[OpenWrt-Devel] [RFC] commit message in YAML format for new devices

2020-01-12 Thread Paul Spooren 

Hi all,

some time ago I created a (now outdated) device overview[0] based on 
YAML meta data. This approach could simplify maintaining an device 
overview and device specific pages[1].


All commits adding new devices already include most relevant information 
for creating the overview. However it would be convenient if developers 
would format their commit messages in a generic format, therefore I'd 
propose the following:


Every commit message for newly added devices must contain a number of 
hardware information and steps for an initial installation.
The hardware information should contain at least the following 
information, maybe more:


SoC, flash, ram, wifi, LEDs, buttons, USB, serial, vendor, model, device 
tree ID, Ethernet ports


An illustrative commit therefore:

soc: Qualcomm IPQ4029
ram_mb: 512
flash:
  - size_mb: 128
type: SPI-NAND (Macronix)
  - size_mb: 4
type: SPI-NOR (Macronix MX25R3235F)
usb:
  - version: 2
ports: 1
  - version: 3
ports: 2
ethernet:
  - mbit: 100
ports: 4
  - mbit: 1000
ports: 1
led_count: 3
serial: false
vendor: Foobar
model: Lorem Ipsum
variant: v4
dt_id: foobar_lorem-ipsum_v4
target: ath79/generic

Additionally stuff like cpu_mhz, cpu_cores and such could also be added, the 
OpenWrt hwdata offers some additional information which should be added if 
relevant[2].

To write a multi-line text for the installation or comments, a "|" can be used 
as the following:

installation: |
  1. Get the OpenWrt initramfs image. Rename it to ipq40xx.ari and put it
 into the TFTP server root directory. Configure the TFTP server to
 be reachable at 192.168.1.75/24. Connect the machine running the TFTP
 server to the E0 (!) ethernet port of the access point, as it only
 tries to pull from the WAN port.
  
  2. Connect to the serial console. Interrupt autobooting by pressing

 Enter when prompted.
  ...

comments: |
  VCC - NC
   D+ - TX
   D- - RX
  GND - GND

Installation steps would be merged to templates as many devices share the same 
steps, only varying the TFTP binary name or IP. This could become part of the 
general information, like a variable called tftp_ip and tftp_bin.
 
All info would be added to a metadata repository like openwrt/devices.git, which can then be updated by the community.


To verify the YAML data a tool like yamllint[3] (Python) could be used.

The main motivation is to have an simple and appealing overview which allows 
searching/filtering for devices, seeing the support status, retrieve firmware 
and having an easily maintained, up to date documentation.

Please share your thoughts.

Sunshine,
Paul

[0]: https://aparcar.github.io/openwrt-devices/
[1]: https://aparcar.github.io/openwrt-devices/devices/tp-link_tl-wdr4300/
[2]: 
https://github.com/aparcar/openwrt-devices/blob/master/_data/devices/open-mesh_a62.yml

[3]: https://github.com/adrienverge/yamllint


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] Inquery

2019-12-12 Thread Paul Spooren 


+1




11 Dec 2019 15:22:44 Daniel Golle :

> Hi Tomislav,
> 
> On Wed, Dec 11, 2019 at 11:24:21AM +0100, Tom Psyborg wrote:
> 
> > suck it
> > 
> 
> As a community, we decided to give our self a set of minimal rules[1].
> And even though it is in the last position, rule #12 "Be nice to each
> other." is meant just as serious as all the other rules.
> 
> So here, not for the first time, you are using language which has the
> only purpose to hurt other people (for which reason ever, it doesn't
> matter). This is therefore a very clear violation to the above
> mentioned rule. You statement "suck it" (guess what) is also an obvious
> and disgusting example of a masculist culture which hurts our community
> as a whole and I strongly believe we should not tolerate that.
> 
> And yes this was a spam mail. And it's even needless to say that
> replying to a spam email in which ever way will always make it worse.
> But that's not the point here and I will not engage in any discussion
> on that matter.
> 
> Please learn to behave or leave us alone.
> 
> [1]: https://openwrt.org/rules
> 
> 
> 
> > 
> > On 11/12/2019, rqgxfc  wrote:
> > 
> > > 
> > > 
> > > Hello Sir ?
> > > 
> > > We are a trading company named Shaanxi Hao Zi Guan Materials Co.,Ltd . Now
> > > we are very interested in your products , we will plan to sell your
> > > products in the Chinese market . If you are interested in cooperation,
> > > please send us a catalog and pricelist .w
> > > Looking forward to receiving your reply .
> > > 
> > > Best regards,
> > > Catherina
> > > 
> > 
> > ___
> > openwrt-devel mailing list
> > openwrt-devel@lists.openwrt.org
> > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> > 
> 
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> 


