CycloneDX is an open source standard developed by the OWASP foundation.
It supports a wide range of development ecosystems, a comprehensive set
of use cases, and focuses on automation, ease of adoption, and
progressive enhancement of SBOMs (Software Bill Of Materials) throughout
build pipelines.
So lets add support for CycloneDX SBOM for packages and images
manifests.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
There is no standard for ABI versioning, so its not possible to find out
from `libext2fs2`, `libiwinfo20230701` or `libss2` package names if
thats just package name or package name with ABI version included. To
help with the decision, lets make ABI version aviable in package index.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
In order for the information to be processed further, it should also be
available in package index files.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Kernel module packages compiling is not cached (e.g. mac80211)
even with CONFIG_CCACHE on.
CC should be set to KERNEL_CC in KERNEL_MAKE_FLAGS at kernel.mk
to allow kernel module packages using ccache.
Signed-off-by: Zeyu Dong <dzy201415@gmail.com>
Make use of new toolchain define. TOOLCHAIN_DIR should be used only for
toolchain related packages and for everything else TOOLCHAIN_ROOT_DIR
and other define should be used instead.
Switch to new entry where possible.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The current code fails if we have package or host tools with no patches
to apply. The error printend is the following: (taking ubus as an
example)
make[2]: Entering directory '/home/ansuel/openwrt-ansuel/openwrt/scripts/config'
make[2]: 'conf' is up to date.
make[2]: Leaving directory '/home/ansuel/openwrt-ansuel/openwrt/scripts/config'
make[1]: Entering directory '/home/ansuel/openwrt-ansuel/openwrt'
make[2]: Entering directory '/home/ansuel/openwrt-ansuel/openwrt/package/system/ubus'
The source directory contains no quilt patches.
make[2]: *** [Makefile:81: quilt-check] Error 1
make[2]: Leaving directory '/home/ansuel/openwrt-ansuel/openwrt/package/system/ubus'
time: package/system/ubus/refresh#0.06#0.00#0.07
ERROR: package/system/ubus failed to build.
make[1]: *** [package/Makefile:120: package/system/ubus/refresh] Error 1
make[1]: Leaving directory '/home/ansuel/openwrt-ansuel/openwrt'
make: *** [/home/ansuel/openwrt-ansuel/openwrt/include/toplevel.mk:232: package/ubus/refresh] Error 2
We exit 1 after saying that there are no patches because later in the
function quilt pop fails to execute.
Having no patches for a package and calling refresh should not be
a critical error and the function should just do nothing.
To handle this improve quilt.mk with the following addition.
- If we don't have any patch for the package, we print a warning and we
create an empty series. This is useful to trick quilt and make it do
nothing.
We also create a status file .quilt_no_patch to detect in the other
function that we don't have patches to handle.
- In refresh makefile target, we check if .quilt_no_patch exist and
we skip quilt cleanup if this exist.
- In RefreshDir function we change the logic and now we delete the
patches directory and not only the content. This is done as a cleanup
to clean case with empty patches directory.
- In RefreshDir we check if .quilt_no_patch exist and we skip creating
the patches directory and copying the refreshed patches.
- In RefreshDir we delete at the end any trace of .quilt_no_patch if
present.
This is needed to support run like package/refresh that will run the
refresh process on any package present in the buildroot.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
To better reference them for diagnostic use, reference the PATCH_DIR and
FILES_DIR with the absolute path instead of using ./ and reference by
the relative location.
No behaviour change intended.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
When cmake is invoked to build a package it usually reports a warning
about unused variables passed to it. This is caused by openwrt passing
all supported variables to cmake, even if they are not all required by
the package being compiled.
To reduce clutter when compiling such packages these warnings are now
suppressed.
Approved-by: Rosen Penev <rosenp@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Tjalling Hattink <t.hattink@fugro.com>
Currently, the same information is stored at the Packages.manifest in
the 'Package:' variable and also additionally in the 'SourceName:' variable.
