It seems that we have some kind of a symbol name conflict which causes
CONFIG_SECCOMP to always be read as y.
Unfortunatelly, I could not figure out what is causing this, but simply
renaming SECCOMP to USE_SECCOMP seems to properly work and leaves the
symbol unset unless arch dependencies are satisfied.
This fixes qoriq and others that dont support seccomp from failing due
to procd-seccomp package being selected to get included but it cannot be
built for them:
ERROR: unable to select packages:
procd-seccomp (no such package):
required by: base-files-1637~52b6c92479[procd-seccomp]
Fixes: 4c65359af4 ("build: fix including busybox, procd and apk/opkg in imagebuilder")
Link: https://github.com/openwrt/openwrt/pull/17048
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit a48ec449cc)
This will hide the USE_APK setting in OpenWrt 24.10 by default.
APK is not stable yet and we do not want to support it in OpenWrt 24.10 branch.
References: https://openwrt.org/meetings/20241126#release_2410
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [meeting notes ref, config]
Link: https://github.com/openwrt/openwrt/pull/17097
Signed-off-by: Petr Štetiar <ynezz@true.cz>
PSI provides a canonical way to see resource pressure increases as
they develop, with pressure metrics for three major resources:
memory, CPU, and IO. PSI stats are like barometers that provide
fair warning of impending resource shortages, enabling users to
take more proactive, granular, and nuanced steps when resources
start becoming scarce.
References:
* https://www.kernel.org/doc/html/latest/accounting/psi.html
* https://lwn.net/Articles/759781/
Build system: x86/64
Build-tested: x86/64/AMD Cezanne, flogic/glinet_gl-mt6000
Run-tested: x86/64/AMD Cezanne, flogic/glinet_gl-mt6000
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/13819
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit eed39d45c2)
Link: https://github.com/openwrt/openwrt/pull/17097
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Expose Kernel's CONFIG_MPTCP option and enable it by default for
!SMALL_FLASH targets.
The idea behind enabling it by default is to allow users of the binary
distribution to make use of MPTCP tunneling for link aggregation.
Using MPTCP for link aggregation is an often discussed topic in the
forum and there is even a whole OpenWrt fork (MPTCPRouter) just for that.
Enabling the kernel-side of the story by default will allow using MPTCP
on vanilla OpenWrt without having to build anything from source.
See also https://openwrt.org/docs/guide-user/network/mptcp
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
STRIP_KERNEL_EXPORTS is currently broken on kernel 6.6 and since this
is the only kernel currently supported, we should rather make it depend
on BROKEN instead of a kernel version until its fixed.
Link: https://github.com/openwrt/openwrt/pull/16440
Signed-off-by: Robert Marko <robimarko@gmail.com>
When CONFIG_USE_FS_ACL_ATTR is set we will also activate POSIX ACL
support for the f2fs, jffs2 and tmpfs file system. This option is
activated on all targets with big flash.
Link: https://github.com/openwrt/openwrt/pull/16181
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add the KERNEL_BTRFS_FS config option so that targets can select
whether BTRFS support must be built-in.
Select this option (alongside KERNEL_BTRFS_FS_POSIX_ACL) from the
layerscape/armv8_64b subtarget instead of enabling it in
target/linux/layerscape/armv8_64b/config-* files.
Move disabling of CONFIG_BTRFS_FS_CHECK_INTEGRITY into generic configs.
This makes it possible for OpenWRT to be built with built-in BTRFS
support on specific boards, instead of whole targets.
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/15990
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Enabling KERNEL_DEBUG_INFO_BTF and KERNEL_KPROBE_EVENTS on 6.6 exposes
CONFIG_PROBE_EVENTS_BTF_ARGS in the kernel config. Add a build option
for it to fix build failures with KERNEL_DEBUG_INFO_BTF and
KERNEL_KPROBE_EVENTS enabled on targets using the 6.6 kernel.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Limit CONFIG_IPK_FILES_CHECKSUMS config to OPKG as APK have different
way to validate package integrity (apk audit)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This reverts commit 25bbefcdd9.
Only the Config-build.in change needed to be merged and this contains
leftover from previous revision of the feature.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
On top of the fixup to select apk-mbedtls when USE_APK is enabled from a
new config, also imply the package when enabling the config to catch
.config that are already init.