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH v4] This separates the options for signature creation and verification

2019-12-11 Thread Paul Spooren 
* SIGNED_PACKAGES create Packages.sig
* SIGNED_IMAGES add ucert signature to created images
* CHECK_SIGNATURE add verification capabilities to images
* INSTALL_LOCAL_KEY add local key-build to /etc/opkg/keys

Right now the buildbot.git contains some hacks to create images that
have signature verification capabilities while not storing private keys
on buildbot slaves. This commit allows to disable these steps for the
buildbots and only perform signing on the master.

Signed-off-by: Paul Spooren 
---
v4: replace ifdef with ifneq - Makefile magic
-ifdef CONFIG_SIGNED_PACKAGES
+ifneq ($(CONFIG_SIGNED_PACKAGES),)

 config/Config-build.in  | 12 ++--
 include/image-commands.mk   | 13 -
 package/base-files/Makefile | 20 +++-
 3 files changed, 29 insertions(+), 16 deletions(-)

diff --git a/config/Config-build.in b/config/Config-build.in
index 872e5c12ab..af5de42ac6 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -37,13 +37,21 @@ menu "Global build settings"
  - Enabling per-device rootfs support
  ...
 
+   config INSTALL_LOCAL_KEY
+   bool "Install local usign key into image"
+   default y if !BUILDBOT
+
config SIGNED_PACKAGES
bool "Cryptographically signed package lists"
-   default y
+   default y if !BUILDBOT
+
+   config SIGNED_IMAGES
+   bool "Cryptographically signed firmware images"
+   default y if !BUILDBOT
 
config SIGNATURE_CHECK
bool "Enable signature checking in opkg"
-   default SIGNED_PACKAGES
+   default y
 
comment "General build options"
 
diff --git a/include/image-commands.mk b/include/image-commands.mk
index 5dfd6a2c2f..3d10b18bc8 100644
--- a/include/image-commands.mk
+++ b/include/image-commands.mk
@@ -373,11 +373,14 @@ metadata_json = \
 
 define Build/append-metadata
$(if $(SUPPORTED_DEVICES),-echo $(call 
metadata_json,$(SUPPORTED_DEVICES)) | fwtool -I - $@)
-   [ ! -s "$(BUILD_KEY)" -o ! -s "$(BUILD_KEY).ucert" -o ! -s "$@" ] || { \
-   cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
-   usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\
-   ucert -A -c "$@.ucert" -x "$@.sig" ;\
-   fwtool -S "$@.ucert" "$@" ;\
+   [ -z "$(SIGNED_IMAGES)" \
+   -o ! -s "$(BUILD_KEY)" \
+   -o ! -s "$(BUILD_KEY).ucert" \
+   -o ! -s "$@" ] || { \
+   cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
+   usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\
+   ucert -A -c "$@.ucert" -x "$@.sig" ;\
+   fwtool -S "$@.ucert" "$@" ;\
}
 endef
 
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
index cf5166772d..e95a155124 100644
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -37,7 +37,7 @@ endif
 define Package/base-files
   SECTION:=base
   CATEGORY:=Base system
-  DEPENDS:=+netifd +libc +procd +jsonfilter +SIGNED_PACKAGES:usign 
+SIGNED_PACKAGES:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
+  DEPENDS:=+netifd +libc +procd +jsonfilter +SIGNATURE_CHECK:usign 
+SIGNATURE_CHECK:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
   TITLE:=Base filesystem for OpenWrt
   URL:=http://openwrt.org/
   VERSION:=$(PKG_RELEASE)-$(REVISION)
@@ -107,7 +107,7 @@ define Build/Compile/Default
 endef
 Build/Compile = $(Build/Compile/Default)
 
