Rafał Miłecki [Mon, 10 Jul 2023 09:38:23 +0000 (11:38 +0200)]
kernel: bgmac: fix regressed support for BCM53573 SoCs
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
d54f3b2cfdbd34aa61ca67fd590eebfdf3db51cf)
Rafał Miłecki [Mon, 27 Feb 2023 09:46:14 +0000 (09:46 +0000)]
kernel: fix bgmac support for BCM5358
Fix two long-standing regressions.
Fixes: https://github.com/openwrt/openwrt/issues/8278
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
5e48c534f7c6b3a861f4a2dbb81d7bfcd9606f61)
Rafał Miłecki [Mon, 8 Nov 2021 14:55:40 +0000 (15:55 +0100)]
bcm47xx: fix bgmac regression present in 5.4 kernel
This fixes:
[ 2.548098] bgmac_bcma bcma0:1: Failed to register fixed PHY device
[ 2.554584] bgmac_bcma bcma0:1: Cannot connect to phy
and downstream (swconfig-based) b53 driver failing to load.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
6cdac994012003065a7040ceba3186f80db3cdbe)
Rafał Miłecki [Thu, 7 Oct 2021 09:29:52 +0000 (11:29 +0200)]
kernel: backport bgmac upstream commits from 5.15 / for 5.16
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
fd71ef34b75c81646d17d21d80dc3a5b5e2e6bb8)
Álvaro Fernández Rojas [Wed, 14 Jun 2023 21:27:29 +0000 (23:27 +0200)]
bcm63xx: fix NETGEAR DGND3700v2 boot loop
The DGND3700v2 renames the cferam bootloader from cferam to cfeXXX, where XXX
is the number of firmware upgrades performed by the bootloader. Other bcm63xx
devices rename cferam.000 to cferam.XXX, but this device is special because
the cferam name isn't changed on the first firmware flashing but it's changed
on the subsequent ones.
Therefore, we need to look for "cfe" instead of "cferam" to properly detect
the cferam partition and fix the bootlop.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit
cdfcac6e246de9f237d1425e498db3f34ddebbaf)
Álvaro Fernández Rojas [Wed, 14 Jun 2023 21:21:34 +0000 (23:21 +0200)]
kernel: mtd: bcm-wfi: add cferam name support
Some devices rename cferam bootloader using specific patterns and don't follow
broadcom standards for renaming cferam files. This requires supporting
different cferam file names.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit
8813edd8d9695d4e3939fdaa3c530c682f91de11)
Paul Spooren [Tue, 9 May 2023 19:39:58 +0000 (21:39 +0200)]
build: generate index.json
The index.json file lies next to Packages index files and contains a
json dict with the package architecture and a dict of package names and
versions.
This can be used for downstream project to know what packages in which
versions are available.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit
218ce40cd738f3373438aab82467807a8707fb9c)
Hauke Mehrtens [Thu, 27 Apr 2023 21:08:18 +0000 (23:08 +0200)]
OpenWrt v21.02.7: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Thu, 27 Apr 2023 21:08:10 +0000 (23:08 +0200)]
OpenWrt v21.02.7: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Eneas U de Queiroz [Tue, 4 Apr 2023 18:39:56 +0000 (15:39 -0300)]
openssl: fix CVE-2023-464 and CVE-2023-465
Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:
- Excessive Resource Usage Verifying X.509 Policy Constraints
(CVE-2023-0464)
Severity: Low
A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints. Attackers may be able to exploit
this vulnerability by creating a malicious certificate chain that
triggers exponential use of computational resources, leading to a
denial-of-service (DoS) attack on affected systems.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
- Invalid certificate policies in leaf certificates are silently ignored
(CVE-2023-0465)
Severity: Low
Applications that use a non-default option when verifying certificates
may be vulnerable to an attack from a malicious CA to circumvent
certain checks.
Invalid certificate policies in leaf certificates are silently ignored
by OpenSSL and other certificate policy checks are skipped for that
certificate. A malicious CA could use this to deliberately assert
invalid certificate policies in order to circumvent policy checking on
the certificate altogether.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466. It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.
Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Daniel Golle [Sat, 15 Apr 2023 00:35:17 +0000 (01:35 +0100)]
kernel: backport fix for recently introduced UBI bug
Import commit "ubi: Fix failure attaching when vid_hdr offset equals to
(sub)page size" which did not yet make it to stable upstream Linux trees.
Fixes: #12232
Fixes: #12339
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
aad34818b50029e07ed9221ae46f9770d6e29785)
Matthias Schiffer [Thu, 13 Apr 2023 18:51:05 +0000 (20:51 +0200)]
uclient: update to Git version 2023-04-13
007d94546749 uclient: cancel state change timeout in uclient_disconnect()
644d3c7e13c6 ci: improve wolfSSL test coverage
dc54d2b544a1 tests: add certificate check against letsencrypt.org
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
4f1c2e8deef10e9ca34ceff5a096e62aaa668e90)
Daniel Golle [Sun, 9 Apr 2023 22:38:42 +0000 (23:38 +0100)]
OpenWrt v21.02.6: revert to branch defaults
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 9 Apr 2023 22:38:36 +0000 (23:38 +0100)]
OpenWrt v21.02.6: adjust config defaults
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Paul Spooren [Sun, 12 Mar 2023 15:56:41 +0000 (16:56 +0100)]
imagebuilder: allow to specific ROOTFS_PARTSIZE
Setting this options modifies the rootfs size of created images. When
installing a large number of packages it may become necessary to
increase the size to have enough storage.
This option is only useful for supported devices, i.e. with an attached
SD Card or installed on a hard drive.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit
7b7edd25a571568438c886529d3443054e02f55f)
Felix Fietkau [Thu, 30 Mar 2023 12:18:04 +0000 (14:18 +0200)]
kernel: remove obsolete netfilter tcp window size check bypass patch
On any currently supported hardware, the performance impact should not
matter anymore.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
75e78bcaab847557ce1782eb2dea9dff9a029171)
Felix Fietkau [Wed, 29 Mar 2023 15:54:19 +0000 (17:54 +0200)]
mac80211, mt76: add fixes for recently discovered security issues
Fixes CVE-2022-47522
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
d54c91bd9ab3c54ee06923eafbd67047816a37e4)
Daniel González Cabanelas [Thu, 16 Feb 2023 22:04:20 +0000 (23:04 +0100)]
ipq40xx: Linksys MR8300: fix the USB port power
The USB port on the MR8300 randomly fails to feed bus-powered devices.
