openwrt/staging/neocturne.git
4 years agorefpolicy: add variant that builds modular policy
W. Michael Petullo [Sun, 1 Nov 2020 13:44:56 +0000 (07:44 -0600)]
refpolicy: add variant that builds modular policy

This adds a variant of refpolicy that builds the modular form of the
policy. While this requires more memory on the target device, along with
some tricks to deal with OpenWrt's volatile /var directory, it is useful
for experiementing with SELinux policy.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 years agoimagebuilder: fix sstrip
Paul Spooren [Mon, 2 Nov 2020 21:35:39 +0000 (11:35 -1000)]
imagebuilder: fix sstrip

Without an absolute path to staging_dir/host/bin/sstrip the Makefile
tries to run a host installed version of sstrip, which is likely not
available.

Signed-off-by: Paul Spooren <mail@aparcar.org>
4 years agouhttpd: use P-256 for certs
Paul Spooren [Mon, 31 Aug 2020 21:39:39 +0000 (11:39 -1000)]
uhttpd: use P-256 for certs

The uhttpd package takes care of creating self-signed certificates if
px5g is installed. This improves the security of router management as it
encrypts the LuCI connection.

The EC P-256 curve is faster than RSA which which improves the user
experience on embedded devices. EC P-256 is support for as old devices
as Android 4.4.

Signed-off-by: Paul Spooren <mail@aparcar.org>
4 years agoscripts: mkhash fail on hashing a folder
Paul Spooren [Fri, 17 Jul 2020 08:19:32 +0000 (22:19 -1000)]
scripts: mkhash fail on hashing a folder

mkhash currently returns the hash of an empty input when trying to hash
a folder. This can be missleading in caseswhere e.g. an env variable is
undefined which should contain a filename. `mkhash ./path/to/$FILE`
would exit with code 0 and return a legit looking checksum.

A better behaviour would be to fail with exit code 1, which imitates the
behaviour of `md5sum` and `sha256sum`.

To avoid hashing of folders the `stat()` is checked.

Hashing empty inputs result in the following checksums:
md5: d41d8cd98f00b204e9800998ecf8427e
sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Signed-off-by: Paul Spooren <mail@aparcar.org>
4 years agoscripts: mkhash fix return code handling
Paul Spooren [Fri, 17 Jul 2020 08:19:31 +0000 (22:19 -1000)]
scripts: mkhash fix return code handling

If hashing a file fails mkhash shouldn't just silently fail. Now check
after each call of `hash_file()` the return and exit early in case of
errors. The return value which was previously ignored and would always
return 0.

Signed-off-by: Paul Spooren <mail@aparcar.org>
4 years agoscripts: mkhash show -n option in usage
Paul Spooren [Fri, 17 Jul 2020 03:43:30 +0000 (17:43 -1000)]
scripts: mkhash show -n option in usage

The -n option prints the filename of hashed files next to the calculated
checksum. Reflect that in the usage message.

user@dawn:~/src/openwrt/openwrt$ ./a.out md5 -n .config
eb06db36e7b6751cb18801945e46bf5d .config

Signed-off-by: Paul Spooren <mail@aparcar.org>
4 years agortl838x: dts: use macros for phy and switch definitions
Petr Štetiar [Wed, 4 Nov 2020 15:20:17 +0000 (16:20 +0100)]
rtl838x: dts: use macros for phy and switch definitions

It's quite more readable, saves some tedious copy&pasting, not so
error prone etc.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agortl838x: rtl838x.dtsi: fix missing interrupt-parent for uart0
Petr Štetiar [Wed, 4 Nov 2020 15:53:47 +0000 (16:53 +0100)]
rtl838x: rtl838x.dtsi: fix missing interrupt-parent for uart0

Fixes following dtc warning:

 Warning (interrupts_property): /uart@b8002000: Missing interrupt-parent

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agortl838x: rtl838x.dtsi: remove reg property from root node
Petr Štetiar [Wed, 4 Nov 2020 15:43:16 +0000 (16:43 +0100)]
rtl838x: rtl838x.dtsi: remove reg property from root node

Fixes following dtc warning:

 ../dts/rtl838x.dtsi:38.3-145.3: Warning (reg_format): /: Root node has a "reg" property

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agortl838x: add support for D-Link DGS-1210-28
Petr Štetiar [Wed, 4 Nov 2020 10:37:42 +0000 (11:37 +0100)]
rtl838x: add support for D-Link DGS-1210-28

 Hardware specification
 ----------------------

 * RTL8382M SoC, 1 MIPS 4KEc core @ 500MHz
 * 128MB DRAM
 * 32MB NOR Flash (MX25L25635E)
 * 24 x 10/100/1000BASE-T ports
    - Internal PHY with 8 ports (RTL8218B)
    - Two external PHYs with 8 ports each (RTL8218B)
 * 4 x Gigabit RJ45/SFP Combo ports
    - External PHY with 4 SFP ports (RTL8214FC)
 * Power LED
 * Reset button on front panel
 * UART (115200 8N1) via unpopulated standard 0.1" pin header marked J6

 UART pinout
 -----------

  [oooo]J3 [o]ooo|J6
    |       ^ ||`------ GND
    |       | |`------- RX
    |       | `-------- TX
    |       `---------- Vcc (3V3)
    |
    `------------------ J3 is power input connector nearby J6 UART

 Boot initramfs image from U-Boot
 --------------------------------

  1. Press Escape key during `Hit Esc key to stop autoboot` prompt
  2. Press CTRL+C keys to get into real U-Boot prompt
  3. Init network with `rtk network on` command
  4. Load image with `tftpboot 0x8f000000 openwrt-rtl838x-generic-d-link_dgs-1210-28-initramfs-kernel.bin` command
  5. Boot the image with `bootm` command

To install, upload the sysupgrade image to the OEM webpage or sysupgrade
from the system running from initramfs image.

It has been developed and tested on device with F1 revision.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agortl838x: d-link_dgs-1210: refactor common family bits
Petr Štetiar [Wed, 4 Nov 2020 09:39:42 +0000 (10:39 +0100)]
rtl838x: d-link_dgs-1210: refactor common family bits

So the common bits can be easily shared with other boards in the family
and while at it add missing SPDX license identifiers into the DTS files
and fixed alphabetic sorting of the devices in the images.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agortl838x: clean whitespace issues in rtl8382_d-link_dgs-1210-16.dts
Petr Štetiar [Wed, 4 Nov 2020 07:01:04 +0000 (08:01 +0100)]
rtl838x: clean whitespace issues in rtl8382_d-link_dgs-1210-16.dts

So it's tidy.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agohostapd: add a hostapd-basic-wolfssl variant
Rui Salvaterra [Tue, 3 Nov 2020 20:08:03 +0000 (20:08 +0000)]
hostapd: add a hostapd-basic-wolfssl variant

If only AP mode is needed, this is currently the most space-efficient way to
provide support for WPA{2,3}-PSK, 802.11w and 802.11r.

openwrt-ath79-generic-ubnt_nanostation-loco-m-squashfs-sysupgrade.bin sizes:

4719426 bytes (with wpad-basic-wolfssl)
4457282 bytes (with hostapd-basic-wolfssl)

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
4 years agoglibc: update to latest stable version 2.32
Hans Dedecker [Sun, 25 Oct 2020 17:55:24 +0000 (18:55 +0100)]
glibc: update to latest stable version 2.32

refresh patches :
050-Revert-Disallow-use-of-DES-encryption-functions-in-n.patch
00-fix_cross_rpcgen.patch

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years agoprocd: bump to git HEAD
Daniel Golle [Sat, 7 Nov 2020 06:03:12 +0000 (06:03 +0000)]
procd: bump to git HEAD

 b0de894 jail: fix capabilities

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agoocteon: add support for Ubiquiti EdgeRouter 4
Roman Kuzmitskii [Thu, 22 Oct 2020 21:20:05 +0000 (21:20 +0000)]
octeon: add support for Ubiquiti EdgeRouter 4

Ubiquiti EdgeRouter 4 is 4 port Octeon Cavium 7130 powered router.
It has internal power supply and needs c13 power cord.
There are three 10/100/1000 Mbps RJ45/Copper ports and
one 1000 Mbps SFP port connected directly to a SoC.

SoC:
  Octeon Cavium 7130 (Cavium 3)
  Clocked at 1000Mhz

Memory:
  1 GiB (SK hynix H5TQ4G63CFR-RDC × 2)
  DDR3, clocked at 533 Mhz (1066Mhz effective)
Flash:
  - mtd:
    8 MiB (Macronix MX25L6408EMI-12G)
    used for uboot/eeprom
  - emmc:
    4 GiB (SanDisk SDIN7DP2-4G)
    used for kernel+rootfs
Leds: 1x for power status (white/blue, controllable)
  and 4x for ethernet and sfp ports (no control over them)
Buttons: 1x Reset (from SOC)
Serial: 1x RJ45 port on front panel. 115200 baud, 8N1 (from SoC)
USB: 1x USB3.0 on front panel (from SoC)
MII: 1x QSGMII from SoC is used
PHY: 1x Vitesse VSC8504 of which 4x ports is used

All physical port numbers are properly mapped inside OS and
named by lanX instead of ethX.

There is also special purpose four(4) loopX ports available.
That loopX ports are currently hardcoded by linux kernel
and exact use case of them is currently unknown. We leave them
to the linux kernel and octeon board defaults.

All four (4) physical ports are connected to the same QSGMII.
vsc8504 is used for phys and only 4, 5, 6 and 7 phys are used.

Phy mapping:
 - Phy5 is connected to physical eth0 port
 - Phy6 is connected to physical eth1 port
 - Phy7 is connected to physical eth2 port
 - Phy4 is connected to physical eth3 port

Why this device needs external dts:
 - faster boot time since need to initialize less device tree nodes.
 - to add actual indication with LED about boot/failure/upgrade.
   i.e. user could know when to enter failsafe mode or if upgrade is done
 - reset button support so user can reset their device in case off failure
 - sfp port indication in dmesg with information about sfp module
   it also indicates when module inserted or removed

Octeon quirks:
 - There is no port status available before it interface brought up
 - SFP port can not be tied to actual phy due to octeon-ethernet state
   and currently we can only get reports a about SFP state in dmesg

How to flash the firmware:
  - copy openwrt-octeon-ubnt_edgerouter-4-initramfs-kernel.bin and
    openwrt-octeon-ubnt_edgerouter-4-squashfs-sysupgrade.tar to
    USB flash drive that is formatted to vfat/fat32
  - connect USB flash drive to edgerouter 4 front USB port
  - connect serial cable using front RJ45 port (115200 baud, 8N1)
  - connect power to cable to edgerouter 4
  - connect terminal to the console to see uboot boot process
  - interrupt boot by pressing button(s) on your keyboard to log in to the uboot
  - detect usb connected flash drives by typing to the console:
    usb start
  - after drive is detected load initramfs+kernel to the memory by typing:
    fatload usb 0:1 0x20000000 openwrt-octeon-ubnt_edgerouter-4-initramfs-kernel.bin
  - after initramfs+kernel is loaded to the memory load it by typing:
    bootoctlinux 0 numcores=4 endbootargs mem=0
  - boot process should finish and you will be greeted with console after pressing enter
  - create directory to mount usb flash drive to by typing:
    mkdir /tmp/sda
  - mount flash drive to that directory by typing:
    mount /dev/sda1 /tmp/sda
  - flash firmware to router internal storage by typing:
    sysupgrade /tmp/sda/openwrt-octeon-ubnt_edgerouter-4-squashfs-sysupgrade.tar
  - device will reboot and after it gets up you will have edgerouter 4 running openwrt

Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
Tested-by: Johannes Kimmel <fff@bareminimum.eu>
Signed-off-by: Roman Kuzmitskii <damex.pp@icloud.com>
4 years agoocteon: honor disabled sgmii device tree nodes
Roman Kuzmitskii [Sun, 1 Nov 2020 20:46:05 +0000 (20:46 +0000)]
octeon: honor disabled sgmii device tree nodes

adds patch to octeon ethernet driver that lets sgmii interface
device tree node to be disabled and that disabled interface
won't be unnecessarily initialized.

It solves the problem with octeon boards that have 8 sgmii or more ports
initialized but have nothing connected to them.

Tested-by: Johannes Kimmel <fff@bareminimum.eu>
Signed-off-by: Roman Kuzmitskii <damex.pp@icloud.com>
4 years agoocteon: implement interface rename by label from device tree
Roman Kuzmitskii [Wed, 28 Oct 2020 19:23:49 +0000 (19:23 +0000)]
octeon: implement interface rename by label from device tree

adds patch to octeon ethernet driver that to rename interface
name by label from device tree

Tested-by: Johannes Kimmel <fff@bareminimum.eu>
Signed-off-by: Roman Kuzmitskii <damex.pp@icloud.com>
4 years agogeneric: add support for vsc8504 phy
Roman Kuzmitskii [Thu, 5 Nov 2020 14:16:15 +0000 (14:16 +0000)]
generic: add support for vsc8504 phy

adds support for vsc8504 phy.
patch have use on 5.4 kernel and has
to be dropped after since phy is supported by
CONFIG_MICROSEMI_PHY on newer LTS kernels.