-ifdef CONFIG_SIGNED_PACKAGES
+ifneq ($(CONFIG_SIGNED_PACKAGES),)
   define Build/Configure
[ -s $(BUILD_KEY) -a -s $(BUILD_KEY).pub ] || \
$(STAGING_DIR_HOST)/bin/usign -G -s $(BUILD_KEY) -p 
$(BUILD_KEY).pub -c "Local build key"
@@ -116,12 +116,6 @@ ifdef CONFIG_SIGNED_PACKAGES
$(STAGING_DIR_HOST)/bin/ucert -I -c $(BUILD_KEY).ucert -p 
$(BUILD_KEY).pub -s $(BUILD_KEY)
 
   endef
-
-  define Package/base-files/install-key
-   mkdir -p $(1)/etc/opkg/keys
-   $(CP) $(BUILD_KEY).pub 
$(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign -F -p $(BUILD_KEY).pub`
-
-  endef
 endif
 
 ifeq ($(CONFIG_NAND_SUPPORT),)
@@ -130,9 +124,17 @@ ifeq ($(CONFIG_NAND_SUPPORT),)
   endef
 endif
 
+ifneq ($(CONFIG_INSTALL_LOCAL_KEY),)
+  define Package/base-files/install-local-key
+   mkdir -p $(1)/etc/opkg/keys
+   $(CP) $(BUILD_KEY).pub 
$(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign \
+   -F -p $(BUILD_KEY).pub`
+  endef
+endif
+
 define Package/base-files/install
$(CP) ./files/* $(1)/
-   $(Package/base-files/install-key)
+

Re: [OpenWrt-Devel] Running k3s on OpenWrt

2019-11-28 Thread Paul Spooren 

Hi Yousong,


A few months ago, I started working on bringing up k3s on OpenWrt.  I
managed to have a small k8s cluster with nodes running centos and
openwrt.  Likely other linux distros will also do, but I didn't test
combination of different architectures yet.
Cool! That looks like an interesting project to make OpenWrt even more 
attractive for "the cloud".

K3s is on its own a k8s distribution.  It provides a single packaged
binary for amd64, arm64, armhf.  If I understand it right, the binary
is supposed to be as userland-dependency-free as possible, with
dependencies only on the kernel.

One thing worth noting is that the openwrt package is NOT official,
neither from OpenWrt nor k3s upstream project.  It packages binary
executables distributed by k3s upstream project which is generally
frowned upon if sources are available.
It looks like Go code, have you tried to compile it via the build 
system? There are other packages like syncthing which already make use 
of it, maybe you can use it as an inspiration. Overall I'd like to see 
this package as part of packages.git and maybe can help out if you're 
stumbling.

The other thing is that k3s (or k8s) requires quite a few kernel
features to run, some of them only available as builtin (compared to
kmod).  This means you will likely to build your own image to use it.
The required features as of k3s 1.0.0 are recorded as well and
available as a default off config symbol CONFIG_k3s_KERNEL [2]


I know nothing about sunix, but the other three targets appear mostly 
space "indipendent". Maybe these could be enabled by default? I think 
pretty much the same kernel options are required for LXD, docker and 
related things.


x86_64, aarch64, sunxi, armvirt

    select KERNEL_CGROUPS
    select KERNEL_KEYS
    select KERNEL_MEMCG
    select KERNEL_NAMESPACES
    select KERNEL_SECCOMP
    select KERNEL_SECCOMP_FILTER
    select KERNEL_X86_VSYSCALL_EMULATION if x86_64


  [1] https://github.com/yousong/waller/tree/master/k3s
  [2] 
https://github.com/yousong/waller/blob/c3ee00451ce12e869277bbd73b08652882c52010/k3s/Makefile#L69-L79


Best,
Paul


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH v3] build: separate signing logic

2019-11-19 Thread Paul Spooren 

Bump

On 11/12/19 12:04 AM, Paul Spooren wrote:

This separates the options for signature creation and verification

* SIGNED_PACKAGES create Packages.sig
* SIGNED_IMAGES add ucert signature to created images
* CHECK_SIGNATURE add verification capabilities to images
* INSTALL_LOCAL_KEY add local key-build to /etc/opkg/keys

Right now the buildbot.git contains some hacks to create images that
have signature verification capabilities while not storing private keys
on buildbot slaves. This commit allows to disable these steps for the
buildbots and only perform signing on the master.

