openwrt/openwrt.git
19 months agoOpenWrt v21.02.7: revert to branch defaults
Hauke Mehrtens [Thu, 27 Apr 2023 21:08:18 +0000 (23:08 +0200)]
OpenWrt v21.02.7: revert to branch defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
19 months agoOpenWrt v21.02.7: adjust config defaults v21.02.7
Hauke Mehrtens [Thu, 27 Apr 2023 21:08:10 +0000 (23:08 +0200)]
OpenWrt v21.02.7: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
20 months agoopenssl: fix CVE-2023-464 and CVE-2023-465
Eneas U de Queiroz [Tue, 4 Apr 2023 18:39:56 +0000 (15:39 -0300)]
openssl: fix CVE-2023-464 and CVE-2023-465

Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:

- Excessive Resource Usage Verifying X.509 Policy Constraints
  (CVE-2023-0464)
  Severity: Low
  A security vulnerability has been identified in all supported versions
  of OpenSSL related to the verification of X.509 certificate chains
  that include policy constraints.  Attackers may be able to exploit
  this vulnerability by creating a malicious certificate chain that
  triggers exponential use of computational resources, leading to a
  denial-of-service (DoS) attack on affected systems.
  Policy processing is disabled by default but can be enabled by passing
  the `-policy' argument to the command line utilities or by calling the
  `X509_VERIFY_PARAM_set1_policies()' function.

- Invalid certificate policies in leaf certificates are silently ignored
  (CVE-2023-0465)
  Severity: Low
  Applications that use a non-default option when verifying certificates
  may be vulnerable to an attack from a malicious CA to circumvent
  certain checks.
  Invalid certificate policies in leaf certificates are silently ignored
  by OpenSSL and other certificate policy checks are skipped for that
  certificate.  A malicious CA could use this to deliberately assert
  invalid certificate policies in order to circumvent policy checking on
  the certificate altogether.
  Policy processing is disabled by default but can be enabled by passing
  the `-policy' argument to the command line utilities or by calling the
  `X509_VERIFY_PARAM_set1_policies()' function.

Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466.  It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.

Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
20 months agokernel: backport fix for recently introduced UBI bug
Daniel Golle [Sat, 15 Apr 2023 00:35:17 +0000 (01:35 +0100)]
kernel: backport fix for recently introduced UBI bug

Import commit "ubi: Fix failure attaching when vid_hdr offset equals to
(sub)page size" which did not yet make it to stable upstream Linux trees.

Fixes: #12232
Fixes: #12339
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit aad34818b50029e07ed9221ae46f9770d6e29785)

20 months agouclient: update to Git version 2023-04-13
Matthias Schiffer [Thu, 13 Apr 2023 18:51:05 +0000 (20:51 +0200)]
uclient: update to Git version 2023-04-13

007d94546749 uclient: cancel state change timeout in uclient_disconnect()
644d3c7e13c6 ci: improve wolfSSL test coverage
dc54d2b544a1 tests: add certificate check against letsencrypt.org

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 4f1c2e8deef10e9ca34ceff5a096e62aaa668e90)

20 months agoOpenWrt v21.02.6: revert to branch defaults
Daniel Golle [Sun, 9 Apr 2023 22:38:42 +0000 (23:38 +0100)]
OpenWrt v21.02.6: revert to branch defaults

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
20 months agoOpenWrt v21.02.6: adjust config defaults v21.02.6
Daniel Golle [Sun, 9 Apr 2023 22:38:36 +0000 (23:38 +0100)]
OpenWrt v21.02.6: adjust config defaults

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
20 months agoimagebuilder: allow to specific ROOTFS_PARTSIZE
Paul Spooren [Sun, 12 Mar 2023 15:56:41 +0000 (16:56 +0100)]
imagebuilder: allow to specific ROOTFS_PARTSIZE

Setting this options modifies the rootfs size of created images. When
installing a large number of packages it may become necessary to
increase the size to have enough storage.

This option is only useful for supported devices, i.e. with an attached
SD Card or installed on a hard drive.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 7b7edd25a571568438c886529d3443054e02f55f)

20 months agokernel: remove obsolete netfilter tcp window size check bypass patch
Felix Fietkau [Thu, 30 Mar 2023 12:18:04 +0000 (14:18 +0200)]
kernel: remove obsolete netfilter tcp window size check bypass patch

On any currently supported hardware, the performance impact should not
matter anymore.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 75e78bcaab847557ce1782eb2dea9dff9a029171)

20 months agomac80211, mt76: add fixes for recently discovered security issues
Felix Fietkau [Wed, 29 Mar 2023 15:54:19 +0000 (17:54 +0200)]
mac80211, mt76: add fixes for recently discovered security issues

Fixes CVE-2022-47522

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d54c91bd9ab3c54ee06923eafbd67047816a37e4)

20 months agoipq40xx: Linksys MR8300: fix the USB port power
Daniel González Cabanelas [Thu, 16 Feb 2023 22:04:20 +0000 (23:04 +0100)]
ipq40xx: Linksys MR8300: fix the USB port power

The USB port on the MR8300 randomly fails to feed bus-powered devices.

This is caused by a misconfigured pinmux. The GPIO68 should be used to
enable the USB power (active low), but it's inside the NAND pinmux.

This GPIO pin was found in the original firmware at a startup script in
both MR8300 and EA8300. Therefore apply the fix for both boards.

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit ed64c3323590e3c9fa8b423bf37689023a7a101f)
Signed-off-by: Steffen Scheib <steffen@scheib.me>
20 months agokernel: bump 5.4 to 5.4.238
Hauke Mehrtens [Mon, 27 Mar 2023 14:44:54 +0000 (16:44 +0200)]
kernel: bump 5.4 to 5.4.238

Compile-tested: armvirt/64, lantiq/xrx200
Run-tested: armvirt/64, lantiq/xrx200

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
20 months agolantiq: ltq-tapi: add kernel 5.10 compatiblity
Mathias Kresin [Sun, 27 Dec 2020 16:25:25 +0000 (17:25 +0100)]
lantiq: ltq-tapi: add kernel 5.10 compatiblity

Due to SCHED_FIFO being a broken scheduler model, all users of
sched_setscheduler() are converted to sched_set_fifo_low() upstream and
sched_setscheduler() is no longer exported.

The callback handling of the tasklet API was redesigned and the macros
using the old syntax renamed to _OLD.

Signed-off-by: Mathias Kresin <dev@kresin.me>
(cherry picked from commit 31f3f797004ad318a1de88ec9cfdece523ee46d9)
[Add DECLARE_TASKLET handling for kernel 5.4.235 too]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
20 months agoltq-atm/ltq-ptm: add kernel 5.10 compatiblity
Mathias Kresin [Sun, 27 Dec 2020 18:42:24 +0000 (19:42 +0100)]
ltq-atm/ltq-ptm: add kernel 5.10 compatiblity

The callback handling of the tasklet API was redesigned and the macros
using the old syntax renamed to _OLD.

The stuck queue is now passed to ndo_tx_timeout callback but not used so
far.

