Commit graph

114 commits

Author SHA1 Message Date
Julien Dusser
241e6dd3e9 build: cleanup SSP_SUPPORT configure option
Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh,
avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain
and depends it means 'build gcc with libssp'.

Musl no longer uses libssp (1877bc9d8f), it has internal support, so
SSP_SUPPORT was disabled leading some package to not use SSP.

No information why Glibc and uClibc use libssp, but they may also provide
their own SSP support. uClibc used it own with commit 933b588e25 but it was
reverted in f3cacb9e84 without details.

Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT
if either USE_MUSL or GCC_LIBSSP.

Signed-off-by: Julien Dusser <julien.dusser@free.fr>
2018-01-27 19:02:48 +01:00
Julien Dusser
df0bd42fde build: add hardened builds with PIE (ASLR) support
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.

Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.

Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.

If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.

Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
2018-01-27 16:46:45 +01:00
Alexandru Ardelean
ab6a96f3f5 Config-devel.in: rename symbol KERNEL_GIT_BRANCH -> KERNEL_GIT_REF
The Download/git rule will do a `git checkout <git-ref>`.
So, we can use any ref we want.

No need to limit just to branches.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2018-01-27 16:46:45 +01:00
Yousong Zhou
dc555d003c build: disable BUILD_PATENTED by default
This is mainly for legal considerations and not promoting the usage of
and no redistribution of binaries of patented technologies seems to be
also the established practice in other linux distros.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-26 09:45:08 +08:00
Koen Vandeputte
fce35bce0f config: support new symbol intro'd in kernel 4.12
Symbol CONFIG_INITRAMFS_FORCE allows to ignore the value passed by the
bootloader.

By default, all symbols containing INITRAMFS are wiped from the final
config and then re-added conditionally.

Add support for this symbol, as the build will stop otherwise
questioning the user about this option:

* Restart config...
*
*
* General setup
*
Cross-compiler tool prefix (CROSS_COMPILE) []
Compile also drivers which will not load (COMPILE_TEST) [N/y/?] n

...

Initial RAM filesystem and RAM disk (initramfs/initrd) support
(BLK_DEV_INITRD) [Y/n/?] y
Initramfs source file(s) (INITRAMFS_SOURCE) []
Ignore the initramfs passed by the bootloader (INITRAMFS_FORCE)
[N/y/?] (NEW)

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-13 16:27:45 +01:00
Matthias Schiffer
ef27f15330
kernel: allow disabling multicast routing support
Multicast routing support is not needed in most setups, and increases the
size of the kernel considerably (>10K after LZMA). Add a config switch to
allow disabling it.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-11 11:51:24 +01:00
Sascha Paunovic
d810a2aebf kernel: fix spelling in CONFIG_DEVTMPFS help text
Change "ti" to "to", as that's the correct spelling.

Signed-off-by: Sascha Paunovic <azarus@posteo.net>
2017-12-11 12:43:29 +01:00
Chris Blake
a92f73e922 mpc85xx: Enable initramfs for p1020 subtarget
The following patch enables building of initramfs images by default for
the P1020 subtarget in mpc85xx.

Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
2017-10-14 01:19:35 +02:00
Hauke Mehrtens
589621b1c0 config: make CONFIG_ALL_* select other CONIFG_ALL_* options
Select the other CONFIG_ALL_* options in the hierarchy when the master
option is selected. Currently CONFIG_ALL_KMODS is not selected when the
build bot selects CONFIG_ALL_NONSHARED for example.

Now the rtc kmods should get build when CONFIG_ALL_KMODS,
CONFIG_ALL_NONSHARED or CONFIG_ALL and CONFIG_RTC_SUPPORT are selected
like it is done by the build bots for targets with rtc support.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-08-26 14:59:20 +02:00
Felix Fietkau
7887a46f45 build: enable gzipping of images on x86 even if ext4 is disabled
There is lots of padding between the boot partition and the rootfs, so
gzipping is helpful here