Signed-off-by: Paul Spooren 
---
v3: set "y if !BUILDBOT" to all new options

  config/Config-build.in  | 12 ++--
  include/image-commands.mk   | 13 -
  package/base-files/Makefile | 18 ++
  3 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/config/Config-build.in b/config/Config-build.in
index 872e5c12ab..af5de42ac6 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -37,13 +37,21 @@ menu "Global build settings"
  - Enabling per-device rootfs support
  ...
  
+	config INSTALL_LOCAL_KEY

+   bool "Install local usign key into image"
+   default y if !BUILDBOT
+
config SIGNED_PACKAGES
bool "Cryptographically signed package lists"
-   default y
+   default y if !BUILDBOT
+
+   config SIGNED_IMAGES
+   bool "Cryptographically signed firmware images"
+   default y if !BUILDBOT
  
  	config SIGNATURE_CHECK

bool "Enable signature checking in opkg"
-   default SIGNED_PACKAGES
+   default y
  
  	comment "General build options"
  
diff --git a/include/image-commands.mk b/include/image-commands.mk

index 5dfd6a2c2f..3d10b18bc8 100644
--- a/include/image-commands.mk
+++ b/include/image-commands.mk
@@ -373,11 +373,14 @@ metadata_json = \
  
  define Build/append-metadata

$(if $(SUPPORTED_DEVICES),-echo $(call 
metadata_json,$(SUPPORTED_DEVICES)) | fwtool -I - $@)
-   [ ! -s "$(BUILD_KEY)" -o ! -s "$(BUILD_KEY).ucert" -o ! -s "$@" ] || { \
-   cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
-   usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\
-   ucert -A -c "$@.ucert" -x "$@.sig" ;\
-   fwtool -S "$@.ucert" "$@" ;\
+   [ -z "$(SIGNED_IMAGES)" \
+   -o ! -s "$(BUILD_KEY)" \
+   -o ! -s "$(BUILD_KEY).ucert" \
+   -o ! -s "$@" ] || { \
+   cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
+   usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\
+   ucert -A -c "$@.ucert" -x "$@.sig" ;\
+   fwtool -S "$@.ucert" "$@" ;\
}
  endef
  
diff --git a/package/base-files/Makefile b/package/base-files/Makefile

index addbac8664..3625f1320d 100644
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -37,7 +37,7 @@ endif
  define Package/base-files
SECTION:=base
CATEGORY:=Base system
-  DEPENDS:=+netifd +libc +procd +jsonfilter +SIGNED_PACKAGES:usign 
+SIGNED_PACKAGES:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
+  DEPENDS:=+netifd +libc +procd +jsonfilter +SIGNATURE_CHECK:usign 
+SIGNATURE_CHECK:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
TITLE:=Base filesystem for OpenWrt
URL:=http://openwrt.org/
VERSION:=$(PKG_RELEASE)-$(REVISION)
@@ -116,12 +116,6 @@ ifdef CONFIG_SIGNED_PACKAGES
$(STAGING_DIR_HOST)/bin/ucert -I -c $(BUILD_KEY).ucert -p 
$(BUILD_KEY).pub -s $(BUILD_KEY)
  
endef

-
-  define Package/base-files/install-key
-   mkdir -p $(1)/etc/opkg/keys
-   $(CP) $(BUILD_KEY).pub 
$(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign -F -p $(BUILD_KEY).pub`
-
-  endef
  endif
  
  ifeq ($(CONFIG_NAND_SUPPORT),)

@@ -130,9 +124,17 @@ ifeq ($(CONFIG_NAND_SUPPORT),)
endef
  endif
  
+ifdef CONFIG_INSTALL_LOCAL_KEY

+  define Package/base-files/install-local-key
+   mkdir -p $(1)/etc/opkg/keys
+   $(CP) $(BUILD_KEY).pub 
$(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign \
+   -F -p $(BUILD_KEY).pub`
+  endef
+endif
+
  define Package/base-files/install
$(CP) ./files/* $(1)/
-   $(Package/base-files/install-key)
+   $(Package/base-files/install-local-key)
$(Package/base-files/nand-support)
if [ -d $(GENERIC_PLATFORM_DIR)/base-files/. ]; then \
$(CP) $(GENERIC_PLATFORM_DIR)/base-files/* $(1)/; \


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] buildbot: signall.sh store usign.key as usign.sec

2019-11-13 Thread Paul Spooren 
The signall.sh script signs all files inside a tar via GPG and
signify-openbsd (similar to usign)e and attaches the signatures to the
same archive.