Signed-off-by: Mathias Kresin <dev@kresin.me>
(cherry picked from commit 804c541446ab8e3fab11dba5d8fe07807af7fac5)
[Add DECLARE_TASKLET handling for kernel 5.4.235 too]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
20 months agokernel: tcindex classifier has been retired
John Audia [Sat, 11 Mar 2023 15:42:26 +0000 (10:42 -0500)]
kernel: tcindex classifier has been retired

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/sched?h=v5.4.235&id=7a6fb69bbcb21e9ce13bdf18c008c268874f0480

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit fbfec3286e8bfce3a78749b7bcb67e658665f197)

20 months agokernel: bump 5.4 to 5.4.234
Hauke Mehrtens [Mon, 27 Mar 2023 00:17:03 +0000 (02:17 +0200)]
kernel: bump 5.4 to 5.4.234

Compile-tested: armvirt/64, lantiq/xrx200
Run-tested: armvirt/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
20 months agobcm4908: include usbport trigger
Rafał Miłecki [Thu, 16 Mar 2023 21:01:51 +0000 (22:01 +0100)]
bcm4908: include usbport trigger

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit cb2661844a5d54d44230ee564d4f17605a794a49)

20 months agobcm4908: backport v6.4 pending DTS changes
Rafał Miłecki [Thu, 16 Mar 2023 19:28:47 +0000 (20:28 +0100)]
bcm4908: backport v6.4 pending DTS changes

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ffaabee9b8d9da7c15a50f52897ae5f70b40b4e7)

21 months agoca-certificates: fix python3-cryptography woes in certdata2pem.py
Christian Lamparter [Wed, 1 Dec 2021 14:01:23 +0000 (15:01 +0100)]
ca-certificates: fix python3-cryptography woes in certdata2pem.py

This patch is a revert of the upstream patch to Debian's ca-certificate
commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")

The reason is, that this change broke builds with the popular
Ubuntu 20.04 LTS (focal) releases which are shipping with an
older version of the python3-cryptography package that is not
compatible.

|Traceback (most recent call last):
|  File "certdata2pem.py", line 125, in <module>
|    cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
|TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend'
|make[5]: *** [Makefile:6: all] Error 1

...or if the python3-cryptography was missing all together:
|Traceback (most recent call last):
|  File "/certdata2pem.py", line 31, in <module>
|    from cryptography import x509
|ModuleNotFoundError: No module named 'cryptography'

More concerns were raised by Jo-Philipp Wich:
"We don't want the build to depend on the local system time anyway.
Right now it seems to be just a warning but I could imagine that
eventually certs are simply omitted of found to be expired at
build time which would break reproducibility."

Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697>
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 25bc66eb40ea2c062940778fba601032b2579734)

21 months agoca-certicficates: Update to version 20211016
Christian Lamparter [Sun, 28 Nov 2021 01:31:54 +0000 (02:31 +0100)]
ca-certicficates: Update to version 20211016

Update the ca-certificates and ca-bundle package from version 20210119 to
version 20211016.

Debian change-log entry [1]:
|[...]
|[ Julien Cristau ]
|* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
|    bundle to version 2.50
|    The following certificate authorities were added (+):
|    + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
|    + "GlobalSign Root R46"
|    + "GlobalSign Root E46"
|    + "GLOBALTRUST 2020"
|    + "ANF Secure Server Root CA"
|    + "Certum EC-384 CA"
|    + "Certum Trusted Root CA"
|    The following certificate authorities were removed (-):
|    - "QuoVadis Root CA"
|    - "Sonera Class 2 Root CA"
|    - "GeoTrust Primary Certification Authority - G2"
|    - "VeriSign Universal Root Certification Authority"
|    - "Chambers of Commerce Root - 2008"
|    - "Global Chambersign Root - 2008"
|    - "Trustis FPS Root CA"
|    - "Staat der Nederlanden Root CA - G3"
|  * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
|[...]

[1] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20211016_changelog>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 7c99085bd69742f66207d61e9f2da5ec4f8f9d2f)

21 months agokernel: support "linux,default-trigger" in leds-bcm63138
Rafał Miłecki [Wed, 1 Mar 2023 07:52:26 +0000 (08:52 +0100)]
kernel: support "linux,default-trigger" in leds-bcm63138

This driver is backported from the v6.0 which deals with
"linux,default-trigger" in leds core. For kernel 5.4 we need
leds-bcm63138 to read trigger on its own.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
21 months agomac80211: Update to version 5.10.168-1
Hauke Mehrtens [Sun, 29 Jan 2023 18:05:52 +0000 (19:05 +0100)]
mac80211: Update to version 5.10.168-1

This update mac80211 to version 5.10.168-1. This includes multiple
bugfixes. Some of these bugfixes are fixing security relevant bugs.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
21 months agokernel: bump 5.4 to 5.4.231
Hauke Mehrtens [Sun, 12 Feb 2023 23:56:17 +0000 (00:56 +0100)]
kernel: bump 5.4 to 5.4.231

Compile-tested: x86/64
Run-tested: x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
21 months agoopenssl: bump to 1.1.1t
John Audia [Tue, 7 Feb 2023 19:56:52 +0000 (14:56 -0500)]
openssl: bump to 1.1.1t

Changes between 1.1.1s and 1.1.1t [7 Feb 2023]

  *) Fixed X.400 address type confusion in X.509 GeneralName.

     There is a type confusion vulnerability relating to X.400 address processing
     inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
     but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
     vulnerability may allow an attacker who can provide a certificate chain and
     CRL (neither of which need have a valid signature) to pass arbitrary
     pointers to a memcmp call, creating a possible read primitive, subject to
     some constraints. Refer to the advisory for more information. Thanks to
     David Benjamin for discovering this issue. (CVE-2023-0286)

     This issue has been fixed by changing the public header file definition of
     GENERAL_NAME so that x400Address reflects the implementation. It was not
     possible for any existing application to successfully use the existing
     definition; however, if any application references the x400Address field
     (e.g. in dead code), note that the type of this field has changed. There is
     no ABI change.
     [Hugo Landau]

  *) Fixed Use-after-free following BIO_new_NDEF.

     The public API function BIO_new_NDEF is a helper function used for
     streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
     to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
     be called directly by end user applications.

     The function receives a BIO from the caller, prepends a new BIO_f_asn1
     filter BIO onto the front of it to form a BIO chain, and then returns
     the new head of the BIO chain to the caller. Under certain conditions,
     for example if a CMS recipient public key is invalid, the new filter BIO
     is freed and the function returns a NULL result indicating a failure.
     However, in this case, the BIO chain is not properly cleaned up and the
     BIO passed by the caller still retains internal pointers to the previously
     freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
     then a use-after-free will occur. This will most likely result in a crash.
     (CVE-2023-0215)
     [Viktor Dukhovni, Matt Caswell]

  *) Fixed Double free after calling PEM_read_bio_ex.

     The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
     decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
     data. If the function succeeds then the "name_out", "header" and "data"
     arguments are populated with pointers to buffers containing the relevant
     decoded data. The caller is responsible for freeing those buffers. It is
     possible to construct a PEM file that results in 0 bytes of payload data.
     In this case PEM_read_bio_ex() will return a failure code but will populate
     the header argument with a pointer to a buffer that has already been freed.
     If the caller also frees this buffer then a double free will occur. This
     will most likely lead to a crash.