So we have for Packages.manifest for strongswan-charon-cmd:
```
Package: strongswan-charon-cmd
Version: 5.9.11-1
SourceName: strongswan-charon-cmd
License: GPL-2.0-or-later
Section: net
```
This is not correct. Several installable packages are built from the same
strongswan source. Therefore it makes more sense that the source name is
really the source name. In this case the it is 'strongswan'.
After this change the Packages.manifest for strongswan-charon-cmd:
```
Package: strongswan-charon-cmd
Version: 5.9.11-1
SourceName: strongswan
License: GPL-2.0-or-later
Section: net
```
In summary. The 'Package' name is the name of the package to be installed
on the target system. The 'SourceName' is the compile unit from which the
package was build from. This must be the same for all installable
packages built from the same compile unit. This commit fixes that.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Changelog: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.49
All no patches automatically rebased, just update to checksum for new version.
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Changelog: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.48
No patches changed in this bump, only update was to checksum.
Build system: x86/64
Build-tested: x86/64/AMD Cezanne, filogic/xiaomi_redmi-router-ax6000-ubootmod
Run-tested: x86/64/AMD Cezanne, filogic/xiaomi_redmi-router-ax6000-ubootmod
Signed-off-by: John Audia <therealgraysky@proton.me>
Now that most cases do the same thing in SetupHostCommand, merge them
together into one. To allow moving the generic symlink check, invert the
check and let it check for relative links by matching on link targets
that do not start with a slash.
This then allows us to also drop the absolute link case, shortening the
case statement further.
This reorders the check to
* if it is not a symlink, do not change it
* if it is a symlink and it points to the found command, do not change it
* if it is a symlink with a relative path, do not change it
* else, update/replace it
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
To avoid replacing host built binaries with symlinks again, a check for
an appropriate stamp was added in 729909c07f ("prereq-build: do not
replace binaries with symlinks"). Unfortunately the stamp directory does
not exist in the SDK, so the fix was ineffective there.
This caused the packages builders to e.g. use the host tar again, which
in turn made the tarballs created different since it may lack
reproducibility fixes, or implement these differently, causing spurious
hash failures on source repository based packages.
Fix this by dropping the stamp dir check, and just check that the file
is usable.
Fixes: 729909c07f ("prereq-build: do not replace binaries with symlinks")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
The current minimum OS requirement for OpenWrt is Ubuntu 18.04, which
includes 7 and 8. 8 is necessary for ccache.
gcc and g+++ are now symlinked to staging_dir, similar to Python.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Currently the git protocol downloads all submodules of the target
repository. This can be unwieldy for repositories with a lot of submodules
where only a subset are required in the context of the OpenWrt build.
This change adds a PKG_SOURCE_SUBMODULES variable to configure this
behavior. It takes a space-separated list of submodule paths, or the word
"skip" to disable submodule downloads entirely. The default is to download
all submodules, i.e. preserving current behavior.
Signed-off-by: Karsten Sperling <ksperling@apple.com>
Stable kernel git log:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/?h=v6.1.38
No patches needed to be rebased. Just updated checksum.
Build system: x86_64
Build-tested: x86_64/AMD Ryzen 7
Run-tested: x86_64/AMD Ryzen 7
Signed-off-by: John Audia <therealgraysky@proton.me>
[add link to stable kernel git log]
Signed-off-by: Nick Hainke <vincent@systemli.org>
Manually rebased:
generic/hack-6.1/220-arm-gc_sections.patch
armsr/patches-6.1/221-armsr-disable_gc_sections_armv7.patch
All other patches automatically rebased.
Signed-off-by: John Audia <therealgraysky@proton.me>
All patches automatically rebased.
Acknowledgment to @john-tho for the changes to fs.mk to accommodate new paths
introduced in 29429a1f58
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
If CONFIG_USE_MOLD is set, all target packages will use the mold linker.
Except the ones which opted-out via setting PKG_BUILD_FLAGS:=no-mold.