Tested-by: Johannes Kimmel <fff@bareminimum.eu>
Signed-off-by: Roman Kuzmitskii <damex.pp@icloud.com>
4 years agoprocd: bump to git HEAD
Daniel Golle [Thu, 5 Nov 2020 02:15:20 +0000 (02:15 +0000)]
procd: bump to git HEAD

 2f381fe jail: guard boolean blobmsg attributes
 602b8fa jail: add option for pidfile
 bba6de7 jail: handle mount propagation flags
 6963d50 jail: relax seccomp unknown syscall handling
 e1fcfdc jail: add support for absolute root path in OCI spec
 257f29b jail: don't fail if maskedPath cannot be found
 75f2374 uxc: mimic runc cmdline by using getopt_long

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agogdb: fix building with NLS enabled
Daniel Golle [Thu, 5 Nov 2020 00:30:04 +0000 (00:30 +0000)]
gdb: fix building with NLS enabled

Building gdb failed with CONFIG_BUILD_NLS enabled. Use nls.mk and
add the necessary dependencies for libintl and libiconv.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agoath79: streamline image-generation for OCEDO boards
David Bauer [Wed, 4 Nov 2020 23:00:37 +0000 (00:00 +0100)]
ath79: streamline image-generation for OCEDO boards

Use the default sysupgrade generation procedure provided
by the target. The previously generated images had the rootfs not
aligned to an eraseblock.

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agomac80211: ath9k: enable OEM cards support on x86
Rafał Dzięgiel [Sat, 1 Aug 2020 21:09:20 +0000 (23:09 +0200)]
mac80211: ath9k: enable OEM cards support on x86

A lot of devices running OpenWrt x86 arch (32 or 64 bit) are either
"home-made routers" or devices that use PC class OEM components.

This commit enables OEM cards support on those devices by default.

Signed-off-by: Rafał Dzięgiel <rafostar.github@gmail.com>
[reformat commit message]
Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agorockchip: remove unused config symbols
David Bauer [Sat, 1 Aug 2020 20:41:37 +0000 (22:41 +0200)]
rockchip: remove unused config symbols

Remove MDIO and I2C bitbangig support from the kernel.

These functionalities are currently not used by any board in the target.

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agorockchip: fix NanoPi R2S GMAC clock name
David Bauer [Sun, 4 Oct 2020 22:01:12 +0000 (00:01 +0200)]
rockchip: fix NanoPi R2S GMAC clock name

This commit fixes the name for the GMAC clock to gmac_clkin, as this is
the name of the clock provided by the rk3328-clk driver.

Without this commit, the GMAC will not work in TX direction.

Suggested-by: Tobias Waldvogel <tobias.waldvogel@gmail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agomediatek: update uboot to latest patchset provided by MTK
John Crispin [Wed, 4 Nov 2020 19:32:52 +0000 (20:32 +0100)]
mediatek: update uboot to latest patchset provided by MTK

MTK sent us their latest version of the staging uboot. Lets merge the patches.

Signed-off-by: John Crispin <john@phrozen.org>
4 years agoramips: fix kernel oops in `mt7621_nfc_write_page_hwecc`
Anton Ryzhov [Sun, 1 Nov 2020 15:06:26 +0000 (16:06 +0100)]
ramips: fix kernel oops in `mt7621_nfc_write_page_hwecc`

`mt7621_nfc_write_page_hwecc` may be called with `buf=NULL`, but
`mt7621_nfc_check_empty_page` always tries to read it.
That caused Oops:
`Unable to handle kernel paging request at virtual address 00000000`

Fixes: FS#3416
Signed-off-by: Anton Ryzhov <anton@ryzhov.me>
4 years agobase-files: add board.d support for bridge device
John Crispin [Tue, 3 Nov 2020 16:43:22 +0000 (17:43 +0100)]
base-files: add board.d support for bridge device

Latest netifd allows us to setup network bridges with implicit vlan
tagging. For this to work, we need to setup several additional uci
sections. This feature is particularly usefull for DSA tupe devices.
Add board.d and uci-defaults support for generating the sections.

Signed-off-by: John Crispin <john@phrozen.org>
4 years agoath79: remove redundant setup of wmac for ubnt WA devices
Adrian Schmutzler [Tue, 3 Nov 2020 17:03:01 +0000 (18:03 +0100)]
ath79: remove redundant setup of wmac for ubnt WA devices

Several Ubiquiti WA devices set up &wmac again in their DTS files,
although this is already done in ar9342_ubnt_wa.dtsi.

Fixes: fa3c2676ab0c ("ath79: Add support for Ubiquiti Nanostation AC")
Fixes: cf5a1abe46fc ("ath79: define 2.4GHz radio for nanostation ac loco")
Fixes: 09804da80a99 ("ath79: define 2.4GHz radio for litebeam ac gen2")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoath79: create DTSI files for ubnt WA 1-/2-port devices
Nick Hainke [Sun, 25 Oct 2020 11:58:30 +0000 (12:58 +0100)]
ath79: create DTSI files for ubnt WA 1-/2-port devices

The ar9342 Ubiquiti WA devices appear to only have two different
network setups, based on the number of ethernet ports.
Create DTSI files for them to consolidate duplicate definitions.

Signed-off-by: Nick Hainke <vincent@systemli.org>
[rephrase commit message/title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoath79: fix nanobeam ac ethernet interface
Nick Hainke [Sun, 25 Oct 2020 14:25:01 +0000 (15:25 +0100)]
ath79: fix nanobeam ac ethernet interface

In 4.14 the delays were not cleared, so setting "rgmii" as phy-mode
did not affect delays set by the bootloader. With 5.4 kernel the
situation changed and the ethernet interface stopped working.

"rgmii" requires rx and tx delays depending on the hardware circuit
and wiring. The mac or the phy can add these delays.
- "rgmii":  delays are controlled by the mac
- "rgmii-id": delays are controlled by the phy
More Information in Linux Kernel Tree:
Documentation/devicetree/bindings/net/ethernet-controller.yaml

"rgmii" should be the preferred mode, which allows the mac layer to
turn off the dealys completely if they are not needed. However, the
delays are not set correctly, which causes the ethernet interface
to be broken. Just taking the ethernetpart from the litebeam ac gen2
will fix the issue.

Explained-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Nick Hainke <vincent@systemli.org>
4 years agortl838x: remove the swconfig setup from the board.d code
John Crispin [Tue, 3 Nov 2020 16:45:52 +0000 (17:45 +0100)]
rtl838x: remove the swconfig setup from the board.d code

the code currently sets up uci for swconfig which we do not use.

Signed-off-by: John Crispin <john@phrozen.org>
4 years agoopkg: clean up and fix performance regression
Daniel Golle [Tue, 3 Nov 2020 04:42:32 +0000 (04:42 +0000)]
opkg: clean up and fix performance regression

 da9746a libopkg: clean up handling of unresolved dependencies

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
4 years agoopkg: fix yet another dependency resolution bug
Daniel Golle [Mon, 2 Nov 2020 23:22:26 +0000 (23:22 +0000)]
opkg: fix yet another dependency resolution bug

The previous fix of a fix caused yet another problem leading to
`opkg show-upgradable` ending up in an infinite loop.
Fix that.

Fixes: 4a2b1ff7fb ("opkg: fix dependency resolution")
Reported-by: Huangbin Zhan <zhanhb88@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agoopkg: fix dependency resolution
Daniel Golle [Mon, 2 Nov 2020 20:46:03 +0000 (20:46 +0000)]
opkg: fix dependency resolution

The previous commit broke opkg in a way that it would no longer
include dependencies when installing a package, effectively leading
to broken images and unusable systems.
Fix that by making sure dependencies are still going to be checked.
Also reduce size of struct abstract_pkg as suggested by @jow- while at
it.