     The functions PEM_read_bio() and PEM_read() are simple wrappers around
     PEM_read_bio_ex() and therefore these functions are also directly affected.

     These functions are also called indirectly by a number of other OpenSSL
     functions including PEM_X509_INFO_read_bio_ex() and
     SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
     internal uses of these functions are not vulnerable because the caller does
     not free the header argument if PEM_read_bio_ex() returns a failure code.
     (CVE-2022-4450)
     [Kurt Roeckx, Matt Caswell]

  *) Fixed Timing Oracle in RSA Decryption.

     A timing based side channel exists in the OpenSSL RSA Decryption
     implementation which could be sufficient to recover a plaintext across
     a network in a Bleichenbacher style attack. To achieve a successful
     decryption an attacker would have to be able to send a very large number
     of trial messages for decryption. The vulnerability affects all RSA padding
     modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
     (CVE-2022-4304)
     [Dmitry Belyavsky, Hubert Kario]

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 4ae86b3358a149a17411657b12103ccebfbdb11b)

The original commit removed the upstreamed patch 010-padlock.patch, but
it's not on OpenWrt 21.02, so it doesn't have to be removed.

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
21 months agosunxi: fix wifi connection for Banana Pi M2 Berry
Josef Schlehofer [Sat, 1 May 2021 06:51:12 +0000 (08:51 +0200)]
sunxi: fix wifi connection for Banana Pi M2 Berry

fixes the problem that the banana pi m2 berry cannot connect to wifi and cannot be used as an access point

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit ff2bb16730f629d54bde8ba85c75d8614741e3fd)
Signed-off-by: LizenzFass78851 <82592556+LizenzFass78851@users.noreply.github.com>
22 months agompc85xx: Drop pci aliases to avoid domain changes
Martin Kennedy [Tue, 30 Aug 2022 00:47:24 +0000 (20:47 -0400)]
mpc85xx: Drop pci aliases to avoid domain changes

As of upstream Linux commit 0fe1e96fef0a ("powerpc/pci: Prefer PCI
domain assignment via DT 'linux,pci-domain' and alias"), the PCIe
domain address is no longer numbered by the lowest 16 bits of the PCI
register address after a fallthrough. Instead of the fallthrough, the
enumeration process accepts the alias ID (as determined by
`of_alias_scan()`). This causes e.g.:

9000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
9000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...

to become

0000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
0000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...

... which then causes the sysfs path of the netdev to change,
invalidating the `wifi_device.path`s enumerated in
`/etc/config/wireless`.

One other solution might be to migrate the uci configuration, as was
done for mvebu in commit 0bd5aa89fcf2 ("mvebu: Migrate uci config to
new PCIe path"). However, there are concerns that the sysfs path will
change once again once some upstream patches[^2][^3] are merged and
backported (and `CONFIG_PPC_PCI_BUS_NUM_DOMAIN_DEPENDENT` is enabled).

Instead, remove the aliases and allow the fallthrough to continue for
now. We will provide a migration in a later release.

This was first reported as a Github issue[^1].

[^1]: https://github.com/openwrt/openwrt/issues/10530
[^2]: https://lore.kernel.org/linuxppc-dev/20220706104308.5390-1-pali@kernel.org/t/#u
[^3]: https://lore.kernel.org/linuxppc-dev/20220706101043.4867-1-pali@kernel.org/

Fixes: #10530
Tested-by: Martin Kennedy <hurricos@gmail.com>
[Tested on the Aerohive HiveAP 330 and Extreme Networks WS-AP3825i]
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
(cherry picked from commit 7f4b4c29f3489697dca7495216460d0ed5023e02)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
22 months agokernel: bump 5.4 to 5.4.230
Hauke Mehrtens [Sat, 28 Jan 2023 18:09:19 +0000 (19:09 +0100)]
kernel: bump 5.4 to 5.4.230

Compile-tested: x86/64
Run-tested: x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
22 months agokernel: Reorder configuration
Hauke Mehrtens [Sat, 28 Jan 2023 18:25:32 +0000 (19:25 +0100)]
kernel: Reorder configuration

This was done by running these commands:
./scripts/kconfig.pl '+' target/linux/generic/config-5.4 /dev/null > target/linux/generic/config-5.4-new
mv target/linux/generic/config-5.4-new target/linux/generic/config-5.4

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
22 months agokernel: expose (unhide) CONFIG_ASN1 as ksmbd requirement
Rafał Miłecki [Mon, 23 Jan 2023 12:23:29 +0000 (13:23 +0100)]
kernel: expose (unhide) CONFIG_ASN1 as ksmbd requirement

OpenWrt provides kmod-asn1-decoder for CONFIG_ASN1 but selecting it
doesn't really work as expected. Kernel symbol is hidden and can be
actually selected only as a dependency. That works well for in-kernel
stuff but fails for external modules requiring ASN1 like ksmbd.

Modify kernel Kconfig to make CONFIG_ASN1 always selectable. It's
required to satisfy ksmbd dependencies cleanly (without hack like
selecting unrelated modules).

Link: http://lists.openwrt.org/pipermail/openwrt-devel/2023-January/040298.html
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
23 months agoscripts/dl_github_archieve.py: fix generating unreproducible tar
Christian Marangi [Thu, 12 Jan 2023 13:46:58 +0000 (14:46 +0100)]
scripts/dl_github_archieve.py: fix generating unreproducible tar

Allign dl_github_archieve.py to 8252511dc0b5a71e9e64b96f233a27ad73e28b7f
change. On supported system the sigid bit is applied to files and tar
archieve that on tar creation. This cause unreproducible tar for these
system and these bit should be dropped to produce reproducible tar.

Add the missing option following the command options used in other
scripts.

Fixes: 75ab064d2b38 ("build: download code from github using archive API")
Suggested-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 5f1758ef14575df4e86896526b1c2035c231899e)

23 months agoopkg: add patch to avoid remove package repeatly with force
Josef Schlehofer [Mon, 12 Dec 2022 22:08:05 +0000 (23:08 +0100)]
opkg: add patch to avoid remove package repeatly with force

This patch was taken from the OpenWrt-devel mailing list:
https://www.mail-archive.com/openwrt-devel@lists.openwrt.org/msg59794.html

It is included already in OpenWrt master branch and OpenWrt 22.03
release as it was included in opkg-lede repository:
https://git.openwrt.org/?p=project/opkg-lede.git;a=commit;h=9c44557a776da993c2ab80cfac4dbd8d59807d01

However, it is not included in OpenWrt 21.02, where the same issue is
happening.

Fixes: CI for https://github.com/openwrt/packages/pull/20074
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
23 months agokernel: add kmod-nvme package
Daniel Golle [Tue, 26 Jul 2022 08:17:07 +0000 (10:17 +0200)]
kernel: add kmod-nvme package

Add driver for NVM Express block devices, ie. PCIe connected SSDs.

Targets which allow booting from NVMe (x86, maybe some mvebu boards come
to mind) should have it built-in, so rootfs can be mounted from there.
For targets without NVMe support in bootloader or BIOS/firmware it's
sufficient to provide the kernel module package.

