Commit graph

1530 commits

Author SHA1 Message Date
John Crispin
491f3fc048 Support for building an hardened OpenWRT
Introduce configuration options to build an "hardened" OpenWRT.

Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.

uClibc makefile now automatically detects if SSP support is necessary.

hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.

Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.

Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.

Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>

SVN-Revision: 44005
2015-01-17 14:31:30 +00:00
Imre Kaloz
3a9e3dfa95 netfilter: handle NFT_MASQ_IPV6
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 43966
2015-01-14 08:53:11 +00:00
Imre Kaloz
c3c00c4286 netfilter: handle nft_masq and nft_masq_ipv4
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 43950
2015-01-12 20:16:36 +00:00
Luka Perkov
b78cddafcc kernel: update 3.14 to 3.14.28
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 43929
2015-01-11 01:28:32 +00:00
Felix Fietkau
5b0d18093d ramips: convert mt7621 images to new image building code
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43908
2015-01-10 15:26:53 +00:00
Felix Fietkau
95a945a7cb build: add new image building code infrastructure
This simplifies building device / profile specific images, and allows
the build system to parallelize generating images

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43907
2015-01-10 15:26:47 +00:00
Jo-Philipp Wich
54602a82a4 version.mk: explicitely filter "generic" subtarget for "%s" placeholder (#18710)
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43905
2015-01-10 11:17:11 +00:00
Jo-Philipp Wich
4685e4f273 sdk: track files with git and use it to implement proper clean targets
Initialize a Git repository in the SDK and use git reset / git clean
to rollback any SDK changes with "make clean" or "make dirclean".

This approach is more robust than nuking entire directory trees because
some parts of them might have been shipped with the original archive.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43904
2015-01-10 11:17:02 +00:00
Imre Kaloz
182bbf60b7 upgrade to 3.18.2
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 43892
2015-01-09 12:35:19 +00:00
Jo-Philipp Wich
90ed8d1b5b version.mk: add "%s" placeholder for dotted target.subtarget notation
Implement "%s" placeholder that expands to either the target name,
e.g. "ar71xx" if the subtarget is generic or to target.subtarget, e.g.
"ar71xx.nand" is a subtarget is choosen.

Also change the default repository url template to use "%s" instead
of "%T" to reflect the directory structure used by the buildbot systems.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43871
2015-01-08 12:46:37 +00:00
Jo-Philipp Wich
15d8db1f8c build: add version number to filenames
This commit introduces a new option CONFIG_VERSION_FILENAMES which causes
OpenWrt to embed the version number in generated image files, SDK- and
ImageBuilder archives.

The option is enabled by default if CONFIG_VERSIONOPT is set.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43869
2015-01-08 11:02:00 +00:00
Luka Perkov
deb35ad4ac kernel: update 3.18 to 3.18.1
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 43821
2015-01-03 22:59:47 +00:00
Luka Perkov
9c8422a09b kernel: update 3.14 to 3.14.27
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 43820
2015-01-03 22:59:43 +00:00
Felix Fietkau
f22b382485 image.mk: make ubinize.cfg optional
When using UbinizeImage with ubifs rootfs, ubinize.cfg is no longer
needed. Yet, the absance of ubinize.cfg would make the build process
abort with an error.
Fix that by checking if ubinize.cfg is present and do no not call the
"classic" ubinize image generation if it isn't.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[missing new-line before UbinizeImage added itentionally]

SVN-Revision: 43788
2014-12-27 13:03:19 +00:00
Felix Fietkau
9a46799804 build: use gcc-provided ar, nm and ranlib where appropriate
Since GCC 4.7, GCC provides its own wrappers around ar, nm and ranlib, which
should be used for builds with link-time optimization. Since GCC 4.9, using them
actually necessary for LTO builds using convenience libraries to succeed.

There are some packages which try to automatically detect if gcc-{ar,nm,ranlib}
exist (one example is my package "fastd" in the package repository, which tries
to use LTO). This breaks because the OpenWrt build system explicitly sets the
binutils versions of these tools.

As it doesn't cause any issues to use gcc-{ar,nm,ranlib} instead of
{ar,nm,ranlib} even without LTO, this patch just makes OpenWrt use the
GCC-provided versions by default, which fixes the build of such packages with
GCC 4.9.

(I know that builds fail though when clang is used with -flto and
gcc-{ar,nm,ranlib}, but as all OpenWrt toolchains are based on GCC, this isn't
a real issue.)

Completely cleaning the tree (or at least `make clean toolchain/clean`) is
necessary to get a consistent state after the binutils plugins support patch and
this one (as trying to use gcc-{ar,nm,ranlib} with a binutils built without
plugin support will definitely lead to a build failure).

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>

SVN-Revision: 43784
2014-12-27 12:59:59 +00:00
Imre Kaloz
9038e8d248 don't copy initramfs.elf unconditionally
targets that need it should do it in their image Makefile

Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 43780
2014-12-26 14:31:45 +00:00
Imre Kaloz
f3755f5758 The ubinized filesystems should be used for generating the final images, so store them in KDIR instead.
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 43778
2014-12-26 13:33:22 +00:00
Felix Fietkau
f6f0984c43 build: prevent spurious host-build re-builds by touching .built after the install command before touching .installed
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43721
2014-12-15 20:14:27 +00:00
Felix Fietkau
256d49be3c kernel.mk: Handle the x86_64 LINUX_KARCH case
x64 is handled by the x86 architecture in Linux, add a case for it in
LINUX_KARCH.

Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>

SVN-Revision: 43672
2014-12-12 18:28:13 +00:00
Felix Fietkau
fb5e8d203b kernel.mk: Refactor LINUX_KARCH affectation
Switch to a dumber implementation that will be easier to maintain in the long
run, with only if statements instead of having nested subst calls.

Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>

SVN-Revision: 43671
2014-12-12 18:28:03 +00:00
Felix Fietkau
9318930993 kernel: allow specifying kernel images to be copied separately from kernel make command line
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43619
2014-12-11 15:29:33 +00:00
Felix Fietkau
27f36718d3 kernel: add a patch to make netfilter conntrack cache routing information
Significantly improves routing / NAT performance

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43587
2014-12-09 11:01:49 +00:00
Felix Fietkau
712f6ec52a kernel: update linux 3.18 to final release
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43569
2014-12-08 13:16:35 +00:00
Felix Fietkau
3951f9492f kernel: update linux 3.14 to 3.14.26
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43563
2014-12-08 12:03:53 +00:00
Jonas Gorski
e0342d2684 sdk: don't try to build in-kernel kmods
We don't ship the kernel sources, so using the base git as a feed will
fail when trying to build kernel modules with separate install steps.
Instead of trying to fixup the install steps, let's just skip building
kernel modules alltogether and just create empty packages.

Out-of-kernel modules are still expected to exist and are packaged, as
for these sources are fetched during the normal build steps.

Reported-by: Jo-Philipp Wich <jow@openwrt.org>
Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 43525
2014-12-05 11:50:42 +00:00
Felix Fietkau
d1c0a65266 kernel: update 3.18 to rc7
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43479
2014-12-01 17:38:54 +00:00
Luka Perkov
070d3b27c2 kernel: update 3.14 to 3.14.25
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 43427
2014-11-29 10:30:58 +00:00
John Crispin
40da7aae54 target.mk: add default packages for NAS device-type
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 43387
2014-11-26 08:59:49 +00:00
Imre Kaloz
c26c5eff0e update .18 support for -rc6
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 43357
2014-11-24 10:17:33 +00:00
Florian Fainelli
dd8d7188ee aarch64: add initial support
Add initial support for the AArch64 architecture

Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 43353
2014-11-24 06:33:13 +00:00
Felix Fietkau
ab92a23394 build: allow AutoLoad and AutoProbe to specify modules not included in the package
On out-of-tree modules depending on other out-of-tree modules from a
different tree, module dependencies are not filled properly.
This change helps with adding those dependencies in the AutoLoad call

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43323
2014-11-19 20:16:50 +00:00
John Crispin
6521f53c65 keernel: Fixed dependencies in netfilter modules introduced with 3.18 kernel
Building current trunk with 3.18 kernel fired some errors like 'missed
dependancy of module XXX from library kmod_YYY.ko'. These patch fixes 3
of such issues which are critical to have a successful build.

Signed-off-by: Alexey N Vinogradov <a.n.vinogradov@gmail.com>

SVN-Revision: 43318
2014-11-19 14:09:01 +00:00
Hauke Mehrtens
a69ebe234d kernel: update kernel 3.18 to rc4
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 43229
2014-11-10 22:51:30 +00:00
Steven Barth
25a6d37e23 kernel: 3.18: Fix kmod-ipt-nat
The 3.18 kernel introduced new Kconfig options for the xt_nat and iptable_nat
kernel modules, that both belong to the ipt_nat kernel package.

Enable this new options.

Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>

SVN-Revision: 43212
2014-11-08 12:17:14 +00:00
Felix Fietkau
9a2cf10c33 netfilter: Enable compiling iptables match cluster
This patch adds the userspace and kernelspace for

- match NETFILTER_XT_MATCH_CLUSTER
  This match can be used to deploy gateway and back-end load-sharing clusters.
- target IP_NF_TARGET_CLUSTERIP
  This module allows you to configure a simple cluster of nodes
  that share a certain IP and MAC address
  without an explicit load balancer in front of them.
  Connections are statically distributed between the nodes in this cluster.

This is used i.e. by strongswan-ha.

Signed-off-by: Christian Scheele <cs@embedd.com>

SVN-Revision: 43174
2014-11-03 22:01:45 +00:00
Rafał Miłecki
cea2b5299b kernel: make it possible to select experimental 3.18 (3.18-rc2)
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 43094
2014-10-27 18:16:45 +00:00
John Crispin
eb738f5275 generate list of license information for packages
Many packages define already metadata about their license (PKG_LICENSE),
but this is only included in the ipk files.