Fixes: 1445d333aa ("opkg: bump to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agozram-swap: use new extra_command wrapper
Florian Eckert [Fri, 24 Jul 2020 07:34:41 +0000 (09:34 +0200)]
zram-swap: use new extra_command wrapper

Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
4 years agodropbear: use new extra_command wrapper
Florian Eckert [Fri, 24 Jul 2020 07:33:59 +0000 (09:33 +0200)]
dropbear: use new extra_command wrapper

Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
4 years agoltq-vdsl-app: use new extra_command wrapper
Florian Eckert [Fri, 24 Jul 2020 07:33:42 +0000 (09:33 +0200)]
ltq-vdsl-app: use new extra_command wrapper

Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
4 years agoltq-adsl-app: use new extra_command wrapper
Florian Eckert [Fri, 24 Jul 2020 07:55:37 +0000 (09:55 +0200)]
ltq-adsl-app: use new extra_command wrapper

Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
4 years agobase-files: fix rc.common help alignment
Florian Eckert [Fri, 24 Jul 2020 06:44:03 +0000 (08:44 +0200)]
base-files: fix rc.common help alignment

This commit introduces a new function `extra_command` to better format
the help text without having to calculate the indentation in every startup
script that wants to add a new command. So far it looks weird and is not
formatted correctly on some startup scripts.

After using the new `extra_command` wrapper the alignement looks correctly.

And if the indentation is not sufficient in the future, this can be
changed in the function extra_command at a central location.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
4 years agokernel: add disabled CONFIG_IP6_NF_TARGET_MASQUERADE
Adrian Schmutzler [Mon, 2 Nov 2020 16:33:01 +0000 (17:33 +0100)]
kernel: add disabled CONFIG_IP6_NF_TARGET_MASQUERADE

In kernel commit adf82accc5f5 ("netfilter: x_tables: merge ip and
ipv6 masquerade modules") the config symbols IP_NF_TARGET_MASQUERADE
and IP6_NF_TARGET_MASQUERADE have been demoted to simple backwards-
compat options for NETFILTER_XT_TARGET_MASQUERADE.

In netfilter.mk, this has already been updated in OpenWrt commit
d1592306cc07 ("netfilter.mk: use CONFIG_NETFILTER_XT_TARGET_MASQUERADE"),
having us use the new config symbol.

However, enabling IP_NF_NAT or IP6_NF_NAT still makes the relevant
legacy options selectable, so we need to disable them in generic
config (and forget about them afterwards).
Since CONFIG_IP_NF_TARGET_MASQUERADE is already present there, this
just adds the missing CONFIG_IP6_NF_TARGET_MASQUERADE.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agokernel: drop obsolete symbol CONFIG_NF_NAT_IPV6
Adrian Schmutzler [Mon, 2 Nov 2020 16:27:05 +0000 (17:27 +0100)]
kernel: drop obsolete symbol CONFIG_NF_NAT_IPV6

Kernel has removed the symbols CONFIG_NF_NAT_IPV4 and
CONFIG_NF_NAT_IPV6 in favor of CONFIG_NF_NAT in commit
3bf195ae6037 ("netfilter: nat: merge nf_nat_ipv4,6 into nat core").

This drops the obsolete symbol CONFIG_NF_NAT_IPV6 from generic
config-5.4.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoath79: ubnt-unifi: make u-boot-env partition read-only
Lech Perczak [Wed, 26 Aug 2020 21:38:25 +0000 (23:38 +0200)]
ath79: ubnt-unifi: make u-boot-env partition read-only

This partition isn't normally modified during boot process. Make it
read-only to prevent accidental overwrite.
If needed this can be overriden with installing kmod-mtd-rw; the same
way as for installing modified U-boot.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
4 years agoath79: ubnt-xm: make u-boot-env partition read-only
Lech Perczak [Wed, 26 Aug 2020 21:35:37 +0000 (23:35 +0200)]
ath79: ubnt-xm: make u-boot-env partition read-only

This partition isn't normally modified during boot process. Make it
read-only to prevent accidental overwrite.
If needed this can be overriden with installing kmod-mtd-rw; the same
way as for installing modified U-boot.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
4 years agokernel: bump 5.4 to 5.4.74
John Audia [Sun, 1 Nov 2020 16:37:10 +0000 (11:37 -0500)]
kernel: bump 5.4 to 5.4.74

Removed upstreamed patches:
 mvebu/patches-5.4
   409-phy-marvell-comphy-Convert-internal-SMCC-firmware-re.patch

All modifications made by update_kernel.sh

Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711, x86_64
Run-tested: ipq806x/R7800, x86_64, lantiq/Easybox 904 xDSL

No dmesg regressions, everything functional

Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86_64 build/run]
[added lantiq test report]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agox86: fix touching bootloader "upgraded" mark
Yousong Zhou [Mon, 2 Nov 2020 13:04:24 +0000 (21:04 +0800)]
x86: fix touching bootloader "upgraded" mark

The mount point is "/tmp/boot", the path in the boot partition is
"/boot/grub/upgraded".

Origin of this mark b9c1cf16 ("x86: add preinit hook for bootloader
upgrade")

Fixes 32f675ca ("x86: fix grub-bios-setup fail during sysupgrade")

Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3140
Reported-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
4 years agoscripts: bundle-libraries.sh: fix broken SDK compiler
Petr Štetiar [Sun, 1 Nov 2020 13:40:02 +0000 (14:40 +0100)]
scripts: bundle-libraries.sh: fix broken SDK compiler

Recent versions (> 5.33) of `file` report liblto_plugin.so as
executable:

 $ file liblto_plugin.so
 liblto_plugin.so.0.0.0: ELF 64-bit LSB pie executable ...

Which then leads to improper packaging of the plugin, resulting in the
broken compiler:

 configure: checking whether the C compiler works
 mips-openwrt-linux-musl/bin/ld: liblto_plugin.so: error loading plugin: liblto_plugin.so: invalid ELF header

As the LTO compiler plugin library is incorrectly packaged as SDK
executable:

 $ head -1 ~/staging_dir/toolchain...libexec/gcc/.../liblto_plugin.so
 #!/usr/bin/env bash

Fix this by filtering out shared libraries from the patching.

Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1296868
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agosdk: fix missing include directories
Petr Štetiar [Sun, 1 Nov 2020 16:31:40 +0000 (17:31 +0100)]
sdk: fix missing include directories

It's not possible to compile some applications which are using
`-Werror=missing-include-dirs` compiler flags with the SDK as some
target directories are missing in the SDK tarball:

 cc1: error: staging_dir/target/usr/include: No such file or directory [-Werror=missing-include-dirs]
 cc1: error: staging_dir/target/include: No such file or directory [-Werror=missing-include-dirs]

Fix this by adding the missing directories in the SDK.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agoscripts/getver.sh: silence rev-list errors
Petr Štetiar [Tue, 3 Mar 2020 11:47:07 +0000 (12:47 +0100)]
scripts/getver.sh: silence rev-list errors

Shallow copies are quite common on CI platforms nowadays, making REBOOT
tag unavailable, thus producing following confusing errors in the build
logs:

 fatal: Invalid revision range ee53a240ac902dc83209008a2671e7fdcf55957a..HEAD
 fatal: Invalid revision range ee53a240ac902dc83209008a2671e7fdcf55957a..0493d57e04774d47921a7d2014b567455d5dc16b

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agolinux-firmware: update to 20201022
John Audia [Sun, 25 Oct 2020 10:54:19 +0000 (06:54 -0400)]
linux-firmware: update to 20201022

git log --pretty=oneline --abbrev-commit 20200918..20201022
dae4b4c (HEAD -> main, tag: 20201022, origin/master, origin/main, origin/HEAD) Merge branch 'v1.1.5' of https://github.com/irui-wang/linux_fw_vpu_v1.1.5 into main
04f71fe cypress: add Cypress firmware and clm_blob files
4d0755b Merge https://github.com/shahasit/bt-linux-firmware into main
2a262bb Merge https://github.com/shahasit/video-linux-firmware into main
c024640 Merge tag 'iwlwifi-fw-2020-10-14' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware into main
09e8cff rtl_bt: Update RTL8821C BT FW to 0xAA6C_A99E
d7904d5 ath10k: add SDIO firmware for QCA9377 WiFi
ecdc272 Merge branch 'dg1_dmc_v2_02' of git://anongit.freedesktop.org/drm/drm-firmware into main
c86361d ice: update package file to 1.3.16.0
76ceac8 mediatek: separate venc service thread
8877322 QCA : Updated firmware file for WCN3991
4f41e9d iwlwifi: update and add new FWs from core56-54 release
346057d iwlwifi: update 3168, 7265D, 8000C and 8265 firmwares
a140ef3 i915: Add DG1 DMC v2.02
a09b728 qcom : updated venus firmware files for v5.4
58d41d0 ice: Add comms package file for Intel E800 series driver
c1bef9e copy-firmware: Always write Link: entries
b95e230 Merge commit 'ad1da95d52f1a9206da3ef52f3484f3b89ec6615' of https://github.com/shahasit/linux-firmware-bt into main
0b884ec amdgpu: update vega20 firmware for 20.40
bca0233 amdgpu: update vega12 firmware for 20.40
8652e02 amdgpu: update vega10 firmware for 20.40
9f46d48 amdgpu: update renoir firmware for 20.40
e667605 amdgpu: update raven2 firmware for 20.40
a487f2f amdgpu: update raven firmware for 20.40
aa7b732 amdgpu: update picasso firmware for 20.40
a18981e amdgpu: update navi14 firmware for 20.40
1696e2e amdgpu: update navi12 firmware for 20.40
6b8a6ea amdgpu: update navi10 firmware for 20.40
5b30b38 linux-firmware: Add new VPDMA firmware 1b8.bin
ad1da95 QCA : Updated firmware files for WCN3991
b78a66c linux-firmware: Update firmware for Cadence MHDP8546 DP bridge
afbfb5f linux-firmware: Update firmware patch for Intel Bluetooth 7265 (D1)
a38b8ed Mellanox: Add new mlxsw_spectrum firmware xx.2008.1312
1487a8a linux-firmware: nvidia: move firmware symlinks to WHENCE
bdd5617 linux-firmware: move i915 firmware symlinks to WHENCE
ab69b57 linux-firmware: move iwlwifi-7265D-10.ucode symlink to WHENCE
49c4ff5 Merge branch 'mrvl-prestera' of https://github.com/PLVision/linux-firmware into main
7a02212 linux-firmware: Update Marvell Switchdev firmware with ABI changes

Signed-off-by: John Audia <graysky@archlinux.us>
4 years agokernel: Activate KERNEL_MIPS_FP_SUPPORT for pistachio target
Hauke Mehrtens [Sat, 31 Oct 2020 17:20:33 +0000 (18:20 +0100)]
kernel: Activate KERNEL_MIPS_FP_SUPPORT for pistachio target

The pistachio target uses a MIPS CPU with FPU and OpenWrt uses a
toolchain with hard FPU support. MIPS FPU support needs the FPU
emulation code in the kernel.

Fixes: ac5671f46cb4 ("kernel: remove obsolete kernel version switches for 4.19")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agogdb: Disable tests
Hauke Mehrtens [Sat, 24 Oct 2020 21:34:49 +0000 (23:34 +0200)]
gdb: Disable tests

We do not use the tests or ubsan in our gdb package.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agogdb: Always use system zlib
Hauke Mehrtens [Sat, 24 Oct 2020 21:34:18 +0000 (23:34 +0200)]
gdb: Always use system zlib

Instead of using the system zlib when the package is selected and using
the internal zlib if it is not selected in OpenWrt, just activate it
always. This should make the package more deterministic.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agogdb: Update to version 10.1
Hauke Mehrtens [Sat, 24 Oct 2020 18:21:05 +0000 (20:21 +0200)]
gdb: Update to version 10.1

gdb 10.1 adds many new features for example gdbserver support for
  - ARC GNU/Linux
  - RISC-V GNU/Linux

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agotoolchain: gdb: Remove ARC patches
Hauke Mehrtens [Sat, 31 Oct 2020 23:16:22 +0000 (00:16 +0100)]
toolchain: gdb: Remove ARC patches

The ARC specific gdb was removed some time ago.

Fixes: 969690b33c56 ("toolchain/gdb: Don't use gdb-arc")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agotoolchain: gdb: Disable tests
Hauke Mehrtens [Sat, 24 Oct 2020 21:35:13 +0000 (23:35 +0200)]
toolchain: gdb: Disable tests

Instead of patching the tests out, just remove them with a configure
option.
No files were generates in the testsuite and unit-test directories.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agotoolchain: gdb: Update to version 10.1
Hauke Mehrtens [Sat, 24 Oct 2020 18:20:54 +0000 (20:20 +0200)]
toolchain: gdb: Update to version 10.1

gdb 10.1 adds many new features for example gdbserver support for
  - ARC GNU/Linux
  - RISC-V GNU/Linux

Removed this patch, because similar changes are now integrated upstream:
toolchain/gdb/patches/100-no_extern_inline.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 years agoodhcpd: fix compile problem on 64-bit systems
Hans Dedecker [Sun, 1 Nov 2020 19:23:04 +0000 (20:23 +0100)]
odhcpd: fix compile problem on 64-bit systems

735c783 dhcpv6: fix size_t fields in syslog format

Fixes 5cdc65f6d1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years agoipq40xx: enable RX hash / CTAG TX offloading for single-phy
David Bauer [Mon, 26 Oct 2020 20:59:47 +0000 (21:59 +0100)]
ipq40xx: enable RX hash / CTAG TX offloading for single-phy

This re-enables offloading features disabled by
commit 9da2b567605b ("ipq40xx: fix ethernet vlan double tagging").