Signed-off-by: Andre Heider <a.heider@gmail.com>
If a kernel package was defined where all KCONFIG symbols were dynamic,
and versioned, no FILES would be installed, as the foreach evaluation was
providing the value of the variable defined by the KCONFIG symbol name
including the version test
Fix this by calling the version_filter function on the list of KCONFIG
variable names run through by foreach
Example, kernel 6.1:
KCONFIG:=CONFIG_OLD@lt6.1 CONFIG_NEW@ge6.1
filter-out any KCONFIG settings forced by package:
CONFIG_OLD@lt6.1 CONFIG_NEW@ge6.1
there are dynamic settings, so for each of them,
get the value of the make variable defined by symbol name:
CONFIG_OLD@lt6.1 is not set
CONFIG_NEW@ge6.1 is not set
versus
CONFIG_OLD is not set
CONFIG_NEW=m
test if any of these are m, or y
if yes, install files, otherwise, nothing to install
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
These fields are used for EAX12 and EX6250v2 series, and perhaps other
devices. Compatibility is preserved with the WAX202 and WAX206.
In addition, adds the related vars to DEVICE_VARS so that the variables
work correctly with multiple devices.
References in GPL source:
https://www.downloads.netgear.com/files/GPL/EAX12_EAX11v2_EAX15v2_GPL_V1.0.3.34_src.tar.gz
* tools/imgencoder/src/gj_enc.c
Contains code that generates the encrypted image.
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
Device specifications:
======================
* Qualcomm/Atheros AR9344
* 128 MB of RAM
* 16 MB of SPI NOR flash
* 2x 10/100 Mbps Ethernet
* 2T2R 2.4/5 GHz Wi-Fi
* 4x GPIO-LEDs (1x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* 2x fast ethernet
- lan1
+ builtin switch port 1
+ used as WAN interface
- lan2
+ builtin switch port 2
+ used as LAN interface
* 9-30V DC
* external antennas
Flashing instructions:
======================
Log in to https://192.168.127.253/
Username: admin
Password: moxa
Open Maintenance > Firmware Upgrade and install the factory image.
Serial console access:
======================
Connect a RS232-USB converter to the maintenance port.
Pinout: (reset button left) [GND] [NC] [RX] [TX]
Firmware Recovery:
==================
When the WLAN and SYS LEDs are flashing, the device is in recovery mode.
Serial console access is required to proceed with recovery.
Download the original image from MOXA and rename it to 'awk-1137c.rom'.
Set up a TFTP server at 192.168.127.1 and connect to a lan port.
Follow the instructions on the serial console to start the recovery.
Signed-off-by: Maximilian Martin <mm@simonwunderlich.de>
Make it possible to easily customize U-Boot config options via new
`UBOOT_CUSTOMIZE_CONFIG` variable, so we don't need to patch config
files or override config step with shell hackery.
This generic approach uses `config` CLI to tweak the .config as needed,
for example:
UBOOT_CUSTOMIZE_CONFIG := \
--enable CMD_EFIDEBUG \
--enable CMD_BOOTMENU \
--enable AUTOBOOT \
--enable AUTOBOOT_MENU_SHOW \
--disable AUTOBOOT_KEYED \
--disable AUTOBOOT_USE_MENUKEY \
--disable BOOTMENU_DISABLE_UBOOT_CONSOLE \
--set-val BOOTDELAY 2
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Handle compiling device tree overlay blobs separate to allow for
overlays being compiled with different parameters, mostly to safe
space.
Allow defining DEVICE_DTC_FLAGS and DEVICE_DTCO_FLAGS as per-device
parameters to be passed to dtc. Previously some boards directly used
DTC_FLAGS in their build recipe which then also affected other boards.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Instead of generating full config nodes incl. kernel, generate minimal
config nodes for device tree overlays to be applied to the main config.
In this way, multiple device tree overlays can be applied more easily.