(Having both opkg and apk installed in a system is not a problem but if
USE_APK is used, APK presence in the system is mandatory)
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Limit CONFIG_IPK_FILES_CHECKSUMS config to OPKG as APK have different
way to validate package integrity (apk audit)
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The recent kernel v6.6.31 update broke BTF-enabled builds since upstream
Linux added a prompt for config option DEBUG_INFO_BTF_MODULES in commit
2166cb2e21 ("bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition").
Fix by updating Config-kernel.in to add the option, cleaning up a related
dependency and whitespace also.
Fixes: 10d77b9bc3 ("kernel: bump 6.6 to 6.6.31")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
A new option called `USE_APK` is added which generated APK packages
(.apk) instead of OPKG packages (.ipk).
Some features like fstools `snapshot` command are not yet ported
Signed-off-by: Paul Spooren <mail@aparcar.org>
STRIP_KERNEL_EXPORTS is currently not working on kernel 6.6 as there
have been major changes in the upstream kernel.
I have looked at it, and I dont think we can adapt the current patch to
work so until this is fixed lets prevent STRIP_KERNEL_EXPORTS from
being selected on 6.6.
Link: https://github.com/openwrt/openwrt/pull/15498
Signed-off-by: Robert Marko <robimarko@gmail.com>
Kernel 6.6 has moved the ARM PMUv3 driver to drivers/perf and now once
KERNEL_ARM_PMU is selected trying to build the kernel will stop with:
ARM PMUv3 support (ARM_PMUV3) [N/y/?] (NEW)
So, lets enable ARM_PMUV3 for ARMv7 and ARMv8 architectures if
KERNEL_PERF_EVENTS is selected.
Fixes: #15466
Link: https://github.com/openwrt/openwrt/pull/15469
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add target for Loongson LoongArch64-based boards.
LoongArch is a new RISC ISA developed by Loongson. It's a bit like
MIPS or RISC-V. LoongArch includes both 32-bit and 64-bit versions
(LoongArch32/LoongArch64).
Loongson 3A5000 and 3A6000 are the two existing CPUs of LoongArch64
and is used for PC products. It's BIOS supports ACPI and UEFI-only
boot. These CPUs supports SMP and SMT.
At present only LoongArch64 is supported by linux kernel.
Toolchain requirement:
binutils >= 2.40
gcc >= 13.1
For details, please check the following links:
https://lwn.net/Articles/861951/https://loongson.github.io/LoongArch-Documentation/README-EN.html
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Increasing the size of the rootfs_data filesystem has become a ever
repeating discussion and seems to be the most important thing for
users of the MediaTek-based BananaPi boards.
Using the whole remaining size of a microSD or the eMMC for rootfs_data
doesn't make sense for many reasons, but neither does the current
default of 104 MiB for the 'rootfs' partition size.
Increase the 'rootfs' partition size to 448 MiB which will result in
the sdcard image being exactly 512 MiB. Finding a microSD card smaller
than 512 MiB and still working could anyway be difficult in 2024.
That will allow users to install even bloatware written in Go or other
space-hungry languages while still leaving most of the space unallocated
for additional partitions or volumes to be used for persistent user
data.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
At the moment we have to manually follow the default GCC version
also in config/Config-kernel.in. This tends to be forgotten at GCC
version bumps (just happened when switching from version 12 to 13).
Instead, introduce a hidden Kconfig symbol which implies KERNEL_WERROR
in toolchain/gcc/Config.in where it is visible for developers changing
the default version.
Also remove the explicit default on BUILDBOT to avoid a circular
dependency and also because buildbots anyway implicitly always select
the default GCC version.
Reference: https://github.com/openwrt/openwrt/pull/15064
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Not having a journal by default is a major "gotcha".
Because openwrt does not fsck on boot, a power loss without journaling
can result in a dirty filesystem that openwrt will mount as read-only
which requires intervention to restore the router to working order.
Signed-off-by: Jordan Woyak <jordan.woyak@gmail.com>
KASAN has supported more architectures, such as ARM, PPC32 and RISC-V 64.
Enable KASAN option for those architectures.
Signed-off-by: Qingfang Deng <dqfext@gmail.com>
The GCC option -fstack-protector-all is a security feature used to protect against stack-smashing attacks.
