Commit graph

88 commits

Author SHA1 Message Date
Felix Fietkau
12a6e3cd05 x86: bump default kernel partition size to 16M
This leaves more room for sysupgrade config data or for having multiple
kernel images to choose from

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-11-09 12:17:52 +01:00
Jo-Philipp Wich
dc6cc04016 config: ext4: increase x86 rootfs size to 2GB to support online resize2fs
The current default rootfs size of 256MB in conjunction with 4K blocks
produces an ext4 filesystem which lacks the appropriate amount of backup GDT
entries to support online-resizing.

For x86 targets, increase the default rootfs size to 2048MB which allows
online resizing the filesystem to up to 2TB which is the current theoretical
maximum for LEDE, due to missing GPT support on the root block device.

Note that the filesystem artefact will not occupy 2GB on the build system as
the make_ext4fs utility uses sparse files to generate the filesystem images,
so the actual disk usage is much lower. Furthermore the filesystem images
are gzip compressed, shrinking them to only a few megabytes on the download
server.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Michael Heimpold <mhei@heimpold.de>
2016-10-27 19:24:38 +02:00
Jo-Philipp Wich
d1ae4c4958 config: ext4: drop option to set maximum number of inodes
There is very little practical use to limit the number of available inodes on
an ext4 filesystem and the make_ext4fs utility is able to calculate useful
defaults by itself.

Drop the option to make resulting ext4 filesystems more flexible by default.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Michael Heimpold <mhei@heimpold.de>
2016-10-27 19:24:38 +02:00
Matthias Schiffer
77f54eae45
config: enable shadow passwords unconditionally
Configurations without shadow passwords have been broken since the removal
of telnet: as the default entry in /etc/passwd is not empty (but rather
unset), there will be no way to log onto such a system by default. As
disabling shadow passwords is not useful anyways, remove this configuration
option.

The config symbol is kept (for a while), as packages from feeds depend on
it.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-26 17:57:56 +02:00
Felix Fietkau
a1f83bad60 images: bump default rootfs size to 256 MB
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-08 15:28:39 +02:00
Josua Mayer
3242c07649 mvebu: add sdcard image creation script
Added gen_mvebu_sdcard_img.sh to facilitate creating an fixed-size sdcard image,
adding the bootloader and populating it with actual data.

Added the required rules for creating a 4GB sdcard image according to this layout:
p0: boot (fat32)
p1: rootfs (squashfs)
p2: rootfs_data (ext4)
This should be generic to any mvebu boards that can boot from block storage.

Added the new sdcard image to the Clearfog image profile.

Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
2016-09-02 14:43:52 +02:00
Nathaniel Wesley Filardo
39d817cf38 Add config symbols for kernel keyring support
Enable selection of the kernel key retention framework and some of its
additional facilities; see Documentation/security/keys.txt and
security/keys/Kconfig for details

Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
2016-09-02 14:43:52 +02:00
Christian Lamparter
08257a4053 apm821xx: use lzma compression for the initramfs images
The MR24's u-boot takes it sweet time decompressing the
LZMA-packed initramfs image. A user reported that
compared to the old gzip method in v2: it "takes a ton
longer to decompress like 4\x the old boot time for
decompression".

This patch also fixes a issue with the WNDR4700's initramfs
image getting to big and causing the following u-boot crash
during the decompression:

"Uncompressing Multi-File Image ... Error: inflate() returned -5
out-of-mem or overwrite error - must RESET board to recover"

This patch fixes both issues by reverting the MR24's initramfs
compression method back to gzip. And choosing to compress the
initramfs within the initramfs image as LZMA by default.

Cc: chrisrblake93@gmail.com
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2016-07-25 10:38:11 +02:00
Felix Fietkau
673004f9bc config: remove options for including kernel/dtb in rootfs
These options were a big design flaw to begin with

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-20 10:13:50 +02:00
Felix Fietkau
d7b185128d build: make TARGET_ROOTFS_JFFS2 depend on USES_JFFS2
If jffs2 support was not enabled by the target, jffs2 are quite likely
to be broken, so we shouldn't build them.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-20 10:13:50 +02:00
Felix Fietkau
a4e90e2cac toolchain: get rid of GCC_VERSION_5 config symbol
Replace it with !GCC_VERSION_4_8 to be more future compatible

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-15 14:17:40 +02:00
Daniel Dickinson
b9952797e6 kernel: Move POSIX ACL and attr support options into submenu
Make global options menuconfig cleaner by moving POSIX ACL
and attr support options into a submenu.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
2016-07-05 22:59:14 +02:00
Daniel Dickinson
e408abd7fb kernel: Add option to make using filesystem ACL support the default
This adds a configuration options that allows to make filesystem ACL support
the default in the kernel, except for old nfs.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
2016-06-30 22:48:39 +02:00
John Crispin
30acacb0af config: add a small_flash feature
this causes KALLSYMS to be off by default