While at it change filenames to upstream style, ie. use dtso and dtbo
suffix for device tree overlays.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Some individual build items install a group of programs
instead of a program matching the name of the build item.
Add support for installing stampfiles for each of the
programs installed by that build item,
which will allow more control and awareness
of what is installed by the rest of the build system,
if, for example, prereq symlink checks are looking
for the same program which is built already.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Some programs installed to staging_dir/host/bin
also install some symlinks to itself
for an alternative name.
Some of those new symlinks are overwriting
symlinks that were installed by prereq stage.
If prereq stage were to somehow be run again,
it should not be overwriting symlinks
that point to programs that are already built.
To filter that out, catch all symlinks
after first catching all symlinks
that have an absolute target
after all other cases in the case statement,
make sure it is not broken, and if so exit successfully.
Suggested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Some programs, like bash and patch, are checked by prereq stage
and have a symlink installed, but then is later built from source.
Now that the prereq-build checks are not successful
just by finding the file alone, it is possible for
a new symlink to overwrite the installed binary.
If a normal file is found in staging_dir/host/bin,
let the check look for the associated stampfile, and if found,
skip creation of a symlink and exit successfully.
Suggested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
This reverts commit 7855378fcd.
The return "exit 1" was intentional and actually just
makes the symlink checks much more strict.
This new level of strictness added to the checks revealed
what was a confusing regression with prereq stage that
already existed but was not presenting itself
because of the simple way that checks used to be done before.
Either way, reverting to "exit 0" was a nice workaround
until the true root cause was discovered, so as to not interfere
with others' pull requests and builds in the meantime.
It turns out that this problem was the inconsistent value of $PATH
between different commands within the SetupHostCommand recipe,
now fixed in the parent commit, using the variable created
in the parent of the parent commit.
Ref: f75204036c ("prereq-build: allow host command symlinks to update")
Signed-off-by: Michael Pratt <mcpratt@pm.me>
In the recipe SetupHostCommand for checking
and creating symlinks, $PATH was only overridden
for one of several commands.
This causes the symlinks to be included
in the paths to pick a program from
when the check was repeated, because
staging_dir/host/bin was included in $PATH,
but only *sometimes*.
When the check ran again, the command succeded
with a $PATH including the symlink,
(eval "$$$$$$$$cmd")
while the path to the program was evaluated
with a $PATH NOT including the symlink,
(bin=...)
causing the symlink to be relinked incorrectly,
instead of passing as exactly the same.
Coincidentally, this was only a problem
if the symlink targeted the alternative
program with a different name.
By overriding the value of $PATH at the invocation of Make,
it will apply to the entire environment of the checks.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Add a variable that stores the original value of $PATH
in the host system's shell, before Make alters it.
This can be useful for when it is necessary
to ignore symlinks and programs made by the build system.
Define this new variable before all instances of
'export PATH:=' or similar.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
When the split was done, the case for testing kernel version wasn't
handled and only the to-be-compiled kernel version details files was
included. This cause the kernel Linux-Testing-Version output from
makefile target DUMP to report only the kernel version without the minor
version (example 6.1 instead of 6.1.29).
This value is expected with the full kernel version and this cause the
dump-target-info.pl script to not correctly identify if a target have a
testing kernel for the kernels calls.
Fix this regression by correctly including the kernel details files if
the target declare support for a testing kernel version.
Fixes: 0765466a42 ("kernel: split kernel version to dedicated files")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
A package may run git as part of its build process, and if the package
source code is not from a git checkout, then git may traverse up the
directory tree to find buildroot's repository directory (.git).
For instance, Poetry Core, a Python build backend, will read the
contents of .gitignore for paths to exclude when creating a Python
package. If it finds buildroot's .gitignore file, then Poetry Core will
exclude all of the package's files[1].
This exports GIT_CEILING_DIRECTORIES for both package and host builds so
that git will not traverse beyond $(BUILD_DIR)/$(BUILD_DIR_HOST).