This is caused by a misconfigured pinmux. The GPIO68 should be used to
enable the USB power (active low), but it's inside the NAND pinmux.
This GPIO pin was found in the original firmware at a startup script in
both MR8300 and EA8300. Therefore apply the fix for both boards.
Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit
ed64c3323590e3c9fa8b423bf37689023a7a101f)
Signed-off-by: Steffen Scheib <steffen@scheib.me>
Hauke Mehrtens [Mon, 27 Mar 2023 14:44:54 +0000 (16:44 +0200)]
kernel: bump 5.4 to 5.4.238
Compile-tested: armvirt/64, lantiq/xrx200
Run-tested: armvirt/64, lantiq/xrx200
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Mathias Kresin [Sun, 27 Dec 2020 16:25:25 +0000 (17:25 +0100)]
lantiq: ltq-tapi: add kernel 5.10 compatiblity
Due to SCHED_FIFO being a broken scheduler model, all users of
sched_setscheduler() are converted to sched_set_fifo_low() upstream and
sched_setscheduler() is no longer exported.
The callback handling of the tasklet API was redesigned and the macros
using the old syntax renamed to _OLD.
Signed-off-by: Mathias Kresin <dev@kresin.me>
(cherry picked from commit
31f3f797004ad318a1de88ec9cfdece523ee46d9)
[Add DECLARE_TASKLET handling for kernel 5.4.235 too]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Mathias Kresin [Sun, 27 Dec 2020 18:42:24 +0000 (19:42 +0100)]
ltq-atm/ltq-ptm: add kernel 5.10 compatiblity
The callback handling of the tasklet API was redesigned and the macros
using the old syntax renamed to _OLD.
The stuck queue is now passed to ndo_tx_timeout callback but not used so
far.
Signed-off-by: Mathias Kresin <dev@kresin.me>
(cherry picked from commit
804c541446ab8e3fab11dba5d8fe07807af7fac5)
[Add DECLARE_TASKLET handling for kernel 5.4.235 too]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
John Audia [Sat, 11 Mar 2023 15:42:26 +0000 (10:42 -0500)]
kernel: tcindex classifier has been retired
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/sched?h=v5.4.235&id=
7a6fb69bbcb21e9ce13bdf18c008c268874f0480
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
fbfec3286e8bfce3a78749b7bcb67e658665f197)
Hauke Mehrtens [Mon, 27 Mar 2023 00:17:03 +0000 (02:17 +0200)]
kernel: bump 5.4 to 5.4.234
Compile-tested: armvirt/64, lantiq/xrx200
Run-tested: armvirt/64
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Rafał Miłecki [Thu, 16 Mar 2023 21:01:51 +0000 (22:01 +0100)]
bcm4908: include usbport trigger
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
cb2661844a5d54d44230ee564d4f17605a794a49)
Rafał Miłecki [Thu, 16 Mar 2023 19:28:47 +0000 (20:28 +0100)]
bcm4908: backport v6.4 pending DTS changes
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
ffaabee9b8d9da7c15a50f52897ae5f70b40b4e7)
Christian Lamparter [Wed, 1 Dec 2021 14:01:23 +0000 (15:01 +0100)]
ca-certificates: fix python3-cryptography woes in certdata2pem.py
This patch is a revert of the upstream patch to Debian's ca-certificate
commit
033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")
The reason is, that this change broke builds with the popular
Ubuntu 20.04 LTS (focal) releases which are shipping with an
older version of the python3-cryptography package that is not
compatible.
|Traceback (most recent call last):
| File "certdata2pem.py", line 125, in <module>
| cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
|TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend'
|make[5]: *** [Makefile:6: all] Error 1
...or if the python3-cryptography was missing all together:
|Traceback (most recent call last):
| File "/certdata2pem.py", line 31, in <module>
| from cryptography import x509
|ModuleNotFoundError: No module named 'cryptography'
More concerns were raised by Jo-Philipp Wich:
"We don't want the build to depend on the local system time anyway.
Right now it seems to be just a warning but I could imagine that
eventually certs are simply omitted of found to be expired at
build time which would break reproducibility."
Link: <https://github.com/openwrt/openwrt/commit/
7c99085bd697>
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit
25bc66eb40ea2c062940778fba601032b2579734)
Christian Lamparter [Sun, 28 Nov 2021 01:31:54 +0000 (02:31 +0100)]
ca-certicficates: Update to version
20211016
Update the ca-certificates and ca-bundle package from version
20210119 to
version
20211016.
Debian change-log entry [1]:
|[...]
|[ Julien Cristau ]
|* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
| bundle to version 2.50
| The following certificate authorities were added (+):
| + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
| + "GlobalSign Root R46"
| + "GlobalSign Root E46"
| + "GLOBALTRUST 2020"
| + "ANF Secure Server Root CA"
| + "Certum EC-384 CA"
| + "Certum Trusted Root CA"
| The following certificate authorities were removed (-):
| - "QuoVadis Root CA"
| - "Sonera Class 2 Root CA"
| - "GeoTrust Primary Certification Authority - G2"
| - "VeriSign Universal Root Certification Authority"
| - "Chambers of Commerce Root - 2008"
| - "Global Chambersign Root - 2008"
| - "Trustis FPS Root CA"
| - "Staat der Nederlanden Root CA - G3"
| * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
|[...]