On targets having the NVMe driver built-in the resulting kmod package
is an empty dummy. In any case, depending on or installing kmod-nvme
results in driver support being available (either because it was already
built-in or because the relevant kernel modules are added and loaded).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit dbe53352e38d20bb5245158b19d4ff810c209548)

23 months agonetfilter: remove no-op kconfig symbols
Rui Salvaterra [Wed, 28 Apr 2021 12:54:17 +0000 (13:54 +0100)]
netfilter: remove no-op kconfig symbols

These have long been obsolete. For reference, here's the Linux version where
each symbol has been dropped:

CONFIG_IP6_NF_QUEUE - 3.5
CONFIG_IP6_NF_TARGET_LOG - 3.4
CONFIG_IP_NF_MATCH_DSCP - 2.6.19
CONFIG_NF_CONNTRACK_IPV4 - 4.19
CONFIG_NF_CONNTRACK_IPV6 - 4.19
CONFIG_NF_CONNTRACK_RTCACHE - out-of-tree, superseded by flow offloading

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit d7956c57284624f4bc7b905d192c81e1d34576fe)

23 months agokernel: kmod-isdn4linux: Remove package
Hauke Mehrtens [Sun, 7 Aug 2022 13:13:36 +0000 (15:13 +0200)]
kernel: kmod-isdn4linux: Remove package

The isdn4linux drivers and subsystem was removed in kernel 5.3, remove
the kernel package also from OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit db55dea5fc047190af188f07018e99b0c7a4bdde)

23 months agokernel: kmod-ipt-ulog: Remove package
Hauke Mehrtens [Sun, 7 Aug 2022 12:31:59 +0000 (14:31 +0200)]
kernel: kmod-ipt-ulog: Remove package

The ulog iptables target was removed with kernel 3.17, remove the kernel
and also the iptables package in OpenWrt too.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 2a0284fb0325f07e79b9b4c58a7d280ba9999a39)

23 months agokernel: kmod-w1-slave-ds2760: Remove package
Hauke Mehrtens [Sun, 7 Aug 2022 11:32:31 +0000 (13:32 +0200)]
kernel: kmod-w1-slave-ds2760: Remove package

The w1_ds2760.ko driver was merged into the ds2760_battery.ko driver.
The driver was removed and this package was never build any more.
This happened with kernel 4.19.

Remove this unused package.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5808973d141f488e06efe4749dbf651565fd5510)

23 months agokenrel: kmod-rtc-pt7c4338: Remove package
Hauke Mehrtens [Sun, 7 Aug 2022 12:42:01 +0000 (14:42 +0200)]
kenrel: kmod-rtc-pt7c4338: Remove package

The rtc-pt7c4338.ko was never upstream under this name, the driver was
removed from OpenWrt some years ago, remove the kmod-rtc-pt7c4338
package too.

Fixes: 74d00a8c3849 ("kernel: split patches folder up into backport, pending and hack folders")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5ccf4dcf8864c1d940b65067d8c6f7c4e5858ae2)

23 months agokernel: build crypto md5/sha1/sha256 modules for powerpc
Josef Schlehofer [Tue, 30 Aug 2022 07:02:32 +0000 (09:02 +0200)]
kernel: build crypto md5/sha1/sha256 modules for powerpc

This builds and enables kernel optimized modules for mpc85xx target:
- CONFIG_CRYPTO_MD5_PPC [1]
- CONFIG_CRYPTO_SHA1_PPC_SPE [2]
- CONFIG_CRYPTO_SHA256_PPC_SPE [3]

Where it was possible, then use Signal Processing Engine, because
CONFIG_SPE is already enabled in mpc85xx config.

[1] https://cateee.net/lkddb/web-lkddb/CRYPTO_MD5_PPC.html
[2] https://cateee.net/lkddb/web-lkddb/CRYPTO_SHA1_PPC.html
[3] https://cateee.net/lkddb/web-lkddb/CRYPTO_SHA256_PPC_SPE.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 3a702f8733ff371f30e9e3ba1e1aed5f4686b6b4)

23 months agokernel: fix typo for tegra crypto-sha1 module
Josef Schlehofer [Tue, 30 Aug 2022 06:51:37 +0000 (08:51 +0200)]
kernel: fix typo for tegra crypto-sha1 module

Fixes: e889489bedfd2830411bd0cf6564b8272aa9c254 ("kernel: build
arm/neon-optimized sha1/512 modules")

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit f8f9d6901c6a7c85e6b18fba665175646fb53ec7)

23 months agoCI: build: fix external toolchain use with release tag tests
Christian Marangi [Wed, 4 Jan 2023 18:26:16 +0000 (19:26 +0100)]
CI: build: fix external toolchain use with release tag tests

When a new tag for a release is created, the just checkout repo from
github actions will already have such tag locally created.

This will result in git fetch --tags failing with error rejecting the
remote tag with (would clobber existing tag).

Add -f option to overwrite any local tags and always fetch them from
remote.

Fixes: e24a1e6f6d7f ("CI: build: add support for external toolchains from stable branch")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f655923b362e9f2d70672eee9c1fa82550a145a6)

23 months agolayerscape: fix felix DSA driver compilation
Rafał Miłecki [Tue, 3 Jan 2023 07:34:43 +0000 (07:34 +0000)]
layerscape: fix felix DSA driver compilation

It isn't used at the moment but let's fix it anyway.

This fixes:
  CC      drivers/net/dsa/ocelot/felix.o
drivers/net/dsa/ocelot/felix.c:646:22: error: initialization of 'enum dsa_tag_protocol (*)(struct dsa_switch *, int,  enum dsa_tag_protocol)' from incompatible pointer type 'enum dsa_tag_protocol (*)(struct dsa_switch *, int)' [-Werror=incompatible-pointer-types]
  .get_tag_protocol = felix_get_tag_protocol,
                      ^~~~~~~~~~~~~~~~~~~~~~

for users enabling CONFIG_NET_DSA_MSCC_FELIX.

Fixes: 1f5024aa73fc ("kernel: backport b53/bcm_sf2 changes from v5.6")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
23 months agorealtek: update rtl83xx switch driver to the updated DSA API
Rafał Miłecki [Mon, 2 Jan 2023 16:26:56 +0000 (17:26 +0100)]
realtek: update rtl83xx switch driver to the updated DSA API

This fixes:
  CC      drivers/net/dsa/rtl83xx/dsa.o
drivers/net/dsa/rtl83xx/dsa.c:1274:22: error: initialization of 'enum dsa_tag_protocol (*)(struct dsa_switch *, int,  enum dsa_tag_protocol)' from incompatible pointer type 'enum dsa_tag_protocol (*)(struct dsa_switch *, int)' [-Werror=incompatible-pointer-types]
  .get_tag_protocol = rtl83xx_get_tag_protocol,
                      ^~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/dsa/rtl83xx/dsa.c:1274:22: note: (near initialization for 'rtl83xx_switch_ops.get_tag_protocol')
drivers/net/dsa/rtl83xx/dsa.c:1316:22: error: initialization of 'enum dsa_tag_protocol (*)(struct dsa_switch *, int,  enum dsa_tag_protocol)' from incompatible pointer type 'enum dsa_tag_protocol (*)(struct dsa_switch *, int)' [-Werror=incompatible-pointer-types]
  .get_tag_protocol = rtl83xx_get_tag_protocol,
                      ^~~~~~~~~~~~~~~~~~~~~~~~

Fixes: 1f5024aa73fc ("kernel: backport b53/bcm_sf2 changes from v5.6")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
23 months agorampis: fix Reference to non-existent node for GB-PC2
Arınç ÜNAL [Sat, 31 Dec 2022 12:41:53 +0000 (13:41 +0100)]
rampis: fix Reference to non-existent node for GB-PC2

Fix cannot build: Reference to non-existent node or label
"macaddr_factory_e000" dtb compilation error.