[1]: https://github.com/python-poetry/poetry/issues/5547
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
OpenSSL fails to compile in Fedora 38 container due to the following:
Can't locate IPC/Cmd.pm in @INC (you may need to install the IPC::Cmd module) (@INC contains: /openwrt/build_dir/target-x86_64_musl/openssl-3.0.8/util/perl /usr/local/lib64/perl5/5.36 /usr/local/share/perl5/5.36 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 /openwrt/build_dir/target-x86_64_musl/openssl-3.0.8/external/perl/Text-Template-1.56/lib) at /openwrt/build_dir/target-x86_64_musl/openssl-3.0.8/util/perl/OpenSSL/config.pm line 19.
BEGIN failed--compilation aborted at /openwrt/build_dir/target-x86_64_musl/openssl-3.0.8/util/perl/OpenSSL/config.pm line 19.
Compilation failed in require at ./Configure line 23.
BEGIN failed--compilation aborted at ./Configure line 23.
Seems like `dnf install -y perl-IPC-Cmd` fixes the issue.
So lets fix it by checking for Perl IPC::Cmd host module availability.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Tony has reported, that CI tools job is failing for him in macOS
container due to prereq check failure for GNU `install` utility.
Michael diagnosed it and from his traces it was clear, that the issue is
caused by a wrong return value in the success check case, so lets fix it
accordingly.
Fixes: f75204036c ("prereq-build: allow host command symlinks to update")
Reported-by: Tony Ambardar <itugrok@yahoo.com>
Diagnosed-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
New kernel version 6.1 introduced new INITRAMFS option. Add them to the
Initramfs functions to correctly compile initramfs images.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This reverts commit 3b68fb57c9.
After refactoring build checks to update old symlinks,
and after a long time of no python 2 support,
this is no longer needed.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
This makes the prereq stage update the symlinks
installed into staging_dir/host/bin
by rearrainging the way they are verified.
Before, seeing or installing a symlink would result in
a successful exit code, and not installing a symlink
would result is a failed exit code. However,
that is not able to account for the difference
between existing good and bad links, or whether
the link would be the same if it was reinstalled,
because the check can match the program to a different path.
Instead, let a success exit code represent
identifying an existing symlink as exactly the same
as what would be installed if it did not exist,
and let a fail exit code represent
needing to install the symlink
or not having a match to the check criteria.
The failing exit code is caught by a new second attempt
for all of the check-* targets which will then indicate
to the user that there was an update by having a success
exit code when the check is run again and the link is the same.
When there is nothing to update, the checks will run only once.
This relies on the ls command to be POSIX-conformant with long format:
"path/to/link -> target/of/link"
Also, make sure the symlink is executable, not just a file,
and the directory only needs to be created once.
Fixes: #12610
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Commit 54070a1 was added to allow building proper SDKs with kernels <
5.10. Now that all targets use at least kernel 5.10 it can be reverted.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Some U-Boot checks for a specified uImage time and refuses to boot if
mismatched. This patch fixes it by recognizing UIMAGE_TIME parameter.
Signed-off-by: David Yang <mmyangfl@gmail.com>
Prevents subshell commands from failing to parse options
when having defined a whitespace in the VERSION_DIST.
As the called resulting images unlikely will handle
whitespace correctly, we replace them by "-".
Signed-off-by: Sven Roederer <S.Roederer@colvistec.de>
Manually adjusted before running quilt due to new location in tree:
backport-5.15/780-v5.16-bus-mhi-pci_generic-Introduce-Sierra-EM919X-support.patch
backport-5.15/781-v6.1-bus-mhi-host-always-print-detected-modem-name.patch
pending-5.15/790-bus-mhi-core-add-SBL-state-callback.patch
All other patches automatically rebased.
Build system: x86_64
Build-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod
Run-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod
Signed-off-by: John Audia <therealgraysky@proton.me>
On each generation of the archive check sum will differ, because when
checking out subversion repository, current date is used for directories
creation. Force tar to assign creation date of the last revision for all
items inside archive.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>