[1] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20211016_changelog>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit
7c99085bd69742f66207d61e9f2da5ec4f8f9d2f)
Rafał Miłecki [Wed, 1 Mar 2023 07:52:26 +0000 (08:52 +0100)]
kernel: support "linux,default-trigger" in leds-bcm63138
This driver is backported from the v6.0 which deals with
"linux,default-trigger" in leds core. For kernel 5.4 we need
leds-bcm63138 to read trigger on its own.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Hauke Mehrtens [Sun, 29 Jan 2023 18:05:52 +0000 (19:05 +0100)]
mac80211: Update to version 5.10.168-1
This update mac80211 to version 5.10.168-1. This includes multiple
bugfixes. Some of these bugfixes are fixing security relevant bugs.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 12 Feb 2023 23:56:17 +0000 (00:56 +0100)]
kernel: bump 5.4 to 5.4.231
Compile-tested: x86/64
Run-tested: x86/64
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
John Audia [Tue, 7 Feb 2023 19:56:52 +0000 (14:56 -0500)]
openssl: bump to 1.1.1t
Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
*) Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
vulnerability may allow an attacker who can provide a certificate chain and
CRL (neither of which need have a valid signature) to pass arbitrary
pointers to a memcmp call, creating a possible read primitive, subject to
some constraints. Refer to the advisory for more information. Thanks to
David Benjamin for discovering this issue. (CVE-2023-0286)
This issue has been fixed by changing the public header file definition of
GENERAL_NAME so that x400Address reflects the implementation. It was not
possible for any existing application to successfully use the existing
definition; however, if any application references the x400Address field
(e.g. in dead code), note that the type of this field has changed. There is
no ABI change.
[Hugo Landau]
*) Fixed Use-after-free following BIO_new_NDEF.
The public API function BIO_new_NDEF is a helper function used for
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
be called directly by end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1
filter BIO onto the front of it to form a BIO chain, and then returns
the new head of the BIO chain to the caller. Under certain conditions,
for example if a CMS recipient public key is invalid, the new filter BIO
is freed and the function returns a NULL result indicating a failure.
However, in this case, the BIO chain is not properly cleaned up and the
BIO passed by the caller still retains internal pointers to the previously
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
then a use-after-free will occur. This will most likely result in a crash.
(CVE-2023-0215)
[Viktor Dukhovni, Matt Caswell]
*) Fixed Double free after calling PEM_read_bio_ex.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
data. If the function succeeds then the "name_out", "header" and "data"
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will populate
the header argument with a pointer to a buffer that has already been freed.
If the caller also frees this buffer then a double free will occur. This
will most likely lead to a crash.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
internal uses of these functions are not vulnerable because the caller does
not free the header argument if PEM_read_bio_ex() returns a failure code.
(CVE-2022-4450)
[Kurt Roeckx, Matt Caswell]
*) Fixed Timing Oracle in RSA Decryption.
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA padding
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
(CVE-2022-4304)
[Dmitry Belyavsky, Hubert Kario]
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
4ae86b3358a149a17411657b12103ccebfbdb11b)
The original commit removed the upstreamed patch 010-padlock.patch, but
it's not on OpenWrt 21.02, so it doesn't have to be removed.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Josef Schlehofer [Sat, 1 May 2021 06:51:12 +0000 (08:51 +0200)]
sunxi: fix wifi connection for Banana Pi M2 Berry
fixes the problem that the banana pi m2 berry cannot connect to wifi and cannot be used as an access point
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
ff2bb16730f629d54bde8ba85c75d8614741e3fd)
Signed-off-by: LizenzFass78851 <82592556+LizenzFass78851@users.noreply.github.com>
Martin Kennedy [Tue, 30 Aug 2022 00:47:24 +0000 (20:47 -0400)]
mpc85xx: Drop pci aliases to avoid domain changes
As of upstream Linux commit
0fe1e96fef0a ("powerpc/pci: Prefer PCI
domain assignment via DT 'linux,pci-domain' and alias"), the PCIe
domain address is no longer numbered by the lowest 16 bits of the PCI
register address after a fallthrough. Instead of the fallthrough, the
enumeration process accepts the alias ID (as determined by
`of_alias_scan()`). This causes e.g.:
9000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
9000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...
to become
0000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
0000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...
... which then causes the sysfs path of the netdev to change,
invalidating the `wifi_device.path`s enumerated in
`/etc/config/wireless`.
One other solution might be to migrate the uci configuration, as was
done for mvebu in commit
0bd5aa89fcf2 ("mvebu: Migrate uci config to
new PCIe path"). However, there are concerns that the sysfs path will
change once again once some upstream patches[^2][^3] are merged and
backported (and `CONFIG_PPC_PCI_BUS_NUM_DOMAIN_DEPENDENT` is enabled).
Instead, remove the aliases and allow the fallthrough to continue for
now. We will provide a migration in a later release.
This was first reported as a Github issue[^1].
[^1]: https://github.com/openwrt/openwrt/issues/10530
[^2]: https://lore.kernel.org/linuxppc-dev/
20220706104308.5390-1-pali@kernel.org/t/#u
[^3]: https://lore.kernel.org/linuxppc-dev/
20220706101043.4867-1-pali@kernel.org/
Fixes: #10530
Tested-by: Martin Kennedy <hurricos@gmail.com>
[Tested on the Aerohive HiveAP 330 and Extreme Networks WS-AP3825i]
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
(cherry picked from commit
7f4b4c29f3489697dca7495216460d0ed5023e02)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Hauke Mehrtens [Sat, 28 Jan 2023 18:09:19 +0000 (19:09 +0100)]
kernel: bump 5.4 to 5.4.230
Compile-tested: x86/64
Run-tested: x86/64
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 28 Jan 2023 18:25:32 +0000 (19:25 +0100)]
kernel: Reorder configuration
This was done by running these commands:
./scripts/kconfig.pl '+' target/linux/generic/config-5.4 /dev/null > target/linux/generic/config-5.4-new
mv target/linux/generic/config-5.4-new target/linux/generic/config-5.4
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Rafał Miłecki [Mon, 23 Jan 2023 12:23:29 +0000 (13:23 +0100)]
kernel: expose (unhide) CONFIG_ASN1 as ksmbd requirement
OpenWrt provides kmod-asn1-decoder for CONFIG_ASN1 but selecting it
doesn't really work as expected. Kernel symbol is hidden and can be
actually selected only as a dependency. That works well for in-kernel
stuff but fails for external modules requiring ASN1 like ksmbd.
Modify kernel Kconfig to make CONFIG_ASN1 always selectable. It's
required to satisfy ksmbd dependencies cleanly (without hack like
selecting unrelated modules).