The cherry-pick had to be reworked to use the old mtd-mac-address way as
openwrt-21.02 still wasn't migrated to nvmem implementation.

Fixes: d604032c2a50 ("ramips: fix GB-PC1 and GB-PC2 device support")
Fixes: #11654
Fixes: #11385
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
[ rework commit message, add more fixes tag ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
23 months agodnsmasq: Backport DHCPv6 server fix (CVE-2022-0934)
Hauke Mehrtens [Tue, 1 Nov 2022 14:17:03 +0000 (15:17 +0100)]
dnsmasq: Backport DHCPv6 server fix (CVE-2022-0934)

This backports a commit from upstream dnsmasq to fix CVE-2022-0934.

CVE-2022-0934 description:
A single-byte, non-arbitrary write/use-after-free flaw was found in
dnsmasq. This flaw allows an attacker who sends a crafted packet
processed by dnsmasq, potentially causing a denial of service.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 002a99eccd75fb653163bae0a1132bd4f494e7ad)

2 years agogeneric: 5.4: refresh kernel patches
Christian Marangi [Fri, 16 Dec 2022 21:34:12 +0000 (22:34 +0100)]
generic: 5.4: refresh kernel patches

Refresh kernel patches due to new spi nor patch.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2 years agogeneric: add support for EON EN25QX128A spi nor flash
Christian Marangi [Fri, 14 Oct 2022 19:00:39 +0000 (21:00 +0200)]
generic: add support for EON EN25QX128A spi nor flash

Add support for EON EN25QX128A spi nor flash with no flags as it does
support SFDP parsing.

Fixes: #9442
Tested-by: Szabolcs Hubai <szab.hu@gmail.com> [ramips/mt7621: xiaomi_mi-router-4a-gigabit]
(cherry picked from commit d7876daf6552a9f39bd5e0bf50b554e9406ec275)
[ apply the same patch to 5.4 kernel ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2 years agotools/mkimage: fix build on MacOS arm64
Sergey V. Lobanov [Thu, 2 Dec 2021 16:02:23 +0000 (19:02 +0300)]
tools/mkimage: fix build on MacOS arm64

Fixed -no-pie compilation warning on MacOS
Fixed errors related to using absolute addressing on MacOS arm64

Based on upstream patch from Jessica Clarke and suggestions from Ronny Kotzschmar

Link to original patch and discussion:
https://github.com/u-boot/u-boot/commit/3b142045e8a7f0ab17b6099e9226296af45967d0

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit 8261b85844a0018c6c79e10c1abb581aca102e45)

2 years agoCI: kernel: don't checkout and install feeds
Christian Marangi [Wed, 7 Dec 2022 17:12:31 +0000 (18:12 +0100)]
CI: kernel: don't checkout and install feeds

We don't need to checkout feed and install feeds for kernel tests. This
saves up to 2 minutes for each target kernel build test.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 925e2a155ee4d4cc792fbf68aa9666e32a1f649b)

2 years agoCI: build: skip sdk adapt to external toolchain on cache hit
Christian Marangi [Wed, 7 Dec 2022 17:09:18 +0000 (18:09 +0100)]
CI: build: skip sdk adapt to external toolchain on cache hit

On cache hit, skip sdk adapt to external toolchain. This is needed because we
cache the already extracted sdk and that is already adapted to be used
as external toolchain.

Rerunning the adap step will result in the test to fail for missing file
as the file are already got wrapped to the external toolchain format.

Fixes: 42f0ab028e2e ("CI: build: fix use of sdk as toolchain")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 99eaedfe3966b1ca812e8a962197cf91286247f7)

2 years agokernel: backport b53/bcm_sf2 changes from v5.8
Rafał Miłecki [Wed, 7 Dec 2022 08:57:47 +0000 (09:57 +0100)]
kernel: backport b53/bcm_sf2 changes from v5.8

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2 years agokernel: backport b53/bcm_sf2 changes from v5.7
Rafał Miłecki [Wed, 7 Dec 2022 08:48:32 +0000 (09:48 +0100)]
kernel: backport b53/bcm_sf2 changes from v5.7

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2 years agokernel: backport b53/bcm_sf2 changes from v5.6
Rafał Miłecki [Wed, 7 Dec 2022 08:37:08 +0000 (09:37 +0100)]
kernel: backport b53/bcm_sf2 changes from v5.6

This b53 backport significantly stabilizes switch traffic performance.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2 years agokernel: backport b53/bcm_sf2 changes from v5.5
Rafał Miłecki [Wed, 7 Dec 2022 08:26:11 +0000 (09:26 +0100)]
kernel: backport b53/bcm_sf2 changes from v5.5

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2 years agocmake: update to version 3.19.8
Adam Konrad [Sun, 27 Nov 2022 04:23:20 +0000 (22:23 -0600)]
cmake: update to version 3.19.8

Updating CMake to latest patched version 3.19.8 which is fixing issue with ccache.

Related issue: https://github.com/openwrt/openwrt/issues/8555

Compile-tested: arm64

Signed-off-by: Adam Konrad <git@adamkonrad.com>
2 years agoCI: build: fix use of sdk as toolchain
Christian Marangi [Mon, 5 Dec 2022 22:23:04 +0000 (23:23 +0100)]
CI: build: fix use of sdk as toolchain

The toolchain included in a sdk have a different format than an external
toolchain tar.

Since sdk is a more integrated setup doesn't use and include wrapper bin
that use the external toolchain config and use an alternative and more
standard way to include all the toolchain headers.

External toolchain use wrapper.sh to append the configured include
header when each tool is called.

Fix the sdk toolchain by reverting their own sdk wrapper scripts and to
simulate an external toolchain build copying what is done in the
toolchain target makefile.

This handle compilation error and warning caused by not using fortify
header on building packages.