Signed-off-by: John Crispin <john@phrozen.org>
2016-06-13 22:51:43 +02:00
Daniel Golle
2aa818a0bb kernel: add missing symbol
Add missing symbol When building kernel with profiling enabled and ARM
or ARM64 targets.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2016-05-16 18:00:34 +02:00
Felix Fietkau
42d2eb7628 build: remove leftover dependenices on TARGET_rdc
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-12 17:43:48 +02:00
Jo-Philipp Wich
941fc5e8c8 global: introduce ALL_NONSHARED symbol
Introduce a new symbol ALL_NONSHARED which selects all non-sharable packages
by default. This option is mainly intented for buildbot setups to build the
target dependant software subset only.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-13 17:24:12 +02:00
Felix Fietkau
be9e991b88 build: don't add -fno-plt for ARC
Curent ARC toolchain fails to build libstdc++ if -fno-plt is used.
Lots of following error messages appear:
------------------->8------------------
...
staging_dir/toolchain-arc_arc700_gcc-arc-2015.06_uClibc-1.0.9/arc-openwrt-linux-uclibc/bin/ld:
BFD (GNU Binutils) 2.23.2 assertion fail elf32-arc.c:2786
collect2: error: ld returned 1 exit status
------------------->8------------------

In newer binutils (still in development) for ARC rewritten from
scratch this seem to not happen, so once new binutils for ARC hit
the street this patch might be reverted.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Felix Fietkau <nbd@openwrt.org>
Cc: Jo-Philipp Wich <jow@openwrt.org>
Cc: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 48642
2016-02-07 13:29:16 +00:00
Florian Fainelli
312367665a buildroot: add options to build the kernel for NFS boot
Add the basic set of kernel options to allow it from mounting a NFS root
and boot from it.

Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 48590
2016-02-01 01:06:39 +00:00
Felix Fietkau
b3f7902a06 include/kernel: add custom USER/DOMAIN config options
These allow the generated kernel's build metadata to be defined explicitly.
This metadata is reported, eg, at boot time and in `uname -a` on running
systems. If the variables aren't configured, the current build system username
and hostname are used as normal.

The motivation for this option is to achive reproducible (bit-for-bit
identical) kernel builds of official openwrt releases.

Signed-off-by: bryan newbold <bnewbold@robocracy.org>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48541
2016-01-28 22:42:34 +00:00
Felix Fietkau
657d0cc2ce build: do not deselect CONFIG_USE_SSTRIP if CONFIG_DEBUG is enabled
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48504
2016-01-26 08:39:21 +00:00
Felix Fietkau
fb713ddd4d build: add -fno-plt to default cflags, it improves PIC code optimization
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48470
2016-01-24 00:16:36 +00:00
Felix Fietkau
aec0e6ac8f build: use sstrip by default for musl
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48313
2016-01-18 12:47:36 +00:00
Felix Fietkau
33beafa8d8 Configure IPv6 kernel options in config/Config-kernel.in
Revision 46834 changed IPv6 support from a module to builtin. But
since the configuration of the IPv6 kernel options was left in
package/kernel/linux/modules/netsupport.mk, this means that an
empty kmod-ipv6 module was still being generated (not packaged).

This patch moves the configuration of the IPv6 kernel options to
config/Config-kernel.in to remove this last bit of the module.

Note that CONFIG_IPV6_PRIVACY was dropped (enabled by default
since Linux v3.13), so this option is no longer needed.

See 5d9efa7ee9

Signed-off-by: Arjen de Korte <arjen+openwrt@de-korte.org>

SVN-Revision: 48132
2016-01-04 23:30:36 +00:00
John Crispin
b4564e3163 kernel: add support for KERNEL_CGROUP_PIDS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 47275
2015-10-26 11:54:56 +00:00
Luka Perkov
75078acd93 cosmetic: remove trailing whitespaces
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 47197
2015-10-15 22:12:13 +00:00
Steven Barth
0c8f0186d5 linux: make IPv6 builtin if selected (saves >30KB)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46834
2015-09-09 12:20:36 +00:00
Felix Fietkau
400fb6cadc gcc: remove version 4.9-linaro
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46798
2015-09-06 10:07:03 +00:00
Steven Barth
ed53726072 enable strong SSP / Stackprotector on gcc5
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>

SVN-Revision: 46685
2015-08-18 09:20:34 +00:00
Felix Fietkau
bf82deff70 build: disable kernel stack protector support for i386/x86_64
When stack protector support is disabled in libc (always the case for
!musl), gcc assumes that it needs to use __stack_chk_guard for the stack
canary.
This causes kernel build errors, because the kernel is only set up to
handle TLS stack canaries.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46543
2015-08-02 07:40:12 +00:00
Steven Barth
efe03e5fc7 hardening: disable user-space SSP for !musl
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46146
2015-06-29 16:44:27 +00:00
Steven Barth
2738526a16 toolchain: add fortify-headers, enable FORTIFY_SOURCE by default
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46117
2015-06-23 14:38:03 +00:00
Steven Barth
1877bc9d8f gcc/musl: rework SSP-support
Make musl provide libssp_nonshared.a and make GCC link it unconditionally
if musl is used. This should be a no-op if SSP is disabled and seems to be
the only reliable way of dealing with SSP over all packages due to the mess
that is linkerflags handling in packages.