Using more recent versions of signify-openbsd requires a specific naming
schema for keys, private ending with .sec and public with .pub. This was
introduced at 763e1148f68f03cb2fa85d022500acf8c66af222[0].

This patch renames the stored key as usign.sec instead of usign.key. As
of the temporary nature of the key storing, this very unlikely breaks
any existing setups.

[0]: 
https://github.com/openbsd/src/commit/763e1148f68f03cb2fa85d022500acf8c66af222

Signed-off-by: Paul Spooren 
---
Tested and working on Debian 10
https://buildmaster.aparcar.org/#/builders/79/builds/4/steps/64/logs/stdio

 scripts/signall.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/signall.sh b/scripts/signall.sh
index 269375f..8f39500 100755
--- a/scripts/signall.sh
+++ b/scripts/signall.sh
@@ -84,11 +84,11 @@ if [ -n "$USIGNKEY" ]; then
fi
 
umask 077
-   printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" 
"$USIGNKEY" > "$tmpdir/usign.key"
+   printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" 
"$USIGNKEY" > "$tmpdir/usign.sec"
 
umask 022
find "$tmpdir/tar/" -type f -not -name "*.asc" -and -not -name "*.sig" 
-exec \
-   signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.key")" -m 
"{}" \; || finish 5
+   signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.sec")" -m 
"{}" \; || finish 5
 fi
 
 tar -C "$tmpdir/tar/" -czf "$tarball" . || finish 6
-- 
2.24.0.rc1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] build: support python 3.8

2019-11-13 Thread Paul Spooren 

LGTM

On 11/13/19 10:09 AM, Thomas Weißschuh wrote:

Signed-off-by: Thomas Weißschuh 
---
  include/prereq-build.mk | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/include/prereq-build.mk b/include/prereq-build.mk
index 4c59910056..65baf1f5e5 100644
--- a/include/prereq-build.mk
+++ b/include/prereq-build.mk
@@ -144,12 +144,14 @@ $(eval $(call SetupHostCommand,perl,Please install Perl 
5.x, \
  $(eval $(call CleanupPython2))
  
  $(eval $(call SetupHostCommand,python,Please install Python >= 3.5, \

+   python3.8 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \
python3.7 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \
python3.6 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \
python3.5 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \
python3 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?'))
  
  $(eval $(call SetupHostCommand,python3,Please install Python >= 3.5, \

+   python3.8 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \
python3.7 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \
python3.6 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \
python3.5 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?', \


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH v3] build: separate signing logic

2019-11-12 Thread Paul Spooren 
This separates the options for signature creation and verification

* SIGNED_PACKAGES create Packages.sig
* SIGNED_IMAGES add ucert signature to created images
* CHECK_SIGNATURE add verification capabilities to images
* INSTALL_LOCAL_KEY add local key-build to /etc/opkg/keys

Right now the buildbot.git contains some hacks to create images that
have signature verification capabilities while not storing private keys
on buildbot slaves. This commit allows to disable these steps for the
buildbots and only perform signing on the master.

Signed-off-by: Paul Spooren 
---
v3: set "y if !BUILDBOT" to all new options

 config/Config-build.in  | 12 ++--
 include/image-commands.mk   | 13 -
 package/base-files/Makefile | 18 ++
 3 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/config/Config-build.in b/config/Config-build.in
index 872e5c12ab..af5de42ac6 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -37,13 +37,21 @@ menu "Global build settings"
  - Enabling per-device rootfs support
  ...
 
+   config INSTALL_LOCAL_KEY
+   bool "Install local usign key into image"
+   default y if !BUILDBOT
+
config SIGNED_PACKAGES
bool "Cryptographically signed package lists"
-   default y
+   default y if !BUILDBOT
+
+   config SIGNED_IMAGES
+   bool "Cryptographically signed firmware images"
+   default y if !BUILDBOT
 
config SIGNATURE_CHECK
bool "Enable signature checking in opkg"
-   default SIGNED_PACKAGES
+   default y
 
comment "General build options"
 
diff --git a/include/image-commands.mk b/include/image-commands.mk
index 5dfd6a2c2f..3d10b18bc8 100644
--- a/include/image-commands.mk
+++ b/include/image-commands.mk
@@ -373,11 +373,14 @@ metadata_json = \
 