Fixes: 006e52545d14 ("CI: build: add support to fallback to sdk for external toolchain")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 42f0ab028e2eae0d4e7acf9db7fd68b256f23503)

2 years agotoolchain: Select USE_SSTRIP with external musl toolchain
Hauke Mehrtens [Sun, 11 Sep 2022 22:29:00 +0000 (00:29 +0200)]
toolchain: Select USE_SSTRIP with external musl toolchain

When we use the internal toolchain USE_SSTRIP will be selected by
default for musl libc and USE_STRIP when glibc is used. Do the same when
an external toolchain is used. USE_GLIBC will also be set for external
toolchain builds based on the EXTERNAL_TOOLCHAIN_LIBC_USE_GLIBC setting.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 9403810c020cca136149973a3929bf77a1f501aa)

2 years agosdk: expose binary strip settings
David Bauer [Fri, 20 Nov 2020 02:03:54 +0000 (03:03 +0100)]
sdk: expose binary strip settings

Expose the SDK options for binary stripping to the menuconfig. This
way, packages can easily be built with debug symbols using the SDK.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit bb817bb4b8b0b546a70e45bd907ebfeea2370dcd)

2 years agoCI: trigger check also on build and check-kernel-patches workflow change
Christian Marangi [Sun, 4 Dec 2022 19:58:11 +0000 (20:58 +0100)]
CI: trigger check also on build and check-kernel-patches workflow change

Since kernel and packages workflow now use a shared build workflow, they
also need to react on changes on these shared workflow.

Fix this and add these shared workflow to the event paths to check.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 644175c29ca11e0a008c58c82986045f738f5c6f)

2 years agoCI: build: fix matching for openwrt release branch for toolchain parsing
Christian Marangi [Sun, 4 Dec 2022 19:36:11 +0000 (20:36 +0100)]
CI: build: fix matching for openwrt release branch for toolchain parsing

The current match logic doesn't handle test for push events related to
stable release (example openwrt-22.03) but only fork with the related
prefix (example openwrt-22.03-fixup)

Fix wrong matching and while at it also add extra checks to other
matching (check if the branch name actually start with the requested
prefix)

Fixes: e24a1e6f6d7f ("CI: build: add support for external toolchains from stable branch")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit e3cf2b84e5f8708ca17d931ef60746516c8a2fe4)

2 years agoCI: fix matching for openwrt release branch for container selection
Christian Marangi [Sun, 4 Dec 2022 19:28:28 +0000 (20:28 +0100)]
CI: fix matching for openwrt release branch for container selection

The current match logic doesn't handle test for push events related to
stable release (example openwrt-22.03) but only fork with the related
prefix (example openwrt-22.03-fixup)

Fix wrong matching and while at it also add extra checks to other
matching (check if the branch name actually start with the requested
prefix)

Fixes: abe8a4824210 ("CI: build: add support for per branch tools container")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 65c3d19c4b28ccac0d08d916de0ffa4c0e7b3dc2)

2 years agoCI: labeler: fix wrong label for pr targeting stable branch
Christian Marangi [Thu, 1 Dec 2022 00:46:03 +0000 (01:46 +0100)]
CI: labeler: fix wrong label for pr targeting stable branch

The label used for stable branch is in the form of
release/[0-9][0-9].[0-9][0-9]
Currently we apply the name of the target branch as the label, fix this
and correctly use the current label.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit af8bc8e51b6daef65c497522b67a1dd9d0cdab84)

2 years agoCI: add support to tag pr targeting stable branch
Christian Marangi [Tue, 29 Nov 2022 18:53:23 +0000 (19:53 +0100)]
CI: add support to tag pr targeting stable branch

Add support to tag pr targeting stable branch matching the simple regex
of openwrt-[0-9][0-9].[0-9][0-9]. The tag that will be added will match
the pr target branch.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b67d284e93ee052e3ea3abb5d3dae55723ce0353)

2 years agokernel: split kernel version to dedicated files
Ansuel Smith [Mon, 10 Jan 2022 16:02:30 +0000 (17:02 +0100)]
kernel: split kernel version to dedicated files

Move the kernel versions and hash to dedicated files.
This makes kernel bump quicker and fix some annoying
problem with rebasing when multiple kernel bump are proposed.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[Rebased on top of current master]
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit 0765466a42f46f7357e260866a4284ed567bb7ad)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[Rebased on top of current openwrt-21.02]

2 years agobuild: handle directory with whitespace in AUTOREMOVE clean
Christian Marangi [Wed, 7 Sep 2022 21:50:36 +0000 (23:50 +0200)]
build: handle directory with whitespace in AUTOREMOVE clean

Package with whitespace in their build directory are not correctly
removed when CONFIG_AUTOREMOVE is enabled. This is caused by xargs that
use whitespace as delimiters. To handle this use \0 as the delimiter and
set find to use \0 as the delimiter.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit dccee21792b89031bcd801030de403f195d80278)

2 years agoCI: build: add support to fallback to sdk for external toolchain
Christian Marangi [Mon, 28 Nov 2022 15:12:13 +0000 (16:12 +0100)]
CI: build: add support to fallback to sdk for external toolchain

Add support to use sdk as external toolchain if the packaged external
toolchain tar is not found on openwrt servers for build shared workflow.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b59ac2a7d0ff427419e86bd38dea3d8910dd7926)

2 years agoCI: build: add support for external toolchains from stable branch
Christian Marangi [Mon, 28 Nov 2022 11:44:01 +0000 (12:44 +0100)]
CI: build: add support for external toolchains from stable branch

Add support to use external toolchains from stable branch if we are
testing commit targeting stable openwrt branch in kernel and packages
workflow.

With pr the target branch is parsed and the right toolchain is used.

To use the stable toolchain for local testing the branch needs to have
the prefix openwrt-[0-9][0-9].[0-9][0-9]- (example openwrt-21.02-fixup)

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit e24a1e6f6d7f08fb766eb11b8008f8fc5b72d072)

2 years agoCI: build: add support for per branch tools container
Christian Marangi [Sun, 27 Nov 2022 18:53:08 +0000 (19:53 +0100)]
CI: build: add support for per branch tools container

Add support in build shared workflow for per branch tools container.

With pr the target branch is parsed and the right container is used.

To use the stable container for local testing the branch needs to have
the prefix openwrt-[0-9][0-9].[0-9][0-9]- (example openwrt-21.02-fixup)

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit abe8a4824210966e0899724bf4561a89216a1e36)

2 years agoCI: tools: support per branch tools container
Christian Marangi [Sun, 27 Nov 2022 18:45:38 +0000 (19:45 +0100)]
CI: tools: support per branch tools container

Add support to push per branch container tools.
For anything not official stick to latest tag that correspond to test
run from master.

If we are testing something for one of the openwrt stable branch, parse
the branch name or the tag and push dedicated tools containers.

To use the stable container for local testing the branch needs to have
the prefix openwrt-[0-9][0-9].[0-9][0-9] (example openwrt-21.02-fixup)

Any branch that will match this pattern openwrt-[0-9][0-9].[0-9][0-9]
will refresh the tools container with the matching tag.
(example branch openwrt-22.03 -> tools:openwrt-22.03)
(example branch openwrt-22.03-test -> tools:openwrt-22.03)

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 75550771ae76fbcab4160e10b73287f918727384)

2 years agoCI: Build all boards and testing kernel
Hauke Mehrtens [Sat, 3 Dec 2022 02:04:40 +0000 (03:04 +0100)]
CI: Build all boards and testing kernel

This adds options to build all boards of a selected target and an
additional option to build the testing kernel instead of the normal
kernel. This can be used by other trigger work flows.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit cf361b85097216538dfac5ad7b22050390b0bc67)

2 years agoCI: Allow building with internal toolchain
Hauke Mehrtens [Sat, 5 Nov 2022 13:27:11 +0000 (14:27 +0100)]
CI: Allow building with internal toolchain

This adds an option to build with internal toolchain. This can be used
to build targets which are currently not build by the OpenWrt build bots
and which needs their own toolchain build for every build.