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46108
2015-06-22 10:31:07 +00:00
Felix Fietkau
b3d81b2dec kernel: mitigate cgroups config dependency changes
Memory Resource Controller no longer depends on Resource counters since
Kernel version 4.0.
3.18 is the only still supported version needing Resource counters for
MEMCG, thus declare the dependency only for that version.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 46024
2015-06-18 06:39:00 +00:00
Steven Barth
19810a5145 hardening: enable regular SSP support by default
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46020
2015-06-17 13:13:48 +00:00
Steven Barth
f8140c9caf hardening: enable RELRO by default
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46004
2015-06-16 17:28:05 +00:00
Steven Barth
11489a85cf hardening: enable format security checking by default
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46003
2015-06-16 17:27:59 +00:00
Felix Fietkau
ec73574027 build: enable package list signing by default
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45614
2015-05-05 21:16:13 +00:00
Felix Fietkau
beca028bd6 build: add integration for managing opkg package feed keys
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45286
2015-04-06 19:39:51 +00:00
John Crispin
3ec7ccf501 config: add an option to enable KPROBE
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>

SVN-Revision: 45212
2015-04-01 08:33:04 +00:00
Felix Fietkau
1496b95a0f x86: clean up default grub baudrate settings
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45113
2015-03-29 04:31:21 +00:00
Felix Fietkau
b872533e68 build: remove leftover olpc support code
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45084
2015-03-28 11:40:06 +00:00
John Crispin
006f8c9446 kernel: cleanup seccomp symbol selection
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45005
2015-03-26 10:57:51 +00:00
Jo-Philipp Wich
02e2548b84 x86: use PARTUUID instead explicitly specifying the device by default
This changes the x86 image generation to match x86_64, using the PARTUUID for
the rootfs instead of explicitly configuring the device.

It unbreaks KVM with VirtIO, which uses /dev/vda2 instead of /dev/sda2.

Tested in QEMU/KVM with VirtIO, VirtualBox and VMware.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>

SVN-Revision: 44966
2015-03-24 10:08:12 +00:00
Felix Fietkau
5d9eeab64a build: remove obsolete references to cris and avr32
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44965
2015-03-24 10:07:40 +00:00
John Crispin
f9f7c80cd2 kernel: Support kernel options required by systemd
These kernel options are all likely to be widely useful in this modern age, but
are immediately useful for systemd support.

c.f. http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-apps/systemd/systemd-9999.ebuild?&view=markup#l118

Adapted from a patch by Adam Porter.

Signed-off-by: Jeff Waugh <jdub@bethesignal.org>

SVN-Revision: 44929
2015-03-21 21:48:12 +00:00
John Crispin
7274db3b5a config: add function tracers
Adds menuconfig options for ftrace function tracers

Signed-off-by: Bryan Forbes <bryan@reigndropsfall.net>

SVN-Revision: 44878
2015-03-18 20:08:21 +00:00
Jonas Gorski
9dc137397f buildroot: make it easier to build all kmods
Split out kmods from ALL to make it easier to create local builds that
are compatible kmod-wise with releases.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 44830
2015-03-16 11:51:54 +00:00
John Crispin
b1953bdf27 kernel: enable open by fhandle syscalls
This is needed by many services to function properly and as
all modern distributions got it enabled, it starts to be a
de-facto standard, i.e. user-space starts to silently depend
on it.

This also pulls in EXPORTFS, however, the kernel binary size
increases only a little.
On ARM systems comes down to 800 bytes uncompressed and about
200 bytes compressed size.
On MIPS systems it's about 1.2 kB size increase of the LZMA
compressed kernel.

v2: use menuconfig option instead of just enabling the option

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 44765
2015-03-15 06:35:13 +00:00
John Crispin
3e2f578353 toolchain: The glorious return of glibc, ver 2.21
It's the eglibc packaging with a bit of spit-polishing. And testing. :-)

[blogic: merged glibc and eglibc into 1 and made eglibc a glibc variant]

Signed-off-by: Jeff Waugh <jdub@bethesignal.org>
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44701
2015-03-12 19:50:57 +00:00