Commit graph

12580 commits

Author SHA1 Message Date
Florian Fainelli
5763e438f6 kernel: add kernel package for the rs5c372a rtc module
This RTC is used on the Buffalo Terastation Pro II/Live devices.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2016-12-04 11:41:51 +01:00
Felix Fietkau
81b5e8e5d2 base-files: add a hint in sysupgrade that shows what to do when the image metadata check fails
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-04 11:41:49 +01:00
Hauke Mehrtens
abedd718aa cyassl: update to wolfssl version 3.9.10
This fixes the following security problems:
CVE-2016-7440: Software AES table lookups do not properly consider cache-bank access times
CVE-2016-7439: Software RSA does not properly consider cache-bank monitoring
CVE-2016-7438: Software ECC does not properly consider cache-bank monitoring
SWEET32 Attack

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-03 21:35:35 +01:00
Hauke Mehrtens
7e6c53dac9 valgrind: update to 3.12.0
Support for MIPS toolchains without FPU support was added upstream,
so remove our patch.

patches/310-mips-link-tool.patch was a backport form this version of valgrind
src/abort.c is not referenced anywhere

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-03 21:03:56 +01:00
Hauke Mehrtens
4e07167eff curl: update to version 7.51.0
This fixes the following security problems:
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-03 16:38:44 +01:00
Hauke Mehrtens
99ea26883b mbedtls: update to version 2.4.0
This fixes two minor security problems.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-03 16:38:20 +01:00
Hauke Mehrtens
280fdac18f polarssl: update to version 1.3.18
This fixes two minor security problems.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-03 16:36:34 +01:00
Jo-Philipp Wich
5f3c96c285 build: adjust version number handling
Move the revision info to the VERSION_CODE variable and default VERSION_NUMBER
to CURRENT for master branch builds.

Also introduce a new menuconfig option CONFIG_VERSION_CODE which allows users
to override the revision value put into VERSION_CODE and adjust the template
files used by the base-files package to accomodate for the changed semantics.

While we're at it, also adjust the various URLs to match the current web site.

After this commit, the relevent files will look like the examples given below:

    # cat /etc/openwrt_version
    r2398+1

    # cat /etc/openwrt_release
    DISTRIB_ID='LEDE'
    DISTRIB_RELEASE='CURRENT'
    DISTRIB_REVISION='r2398+1'
    DISTRIB_CODENAME='reboot'
    DISTRIB_TARGET='x86/64'
    DISTRIB_DESCRIPTION='LEDE Reboot CURRENT r2398+1'
    DISTRIB_TAINTS='no-all override'

    # cat /usr/lib/os-release
    NAME="LEDE"
    VERSION="CURRENT, Reboot"
    ID="lede"
    ID_LIKE="lede openwrt"
    PRETTY_NAME="LEDE Reboot CURRENT"
    VERSION_ID="current"
    HOME_URL="http://lede-project.org/"
    BUG_URL="http://bugs.lede-project.org/"
    SUPPORT_URL="http://forum.lede-project.org/"
    BUILD_ID="r2398+1"
    LEDE_BOARD="x86/64"
    LEDE_TAINTS="no-all override"
    LEDE_DEVICE_MANUFACTURER="LEDE"
    LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
    LEDE_DEVICE_PRODUCT="Generic"
    LEDE_DEVICE_REVISION="v0"
    LEDE_RELEASE="LEDE Reboot CURRENT r2398+1"

On a release branch, those files would look like:

    # cat /etc/openwrt_version
    r2399

    # cat /etc/openwrt_release
    DISTRIB_ID='LEDE'
    DISTRIB_RELEASE='16.12-CURRENT'
    DISTRIB_REVISION='r2399'
    DISTRIB_CODENAME='test_release'
    DISTRIB_TARGET='x86/64'
    DISTRIB_DESCRIPTION='LEDE Test Release 16.12-CURRENT r2399'
    DISTRIB_TAINTS='no-all override'

    # cat /usr/lib/os-release
    NAME="LEDE"
    VERSION="16.12-CURRENT, Test Release"
    ID="lede"
    ID_LIKE="lede openwrt"
    PRETTY_NAME="LEDE Test Release 16.12-CURRENT"
    VERSION_ID="16.12-current"
    HOME_URL="http://lede-project.org/"
    BUG_URL="http://bugs.lede-project.org/"
    SUPPORT_URL="http://forum.lede-project.org/"
    BUILD_ID="r2399"
    LEDE_BOARD="x86/64"
    LEDE_TAINTS="no-all override"
    LEDE_DEVICE_MANUFACTURER="LEDE"
    LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
    LEDE_DEVICE_PRODUCT="Generic"
    LEDE_DEVICE_REVISION="v0"
    LEDE_RELEASE="LEDE Test Release 16.12-CURRENT r2399"