Link: http://lists.openwrt.org/pipermail/openwrt-devel/2023-January/040298.html
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Christian Marangi [Thu, 12 Jan 2023 13:46:58 +0000 (14:46 +0100)]
scripts/dl_github_archieve.py: fix generating unreproducible tar
Allign dl_github_archieve.py to
8252511dc0b5a71e9e64b96f233a27ad73e28b7f
change. On supported system the sigid bit is applied to files and tar
archieve that on tar creation. This cause unreproducible tar for these
system and these bit should be dropped to produce reproducible tar.
Add the missing option following the command options used in other
scripts.
Fixes: 75ab064d2b38 ("build: download code from github using archive API")
Suggested-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
5f1758ef14575df4e86896526b1c2035c231899e)
Josef Schlehofer [Mon, 12 Dec 2022 22:08:05 +0000 (23:08 +0100)]
opkg: add patch to avoid remove package repeatly with force
This patch was taken from the OpenWrt-devel mailing list:
https://www.mail-archive.com/openwrt-devel@lists.openwrt.org/msg59794.html
It is included already in OpenWrt master branch and OpenWrt 22.03
release as it was included in opkg-lede repository:
https://git.openwrt.org/?p=project/opkg-lede.git;a=commit;h=
9c44557a776da993c2ab80cfac4dbd8d59807d01
However, it is not included in OpenWrt 21.02, where the same issue is
happening.
Fixes: CI for https://github.com/openwrt/packages/pull/20074
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Daniel Golle [Tue, 26 Jul 2022 08:17:07 +0000 (10:17 +0200)]
kernel: add kmod-nvme package
Add driver for NVM Express block devices, ie. PCIe connected SSDs.
Targets which allow booting from NVMe (x86, maybe some mvebu boards come
to mind) should have it built-in, so rootfs can be mounted from there.
For targets without NVMe support in bootloader or BIOS/firmware it's
sufficient to provide the kernel module package.
On targets having the NVMe driver built-in the resulting kmod package
is an empty dummy. In any case, depending on or installing kmod-nvme
results in driver support being available (either because it was already
built-in or because the relevant kernel modules are added and loaded).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
dbe53352e38d20bb5245158b19d4ff810c209548)
Rui Salvaterra [Wed, 28 Apr 2021 12:54:17 +0000 (13:54 +0100)]
netfilter: remove no-op kconfig symbols
These have long been obsolete. For reference, here's the Linux version where
each symbol has been dropped:
CONFIG_IP6_NF_QUEUE - 3.5
CONFIG_IP6_NF_TARGET_LOG - 3.4
CONFIG_IP_NF_MATCH_DSCP - 2.6.19
CONFIG_NF_CONNTRACK_IPV4 - 4.19
CONFIG_NF_CONNTRACK_IPV6 - 4.19
CONFIG_NF_CONNTRACK_RTCACHE - out-of-tree, superseded by flow offloading
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit
d7956c57284624f4bc7b905d192c81e1d34576fe)
Hauke Mehrtens [Sun, 7 Aug 2022 13:13:36 +0000 (15:13 +0200)]
kernel: kmod-isdn4linux: Remove package
The isdn4linux drivers and subsystem was removed in kernel 5.3, remove
the kernel package also from OpenWrt.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
db55dea5fc047190af188f07018e99b0c7a4bdde)
Hauke Mehrtens [Sun, 7 Aug 2022 12:31:59 +0000 (14:31 +0200)]
kernel: kmod-ipt-ulog: Remove package
The ulog iptables target was removed with kernel 3.17, remove the kernel
and also the iptables package in OpenWrt too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
2a0284fb0325f07e79b9b4c58a7d280ba9999a39)
Hauke Mehrtens [Sun, 7 Aug 2022 11:32:31 +0000 (13:32 +0200)]
kernel: kmod-w1-slave-ds2760: Remove package
The w1_ds2760.ko driver was merged into the ds2760_battery.ko driver.
The driver was removed and this package was never build any more.
This happened with kernel 4.19.
Remove this unused package.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
5808973d141f488e06efe4749dbf651565fd5510)
Hauke Mehrtens [Sun, 7 Aug 2022 12:42:01 +0000 (14:42 +0200)]
kenrel: kmod-rtc-pt7c4338: Remove package
The rtc-pt7c4338.ko was never upstream under this name, the driver was
removed from OpenWrt some years ago, remove the kmod-rtc-pt7c4338
package too.
Fixes: 74d00a8c3849 ("kernel: split patches folder up into backport, pending and hack folders")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
5ccf4dcf8864c1d940b65067d8c6f7c4e5858ae2)
Josef Schlehofer [Tue, 30 Aug 2022 07:02:32 +0000 (09:02 +0200)]
kernel: build crypto md5/sha1/sha256 modules for powerpc
This builds and enables kernel optimized modules for mpc85xx target:
- CONFIG_CRYPTO_MD5_PPC [1]
- CONFIG_CRYPTO_SHA1_PPC_SPE [2]
- CONFIG_CRYPTO_SHA256_PPC_SPE [3]
Where it was possible, then use Signal Processing Engine, because
CONFIG_SPE is already enabled in mpc85xx config.
[1] https://cateee.net/lkddb/web-lkddb/CRYPTO_MD5_PPC.html
[2] https://cateee.net/lkddb/web-lkddb/CRYPTO_SHA1_PPC.html
[3] https://cateee.net/lkddb/web-lkddb/CRYPTO_SHA256_PPC_SPE.html
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
3a702f8733ff371f30e9e3ba1e1aed5f4686b6b4)
Josef Schlehofer [Tue, 30 Aug 2022 06:51:37 +0000 (08:51 +0200)]
kernel: fix typo for tegra crypto-sha1 module
Fixes: e889489bedfd2830411bd0cf6564b8272aa9c254 ("kernel: build
arm/neon-optimized sha1/512 modules")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
f8f9d6901c6a7c85e6b18fba665175646fb53ec7)
Christian Marangi [Wed, 4 Jan 2023 18:26:16 +0000 (19:26 +0100)]
CI: build: fix external toolchain use with release tag tests
When a new tag for a release is created, the just checkout repo from
github actions will already have such tag locally created.
This will result in git fetch --tags failing with error rejecting the
remote tag with (would clobber existing tag).