This change allows to create the information also on the build-host,
to get an overview on the used licenses.
In the full list, also all packages without this info are shown

Signed-off-by: Thomas Langer <thomas.langer@lantiq.com>

SVN-Revision: 43070
2014-10-26 16:57:33 +00:00
Felix Fietkau
d4754e1eb5 Revert "include/shell.sh: remove getvar()"
It is more widely used than I thought.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43068
2014-10-26 16:18:24 +00:00
Felix Fietkau
0aca075a97 kernel: update 3.10.49 to 3.10.58 (released 2014-oct-15)
All platforms which are using 3.10.x at the moment are upgraded.

Changelogs:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.50
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.51
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.52
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.53
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.54
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.55
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.56
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.57
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.58

A new symbol 'X86_16BIT' appeared in 3.10.52 with commit 34273f41d57ee8d854dcd2a1d754cbb546cb548f
("x86-espfix-make-it-possible-to-disable-16-bit-support.patch")
I defaults to 'unset', but it's worth a discussion to enable it
("turn off support for any 16-bit software").

Also removed the patch 0db3db45f5bd6df4bdc03bbd5dec672e16164c4e
("fix build failure on memcpy() in decompress.c")
and is obsolete by commit 29593fd5a8149462ed6fad0d522234facdaee6c8 upstream.
included in kernel 3.10.56

compile tested on all platforms with:
make tools/install
make toolchain/install
make target/linux/compile

user@box:~/user/openwrt$ cat /tmp/log.txt
[Wed Oct 22 00:36:02 CEST 2014] ./smoketest.sh: ar71xx - OK
[Wed Oct 22 00:53:22 CEST 2014] ./smoketest.sh: ar7 - OK
[Wed Oct 22 01:08:27 CEST 2014] ./smoketest.sh: au1000 - OK
[Wed Oct 22 01:21:43 CEST 2014] ./smoketest.sh: avr32 - OK
[Wed Oct 22 01:37:47 CEST 2014] ./smoketest.sh: cns21xx - OK
[Wed Oct 22 01:52:05 CEST 2014] ./smoketest.sh: cns3xxx - OK
[Wed Oct 22 02:10:23 CEST 2014] ./smoketest.sh: gemini - OK
[Wed Oct 22 02:29:07 CEST 2014] ./smoketest.sh: ixp4xx - OK
[Wed Oct 22 02:44:01 CEST 2014] ./smoketest.sh: malta - OK
[Wed Oct 22 02:55:57 CEST 2014] ./smoketest.sh: mpc85xx - OK
[Wed Oct 22 03:07:56 CEST 2014] ./smoketest.sh: orion - OK
[Wed Oct 22 03:24:30 CEST 2014] ./smoketest.sh: ppc40x - OK
[Wed Oct 22 03:40:19 CEST 2014] ./smoketest.sh: ppc44x - OK
[Wed Oct 22 03:55:29 CEST 2014] ./smoketest.sh: realview - OK
[Wed Oct 22 04:09:47 CEST 2014] ./smoketest.sh: sparc - OK
[Wed Oct 22 04:23:37 CEST 2014] ./smoketest.sh: x86 - OK
[Wed Oct 22 04:35:56 CEST 2014] ./smoketest.sh: xburst - OK

run tested on x86, au1000, ar71xx, mpc85xx and brcm47xx

Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>

SVN-Revision: 43049
2014-10-24 20:39:26 +00:00
Felix Fietkau
61caf7e89b kernel: allow targets to specify KERNEL_PATCHVER instead of LINUX_VERSION
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43043
2014-10-24 13:04:08 +00:00
Jo-Philipp Wich
4de4827ddc include: unbreak conffiles, postinst & prerm exports
Changeset r43017 reworked the ipkg control metadata generation but broke
the export of conffiles, postinst and prerm defines.

Change the code back to rely on shvar and shexport, this is required to
properly output multiline contents.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43041
2014-10-24 09:24:51 +00:00
Felix Fietkau
4fde9deed1 Revert "build: use ONESHELL to speed up scanning and the toplevel makefile"
This seems to cause issues on some build hosts, and it is not that
important.

SVN-Revision: 43025
2014-10-22 10:47:26 +00:00
Felix Fietkau
949ab1487f build: only print skipped packages that were selected
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43023
2014-10-22 08:57:50 +00:00
Felix Fietkau
d8278dee4d kernel: use /bin/sh instead of bash to speed up processing of many kmod-* packages
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43022
2014-10-22 08:57:45 +00:00
Felix Fietkau
c497990834 build: use ONESHELL to speed up scanning and the toplevel makefile
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43021
2014-10-22 08:57:40 +00:00
Felix Fietkau
43f485f334 include/shell.sh: remove getvar()
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43020
2014-10-22 08:57:30 +00:00
Felix Fietkau
cc43532293 build: optimize target metadata dump
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43019
2014-10-22 08:57:25 +00:00
Felix Fietkau
d081edf7eb build: clean up and optimize ipkg control generator code
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43017
2014-10-22 08:57:16 +00:00
Felix Fietkau
364fb4dacb build: do not process built-in rules for make subdirs
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43016
2014-10-22 08:57:11 +00:00
Felix Fietkau
edc8e2022a build: optimize printing of disabled packages
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43015
2014-10-22 08:57:07 +00:00