On a release tag, those files would look like:

    # cat /etc/openwrt_version
    r2500

    # cat /etc/openwrt_release
    DISTRIB_ID='LEDE'
    DISTRIB_RELEASE='17.02.1'
    DISTRIB_REVISION='r2500'
    DISTRIB_CODENAME='mighty_unicorn'
    DISTRIB_TARGET='x86/64'
    DISTRIB_DESCRIPTION='LEDE Mighty Unicorn 17.02.1 r2500'
    DISTRIB_TAINTS='no-all override'

    # cat /usr/lib/os-release
    NAME="LEDE"
    VERSION="17.02.1, Mighty Unicorn"
    ID="lede"
    ID_LIKE="lede openwrt"
    PRETTY_NAME="LEDE Mighty Unicorn 17.02.1"
    VERSION_ID="17.02.1"
    HOME_URL="http://lede-project.org/"
    BUG_URL="http://bugs.lede-project.org/"
    SUPPORT_URL="http://forum.lede-project.org/"
    BUILD_ID="r2500"
    LEDE_BOARD="x86/64"
    LEDE_TAINTS="no-all override"
    LEDE_DEVICE_MANUFACTURER="LEDE"
    LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
    LEDE_DEVICE_PRODUCT="Generic"
    LEDE_DEVICE_REVISION="v0"
    LEDE_RELEASE="LEDE Mighty Unicorn 17.02.1 r2500"

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Felix Fietkau <nbd@nbd.name>
2016-12-02 16:02:02 +01:00
Felix Fietkau
1947cf36ba procd: update to the latest version, fixes killing jailed processes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-02 13:55:23 +01:00
Felix Fietkau
a2e197d972 libubox: update to the latest version
- Improves C++ compatibility
- Adds static initializers for the kvlist API

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-01 20:14:52 +01:00
Felix Fietkau
4d448cf720 xtables-addons: add CONFIG_NF_CONNTRACK_MARK=y to all kmod-* packages
Not all kmod packages depends on kmod-ipt-compat-xtables, but this
kernel config option is required for building the whole package

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-01 14:24:03 +01:00
Jo-Philipp Wich
4596f9b5ac e2fsprogs: avoid picking up incompatible libcom_err.so
Commit 2728512 ("e2fsprogs: List all libraries explicitly") forced the
e2fsprogs build system to link libcom_err.so in various places.

Unfortunately, the krb5 package also ships a libcom_err.so with a totally
different ABI and puts it into the global staging directory which causes
e2fsprogs to pick up this wrong library, leading to the following failure:

    	LD blkid
    ../lib/libext2fs.so: undefined reference to `_et_list'
    collect2: error: ld returned 1 exit status
    Makefile:504: recipe for target 'blkid' failed

Change the SYSLIBS specification to explicitely link libcom_err.so.0.0
which in order to work around the problem.

In the long run, the libcom_err clash between e2fsprogs and krb5 needs to
be solved properly.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-11-30 23:32:17 +01:00
Felix Fietkau
f2010b0929 rtc-rv5c386a: fix include path for bcm47xx_nvram.h
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-11-30 12:47:25 +01:00
Alberto Bursi
d52676d1ea base-files: add a wrapper for init scripts in profile
"service" is a simple wrapper that will allow to call init.d scripts

current method:     #  /etc/init.d/network reload
with the wrapper:   #  service network reload

If the wrapper is called without arguments or with a wrong init script name, it will print an error and list the content of /etc/init.d/ folder

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2016-11-29 21:12:08 +01:00
Mathias Kresin
36148d923b uboot-lantiq: Add BT Home Hub 5A support
Based on the submission to the uboot-lantiq repo by Martin Blumenstingl.

Use the ddr_settings.h from the GPL tarball. The NAND boot optimized
one (with memory tuning enabled) doesn't work for the UART boot image.

Use the same mtd layout as the stock u-boot. Add add UBI support.

Use the leds to indicate boot status like it is done with the stock
u-boot. Switch on the red power led if kernel image can't be loaded.
Otherwise switch the green led on.