Single-PHY devices use port-based VLANs on the switch, therefore no
S-TAG magic is involved here. Re-enabling these features restores
throughput back to 950 Mbit/s.

Reported-by: Jannis Pinter <jannis@pinterjann.is>
Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agoath79: use correct firmware name for UniFi AP
David Bauer [Sat, 31 Oct 2020 15:41:04 +0000 (16:41 +0100)]
ath79: use correct firmware name for UniFi AP

The Ubiquiti UniFi AP does not have a AHB connected radio but a PCI one.
Also the EEPROM ist only 0x440 bytes of length.

Reported-by: Martin Weinelt <martin@darmstadt.freifunk.net>
Tested-by: Martin Weinelt <martin@darmstadt.freifunk.net>
Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agoath79: remove AT803X config symbol from subtargets
David Bauer [Fri, 30 Oct 2020 00:22:47 +0000 (01:22 +0100)]
ath79: remove AT803X config symbol from subtargets

The AT803X_PHY kernel config symbol is already enabled target-wide. SO
it does not have to be enabled for individual subtargets.

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agoath79: drop upstreamed patch
David Bauer [Fri, 30 Oct 2020 00:03:09 +0000 (01:03 +0100)]
ath79: drop upstreamed patch

Patch was upstreamed a long time ago (over 2 years) as commit
a08227a206b8d ("MIPS: ath79: select the PINCTRL subsystem").

When porting this patch to a newer kernel, nobody noticed we now patch a
Broadcom platform. This is clearly not intended. So drop this patch and
pretend nothing ever happened.

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agokernel: bump 5.4 to 5.4.73
John Audia [Sat, 31 Oct 2020 11:35:12 +0000 (07:35 -0400)]
kernel: bump 5.4 to 5.4.73

Removed upstreamed patches:
 generic/pending-5.4
   445-mtd-spinand-gigadevice-Only-one-dummy-byte-in-QUA.patch
   446-mtd-spinand-gigadevice-Add-QE-Bit.patch
 pistachio/patches-5.4
   150-pwm-img-Fix-null-pointer-access-in-probe.patch

Manually rebased:
 layerscape/patches-5.4
   801-audio-0011-Revert-ASoC-fsl_sai-add-of_match-data.patch
   801-audio-0039-MLK-16224-6-ASoC-fsl_sai-fix-DSD-suspend-resume.patch
   801-audio-0073-MLK-21957-3-ASoC-fsl_sai-add-bitcount-and-timestamp-.patch
   820-usb-0009-usb-dwc3-Add-workaround-for-host-mode-VBUS-glitch-wh.patch

All modifications made by update_kernel.sh

Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711,
              mvebu (mamba, rango), x86_64, ramips/mt7621
Run-tested: ipq806x/R7800, mvebu (mamba, rango), x86_64, ramips (RT-AC57U)

No dmesg regressions, everything functional

Signed-off-by: John Audia <graysky@archlinux.us>
[alter 820-usb-0009-usb-dwc3-Add-workaround-for-host-mode-VBUS-glitch-wh]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoodhcpd: update to latest git HEAD
Hans Dedecker [Sat, 31 Oct 2020 20:23:45 +0000 (21:23 +0100)]
odhcpd: update to latest git HEAD

5700919 dhcpv6: add explicit dhcpv4o6 server address
e4f4e62 dhcpv6: add DHCPv4-over-DHCPv6 support
aff290b dhcpv6: check message type
2677fa1 router: fix advertisement interval option

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years agohostapd: enable OWE for the basic-{openssl, wolfssl} variants
Rui Salvaterra [Sat, 31 Oct 2020 11:59:48 +0000 (11:59 +0000)]
hostapd: enable OWE for the basic-{openssl, wolfssl} variants

Opportunistic Wireless Encryption is needed to create/access encrypted networks
which don't require authentication.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
4 years agolibselinux: remove dependency on musl-fts for non-musl builds
Daniel Golle [Sat, 31 Oct 2020 00:06:53 +0000 (00:06 +0000)]
libselinux: remove dependency on musl-fts for non-musl builds

Suggested-by: Curtis Deptuck <curtdept@users.noreply.github.com>
Tested-by: Curtis Deptuck <curtdept@users.noreply.github.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agotarget: remove obsolete kernel version switches for 4.19
Adrian Schmutzler [Thu, 1 Oct 2020 15:02:47 +0000 (17:02 +0200)]
target: remove obsolete kernel version switches for 4.19

This removes unneeded kernel version switches from the targets after
kernel 4.19 has been dropped.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agokernel: remove obsolete kernel version switches for 4.19
Adrian Schmutzler [Thu, 1 Oct 2020 14:47:34 +0000 (16:47 +0200)]
kernel: remove obsolete kernel version switches for 4.19

This removes switches dependent on kernel version 4.19 as well as
several packages/modules selected only for that version.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agokernel: remove support for kernel 4.19
Adrian Schmutzler [Fri, 9 Oct 2020 19:53:35 +0000 (21:53 +0200)]
kernel: remove support for kernel 4.19

We use 5.4 on all targets by default, and 4.19 has never been released
in a stable version. There is no reason to keep it.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoocteon: disable edgerouter image
Johannes Kimmel [Thu, 29 Oct 2020 10:07:38 +0000 (11:07 +0100)]
octeon: disable edgerouter image

This patch disables the image for edgerouter devices by default, since
it isn't able to boot at the moment.

Currently the edgerouter image won't boot. Current kernels have an
option CONFIG_CAVIUM_CN63XXP1 that needs to be enabled for this chip.

If the kernel was compiled without this option, following message is
displayed and the machine reboots:

[   36.778028] Kernel panic - not syncing: OCTEON II DCache prefetch workaround not in place (cfa0000c).
[   36.778028] Please build kernel with proper options (CONFIG_CAVIUM_CN63XXP1).
[   36.794398] Rebooting in 1 seconds..

This was last confirmed on 2020-10-29.

The description of this option states, that enabling it will possibly
cause performance issues on other chips.

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
4 years agoimage: drop obsolete legacy image recipes
Adrian Schmutzler [Mon, 26 Oct 2020 19:41:02 +0000 (20:41 +0100)]
image: drop obsolete legacy image recipes

LegacyDevice is not used anymore in our tree, so let's drop it
together with the relevant definitions and recipes.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoimage: sort image-commands.mk alphabetically
Adrian Schmutzler [Fri, 30 Oct 2020 18:21:37 +0000 (19:21 +0100)]
image: sort image-commands.mk alphabetically

The definitions in image-commands.mk seem to have no particular
order. Sort them alphabetically to make it easier to actually
find anything there. No other changes made beyond moving entire
blocks.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoimage: drop combined-image build recipe
Adrian Schmutzler [Mon, 26 Oct 2020 19:39:47 +0000 (20:39 +0100)]
image: drop combined-image build recipe

Build/combined-image is only used in ath25 target, and that defines
its own version. Thus, drop the unused definition in image-commands.mk.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agoimage: drop unused legacy NAND build recipes
Adrian Schmutzler [Mon, 26 Oct 2020 19:37:43 +0000 (20:37 +0100)]
image: drop unused legacy NAND build recipes

This drops unused legacy recipes Image/Build/SysupgradeNAND and
Image/Build/UbinizeImage.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
4 years agokernel: move kmod-i2c-bcm-iproc to I2C menu
Daniel Golle [Fri, 30 Oct 2020 15:45:42 +0000 (15:45 +0000)]
kernel: move kmod-i2c-bcm-iproc to I2C menu

A typo resulted in that module having it's own menu.
Move it into the I2C menu as it was most likely intended.