 define Build/append-metadata
$(if $(SUPPORTED_DEVICES),-echo $(call 
metadata_json,$(SUPPORTED_DEVICES)) | fwtool -I - $@)
-   [ ! -s "$(BUILD_KEY)" -o ! -s "$(BUILD_KEY).ucert" -o ! -s "$@" ] || { \
-   cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
-   usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\
-   ucert -A -c "$@.ucert" -x "$@.sig" ;\
-   fwtool -S "$@.ucert" "$@" ;\
+   [ -z "$(SIGNED_IMAGES)" \
+   -o ! -s "$(BUILD_KEY)" \
+   -o ! -s "$(BUILD_KEY).ucert" \
+   -o ! -s "$@" ] || { \
+   cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
+   usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\
+   ucert -A -c "$@.ucert" -x "$@.sig" ;\
+   fwtool -S "$@.ucert" "$@" ;\
}
 endef
 
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
index addbac8664..3625f1320d 100644
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -37,7 +37,7 @@ endif
 define Package/base-files
   SECTION:=base
   CATEGORY:=Base system
-  DEPENDS:=+netifd +libc +procd +jsonfilter +SIGNED_PACKAGES:usign 
+SIGNED_PACKAGES:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
+  DEPENDS:=+netifd +libc +procd +jsonfilter +SIGNATURE_CHECK:usign 
+SIGNATURE_CHECK:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
   TITLE:=Base filesystem for OpenWrt
   URL:=http://openwrt.org/
   VERSION:=$(PKG_RELEASE)-$(REVISION)
@@ -116,12 +116,6 @@ ifdef CONFIG_SIGNED_PACKAGES
$(STAGING_DIR_HOST)/bin/ucert -I -c $(BUILD_KEY).ucert -p 
$(BUILD_KEY).pub -s $(BUILD_KEY)
 
   endef
-
-  define Package/base-files/install-key
-   mkdir -p $(1)/etc/opkg/keys
-   $(CP) $(BUILD_KEY).pub 
$(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign -F -p $(BUILD_KEY).pub`
-
-  endef
 endif
 
 ifeq ($(CONFIG_NAND_SUPPORT),)
@@ -130,9 +124,17 @@ ifeq ($(CONFIG_NAND_SUPPORT),)
   endef
 endif
 
+ifdef CONFIG_INSTALL_LOCAL_KEY
+  define Package/base-files/install-local-key
+   mkdir -p $(1)/etc/opkg/keys
+   $(CP) $(BUILD_KEY).pub 
$(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign \
+   -F -p $(BUILD_KEY).pub`
+  endef
+endif
+
 define Package/base-files/install
$(CP) ./files/* $(1)/
-   $(Package/base-files/install-key)
+   $(Package/base-files/install-local-key)
$(Package/base-files/nand-support)
if [ -d $(GENERIC_PLATFORM_DIR)/base-files/. ]; then \
$(CP) $(GENERIC_PLATFORM_DIR)/base-files/* $(1)/; \
-- 
2.24.0.rc1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH v2] build: separate signing logic

2019-11-12 Thread Paul Spooren 
This separates the options for signature creation and verification

* SIGNED_PACKAGES create Packages.sig
* SIGNED_IMAGES add ucert signature to created images
* CHECK_SIGNATURE add verification capabilities to images
* INSTALL_LOCAL_KEY add local key-build to /etc/opkg/keys

Right now the buildbot.git contains some hacks to create images that
have signature verification capabilities while not storing private keys
on buildbot slaves. This commit allows to disable these steps for the
buildbots and only perform signing on the master.

Signed-off-by: Paul Spooren 
---
v2: fix missing endif if base-files/Makefile

 config/Config-build.in  | 12 ++--
 include/image-commands.mk   | 13 -
 package/base-files/Makefile | 18 ++
 3 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/config/Config-build.in b/config/Config-build.in
index 872e5c12ab..c6591708a2 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -37,13 +37,21 @@ menu "Global build settings"
  - Enabling per-device rootfs support
  ...
 