Building the toolchain takes about 30 minutes compared to using the
external toolchain which takes some seconds.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 08f5283392674fe874c7f441128319263ce0d171)

2 years agoCI: Extract the OpenWrt building to own sub workflow
Hauke Mehrtens [Tue, 1 Nov 2022 18:10:01 +0000 (19:10 +0100)]
CI: Extract the OpenWrt building to own sub workflow

Extract the building of OpenWrt into an own workflow which is then
triggered by the kernel.yml and packages.yml workflow with different
inputs. This allows us to share much of the code of the workflow.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7c406a5f0837b0bfc293b723932695176a8ef6fe)

2 years agoCI: Simplify if conditions
Hauke Mehrtens [Sat, 5 Nov 2022 13:38:35 +0000 (14:38 +0100)]
CI: Simplify if conditions

There is no need to put a ${{ }} around the if conditions.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit ce343653c2618e1d335662b924c382c0192b7b46)

2 years agometa: drop issue_template
Jo-Philipp Wich [Wed, 9 Feb 2022 16:26:58 +0000 (17:26 +0100)]
meta: drop issue_template

The contents do not apply anymore now that the switch to Github issue
has been decided.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 64125ed1d0067f0648f2669b29b59a77ece3bf10)

2 years agoCI: packages.yml: Fix usage of pre-build tools
Hauke Mehrtens [Wed, 2 Nov 2022 21:17:51 +0000 (22:17 +0100)]
CI: packages.yml: Fix usage of pre-build tools

Activate CONFIG_AUTOREMOVE to match the settings used to build the
pre-build tools. This has to match the pre-build tools to not rebuild
them.

This prevents the tools being rebuild in packages.yml.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6645a019f88e2e6930fe63d1a51046a8e72445a0)

2 years agoCI: packages: Add github CI job to build all packages
Hauke Mehrtens [Sun, 7 Aug 2022 16:46:11 +0000 (18:46 +0200)]
CI: packages: Add github CI job to build all packages

This will build OpenWrt for MIPS malta BE and x86 64 Bit with all
packages and kernel modules activated. It is triggered when something
changes in the build system or when a package definition is changed.
This task probably needs 90 minutes to execute, but I hope that it
will find build problems in pull requests early.

This intentionally does not activate the feeds, because building them
too would take too long. We only build x86/64 and malta/be to save
resources.

I would like to detect build problems when a package is changed. We
often had build breaks when a package version was increased sometime
even in other packages which used it as a dependency.

This is based on the .github/workflows/packages.yml workflow.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b99d3778863d6ba67ee1ebda6fd42413062c6480)

2 years agoCI: kernel: fix deprecation of set-output
Christian Marangi [Fri, 21 Oct 2022 14:09:19 +0000 (16:09 +0200)]
CI: kernel: fix deprecation of set-output

From [0], github deprecated set-output with a better approach of
appending variables to $GITHUB_OUTPUT

[0] https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 6d4bcadaa343cb969f370631a5ed5338306c056e)

2 years agoci: kernel: trigger build check on changes in kernel.mk as well
Petr Štetiar [Wed, 19 Oct 2022 21:02:43 +0000 (23:02 +0200)]
ci: kernel: trigger build check on changes in kernel.mk as well

So we can QA more parts of kernel build process.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 5e31c82bb506bff9c60c4d01791bea7a29e4a020)

2 years agoCI: kernel: check if patch are refreshed for each target
Christian Marangi [Sat, 15 Oct 2022 08:56:46 +0000 (10:56 +0200)]
CI: kernel: check if patch are refreshed for each target

Enforce refreshed patch for each target with kernel pr tests.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 689cfaeb7c37d7199f6e552bf32b0f996ea3040a)

2 years agoCI: labeler: target major version of labeler action
Christian Marangi [Wed, 12 Oct 2022 14:49:46 +0000 (16:49 +0200)]
CI: labeler: target major version of labeler action

Target major version of labeler to include minor fixes and use always
the latest major version with included fixes.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 5fb7232bc0592cb2e1818fa47dfaecc291c8514e)

2 years agoCI: bump actions/download,upload-artifact action to v3
Christian Marangi [Wed, 12 Oct 2022 14:48:46 +0000 (16:48 +0200)]
CI: bump actions/download,upload-artifact action to v3

Bump actions/download,upload-artifact action to v3 on every workflow
to mute node deprecation warning.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 77b24012db1d696ca87c03fa1bb8bdf2606119e7)

2 years agoCI: bump actions/checkout action to v3
Christian Marangi [Wed, 12 Oct 2022 13:24:11 +0000 (15:24 +0200)]
CI: bump actions/checkout action to v3

Bump actions/checkout action to v3 on every workflow to mute node
deprecation warning.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 87c69d73bb4021bf3a26217b3a652ce262637b1e)

2 years agoCI: kernel: generate ccache cache on kernel push
Christian Marangi [Sat, 8 Oct 2022 17:25:54 +0000 (19:25 +0200)]
CI: kernel: generate ccache cache on kernel push

To actually use ccache cache on kernel test from pr, the kernel workflow
has to be run first from a push action.

This will permit as a side effect to test merged commits and catch commit
that may cause regression in kernel compilation even outside the github
system.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 23e946d1aded1fc21125704c0819146d5772d72b)

2 years agoCI: kernel: use ccache to speedup workflow
Christian Marangi [Tue, 4 Oct 2022 16:43:38 +0000 (18:43 +0200)]
CI: kernel: use ccache to speedup workflow

Use ccache to speedup kernel compilation.
Ccache dir is cached across each build test. To refresh ccache directory
we generate an hash of the kernel include files, that includes the
kernel versions of every kernel supported and the kernel compile
includes.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 137ba15e6ef31534a2002a02e69b774232f0b040)

2 years agoCI: tools: compile tools with ccache support for tools container
Christian Marangi [Tue, 4 Oct 2022 16:38:57 +0000 (18:38 +0200)]
CI: tools: compile tools with ccache support for tools container

Enable ccache support for tools container, useful to speedup other
workflow even more.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 2781e3839e7f4f6132a2737ee9f988f40fa58d99)

2 years agoCI: Add workaround for github uppercase usernames
Edward Chow [Mon, 3 Oct 2022 11:39:58 +0000 (19:39 +0800)]
CI: Add workaround for github uppercase usernames

The workflow defined in tools.yml and kernel.yml used to fail on
forked repositories of contributers whose github username contains
uppercase letters.

A workaround mentioned in
https://github.com/orgs/community/discussions/27086 and
https://stackoverflow.com/questions/70326569/ is applied.

Signed-off-by: Edward Chow <equu@openmail.cc>
(cherry picked from commit c27b43956407f3adc3cc2693792acd6b40a01877)

2 years agoCI: use tools:latest container to speedup kernel workflow
Christian Marangi [Mon, 5 Sep 2022 21:18:00 +0000 (23:18 +0200)]
CI: use tools:latest container to speedup kernel workflow

Use tools:latest container with prebuilt host tools to speedup kernel
compilation in kernel workflow.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 5d09118f8e60fa151e03916f255f5511e197af68)

2 years agoCI: create Docker container containing compiled tools
Paul Spooren [Mon, 8 Aug 2022 21:37:54 +0000 (23:37 +0200)]
CI: create Docker container containing compiled tools

Currently each Kernel compilation takes about 30 minutes of which 20
minutes are used to compile our tools. While the toolchain is downloaded
and instantly ready the tools are missing.