Make only the ramboot u-boot available. Only this image is required for
the first installation of LEDE.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2016-11-29 21:40:16 +01:00
Martin Blumenstingl
448b9b67e1 kernel: mac80211: disable ath9k bands via device tree
These properties allow overriding the settings from the EEPROM
which indicate whether a band is enabled or not.
Setting this property is only needed when the RF circuit does not
support the 2.4GHz or 5GHz band while it is enabled nevertheless in the
EEPROM.

These patches will be replaced with a future upstream version which
will introduces an ieee80211 device tree property to disable bands.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2016-11-29 21:40:16 +01:00
Martin Blumenstingl
3f889418a5 kernel: mac80211: add pending ath9k EEPROM swapping patches
There are two types of swapping the EEPROM data in the ath9k driver.
Before this series one type of swapping could not be used without the
other.

The first type of swapping looks at the "magic bytes" at the start of
the EEPROM data and performs swab16 on the EEPROM contents if needed.
The second type of swapping is EEPROM format specific and swaps
specific fields within the EEPROM itself (swab16, swab32 - depends on
the EEPROM format).

With this series the second part now looks at the EEPMISC register
inside the EEPROM, which uses a bit to indicate if the EEPROM data
is Big Endian (this is also done by the FreeBSD kernel).
This has a nice advantage: currently there are some out-of-tree hacks
(in OpenWrt and LEDE) where the EEPROM has a Big Endian header on a
Big Endian system (= no swab16 is performed) but the EEPROM itself
indicates that it's data is Little Endian. Until now the out-of-tree
code simply did a swab16 before passing the data to ath9k, so ath9k
first did the swab16 - this also enabled the format specific swapping.
These out-of-tree hacks are still working with the new logic, but it
is recommended to remove them. This implementation is based on a
discussion with Arnd Bergmann who raised concerns about the
robustness and portability of the swapping logic in the original OF
support patch review, see [0].

After a second round of patches (= v1 of this series) neither Arnd
Bergmann nor I were really happy with the complexity of the EEPROM
swapping logic. Based on a discussion (see [1] and [2]) we decided
that ath9k should use a defined format (specifying the endianness
of the data - I went with __le16 and __le32) when accessing the
EEPROM fields. A benefit of this is that we enable the EEPMISC based
swapping logic by default, just like the FreeBSD driver, see [3]. On
the devices which I have tested (see below) ath9k now works without
having to specify the "endian_check" field in ath9k_platform_data (or
a similar logic which could provide this via devicetree) as ath9k now
detects the endianness automatically. Only EEPROMs which are mangled
by some out-of-tree code still need the endian_check flag (or one can
simply remove that mangling from the out-of-tree code).

[0] http://www.spinics.net/lists/linux-wireless/msg152634.html
[1] https://marc.info/?l=linux-wireless&m=147250597503174&w=2
[2] https://marc.info/?l=linux-wireless&m=147254388611344&w=2
[3] 50719b56d9/sys/dev/ath/ath_hal/ah_eeprom_9287.c (L351)

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2016-11-29 21:40:16 +01:00
Martin Blumenstingl
1847248fc1 kernel: mac80211: backport ath9k device tree support patches
These patches add support for configuring ath9k based devices via
devicetree. This was tested on PCI(e) based devices. This should work
for AHB based devices as well (adding more AHB specific properties may
still be needed) as soon as the ath79 platform is ready to populate the
ath9k wmac via devicetree.
This patchset was accepted upstream, more information can be found on
the linux-wireless list:
https://www.spinics.net/lists/linux-wireless/msg155474.html

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2016-11-29 21:40:16 +01:00
Stijn Tintel
9f109876ea kernel: have kmod-ipsec depend on kmod-crypto-echainiv
The ESP algorithms in CBC mode require echainiv, so have kmod-ipsec
depend on kmod-crypto-echainiv.

See upstream commit 32b6170ca59ccf07d0e394561e54b2cd9726038c.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2016-11-29 12:19:22 +01:00
Rafał Miłecki
e8fe83e1be iw: drop TX power patch that is part of upstream version now
Applying it again was resulting in duplicated TX info like:
Interface wlan0
        ifindex 6
        wdev 0x1
        addr 00:23:6a:a3:7d:00
        ssid LEDE2
        type AP
        wiphy 0
        channel 11 (2462 MHz), width: 20 MHz, center1: 2462 MHz
        txpower 31.00 dBm
        txpower 31.00 dBm