+   config INSTALL_LOCAL_KEY
+   bool "Install local usign key into image"
+   default n
+
config SIGNED_PACKAGES
bool "Cryptographically signed package lists"
-   default y
+   default n
+
+   config SIGNED_IMAGES
+   bool "Cryptographically signed firmware images"
+   default n
 
config SIGNATURE_CHECK
bool "Enable signature checking in opkg"
-   default SIGNED_PACKAGES
+   default y
 
comment "General build options"
 
diff --git a/include/image-commands.mk b/include/image-commands.mk
index 5dfd6a2c2f..3d10b18bc8 100644
--- a/include/image-commands.mk
+++ b/include/image-commands.mk
@@ -373,11 +373,14 @@ metadata_json = \
 
 define Build/append-metadata
$(if $(SUPPORTED_DEVICES),-echo $(call 
metadata_json,$(SUPPORTED_DEVICES)) | fwtool -I - $@)
-   [ ! -s "$(BUILD_KEY)" -o ! -s "$(BUILD_KEY).ucert" -o ! -s "$@" ] || { \
-   cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
-   usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\
-   ucert -A -c "$@.ucert" -x "$@.sig" ;\
-   fwtool -S "$@.ucert" "$@" ;\
+   [ -z "$(SIGNED_IMAGES)" \
+   -o ! -s "$(BUILD_KEY)" \
+   -o ! -s "$(BUILD_KEY).ucert" \
+   -o ! -s "$@" ] || { \
+   cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
+   usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\
+   ucert -A -c "$@.ucert" -x "$@.sig" ;\
+   fwtool -S "$@.ucert" "$@" ;\
}
 endef
 
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
index addbac8664..3625f1320d 100644
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -37,7 +37,7 @@ endif
 define Package/base-files
   SECTION:=base
   CATEGORY:=Base system
-  DEPENDS:=+netifd +libc +procd +jsonfilter +SIGNED_PACKAGES:usign 
+SIGNED_PACKAGES:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
+  DEPENDS:=+netifd +libc +procd +jsonfilter +SIGNATURE_CHECK:usign 
+SIGNATURE_CHECK:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
   TITLE:=Base filesystem for OpenWrt
   URL:=http://openwrt.org/
   VERSION:=$(PKG_RELEASE)-$(REVISION)
@@ -116,12 +116,6 @@ ifdef CONFIG_SIGNED_PACKAGES
$(STAGING_DIR_HOST)/bin/ucert -I -c $(BUILD_KEY).ucert -p 
$(BUILD_KEY).pub -s $(BUILD_KEY)
 
   endef
-
-  define Package/base-files/install-key
-   mkdir -p $(1)/etc/opkg/keys
-   $(CP) $(BUILD_KEY).pub 
$(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign -F -p $(BUILD_KEY).pub`
-
-  endef
 endif
 
 ifeq ($(CONFIG_NAND_SUPPORT),)
@@ -130,9 +124,17 @@ ifeq ($(CONFIG_NAND_SUPPORT),)
   endef
 endif
 
+ifdef CONFIG_INSTALL_LOCAL_KEY
+  define Package/base-files/install-local-key
+   mkdir -p $(1)/etc/opkg/keys
+   $(CP) $(BUILD_KEY).pub 
$(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign \
+   -F -p $(BUILD_KEY).pub`
+  endef
+endif
+
 define Package/base-files/install
$(CP) ./files/* $(1)/
-   $(Package/base-files/install-key)
+   $(Package/base-files/install-local-key)
$(Package/base-files/nand-support)
if [ -d $(GENERIC_PLATFORM_DIR)/base-files/. ]; then \
$(CP) $(GENERIC_PLATFORM_DIR)/base-files/* $(1)/; \
-- 
2.24.0.rc1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] build: make GCC version 6+ minimal host build requirement

2019-11-12 Thread Paul Spooren 
Looks good to me, I ran into this issue before and would appreciate 
moving forward to 6.


On 11/11/19 10:16 PM, Petr Štetiar wrote:

Currently minimal GNU supported GCC version is 7 (from May 2, 2017), buildbots
are using default GCC version 6 on Debian 9 (old stable), current Debian
stable 10 has GCC version 8.

Signed-off-by: Petr Štetiar 
---

While adding CI support in C based projects, I've started adding -Wextra as
well, which seems to work just fine for gcc6+, but it's apparently causing
issues with older GCCs like for example gcc 4.8.5[1] on CentOS 7.

Although it's certainly possible to fix those issues and make gcc 4 usable, I
think, that it's not worth the additional effort and resources anymore.