This commit starts uploading a Docker container including compiled tools
which are ready to use. It is automatically updated whenever any tools
are changed.

Signed-off-by: Paul Spooren <mail@aparcar.org>
Co-Developed-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 25b65f548dfd93cae87781276bfff9a27cd3ebd4)

2 years agoCI: use buildbot container for building
Paul Spooren [Sun, 20 Mar 2022 20:02:08 +0000 (20:02 +0000)]
CI: use buildbot container for building

Instead of using a fresh Linux installation which is setup every time
use the Buildbot container which is used for our own Buildbot
infrastructure, too.
While at it also tidy up the workflow to make it more consistent with
other workflow.

Signed-off-by: Paul Spooren <mail@aparcar.org>
Co-Developed-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3b23227d43ec720f810e6e261945530f7bc549f0)

2 years agoci: show build failures directly in job log output
Petr Štetiar [Mon, 22 Aug 2022 13:05:01 +0000 (15:05 +0200)]
ci: show build failures directly in job log output

Instead of waiting for complete workflow finish, then downloading the
artifacts, unpacking them and inspecting them, lets try to make the
build failure immediately visible in the log output:

  ====== Make errors from logs/target/linux/compile.txt ======
  * Legacy (non-UHI/non-FIT) Boards
  *
  Support MIPS SEAD-3 boards (LEGACY_BOARD_SEAD3) [N/y/?] (NEW)
  Error in reading or end of file.

  make[6]: *** [scripts/kconfig/Makefile:77: syncconfig] Error 1
  make[5]: *** [Makefile:616: syncconfig] Error 2
  make[4]: *** [Makefile:736: include/config/auto.conf.cmd] Error 2
  make[3]: *** [Makefile:24: build_dir/target-mipsel-openwrt-linux-musl_musl/linux-ramips_mt7620/linux-5.15.62/.modules] Error 2
  make[2]: *** [Makefile:11: compile] Error 2
  time: target/linux/compile#30.09#11.30#37.92

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f4ca4187cde01a3e412f10657bec0790d3a4cd94)

2 years agoci: move scripts into separate directory
Petr Štetiar [Mon, 5 Sep 2022 07:04:27 +0000 (09:04 +0200)]
ci: move scripts into separate directory

So it's clean and tidy.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 63ed733d30153667d7d645ab0ee3f5614089c759)

2 years agobuild: harden GitHub workflow permissions
Alex Low [Mon, 19 Sep 2022 10:20:37 +0000 (12:20 +0200)]
build: harden GitHub workflow permissions

Grant pull-requests write permission to the labeler workflow and
read-only to everything else.

Signed-off-by: Alex Low <aleksandrosansan@gmail.com>
[ wrap to 80 columns and fix wrong author as requested by author itself ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 715259940776843d8799bc39de8eb50eb764189b)

2 years agoCI: include automatic Pull Request Labeler
Piotr Dymacz [Mon, 20 Jun 2022 11:13:30 +0000 (13:13 +0200)]
CI: include automatic Pull Request Labeler

This adds GitHub CI action which makes use of 'Labeler', allowing
automatic labeling of new PRs, based on the modified files paths.

Below labels are supported and more can be added later:
- 'target/*'
- 'target/imagebuilder'
- 'kernel'
- 'core packages'
- 'build/scripts/tools'
- 'toolchain'
- 'GitHub/CI'

For more information:
https://github.com/marketplace/actions/labeler

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 4f42566d47999c392c8ea41dc27215b43ed9ee40)

2 years agoCI: package kmods in kernel workflow
Christian Marangi [Sat, 10 Sep 2022 19:18:10 +0000 (21:18 +0200)]
CI: package kmods in kernel workflow

Actually package kmods in kernel workflow to catch dependency error and
other problem that may arise from kmods packaging.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 0c45db5560df47a0344a21c2443a4f2889c42ac8)

2 years agoCI: kernel: Cache external toolchain
Christian Marangi [Fri, 9 Sep 2022 19:09:30 +0000 (21:09 +0200)]
CI: kernel: Cache external toolchain

Cache external toolchain for each target to remove load from openwrt cdn
server and make the external toolchain setup quicker.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f522c27385d6f94e5dbcc3e84968f0e38609ff1c)

2 years agoCI: kernel: Build all kernel modules
Hauke Mehrtens [Mon, 8 Aug 2022 20:57:59 +0000 (22:57 +0200)]
CI: kernel: Build all kernel modules

Activate building all kernel modules.

This builds all kernel modules from the core packages and the feeds.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit fed325f4633cb302a5f43c42285e8ab0fd144262)

2 years agoCI: kernel: Checkout feeds from github
Hauke Mehrtens [Mon, 8 Aug 2022 18:26:18 +0000 (20:26 +0200)]
CI: kernel: Checkout feeds from github

Instead of cloning the feeds from the default location at
git.openwrt.org use the github action to clone them directly from
github. We saw some error messages when cloning from git.openwrt.org,
probably related to some rate limiting applied. Cloning from github
within a github action should work more stable.

The "./scripts/feeds update -a" script will use the already checked out
feed repositories and not clone them again from git.openwrt.org, but it
will also not change the branch name.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b120e78917099d46a25cc521998b917fdf08e388)

2 years agoCI: kernel: Show used OpenWrt configuration
Hauke Mehrtens [Sun, 7 Aug 2022 16:22:52 +0000 (18:22 +0200)]
CI: kernel: Show used OpenWrt configuration

Show the configuration used to build OpenWrt before starting the build.
This should make it easier for people to reproduce problems when it
fails.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 43afaf6149129a72a8f3e5d3d0d545e54ac81b3a)

2 years agoCI: kernel: Use downloads.cdn.openwrt.org
Hauke Mehrtens [Sun, 7 Aug 2022 16:21:44 +0000 (18:21 +0200)]
CI: kernel: Use downloads.cdn.openwrt.org

Use downloads.cdn.openwrt.org to download the toolchain. This should
reduce the load on the servers.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7b4daf00766620faac8212b46259064ca6e2c716)

2 years agoCI: kernel: Trigger workflow for more directories
Hauke Mehrtens [Sun, 7 Aug 2022 16:18:40 +0000 (18:18 +0200)]
CI: kernel: Trigger workflow for more directories

Trigger the kernel build workflow also for more directories.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 546822775cd988360964687c0cb430d67bd5c617)

2 years agoCI: run inside the buildbot docker container
Paul Spooren [Sun, 20 Mar 2022 15:31:24 +0000 (15:31 +0000)]
CI: run inside the buildbot docker container

Run github actions insider buildbot docker container.

Signed-off-by: Paul Spooren <mail@aparcar.org>
[ run container under buildbot user ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 8a77adb0485aeb40f6550eb7fcdb461b3eaffe58)