When we use the internal toolchain USE_SSTRIP will be selected by
default for musl libc and USE_STRIP when glibc is used. Do the same when
an external toolchain is used. USE_GLIBC will also be set for external
toolchain builds based on the EXTERNAL_TOOLCHAIN_LIBC_USE_GLIBC setting.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 9403810c020cca136149973a3929bf77a1f501aa)
Remove flags from wget and curl instructing them to ignore bad server
certificates. Although other mechanisms can protect against malicious
modifications of downloads, other vectors of attack may be available
to an adversary.
TLS certificate verification can be disabled by turning oof the
"Enable TLS certificate verification during package download" option
enabled by default in the "Global build settings" in "make menuconfig"
Signed-off-by: Josh Roys <roysjosh@gmail.com>
[ add additional info on how to disable this option ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [backport]
(cherry picked from commit 90c6e3aedf167b0ae1baf376e7800a631681e69a)
They may be used e.g. to optimize kernel size or performance.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 907d7d747243044f86588f0d82993e8c106cb02c)
Added support to generate dynamic-sized VHDX images for Hyper-V.
Compile-tested on x86 and run-tested on Windows 10 21H2 (Hyper-V).
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
(cherry picked from commit fd4ad6cae88d009e9560e4ee902bf20a5b42d36e)
It can cause some magic errors with multiple-threads complation.
This reverts commit 9606209e4ab07ae5e400c31c2b341f10f39bb70f.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 5fc7782dd41f45f53996d841ff09ac4ca96f2575)
The LOCKUP_DETECTOR configuration option split into the
SOFTLOCKUP_DETECTOR and HARDLOCKUP_DETECTOR configuration option some
time ago. The HARDLOCKUP_DETECTOR option is only working on some
architectures, but SOFTLOCKUP_DETECTOR should work everywhere. Replace
KERNEL_LOCKUP_DETECTOR with KERNEL_SOFTLOCKUP_DETECTOR.
LOCKUP_DETECTOR will be selected by SOFTLOCKUP_DETECTOR automatically.
Fixes: b951f53fbae3 ("build: Add additional kernel debug options")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d27f6e2c5d2a2315cc8fe684d117c80aa9984ca8)
The license folder is a core part of OpenWrt and all GPL-2.0 licensed.
Use SPDX license tags to allow machines to check licenses.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[rebase, keep some Copyright lines, sharpen commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The config setting was renamed to CONFIG_KPROBE_EVENTS.
Fixes: 97d3f800a8 ("config: kernel: Add KPROBE_EVENTS config option)
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Not everyone will want to bloat their kernel by 24 kiB for such a niche
feature.
Fixes: a1a7f3274e0ed27511d45f62ee20281d8d57c7af "kernel: enable SRv6 support by
enabling lwtunnel"
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
The current master only supports kernel 5.4, and there is no reason
to remove KERNEL_IO_URING for future kernels.
Drop the unneeded dependency.
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
[improve commit title/message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Enable the ability to use segment routing based on IPv6. It allows the
packet to specify a path that the packet should take through the
network.
Lwtunnel allow an easy encapsulation of a package. You can just install
ip-full package and use it:
ip -6 route add 2003::/64 dev eth0 encap seg6 mode encap \
segs 2001::1,2002::2
An IPv6 package looks like this:
[IPv6 HDR][IPv6 RH][IPv6 HDR][Data...]
Netifd support:
https://git.openwrt.org/?p=project/netifd.git;
a=commit;h=458b1a7e9473c150a40cae5d8be174f4bb03bd39
Increases imagesize by 24.125 KiB. Therefore, only enable for devices
with enough flash.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Currently, you are not able to get statistics about IPv4 and IPv6
usage. This information can be collected via the snmp and snmp6.
However, in the current state this interface is disabled as you can
read in the "902-debloat_proc.patch":
"Strip non-essential /proc functionality to reduce code size"
Tools like netstat use the snmp/6 interface to collect interface
statistics. Some prometheus exporters also mention this:
- prometheus-collectors/netstat.lua
- prometheus-collectors/snmp6 (still a PR)
- collectd/snmp6 (still a PR)
PRs:
- https://github.com/collectd/collectd/pull/3789
- https://github.com/openwrt/packages/pull/14158
Instead of enabling it as default for all devices we condition it
default y if SMALL_FLASH
A test shows it needs around 16 kiB.
Signed-off-by: Nick Hainke <vincent@systemli.org>
[fixed whitespace issue]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This adds the CONFIG_IRQSOFF_TRACER and the CONFIG_PREEMPT_TRACER kernel
configuration option to the OpenWrt menu. This can be used to debug
latencies in the system.
The CONFIG_PREEMPT_TRACER option needs the CONFIG_PREEMPT option which is
supposed to be used for Low-Latency Desktop and not used by many targets
in OpenWrt.
The help text is copied from the Linux kernel Kconfig.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
Enable CONFIG_KEYS by default on systems which are not marked as
flash-space constraint by the 'small_flash' feature.
CONFIG_KEYS is required by Docker, enabling it in our kernel allows
users to run Docker on stock OpenWrt.
It is also used of by some network file systems (such as NFSv4) to
store credentials as well as UID/GID mappings.
Adds about 50kB to vmlinux on ath79/generic (~18kB compressed)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add KERNEL_KEYS_REQUEST_CACHE option.
'tristate' (ie. module builds) are not valid in Config-kernel.in, hence
remove tristate KERNEL_ENCRYPTED_KEYS. It will be readded as a kernel
module in a follow-up commit.
Fixes: 39d817cf38 ("Add config symbols for kernel keyring support")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
As discussed in the today's (2020-12-10) meeting, add a new option to
menuconfig to group the selection of all experimental features to be
selected by default.
Developers are recommended to make use of this new symbol to guard
new features.
Other developers and community members should feel encouraged to
build with this flag enabled to help testing and provide feedback.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This is a neat project, but offers no benefit to OpenWrt. The initial
reason for it was to be a replacement for libstdcpp as it is smaller
and lacks compatibility for C++98. Unfortunately, compiling several
packages with it results in larger ipk sizes.
While not a member of the packages feed, this will be moved to
packages-abandoned to keep it somewhere.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Drop our local sstrip copy and use the current ELFKickers upstream
version.
Patch the original makefile in order to avoid building elftoc, since it
fails with musl's elf.h. This is fine, since we only need sstrip anyway.
Finally, add the possibility to pass additional arguments to sstrip and
pass -z (remove trailing zeros) by default, which matches the behaviour
of the previous version.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[shorten long commit msg lines]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Trivial cosmetic cleanup. This also helps for script that parse for
options in Config files.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Reviewed-by: Petr Štetiar <ynezz@true.cz>
This reverts commit 9eb9943f82e0b2d5e32ffe1c63f5a82caca5094d.
Building the 'modular' variant requires 'semodule_package' from
'selinux-python' to be installed on the buildhost.
Apart from that, this change also broke the monolithic refpolicy
'targeted' build.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This adds a variant of refpolicy that builds the modular form of the
policy. While this requires more memory on the target device, along with
some tricks to deal with OpenWrt's volatile /var directory, it is useful
for experiementing with SELinux policy.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
The pistachio target uses a MIPS CPU with FPU and OpenWrt uses a
toolchain with hard FPU support. MIPS FPU support needs the FPU
emulation code in the kernel.
Fixes: ac5671f46cb4 ("kernel: remove obsolete kernel version switches for 4.19")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This removes switches dependent on kernel version 4.19 as well as
several packages/modules selected only for that version.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