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-11-29 08:39:57 +01:00
Mathias Kresin
57d36e5bdd ltq-hcd: drop package
Since ffd7c15500 it isn't used anymore on
any supported target.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2016-11-27 15:34:23 +01:00
Mathias Kresin
d561b2f5ce gpio-button-hotplug: add more buttons
The keycodes are used by some boards.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2016-11-27 15:34:23 +01:00
Julian Kornberger
04a76da1ae ipset: Add InstallDev to provide libipset as library 2016-11-26 22:39:27 +01:00
Avi H. D
bbdb20f649 kernel: fix typo in input-gpio-encoder package title
Line 115, 'rotary' was misspelled as 'rotay'

Signed off by: Avinash Duduskar <strykar@hotmail.com>
2016-11-26 22:00:30 +01:00
Felix Fietkau
23a55102df kernel: remove another redundant KCONFIG entry in virt.mk
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-11-24 13:41:10 +01:00
Felix Fietkau
d5c3a7b1ab kernel: fix virtualization kmod dependencies and kconfig symbols
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-11-24 13:29:05 +01:00
Felix Fietkau
e57bed5bc3 kernel: remove kmod-vhost_net, fixes build breakage
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-11-24 13:26:04 +01:00
Florian Fainelli
a9dce48b22 libnl-tiny: Remove GENL_ID_GENERATE
This constant was always defined to 0, and recently got removed in
upstream commit a07ea4d9941af5a0c6f0be2a71b51ac9c083c5e5 ("genetlink: no
longer support using static family IDs")

Fixes libnl-tiny builds with latest upstream kernels.

Fixes: d723f2573a ("libnl-tiny: remove include/linux overrides to fix various build issues")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2016-11-24 12:53:19 +01:00
Yousong Zhou
d206dfdf35 package: add kernel packages for kvm virtualization
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2016-11-24 12:53:18 +01:00
Paul Wassi
4081333084 package/utils/fuse: update to 2.9.7
Update fuse+libfuse to upstream 2.9.7. Drop the patch for CVE-2015-3202,
which is already integrated in the newer version. Rework the other patches.
Also switch PKG_SOURCE from @SF to libfuse's github releases.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2016-11-24 12:53:17 +01:00
Eddi De Pieri
9720185820 uboot-envtools: make it not shared
uboot-envtools have some stuff related to the cpu.

This should fix following error on lantiq soc:

Downloading http://downloads.lede-project.org/snapshots/packages/mips_24kc/base/uboot-envtools_2015.10-1_mips_24kc.ipk.
Configuring uboot-envtools.
//usr/lib/opkg/info/uboot-envtools.postinst: .: line 10: can't open '/lib/ar71xx.sh'

Signed-off-by: Eddi De Pieri <eddi@depieri.net>
2016-11-23 10:17:55 +01:00
Eddi De Pieri
ea12a80276 uboot-lantiq: vgv7519 fix tftp loading of big kernel/image size
On my board:
Bytes transferred = 7084442 (6c199a hex)
   Image Name:   MIPS OpenWrt Linux-3.10.49
   Created:      2014-11-11  17:40:00 UTC
   Image Type:   MIPS Linux Kernel Image (lzma compressed)
   Data Size:    7084378 Bytes = 6.8 MiB
   Load Address: 80002000
   Entry Point:  80002000
   Verifying Checksum ... OK
   Uncompressing Kernel Image ... LZMA: uncompress or overwrite error
7 - must RESET b
ROM VER: 1.0.5
CFG 01

Signed-off-by: Eddi De Pieri <eddi@depieri.net>
2016-11-23 08:43:49 +01:00
Ben Greear
4592067a24 ath10k-ct-firmware: Update to latest firmwares.
The 10.1 includes a good many stability fixes related to the effort of
backporting upstream 10.2 firmware.  Also enables 802.1q vlan support.
Successfully tested on apu2.

The 10.4 firmwares including new backported code as well as stability
fixes.  10.4 has been tested on Fedora x86-64 platforms, but not on LEDE
specifically since I had issues compiling LEDE for my 9980/9984 AP hardware.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2016-11-22 10:50:59 +01:00
Ben Greear
f94bee8c02 ath10k-ct: Update to latest.
Fixes locking issue, quietens some potential message floods.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2016-11-22 10:50:51 +01:00
Felix Fietkau
4da8bde638 netifd: update to the latest version
Fixes config reload on bridge MAC address changes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-11-22 10:48:41 +01:00
Jonas Gorski
48cfc826eb base-files: ignore failure of stopping services on removal
Packages that do a killall <cmd> with the same name as the init script
will fail the prerm step when the service isn't running. Do make them
removable without having to restart the service, ignore the return code.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2016-11-21 18:40:15 +01:00
Jonas Gorski
88a14bfd1d opkg: run prerm scripts for the old version also on upgrade
To make sure we properly restart services on upgrade we need to
call the prerm script of the old package, in case the init script
changes (or vanishes).