Add -f option to overwrite any local tags and always fetch them from
remote.
Fixes: e24a1e6f6d7f ("CI: build: add support for external toolchains from stable branch")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
f655923b362e9f2d70672eee9c1fa82550a145a6)
Rafał Miłecki [Tue, 3 Jan 2023 07:34:43 +0000 (07:34 +0000)]
layerscape: fix felix DSA driver compilation
It isn't used at the moment but let's fix it anyway.
This fixes:
CC drivers/net/dsa/ocelot/felix.o
drivers/net/dsa/ocelot/felix.c:646:22: error: initialization of 'enum dsa_tag_protocol (*)(struct dsa_switch *, int, enum dsa_tag_protocol)' from incompatible pointer type 'enum dsa_tag_protocol (*)(struct dsa_switch *, int)' [-Werror=incompatible-pointer-types]
.get_tag_protocol = felix_get_tag_protocol,
^~~~~~~~~~~~~~~~~~~~~~
for users enabling CONFIG_NET_DSA_MSCC_FELIX.
Fixes: 1f5024aa73fc ("kernel: backport b53/bcm_sf2 changes from v5.6")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Mon, 2 Jan 2023 16:26:56 +0000 (17:26 +0100)]
realtek: update rtl83xx switch driver to the updated DSA API
This fixes:
CC drivers/net/dsa/rtl83xx/dsa.o
drivers/net/dsa/rtl83xx/dsa.c:1274:22: error: initialization of 'enum dsa_tag_protocol (*)(struct dsa_switch *, int, enum dsa_tag_protocol)' from incompatible pointer type 'enum dsa_tag_protocol (*)(struct dsa_switch *, int)' [-Werror=incompatible-pointer-types]
.get_tag_protocol = rtl83xx_get_tag_protocol,
^~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/dsa/rtl83xx/dsa.c:1274:22: note: (near initialization for 'rtl83xx_switch_ops.get_tag_protocol')
drivers/net/dsa/rtl83xx/dsa.c:1316:22: error: initialization of 'enum dsa_tag_protocol (*)(struct dsa_switch *, int, enum dsa_tag_protocol)' from incompatible pointer type 'enum dsa_tag_protocol (*)(struct dsa_switch *, int)' [-Werror=incompatible-pointer-types]
.get_tag_protocol = rtl83xx_get_tag_protocol,
^~~~~~~~~~~~~~~~~~~~~~~~
Fixes: 1f5024aa73fc ("kernel: backport b53/bcm_sf2 changes from v5.6")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Arınç ÜNAL [Sat, 31 Dec 2022 12:41:53 +0000 (13:41 +0100)]
rampis: fix Reference to non-existent node for GB-PC2
Fix cannot build: Reference to non-existent node or label
"macaddr_factory_e000" dtb compilation error.
The cherry-pick had to be reworked to use the old mtd-mac-address way as
openwrt-21.02 still wasn't migrated to nvmem implementation.
Fixes: d604032c2a50 ("ramips: fix GB-PC1 and GB-PC2 device support")
Fixes: #11654
Fixes: #11385
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
[ rework commit message, add more fixes tag ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Hauke Mehrtens [Tue, 1 Nov 2022 14:17:03 +0000 (15:17 +0100)]
dnsmasq: Backport DHCPv6 server fix (CVE-2022-0934)
This backports a commit from upstream dnsmasq to fix CVE-2022-0934.
CVE-2022-0934 description:
A single-byte, non-arbitrary write/use-after-free flaw was found in
dnsmasq. This flaw allows an attacker who sends a crafted packet
processed by dnsmasq, potentially causing a denial of service.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
002a99eccd75fb653163bae0a1132bd4f494e7ad)
Christian Marangi [Fri, 16 Dec 2022 21:34:12 +0000 (22:34 +0100)]
generic: 5.4: refresh kernel patches
Refresh kernel patches due to new spi nor patch.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Fri, 14 Oct 2022 19:00:39 +0000 (21:00 +0200)]
generic: add support for EON EN25QX128A spi nor flash
Add support for EON EN25QX128A spi nor flash with no flags as it does
support SFDP parsing.
Fixes: #9442
Tested-by: Szabolcs Hubai <szab.hu@gmail.com> [ramips/mt7621: xiaomi_mi-router-4a-gigabit]
(cherry picked from commit
d7876daf6552a9f39bd5e0bf50b554e9406ec275)
[ apply the same patch to 5.4 kernel ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Sergey V. Lobanov [Thu, 2 Dec 2021 16:02:23 +0000 (19:02 +0300)]
tools/mkimage: fix build on MacOS arm64
Fixed -no-pie compilation warning on MacOS
Fixed errors related to using absolute addressing on MacOS arm64
Based on upstream patch from Jessica Clarke and suggestions from Ronny Kotzschmar
Link to original patch and discussion:
https://github.com/u-boot/u-boot/commit/
3b142045e8a7f0ab17b6099e9226296af45967d0
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit
8261b85844a0018c6c79e10c1abb581aca102e45)
Christian Marangi [Wed, 7 Dec 2022 17:12:31 +0000 (18:12 +0100)]
CI: kernel: don't checkout and install feeds
We don't need to checkout feed and install feeds for kernel tests. This
saves up to 2 minutes for each target kernel build test.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
925e2a155ee4d4cc792fbf68aa9666e32a1f649b)
Christian Marangi [Wed, 7 Dec 2022 17:09:18 +0000 (18:09 +0100)]
CI: build: skip sdk adapt to external toolchain on cache hit
On cache hit, skip sdk adapt to external toolchain. This is needed because we
cache the already extracted sdk and that is already adapted to be used
as external toolchain.
Rerunning the adap step will result in the test to fail for missing file
as the file are already got wrapped to the external toolchain format.
