64 to point to
/lib, so make sure the installation goes into /lib, irrespective of where the C
library files come from in an external toolchain.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
There is a separate package kmod-crypto-echainiv for echainiv.ko. Selecting
both packages led to a conflict, so remove the file from kmod-crypto-iv.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This fixes bug that could cause WARNING on every add_key/del_key call.
It also replaces WARNING with a simple message. They may still occur
e.g. on station going out of range and A-MPDU stall in the firmware.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
Patches applied upstream:
* 301-fix_no_nextprotoneg_build.patch
* 302-Fix_typo_introduced_by_a03f81f4.patch
Security advisory: https://www.openssl.org/news/secadv/20160926.txt
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Adds Google's mirrors as primary source and kernel.org as fallback.
Discussed in #lede-dev on Freenode
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Within the Lua binding, use the same logic as the command line interface for
reporting the used WPA ciphers. Instead of printing the intersection of
pairwise and group ciphers, report both group and pairwise ciphers.
This fixes a case where a connection which uses CCMP for pairwise and TKIP
as groupwise cipher is getting reported as using the NONE cipher.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The Linux kernel uses two distinct fields to denote the routing table ID in
use by network routes; the 8 bit `rtm_table` member of `struct rtmsg` and the
32 bit `RTA_TABLE` netlink attribute.
If a routing table ID is larger than 255, the `RT_TABLE` attribute must be used
and the `rtm_table` field has to be set to the special `RT_TABLE_UNSPEC` value.
This commit adds a patch which...
- switches the *_n2a() and *_a2n() functions of rt_names.c to use dynamically
sized, name-sorted arrays instead of fixed arrays limited to 1024 slots in
order to support IDs up to 65535
- adds proper handling of high table IDs to iprule.c and iproute.c when
adding, removing and dumping ip rules and network routes
After this change, the Busybox ip applet fully supports IP rules with high ID
numbers, using the same logic as the full iproute2.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Remove an invalid local variable declaration in the tunnel update subshell
invocation. Local declarations outside of function scopes are illegal since
the Busybox update to version 1.25.0 .
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
All these patches are in wireless-drirvers-next. There is support for
hidden SSID, few new devices and many fixes.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Now that we know that the password is in /etc/shadow and not in
/etc/passwd, we can properly fix the logic for the empty password check.
Only 'root::' is an empty password, 'root❌' and 'root:!:' allow no
password login at all.
This fixes the empty password warning still showing after the root password
has been locked using 'passwd -l root' (e.g. to allow public-key auth
only).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Configurations without shadow passwords have been broken since the removal
of telnet: as the default entry in /etc/passwd is not empty (but rather
unset), there will be no way to log onto such a system by default. As
disabling shadow passwords is not useful anyways, remove this configuration
option.
The config symbol is kept (for a while), as packages from feeds depend on
it.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Uboot-mvebu isn't a real package, which will break the image builder
when it tries to install it during the packing step. Instead of cleafog
selecting it through its default packages, make it default to m if the
clearfog profile is selected.
This will ensure it is always build, but never added to the rootfs. This
fixes creating images for clearfog with IB.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
The clearfog image requires u-boot, so package it into KDIR to make sure
it is available in imageBuilder.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Running prepare_rootfs on TARGET_DIR deletes the opkg state when
CONFIG_CLEAN_IPKG is enabled, making the per-device rootfs package install
fail.
To avoid this, create a copy of the TARGET_DIR before prepare_rootfs is run
and use this as basis for per-device rootfs generation.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
br_netfilter.ko and the corresponding Kconfig symbol are already provided
by kmod-br-netfilter, which is a dependency of kmod-ebtables.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Local variable declarations outside of functions are illegal since the Busybox
update to v1.25.0, therfore remove them from the appropriate places.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Update the linux-firmware package in order to force the buildbots to fetch the
proper mirrored version.
Currently each builder has its own copy of the linux-firmware checkout staged
in its own dl/, since the package was updated before the mirrored copy has
been uploaded. The builders then subsequently uploaded their own copy instead,
leading to md5sum mismatches since each clone produces different tarballs.
By bumping the package to a new version and uploading the mirrored archive
with the proper md5sum beforehand, the builders will fetch that instead and
not upload their own copies.
To properly solve that problem in the future we need to ensure that packed
checkouts become reproducable.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Since the md5sum of the mirrored Git clone archive has been set in the Makefile
before that particular archive was uploaded to the source mirror, the buildbots
uploaded their own, different copy instead invalidating the mirror md5sum for
anyone else.
In order to fix the mismatch, update the md5sum to reflect the archive being
present on the download server.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The Annex A firmware will be updated to:
05.08.01.08.01.06_05.08.00.0B.01.01_osc
The Annex B firmware will be updated to:
05.07.09.09.00.06_05.07.04.04.00.02_osc
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>