Fixes: 1291274335 ("kernel: package bcm53xx i2c module")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agoRevert "kmod-nft-reject: Fix for "nft_reject_ipv4.ko missing" warning"
Daniel Golle [Fri, 30 Oct 2020 01:37:54 +0000 (01:37 +0000)]
Revert "kmod-nft-reject: Fix for "nft_reject_ipv4.ko missing" warning"

This reverts commit 7f94e2afcf090f751c9f7f7ea46e8ef8d93ee84b.

Package kmod-nft-core is missing dependencies for the following libraries:
nft_reject.ko

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agorules.mk: simplify FAKEROOT command line
Jo-Philipp Wich [Thu, 10 Sep 2020 12:54:49 +0000 (14:54 +0200)]
rules.mk: simplify FAKEROOT command line

Since fakeroot is patched to discover related ressources relative to the
STAGING_DIR_HOST environment variable, there is no need to pass the path
to faked or the preload library manually anymore.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years agofakeroot: make fakeroot script relocatable
Jo-Philipp Wich [Thu, 10 Sep 2020 12:52:31 +0000 (14:52 +0200)]
fakeroot: make fakeroot script relocatable

Patch the fakeroot script template to discover faked and libfakeroot.so
relative to the STAGING_DIR_HOST environment variable, similar to how it
is done for automake, libtool, quilt and autoconf already.

This avoids the need for passing the paths to faked and libfakeroot.so
manually every time we invoke fakeroot and subsequently allows us to
drop OS X specific logic.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
4 years agobuild,IB: reload packages/ only if existing
Paul Spooren [Sat, 17 Oct 2020 20:06:03 +0000 (10:06 -1000)]
build,IB: reload packages/ only if existing

With the fix of external kmod feeds it is possible to ship the
ImageBuilder without any packages except the pseudo packages kernel and
libc. Therefore the local package feeds becomes optional.

This commit adds a check to the package_reload function to only run if
the local feed is existing.

Signed-off-by: Paul Spooren <mail@aparcar.org>
4 years agobuild,IB: include kmods only in local builds
Paul Spooren [Tue, 15 Sep 2020 22:44:36 +0000 (12:44 -1000)]
build,IB: include kmods only in local builds

The buildbots generate a kmod archive which should be used instead of a
local copy. This is possible due to the introduction of a kernelversion
specific feed.

This commit adds the ability of using only signed package feeds.

Signed-off-by: Paul Spooren <mail@aparcar.org>
4 years agobuild: FeedSourcesAppend add kmod feed to snapshot
Paul Spooren [Tue, 15 Sep 2020 22:33:46 +0000 (12:33 -1000)]
build: FeedSourcesAppend add kmod feed to snapshot

Nightly snapshot builds of OpenWrt change their kernels versions
frequently and lose thereby compatibility to kmods from the upstream
target specific packages feed.

To allow opkg to install packages over multiple days a kmod archive is
offered at $target/$subtarget/kmods/$kernelversion and added as a feed
to created snapshot images via a buildbot step[1].

Instead of using a buildstep add the kmod feed directly via
FeedSourcesAppend to be included in the ImageBuilder repositories.conf
as well. This is conditionally only done for SNAPSHOT builds and when
running as BUILDBOT. Releases are unaffected as they don't include
kernel version changes and local builds may use different kernel
versions or magics than available upstream.

This commit allows in a future step to ship ImageBuilders without a
locally stored kmod archive.

[1]: https://git.openwrt.org/?p=buildbot.git;a=blob;f=phase1/master.cfg;h=3ba7a1606e89b095b10555e703ea96e93295deec;hb=HEAD#l1025

Signed-off-by: Paul Spooren <mail@aparcar.org>
4 years agokmod-nft-reject: Fix for "nft_reject_ipv4.ko missing" warning
Philip Prindeville [Tue, 21 Apr 2020 08:29:51 +0000 (02:29 -0600)]
kmod-nft-reject: Fix for "nft_reject_ipv4.ko missing" warning

Seeing the following:

    ERROR: module '/home/philipp/lede/build_dir/target-x86_64_musl/linux-x86_64/linux-5.4.33/net/ipv4/netfilter/nft_reject_ipv4.ko' is missing.
    modules/netfilter.mk:1068: recipe for target '/home/philipp/lede/bin/targets/x86/64/packages/kmod-nft-core_5.4.33-1_x86_64.ipk' failed
    make[3]: *** [/home/philipp/lede/bin/targets/x86/64/packages/kmod-nft-core_5.4.33-1_x86_64.ipk] Error 1

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
4 years agohostapd: remove hostapd-hs20 variant
Daniel Golle [Thu, 29 Oct 2020 12:50:47 +0000 (12:50 +0000)]
hostapd: remove hostapd-hs20 variant

Hotspot 2.0 AP features have been made available in the -full variants
of hostapd and wpad. Hence we no longer need a seperate package for
that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agohostapd: add {hostapd,wpad}-basic-openssl variants
Rui Salvaterra [Thu, 29 Oct 2020 18:58:37 +0000 (18:58 +0000)]
hostapd: add {hostapd,wpad}-basic-openssl variants

Add OpenSSL-linked basic variants (which provides WPA-PSK only, 802.11r and
802.11w) of both hostapd and wpad. For people who don't need the full hostapd
but are stuck with libopenssl for other reasons, this saves space by avoiding
the need of an additional library (or a larger hostapd with built-in crypto).

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
4 years agoopkg: bump to git HEAD
Daniel Golle [Fri, 30 Oct 2020 00:19:29 +0000 (00:19 +0000)]
opkg: bump to git HEAD

 8769c75 pkg_hash: don't suggest incompatible packages

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agoath79: mikrotik: use vmlinuz (zBoot ELF)
John Thomson [Thu, 15 Oct 2020 09:27:55 +0000 (19:27 +1000)]
ath79: mikrotik: use vmlinuz (zBoot ELF)

- minimal built initramfs: 10MB vmlinux ELF -> 6MB vmlinuz
- ~5 seconds for kernel decompression, which was equivalent to the
  additional time to load the uncompressed ELF from SPI NOR.
- Removes requirement for lzma-loader, which may have been causing some
  image builds to fail to boot on Mikrotik mt7621.