Fixes: 42f0ab028e2e ("CI: build: fix use of sdk as toolchain")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
99eaedfe3966b1ca812e8a962197cf91286247f7)
Rafał Miłecki [Wed, 7 Dec 2022 08:57:47 +0000 (09:57 +0100)]
kernel: backport b53/bcm_sf2 changes from v5.8
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Wed, 7 Dec 2022 08:48:32 +0000 (09:48 +0100)]
kernel: backport b53/bcm_sf2 changes from v5.7
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Wed, 7 Dec 2022 08:37:08 +0000 (09:37 +0100)]
kernel: backport b53/bcm_sf2 changes from v5.6
This b53 backport significantly stabilizes switch traffic performance.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Wed, 7 Dec 2022 08:26:11 +0000 (09:26 +0100)]
kernel: backport b53/bcm_sf2 changes from v5.5
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Adam Konrad [Sun, 27 Nov 2022 04:23:20 +0000 (22:23 -0600)]
cmake: update to version 3.19.8
Updating CMake to latest patched version 3.19.8 which is fixing issue with ccache.
Related issue: https://github.com/openwrt/openwrt/issues/8555
Compile-tested: arm64
Signed-off-by: Adam Konrad <git@adamkonrad.com>
Christian Marangi [Mon, 5 Dec 2022 22:23:04 +0000 (23:23 +0100)]
CI: build: fix use of sdk as toolchain
The toolchain included in a sdk have a different format than an external
toolchain tar.
Since sdk is a more integrated setup doesn't use and include wrapper bin
that use the external toolchain config and use an alternative and more
standard way to include all the toolchain headers.
External toolchain use wrapper.sh to append the configured include
header when each tool is called.
Fix the sdk toolchain by reverting their own sdk wrapper scripts and to
simulate an external toolchain build copying what is done in the
toolchain target makefile.
This handle compilation error and warning caused by not using fortify
header on building packages.
Fixes: 006e52545d14 ("CI: build: add support to fallback to sdk for external toolchain")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
42f0ab028e2eae0d4e7acf9db7fd68b256f23503)
Hauke Mehrtens [Sun, 11 Sep 2022 22:29:00 +0000 (00:29 +0200)]
toolchain: Select USE_SSTRIP with external musl toolchain
When we use the internal toolchain USE_SSTRIP will be selected by
default for musl libc and USE_STRIP when glibc is used. Do the same when
an external toolchain is used. USE_GLIBC will also be set for external
toolchain builds based on the EXTERNAL_TOOLCHAIN_LIBC_USE_GLIBC setting.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
9403810c020cca136149973a3929bf77a1f501aa)
David Bauer [Fri, 20 Nov 2020 02:03:54 +0000 (03:03 +0100)]
sdk: expose binary strip settings
Expose the SDK options for binary stripping to the menuconfig. This
way, packages can easily be built with debug symbols using the SDK.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
bb817bb4b8b0b546a70e45bd907ebfeea2370dcd)
Christian Marangi [Sun, 4 Dec 2022 19:58:11 +0000 (20:58 +0100)]
CI: trigger check also on build and check-kernel-patches workflow change
Since kernel and packages workflow now use a shared build workflow, they
also need to react on changes on these shared workflow.
Fix this and add these shared workflow to the event paths to check.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
644175c29ca11e0a008c58c82986045f738f5c6f)
Christian Marangi [Sun, 4 Dec 2022 19:36:11 +0000 (20:36 +0100)]
CI: build: fix matching for openwrt release branch for toolchain parsing
The current match logic doesn't handle test for push events related to
stable release (example openwrt-22.03) but only fork with the related
prefix (example openwrt-22.03-fixup)
Fix wrong matching and while at it also add extra checks to other
matching (check if the branch name actually start with the requested
prefix)
Fixes: e24a1e6f6d7f ("CI: build: add support for external toolchains from stable branch")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
e3cf2b84e5f8708ca17d931ef60746516c8a2fe4)
Christian Marangi [Sun, 4 Dec 2022 19:28:28 +0000 (20:28 +0100)]
CI: fix matching for openwrt release branch for container selection
The current match logic doesn't handle test for push events related to
stable release (example openwrt-22.03) but only fork with the related
prefix (example openwrt-22.03-fixup)
Fix wrong matching and while at it also add extra checks to other
matching (check if the branch name actually start with the requested
prefix)
Fixes: abe8a4824210 ("CI: build: add support for per branch tools container")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
65c3d19c4b28ccac0d08d916de0ffa4c0e7b3dc2)
Christian Marangi [Thu, 1 Dec 2022 00:46:03 +0000 (01:46 +0100)]
CI: labeler: fix wrong label for pr targeting stable branch
The label used for stable branch is in the form of
release/[0-9][0-9].[0-9][0-9]
Currently we apply the name of the target branch as the label, fix this
and correctly use the current label.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
af8bc8e51b6daef65c497522b67a1dd9d0cdab84)
Christian Marangi [Tue, 29 Nov 2022 18:53:23 +0000 (19:53 +0100)]
CI: add support to tag pr targeting stable branch
Add support to tag pr targeting stable branch matching the simple regex
of openwrt-[0-9][0-9].[0-9][0-9]. The tag that will be added will match
the pr target branch.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
b67d284e93ee052e3ea3abb5d3dae55723ce0353)
Ansuel Smith [Mon, 10 Jan 2022 16:02:30 +0000 (17:02 +0100)]
kernel: split kernel version to dedicated files
Move the kernel versions and hash to dedicated files.
This makes kernel bump quicker and fix some annoying
problem with rebasing when multiple kernel bump are proposed.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[Rebased on top of current master]
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit
0765466a42f46f7357e260866a4284ed567bb7ad)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[Rebased on top of current openwrt-21.02]
Christian Marangi [Wed, 7 Sep 2022 21:50:36 +0000 (23:50 +0200)]
build: handle directory with whitespace in AUTOREMOVE clean
Package with whitespace in their build directory are not correctly
removed when CONFIG_AUTOREMOVE is enabled. This is caused by xargs that
use whitespace as delimiters. To handle this use \0 as the delimiter and
set find to use \0 as the delimiter.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
dccee21792b89031bcd801030de403f195d80278)
Christian Marangi [Mon, 28 Nov 2022 15:12:13 +0000 (16:12 +0100)]
CI: build: add support to fallback to sdk for external toolchain
Add support to use sdk as external toolchain if the packaged external
toolchain tar is not found on openwrt servers for build shared workflow.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
b59ac2a7d0ff427419e86bd38dea3d8910dd7926)
Christian Marangi [Mon, 28 Nov 2022 11:44:01 +0000 (12:44 +0100)]
CI: build: add support for external toolchains from stable branch
Add support to use external toolchains from stable branch if we are
testing commit targeting stable openwrt branch in kernel and packages
workflow.