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-07-06 11:30:33 +02:00
Florian Fainelli
90336ef4cd kernel: Make KERNEL_PERF_EVENTS selectable
The kernel itself allows enabling/disabling CONFIG_PERF_EVENTS, so allow
doing the same thing.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-26 15:42:25 -07:00
Florian Fainelli
ce731158c8 kernel: Hide kernel options behind a menu
We are starting to add more and more kernel configurable options, to the
point where the Global build options menu is not really usable anymore,
hide all kernel-related configuration options behind a menu.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-26 15:42:13 -07:00
Daniel Golle
48d71ab502 kernel: enable CRASH_DUMP on supported platforms
While we have CRASHLOG on MIPS it makes sense to support 'classic'
kexec-based CRASH_DUMP on x86 and arm platforms.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-05-20 00:26:03 +02:00
Felix Fietkau
0b7ed65cec kernel: remove out of tree direct-io disable hack
Direct-IO support has to be enabled for the release build anyway, so
this hack is not worth keeping

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-26 10:27:45 +02:00
Philip Prindeville
7fe5963be0 build: allow specifying flow-control to grub on serial console
On the more sophisticated (i.e. deeper FIFO) serial controllers,
flow-control might be needed to avoid dropping output.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-04-03 08:51:02 +02:00
Vitaly Chekryzhev
01337ba472 build: add devel option to store build config in firmware
Store config.seed in firmware /etc/build.config

Signed-off-by: Vitaly Chekryzhev <13hakta@gmail.com>
2017-03-18 12:08:04 +01:00
David Woodhouse
ab20c638b6 x86: Set default baud rate on Geode images to 115200
Prior to commit 1496b95a0 ("x86: clean up default grub baudrate
settings") we had three different baud rates for the Geode targets:
19200 for net5501, 38400 for alix2, and 115200 for Geos.

It doesn't seem that there's a very good reason for varying from our
default 115200 baud, so let's make the Geode target do that instead.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2017-02-17 10:30:38 +01:00
Felix Fietkau
9dcb921d90 build: add buildbot specific config option for setting defaults
This can be used to tweak the buildbot behavior without having to change
buildbot's configuration.
It will also allow us to add more aggressive clean steps (e.g. on
toolchain changes), which would break developers' workflows if enable
by default.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-14 14:18:35 +01:00
Hannu Nyman
eaf3fef946 ccache, samba36: fix samba.org addresses to use https
samba.org has started to enforce https and
currently plain http downloads with curl/wget fail,
so convert samba.org download links to use https.

Modernise links at the same time.

Also convert samba.org URL fields to have https.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-02-02 00:14:03 +01:00
Felix Fietkau
7a523569f7 build: add support for automatically removing build dir contents during build
This is used to save space on buildbot instances.
If any part of a package needs to be rebuild, the whole package is
rebuilt from scratch. Stamp files are preserved to allow dependency
checks to work

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-18 23:57:08 +01:00
Felix Fietkau
749918911d x86: disable crashlog
It could cause crashes with some forms of virtualization, and it is
unlikely to work properly with most systems.
It's safer to just disable it.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 15:15:09 +01:00
Felix Fietkau
1e1d735e52 build: remove obsolete parallel build related options
Always use the main make jobserver, which has been the default for ages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Hauke Mehrtens
6e7fdf07b7 kernel: add KERNEL_DEVMEM and KERNEL_DEVKMEM
These options are needed to create /dev/mem or /dev/kmem .
/dev/mem is needed by the io tool to access raw hardware memory, which
is helpful when debugging and developing drivers.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: John Crispin <john@phrozen.org>
2016-12-24 14:55:35 +01:00
Felix Fietkau
4cc1f1ac1c x86: revert default root size back to 256 MB
2 GB is overkill and was only added to allow unlimited ext4 resizing,
which is a pretty rare use case. 256 MB allows resizing up to 256 GB,
which should be good enough for almost all users.

A lot of this is mostly irrelevant anyway, since you can just use
squashfs + ext4 overlay.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-15 11:46:01 +01:00
Hauke Mehrtens
c058f4f22d kernel: add KERNEL_DEBUG_PINCTRL and KERNEL_DEBUG_GPIO
This makes it possible to activate the gpio and the pinctl debugging
from LEDE menuconfig.

Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-10 16:06:34 +01:00
Felix Fietkau
426e4d93bb uml: clean up the kernel config and add squashfs+ext4/f2fs support
Replaces plain ext4 images

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-11-24 12:53:18 +01:00
Felix Fietkau
12a6e3cd05 x86: bump default kernel partition size to 16M
This leaves more room for sysupgrade config data or for having multiple
kernel images to choose from

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-11-09 12:17:52 +01:00
Jo-Philipp Wich
dc6cc04016 config: ext4: increase x86 rootfs size to 2GB to support online resize2fs
The current default rootfs size of 256MB in conjunction with 4K blocks
produces an ext4 filesystem which lacks the appropriate amount of backup GDT
entries to support online-resizing.

For x86 targets, increase the default rootfs size to 2048MB which allows
online resizing the filesystem to up to 2TB which is the current theoretical
maximum for LEDE, due to missing GPT support on the root block device.

Note that the filesystem artefact will not occupy 2GB on the build system as
the make_ext4fs utility uses sparse files to generate the filesystem images,
so the actual disk usage is much lower. Furthermore the filesystem images
are gzip compressed, shrinking them to only a few megabytes on the download
server.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Michael Heimpold <mhei@heimpold.de>
2016-10-27 19:24:38 +02:00
Jo-Philipp Wich
d1ae4c4958 config: ext4: drop option to set maximum number of inodes
There is very little practical use to limit the number of available inodes on
an ext4 filesystem and the make_ext4fs utility is able to calculate useful
defaults by itself.

Drop the option to make resulting ext4 filesystems more flexible by default.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Michael Heimpold <mhei@heimpold.de>
2016-10-27 19:24:38 +02:00
Matthias Schiffer
77f54eae45
config: enable shadow passwords unconditionally
Configurations without shadow passwords have been broken since the removal
of telnet: as the default entry in /etc/passwd is not empty (but rather
unset), there will be no way to log onto such a system by default. As
disabling shadow passwords is not useful anyways, remove this configuration
option.

The config symbol is kept (for a while), as packages from feeds depend on
it.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-26 17:57:56 +02:00
Felix Fietkau
a1f83bad60 images: bump default rootfs size to 256 MB
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-08 15:28:39 +02:00
Josua Mayer
3242c07649 mvebu: add sdcard image creation script
Added gen_mvebu_sdcard_img.sh to facilitate creating an fixed-size sdcard image,
adding the bootloader and populating it with actual data.

Added the required rules for creating a 4GB sdcard image according to this layout:
p0: boot (fat32)
p1: rootfs (squashfs)
p2: rootfs_data (ext4)
This should be generic to any mvebu boards that can boot from block storage.

Added the new sdcard image to the Clearfog image profile.

Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
2016-09-02 14:43:52 +02:00
Nathaniel Wesley Filardo
39d817cf38 Add config symbols for kernel keyring support
Enable selection of the kernel key retention framework and some of its
additional facilities; see Documentation/security/keys.txt and
security/keys/Kconfig for details

Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
2016-09-02 14:43:52 +02:00
Christian Lamparter
08257a4053 apm821xx: use lzma compression for the initramfs images
The MR24's u-boot takes it sweet time decompressing the
LZMA-packed initramfs image. A user reported that
compared to the old gzip method in v2: it "takes a ton
longer to decompress like 4\x the old boot time for
decompression".

This patch also fixes a issue with the WNDR4700's initramfs
image getting to big and causing the following u-boot crash
during the decompression:

"Uncompressing Multi-File Image ... Error: inflate() returned -5
out-of-mem or overwrite error - must RESET board to recover"

This patch fixes both issues by reverting the MR24's initramfs
compression method back to gzip. And choosing to compress the
initramfs within the initramfs image as LZMA by default.

Cc: chrisrblake93@gmail.com
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2016-07-25 10:38:11 +02:00
Felix Fietkau
673004f9bc config: remove options for including kernel/dtb in rootfs
These options were a big design flaw to begin with

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-20 10:13:50 +02:00
Felix Fietkau
d7b185128d build: make TARGET_ROOTFS_JFFS2 depend on USES_JFFS2
If jffs2 support was not enabled by the target, jffs2 are quite likely
to be broken, so we shouldn't build them.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-20 10:13:50 +02:00
Felix Fietkau
a4e90e2cac toolchain: get rid of GCC_VERSION_5 config symbol
Replace it with !GCC_VERSION_4_8 to be more future compatible