Suggested-by: Thibaut VARÈNE <hacks@slashdirt.org>
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
4 years agomt7621: mikrotik: use vmlinuz (zBoot ELF)
John Thomson [Thu, 15 Oct 2020 09:27:55 +0000 (19:27 +1000)]
mt7621: mikrotik: use vmlinuz (zBoot ELF)

- minimal built initramfs: 11MB vmlinux ELF -> 4.5MB vmlinuz
- ~5 seconds for kernel decompression, which was equivalent to the
  additional time to load the uncompressed ELF from SPI NOR.
- Removes requirement for lzma-loader, which may have been causing some
  image builds to fail to boot on Mikrotik mt7621.

Fixes: FS#3354
Suggested-by: Thibaut VARÈNE <hacks@slashdirt.org>
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
4 years agobuild: image: add append-dtb-elf helper
John Thomson [Thu, 15 Oct 2020 09:06:41 +0000 (19:06 +1000)]
build: image: add append-dtb-elf helper

The mips kernel vmlinux image supports adding an empty ELF section
for DTB to be later inserted into with MIPS_ELF_APPENDED_DTB.

This ELF + inserted DTB image can then be directly booted on some
devices.

Example usage:
image/subtarget.mk:
KERNEL_NAME := vmlinux.elf
KERNEL_INITRAMFS_NAME := vmlinux-initramfs.elf
KERNEL := kernel-bin | append-dtb-elf

On mt7621 memory size needed to be manually specified.

Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
4 years agokernel: mips: zboot: put appended dtb into a section
Chuanhong Guo [Thu, 29 Oct 2020 13:22:57 +0000 (21:22 +0800)]
kernel: mips: zboot: put appended dtb into a section

This will make a separated section for dtb appear in ELF, and we can
then use objcopy to patch a dtb into vmlinuz when RAW_APPENDED_DTB
is set in kernel config.

command to patch a dtb:
objcopy --set-section-flags=.appended_dtb=alloc,contents \
        --update-section=.appended_dtb=<target>.dtb vmlinuz vmlinuz-dtb

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
4 years agoramips: add linux zboot support
Chuanhong Guo [Wed, 14 Oct 2020 13:17:56 +0000 (21:17 +0800)]
ramips: add linux zboot support

linux-mips has zboot code which can create a self-extracting kernel
image.
This allows enabling kernel zboot support for ramips targets.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
4 years agohostapd: wpas: add missing config symbols
David Bauer [Wed, 28 Oct 2020 02:17:11 +0000 (03:17 +0100)]
hostapd: wpas: add missing config symbols

This adds missing config symbols for interworking as well as Hotspot 2.0
to the wpa_supplicant-full configuration.

These symbols were added to the hostapd-full configuration prior to this
commit. Without adding them to the wpa_supplicant configuration,
building of wpad-full fails.

Thanks to Rene for reaching out on IRC.

Fixes: commit be9694aaa297 ("hostapd: add UCI support for Hotspot 2.0")
Fixes: commit 838b412cb527 ("hostapd: add interworking support")
Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agodnsmasq: install /etc/hotplug.d/ntp/25-dnsmasqsec world-readable
Daniel Golle [Wed, 28 Oct 2020 01:56:16 +0000 (01:56 +0000)]
dnsmasq: install /etc/hotplug.d/ntp/25-dnsmasqsec world-readable

/etc/hotplug.d/ntp/25-dnsmasqsec is being sourced by /sbin/hotplug-call
running as ntpd user. For that to work the file needs to be readable by
that user.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agomac80211: Fix wpa_supplicant config removal ubus call
Sven Eckelmann [Thu, 22 Oct 2020 08:52:08 +0000 (10:52 +0200)]
mac80211: Fix wpa_supplicant config removal ubus call

If mac80211_setup_supplicant() is called with enabled=0 then it should just
destroy the interface and remove the configuration from wpa_supplicant. But
the ubus method call always returned

  Command failed: Method not found

because the actual name of the method is "config_remove".

Fixes: b5516603dd90 ("mac80211: more wifi reconf related fixes")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
[bump PKG_RELEASE]
Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agohostapd: bump PKG_RELEASE
David Bauer [Tue, 27 Oct 2020 23:09:34 +0000 (00:09 +0100)]
hostapd: bump PKG_RELEASE

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agohostapd: add interworking support
David Bauer [Mon, 19 Oct 2020 00:29:47 +0000 (02:29 +0200)]
hostapd: add interworking support

This adds configuration options to enable interworking for hostapd.
All options require iw_enabled to be set to 1 for a given VAP.

All IEEE802.11u related settings are supported with exception of the
venue information which will be added as separate UCI sections at a
later point.

The options use the same name as the ones from the hostapd.conf file
with a "iw_" prefix added.

All UCI configuration options are passed without further modifications
to hostapd with exceptions of the following options, whose elements can
be provided using UCI lis elements:

 - iw_roaming_consortium
 - iw_anqp_elem
 - iw_nai_realm
 - iw_domain_name
 - iw_anqp_3gpp_cell_net

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agohostapd: add FTM responder support
David Bauer [Sun, 18 Oct 2020 21:09:09 +0000 (23:09 +0200)]
hostapd: add FTM responder support

This adds support for enabling the FTM responder flag for the APs
extended capabilities. On supported hardware, enabling the ftm_responder
config key for a given AP will enable the FTM responder bit.

FTM support itself is unconditionally implemented in the devices
firmware (ath10k 2nd generation with 3.2.1.1 firmware). There's
currently no softmac implementation.

Also allow to configure LCI and civic location information which can be
transmitted to a FTM initiator.

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agomac80211: pass phy name to hostapd_set_bss_options
David Bauer [Mon, 19 Oct 2020 17:36:56 +0000 (19:36 +0200)]
mac80211: pass phy name to hostapd_set_bss_options

hostapd_set_bss_options expects the PHY as second and the VIF as third
argument. However, only the VIF was passed as second argument without a
third argument at all.

This was never a problem, as both PHY and VIF were never accessed.
However, with FTM support the PHY is needed to determine the HW support
when configuring the BSS.

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agohostapd: remove ieee80211v option
David Bauer [Sun, 18 Oct 2020 23:21:23 +0000 (01:21 +0200)]
hostapd: remove ieee80211v option

Remove the ieee80211v option. It previously was required to be enabled
in order to use time_advertisement, time_zone, wnm_sleep_mode and
bss_transition, however it didn't enable any of these options by default.

Remove it, as configuring these options independently is enough.

This change does not influence the behavior of any already configured
setting.

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agohostapd: make rrm report independent of ieee80211k setting
David Bauer [Sun, 18 Oct 2020 20:35:31 +0000 (22:35 +0200)]
hostapd: make rrm report independent of ieee80211k setting

Allow to configure both RRM beacon as well as neighbor reports
independently and only enable them by default in case the ieee80211k
config option is set.

Signed-off-by: David Bauer <mail@david-bauer.net>
4 years agouci: fix package mirror hash
Petr Štetiar [Tue, 27 Oct 2020 21:56:35 +0000 (22:56 +0100)]
uci: fix package mirror hash

I've forget to update PKG_MIRROR_HASH in my previous package version
bump.

Fixes: 095cc2b7454a ("uci: update to version 2020-10-06")
Signed-off-by: Petr Štetiar <ynezz@true.cz>