With pr the target branch is parsed and the right toolchain is used.
To use the stable toolchain for local testing the branch needs to have
the prefix openwrt-[0-9][0-9].[0-9][0-9]- (example openwrt-21.02-fixup)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
e24a1e6f6d7f08fb766eb11b8008f8fc5b72d072)
Christian Marangi [Sun, 27 Nov 2022 18:53:08 +0000 (19:53 +0100)]
CI: build: add support for per branch tools container
Add support in build shared workflow for per branch tools container.
With pr the target branch is parsed and the right container is used.
To use the stable container for local testing the branch needs to have
the prefix openwrt-[0-9][0-9].[0-9][0-9]- (example openwrt-21.02-fixup)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
abe8a4824210966e0899724bf4561a89216a1e36)
Christian Marangi [Sun, 27 Nov 2022 18:45:38 +0000 (19:45 +0100)]
CI: tools: support per branch tools container
Add support to push per branch container tools.
For anything not official stick to latest tag that correspond to test
run from master.
If we are testing something for one of the openwrt stable branch, parse
the branch name or the tag and push dedicated tools containers.
To use the stable container for local testing the branch needs to have
the prefix openwrt-[0-9][0-9].[0-9][0-9] (example openwrt-21.02-fixup)
Any branch that will match this pattern openwrt-[0-9][0-9].[0-9][0-9]
will refresh the tools container with the matching tag.
(example branch openwrt-22.03 -> tools:openwrt-22.03)
(example branch openwrt-22.03-test -> tools:openwrt-22.03)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
75550771ae76fbcab4160e10b73287f918727384)
Hauke Mehrtens [Sat, 3 Dec 2022 02:04:40 +0000 (03:04 +0100)]
CI: Build all boards and testing kernel
This adds options to build all boards of a selected target and an
additional option to build the testing kernel instead of the normal
kernel. This can be used by other trigger work flows.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
cf361b85097216538dfac5ad7b22050390b0bc67)
Hauke Mehrtens [Sat, 5 Nov 2022 13:27:11 +0000 (14:27 +0100)]
CI: Allow building with internal toolchain
This adds an option to build with internal toolchain. This can be used
to build targets which are currently not build by the OpenWrt build bots
and which needs their own toolchain build for every build.
Building the toolchain takes about 30 minutes compared to using the
external toolchain which takes some seconds.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
08f5283392674fe874c7f441128319263ce0d171)
Hauke Mehrtens [Tue, 1 Nov 2022 18:10:01 +0000 (19:10 +0100)]
CI: Extract the OpenWrt building to own sub workflow
Extract the building of OpenWrt into an own workflow which is then
triggered by the kernel.yml and packages.yml workflow with different
inputs. This allows us to share much of the code of the workflow.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
7c406a5f0837b0bfc293b723932695176a8ef6fe)
Hauke Mehrtens [Sat, 5 Nov 2022 13:38:35 +0000 (14:38 +0100)]
CI: Simplify if conditions
There is no need to put a ${{ }} around the if conditions.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
ce343653c2618e1d335662b924c382c0192b7b46)
Jo-Philipp Wich [Wed, 9 Feb 2022 16:26:58 +0000 (17:26 +0100)]
meta: drop issue_template
The contents do not apply anymore now that the switch to Github issue
has been decided.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
64125ed1d0067f0648f2669b29b59a77ece3bf10)
Hauke Mehrtens [Wed, 2 Nov 2022 21:17:51 +0000 (22:17 +0100)]
CI: packages.yml: Fix usage of pre-build tools
Activate CONFIG_AUTOREMOVE to match the settings used to build the
pre-build tools. This has to match the pre-build tools to not rebuild
them.
This prevents the tools being rebuild in packages.yml.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
6645a019f88e2e6930fe63d1a51046a8e72445a0)
Hauke Mehrtens [Sun, 7 Aug 2022 16:46:11 +0000 (18:46 +0200)]
CI: packages: Add github CI job to build all packages
This will build OpenWrt for MIPS malta BE and x86 64 Bit with all
packages and kernel modules activated. It is triggered when something
changes in the build system or when a package definition is changed.
This task probably needs 90 minutes to execute, but I hope that it
will find build problems in pull requests early.
This intentionally does not activate the feeds, because building them
too would take too long. We only build x86/64 and malta/be to save
resources.
I would like to detect build problems when a package is changed. We
often had build breaks when a package version was increased sometime
even in other packages which used it as a dependency.
This is based on the .github/workflows/packages.yml workflow.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
b99d3778863d6ba67ee1ebda6fd42413062c6480)
Christian Marangi [Fri, 21 Oct 2022 14:09:19 +0000 (16:09 +0200)]
CI: kernel: fix deprecation of set-output
From [0], github deprecated set-output with a better approach of
appending variables to $GITHUB_OUTPUT
[0] https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
6d4bcadaa343cb969f370631a5ed5338306c056e)
Petr Štetiar [Wed, 19 Oct 2022 21:02:43 +0000 (23:02 +0200)]
ci: kernel: trigger build check on changes in kernel.mk as well
So we can QA more parts of kernel build process.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
5e31c82bb506bff9c60c4d01791bea7a29e4a020)
Christian Marangi [Sat, 15 Oct 2022 08:56:46 +0000 (10:56 +0200)]
CI: kernel: check if patch are refreshed for each target
Enforce refreshed patch for each target with kernel pr tests.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
689cfaeb7c37d7199f6e552bf32b0f996ea3040a)
Christian Marangi [Wed, 12 Oct 2022 14:49:46 +0000 (16:49 +0200)]
CI: labeler: target major version of labeler action
Target major version of labeler to include minor fixes and use always
the latest major version with included fixes.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
5fb7232bc0592cb2e1818fa47dfaecc291c8514e)
Christian Marangi [Wed, 12 Oct 2022 14:48:46 +0000 (16:48 +0200)]
CI: bump actions/download,upload-artifact action to v3
Bump actions/download,upload-artifact action to v3 on every workflow
to mute node deprecation warning.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
77b24012db1d696ca87c03fa1bb8bdf2606119e7)
Christian Marangi [Wed, 12 Oct 2022 13:24:11 +0000 (15:24 +0200)]
CI: bump actions/checkout action to v3
Bump actions/checkout action to v3 on every workflow to mute node
deprecation warning.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
87c69d73bb4021bf3a26217b3a652ce262637b1e)
Christian Marangi [Sat, 8 Oct 2022 17:25:54 +0000 (19:25 +0200)]
CI: kernel: generate ccache cache on kernel push
To actually use ccache cache on kernel test from pr, the kernel workflow
has to be run first from a push action.