This option enhances the stack-smashing protection provided by -fstack-protector-strong.
-fstack-protector-all option applies stack protection to all functions, regardless of their characteristics.
While this offers the most comprehensive protection against stack-smashing attacks, it can significantly impact
the performance of the program because every function call includes additional checks for stack integrity.
This option can incur a performance penalty because of the extra checks added to every function call,
but it significantly enhances security, making it harder for attackers to exploit buffer overflows to execute arbitrary code.
It's particularly useful in scenarios where security is paramount and performance trade-offs are acceptable.
Signed-off-by: Cedric DOURLENT <cedric.dourlent@softathome.com>
GRUB_SERIAL is also used for the default serial on the target and not
only in grub. When no grub was build it was not available and the build
fails.
Rename GRUB_SERIAL to TARGET_SERIAL and make it always available on x86
and armsr targets.
Fixes: #14063
Fixes: b10768476f ("x86,armsr: interpolate GRUB_SERIAL into /etc/inittab")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Allow selecting KERNEL_SLUB_DEBUG and KERNEL_SLUB_DEBUG_ON manually and
provide detailed help for both.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
CycloneDX is an open source standard developed by the OWASP foundation.
It supports a wide range of development ecosystems, a comprehensive set
of use cases, and focuses on automation, ease of adoption, and
progressive enhancement of SBOMs (Software Bill Of Materials) throughout
build pipelines.
So lets add support for CycloneDX SBOM for packages and images
manifests.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
CONFIG_ARM_PMU (Arm Performance Monitor Unit) is a requirement
to use KVM (virtualization) from Linux 5.11+, as the virtualised
guest has virtualized PMU access.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
Currently KASAN is supported but only the generic one. SW-tag and HW-tag
based KASAN have less impact on memory footprint or performance, and are
worth supporting.
Add choice menu for software and hardware Tag-Based KASAN, in addition
to the generic one.
Signed-off-by: Zhen XIN <zhen.xin@nokia-sbell.com>
[Restructure commit message]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Building it requires gcc >= 10.2 or clang >= 12.
Using sstrip with its -z argument can produce non-working binaries, like
a segfaulting `getrandom`, so don't allow that combination.
Signed-off-by: Andre Heider <a.heider@gmail.com>
sstrip only has one functional arg. Make that a bool option, which can
easily depend on other knobs then.
This is required to be disabled for the mold linker.
Signed-off-by: Andre Heider <a.heider@gmail.com>
In commit b2d1eb717b ("generic: 5.15: enable Werror by default for
kernel compile") CONFIG_WERROR=y was enabled and all warnings/errors
reported with GCC 12 were fixed.
Keeping this in sync with past/future GCC versions is going to be uphill
battle, so lets introduce new KERNEL_WERROR config option, enable it by
default only for tested/known working combinations and on buildbots.
References: #12687
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Currently, ipq807x only covers Qualcomm IPQ807x SoC-s.
However, Qualcomm also has IPQ60xx and IPQ50xx SoC-s under the AX WiSoC-s
and they share a lot of stuff with IPQ807x, especially IPQ60xx so to avoid
duplicating kernel patches and everything lets make a common target with
per SoC subtargets.
Start doing that by renaming ipq807x to qualcommax so that dependencies
on ipq807x target can be updated.
Signed-off-by: Robert Marko <robimarko@gmail.com>
armvirt target has been renamed to armsr (Arm SystemReady),
so the config defaults need to be changed as well.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
The nominal partition type for EFI boot partitions is FAT32,
which has a minimum size of 32MiB on a 512-byte-sector block device.
To ensure that the boot partition is created as FAT32 set a size
well above this minimum.
A useful discussion about EFI partition sizes can be found here:
https://superuser.com/questions/1310927/what-is-the-absolute-minimum-size-a-uefi-system-partition-can-be
I have found 128MiB works pretty consistently across both
tools (mkfs.fat) and firmwares (EDKII)
Signed-off-by: Mathew McBride <matt@traverse.com.au>
This adds a separate package for EFI on Arm SystemReady
compatible machines. 32-bit Arm UEFI is supported as well.
It is very similar to x86-64 EFI setup, without the
need for BIOS backward compatibility and slightly
different default modules.
Signed-off-by: Mathew McBride <matt@traverse.com.au>