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2016-11-21 18:40:15 +01:00
Jonas Gorski
afaa34ccd7 base-files: don't modify enabled state of service on upgrade
Properly stop/start services on upgrade, but don't change the enabled
state.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2016-11-21 18:40:15 +01:00
Jonas Gorski
a58f176ef2 opkg: set PKG_UPGRADE also when running scripts for the old package
Allow scripts from the package to be upgraded to be aware of being
upgraded.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2016-11-21 18:40:15 +01:00
John Crispin
3c52cbfa53 Revert "grub2: add PKG_FIXUP:=autoreconf"
this caused build errors on x86

This reverts commit a0ea22ac43.

Signed-off-by: John Crispin <john@phrozen.org>
2016-11-21 16:49:54 +01:00
Alexandru Ardelean
a0ea22ac43 grub2: add PKG_FIXUP:=autoreconf
The host-side build of grub2 requires this sometimes.
This will re-generate the ./configure script from configure.ac.
I don't know the conditions of how this reproduces, it just
sometimes appears, and sometimes doesn't.

Build error
```
<lede-dir>/build_dir/target-x86_64_musl-1.1.15_yogi/host/grub-2.02~beta2/build-aux/missing: line 81: aclocal-1.14: command not found
WARNING: 'aclocal-1.14' is missing on your system.
         You should only need it if you modified 'acinclude.m4' or
         'configure.ac' or m4 files included by 'configure.ac'.
         The 'aclocal' program is part of the GNU Automake package:
         <http://www.gnu.org/software/automake>
         It also requires GNU Autoconf, GNU m4 and Perl in order to run:
         <http://www.gnu.org/software/autoconf>
         <http://www.gnu.org/software/m4/>
         <http://www.perl.org/>
Makefile:3962: recipe for target 'aclocal.m4' failed
```

Adding PKG_FIXUP adds sanity (i.e. autoreconf is used for host & target
builds) over just using HOST_FIXUP.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2016-11-21 12:54:24 +01:00
John Crispin
320d8fa3bc odhcpd: update to latest git HEAD
Signed-off-by: John Crispin <john@phrozen.org>
2016-11-21 12:16:55 +01:00
John Crispin
41164ba2dc odhcpd: update to latest git HEAD
Signed-off-by: John Crispin <john@phrozen.org>
2016-11-21 12:04:23 +01:00
Magnus Kroken
a74394be00 openvpn: update to 2.3.13
Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.13

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2016-11-21 10:11:53 +01:00
Paul Wassi
d6e8b1f841 uboot-envtools: add 'dockstar' for kirkwood
Add board 'dockstar' to known fw_env-configurations.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2016-11-21 10:10:38 +01:00
Piotr Dymacz
d86f08cc94 uboot-envtools: add support for YunCore CPE830
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2016-11-21 10:05:40 +01:00
Piotr Dymacz
dcceea4fd3 uboot-envtools: add support for YunCore CPE870
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2016-11-21 10:05:40 +01:00
Piotr Dymacz
9ee8257cc7 uboot-envtools: add support for YunCore AP90Q
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2016-11-21 10:05:40 +01:00
Felix Fietkau
cc853810a4 base-files: validate metadata of sysupgrade images
Use fwtool to extract it, only require metadata to be present if the
platform sysupgrade script sets REQUIRE_IMAGE_METADATA=1

Image metadata is in JSON format and contains a list of supported
devices, along with version information that could be displayed by a UI
later before the actual upgrade happens.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-11-19 11:24:09 +01:00
Felix Fietkau
929641fa1f fwtool: add utility for appending and extracting firmware metadata/signatures
This will be used to append extra information to images which allows the
system to verify if an image is compatible with the system.

The extra data is appended to the end of the image, where it will be
ignored when upgrading from systems that do not process this data yet:

If the image is a squashfs or jffs2 image, the extra data will land
after the end-of-filesystem marker, where it will be overwritten once
the system boots for the first timee.

If the image is a sysupgrade tar file, tar will simply ignore the extra
data when unpacking.

The layout of the metadata/signature chunks is constructed in a way
that the last part contains just a magic and size information, so that
the tool can quickly check if any valid data is present without having
to do a pattern search throughout the full image.

Chunks also contain CRC32 information to detect file corruption, even
when the image is not signed.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-11-19 11:24:09 +01:00