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-15 14:17:40 +02:00
Daniel Dickinson
b9952797e6 kernel: Move POSIX ACL and attr support options into submenu
Make global options menuconfig cleaner by moving POSIX ACL
and attr support options into a submenu.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
2016-07-05 22:59:14 +02:00
Daniel Dickinson
e408abd7fb kernel: Add option to make using filesystem ACL support the default
This adds a configuration options that allows to make filesystem ACL support
the default in the kernel, except for old nfs.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
2016-06-30 22:48:39 +02:00
John Crispin
30acacb0af config: add a small_flash feature
this causes KALLSYMS to be off by default

Signed-off-by: John Crispin <john@phrozen.org>
2016-06-13 22:51:43 +02:00
Daniel Golle
2aa818a0bb kernel: add missing symbol
Add missing symbol When building kernel with profiling enabled and ARM
or ARM64 targets.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2016-05-16 18:00:34 +02:00
Felix Fietkau
42d2eb7628 build: remove leftover dependenices on TARGET_rdc
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-12 17:43:48 +02:00
Jo-Philipp Wich
941fc5e8c8 global: introduce ALL_NONSHARED symbol
Introduce a new symbol ALL_NONSHARED which selects all non-sharable packages
by default. This option is mainly intented for buildbot setups to build the
target dependant software subset only.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-13 17:24:12 +02:00
Felix Fietkau
be9e991b88 build: don't add -fno-plt for ARC
Curent ARC toolchain fails to build libstdc++ if -fno-plt is used.
Lots of following error messages appear:
------------------->8------------------
...
staging_dir/toolchain-arc_arc700_gcc-arc-2015.06_uClibc-1.0.9/arc-openwrt-linux-uclibc/bin/ld:
BFD (GNU Binutils) 2.23.2 assertion fail elf32-arc.c:2786
collect2: error: ld returned 1 exit status
------------------->8------------------

In newer binutils (still in development) for ARC rewritten from
scratch this seem to not happen, so once new binutils for ARC hit
the street this patch might be reverted.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Felix Fietkau <nbd@openwrt.org>
Cc: Jo-Philipp Wich <jow@openwrt.org>
Cc: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 48642
2016-02-07 13:29:16 +00:00
Florian Fainelli
312367665a buildroot: add options to build the kernel for NFS boot
Add the basic set of kernel options to allow it from mounting a NFS root
and boot from it.

Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 48590
2016-02-01 01:06:39 +00:00
Felix Fietkau
b3f7902a06 include/kernel: add custom USER/DOMAIN config options
These allow the generated kernel's build metadata to be defined explicitly.
This metadata is reported, eg, at boot time and in `uname -a` on running
systems. If the variables aren't configured, the current build system username
and hostname are used as normal.

The motivation for this option is to achive reproducible (bit-for-bit
identical) kernel builds of official openwrt releases.

Signed-off-by: bryan newbold <bnewbold@robocracy.org>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48541
2016-01-28 22:42:34 +00:00
Felix Fietkau
657d0cc2ce build: do not deselect CONFIG_USE_SSTRIP if CONFIG_DEBUG is enabled
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48504
2016-01-26 08:39:21 +00:00
Felix Fietkau
fb713ddd4d build: add -fno-plt to default cflags, it improves PIC code optimization
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48470
2016-01-24 00:16:36 +00:00
Felix Fietkau
aec0e6ac8f build: use sstrip by default for musl
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48313
2016-01-18 12:47:36 +00:00
Felix Fietkau
33beafa8d8 Configure IPv6 kernel options in config/Config-kernel.in
Revision 46834 changed IPv6 support from a module to builtin. But
since the configuration of the IPv6 kernel options was left in
package/kernel/linux/modules/netsupport.mk, this means that an
empty kmod-ipv6 module was still being generated (not packaged).

This patch moves the configuration of the IPv6 kernel options to
config/Config-kernel.in to remove this last bit of the module.

Note that CONFIG_IPV6_PRIVACY was dropped (enabled by default
since Linux v3.13), so this option is no longer needed.

See 5d9efa7ee9

Signed-off-by: Arjen de Korte <arjen+openwrt@de-korte.org>

SVN-Revision: 48132
2016-01-04 23:30:36 +00:00