This will permit as a side effect to test merged commits and catch commit
that may cause regression in kernel compilation even outside the github
system.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
23e946d1aded1fc21125704c0819146d5772d72b)
Christian Marangi [Tue, 4 Oct 2022 16:43:38 +0000 (18:43 +0200)]
CI: kernel: use ccache to speedup workflow
Use ccache to speedup kernel compilation.
Ccache dir is cached across each build test. To refresh ccache directory
we generate an hash of the kernel include files, that includes the
kernel versions of every kernel supported and the kernel compile
includes.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
137ba15e6ef31534a2002a02e69b774232f0b040)
Christian Marangi [Tue, 4 Oct 2022 16:38:57 +0000 (18:38 +0200)]
CI: tools: compile tools with ccache support for tools container
Enable ccache support for tools container, useful to speedup other
workflow even more.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
2781e3839e7f4f6132a2737ee9f988f40fa58d99)
Edward Chow [Mon, 3 Oct 2022 11:39:58 +0000 (19:39 +0800)]
CI: Add workaround for github uppercase usernames
The workflow defined in tools.yml and kernel.yml used to fail on
forked repositories of contributers whose github username contains
uppercase letters.
A workaround mentioned in
https://github.com/orgs/community/discussions/27086 and
https://stackoverflow.com/questions/
70326569/ is applied.
Signed-off-by: Edward Chow <equu@openmail.cc>
(cherry picked from commit
c27b43956407f3adc3cc2693792acd6b40a01877)
Christian Marangi [Mon, 5 Sep 2022 21:18:00 +0000 (23:18 +0200)]
CI: use tools:latest container to speedup kernel workflow
Use tools:latest container with prebuilt host tools to speedup kernel
compilation in kernel workflow.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
5d09118f8e60fa151e03916f255f5511e197af68)
Paul Spooren [Mon, 8 Aug 2022 21:37:54 +0000 (23:37 +0200)]
CI: create Docker container containing compiled tools
Currently each Kernel compilation takes about 30 minutes of which 20
minutes are used to compile our tools. While the toolchain is downloaded
and instantly ready the tools are missing.
This commit starts uploading a Docker container including compiled tools
which are ready to use. It is automatically updated whenever any tools
are changed.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Co-Developed-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
25b65f548dfd93cae87781276bfff9a27cd3ebd4)
Paul Spooren [Sun, 20 Mar 2022 20:02:08 +0000 (20:02 +0000)]
CI: use buildbot container for building
Instead of using a fresh Linux installation which is setup every time
use the Buildbot container which is used for our own Buildbot
infrastructure, too.
While at it also tidy up the workflow to make it more consistent with
other workflow.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Co-Developed-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
3b23227d43ec720f810e6e261945530f7bc549f0)
Petr Štetiar [Mon, 22 Aug 2022 13:05:01 +0000 (15:05 +0200)]
ci: show build failures directly in job log output
Instead of waiting for complete workflow finish, then downloading the
artifacts, unpacking them and inspecting them, lets try to make the
build failure immediately visible in the log output:
====== Make errors from logs/target/linux/compile.txt ======
* Legacy (non-UHI/non-FIT) Boards
*
Support MIPS SEAD-3 boards (LEGACY_BOARD_SEAD3) [N/y/?] (NEW)
Error in reading or end of file.
make[6]: *** [scripts/kconfig/Makefile:77: syncconfig] Error 1
make[5]: *** [Makefile:616: syncconfig] Error 2
make[4]: *** [Makefile:736: include/config/auto.conf.cmd] Error 2
make[3]: *** [Makefile:24: build_dir/target-mipsel-openwrt-linux-musl_musl/linux-ramips_mt7620/linux-5.15.62/.modules] Error 2
make[2]: *** [Makefile:11: compile] Error 2
time: target/linux/compile#30.09#11.30#37.92
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
f4ca4187cde01a3e412f10657bec0790d3a4cd94)
Petr Štetiar [Mon, 5 Sep 2022 07:04:27 +0000 (09:04 +0200)]
ci: move scripts into separate directory
So it's clean and tidy.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
63ed733d30153667d7d645ab0ee3f5614089c759)
Alex Low [Mon, 19 Sep 2022 10:20:37 +0000 (12:20 +0200)]
build: harden GitHub workflow permissions
Grant pull-requests write permission to the labeler workflow and
read-only to everything else.
Signed-off-by: Alex Low <aleksandrosansan@gmail.com>
[ wrap to 80 columns and fix wrong author as requested by author itself ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
715259940776843d8799bc39de8eb50eb764189b)
Piotr Dymacz [Mon, 20 Jun 2022 11:13:30 +0000 (13:13 +0200)]
CI: include automatic Pull Request Labeler
This adds GitHub CI action which makes use of 'Labeler', allowing
automatic labeling of new PRs, based on the modified files paths.
Below labels are supported and more can be added later:
- 'target/*'
- 'target/imagebuilder'
- 'kernel'
- 'core packages'
- 'build/scripts/tools'
- 'toolchain'
- 'GitHub/CI'
For more information:
https://github.com/marketplace/actions/labeler
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit
4f42566d47999c392c8ea41dc27215b43ed9ee40)
Christian Marangi [Sat, 10 Sep 2022 19:18:10 +0000 (21:18 +0200)]
CI: package kmods in kernel workflow
Actually package kmods in kernel workflow to catch dependency error and
other problem that may arise from kmods packaging.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
0c45db5560df47a0344a21c2443a4f2889c42ac8)