1. 
https://github.com/openwrt/openwrt/commit/4ba8f7b1ef1e4c0607185a41c06b51928c625d8b

  README  |  2 +-
  include/prereq-build.mk | 18 --
  2 files changed, 5 insertions(+), 15 deletions(-)

diff --git a/README b/README
index c867c1fa4da8..6d11dd1188ff 100644
--- a/README
+++ b/README
@@ -11,7 +11,7 @@ To build your own firmware you need a Linux, BSD or MacOSX 
system (case
  sensitive filesystem required). Cygwin is unsupported because of the lack
  of a case sensitive file system.
  
-You need gcc, binutils, bzip2, flex, python3.5+, perl, make, find, grep, diff,

+You need gcc6+, binutils, bzip2, flex, python3.5+, perl, make, find, grep, 
diff,
  unzip, gawk, getopt, subversion, libz-dev and libc headers installed.
  
  1. Run "./scripts/feeds update -a" to obtain all the latest package definitions

diff --git a/include/prereq-build.mk b/include/prereq-build.mk
index 4c5991005634..58cbc0678fa1 100644
--- a/include/prereq-build.mk
+++ b/include/prereq-build.mk
@@ -27,12 +27,7 @@ $(eval $(call TestHostCommand,proper-umask, \
umask | grep -xE 0?0[012][012]))
  
  $(eval $(call SetupHostCommand,gcc, \

-   Please install the GNU C Compiler (gcc) 4.8 or later, \
-   $(CC) -dumpversion | grep -E '^(4\.[8-9]|[5-9]\.?)', \
-   gcc -dumpversion | grep -E '^(4\.[8-9]|[5-9]\.?)', \
-   gcc48 --version | grep gcc, \
-   gcc49 --version | grep gcc, \
-   gcc5 --version | grep gcc, \
+   Please install the GNU C Compiler (gcc) 6 or later, \
gcc6 --version | grep gcc, \
gcc7 --version | grep gcc, \
gcc8 --version | grep gcc, \
@@ -40,18 +35,13 @@ $(eval $(call SetupHostCommand,gcc, \
gcc --version | grep -E 'Apple.(LLVM|clang)' ))
  
  $(eval $(call TestHostCommand,working-gcc, \

-   \nPlease reinstall the GNU C Compiler (4.8 or later) - \
+   \nPlease reinstall the GNU C Compiler (6 or later) - \
it appears to be broken, \
echo 'int main(int argc, char **argv) { return 0; }' | \
gcc -x c -o $(TMP_DIR)/a.out -))
  
  $(eval $(call SetupHostCommand,g++, \

-   Please install the GNU C++ Compiler (g++) 4.8 or later, \
-   $(CXX) -dumpversion | grep -E '^(4\.[8-9]|[5-9]\.?)', \
-   g++ -dumpversion | grep -E '^(4\.[8-9]|[5-9]\.?)', \
-   g++48 --version | grep g++, \
-   g++49 --version | grep g++, \
-   g++5 --version | grep g++, \
+   Please install the GNU C++ Compiler (g++) 6 or later, \
g++6 --version | grep g++, \
g++7 --version | grep g++, \
g++8 --version | grep g++, \
@@ -59,7 +49,7 @@ $(eval $(call SetupHostCommand,g++, \
g++ --version | grep -E 'Apple.(LLVM|clang)' ))
  
  $(eval $(call TestHostCommand,working-g++, \

-   \nPlease reinstall the GNU C++ Compiler (4.8 or later) - \
+   \nPlease reinstall the GNU C++ Compiler (6 or later) - \
it appears to be broken, \
echo 'int main(int argc, char **argv) { return 0; }' | \
g++ -x c++ -o $(TMP_DIR)/a.out - -lstdc++ && \

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] scripts: rewritten dumpinfo.py from buildbot.git

2019-11-10 Thread Paul Spooren 
The dumpinfo script parses `target/linux/` for targets and architectures
and prints them to stdout. This is currently used by the buildbot to
automatically generate the buildjobs.

This script is a Python3 rewrite of the Perl script dumpinfo.pl[0] with
the additional feature of allowing to run only on a specific target.

Running only on a specific target can be desireable if a target is added
via feeds.conf. This way only that target is added as a buildjob.

The motivation to rewrite this script in Python is that the buildbot
uses Python which allowing it to directly import the script instead of
running it as a subprocess.

The motivation to add this script to openwrt.git instead of buildbot.git
is that the script is generic enough to be used for other purposes and
as the buildbot clones openwrt.git anyway, it does not add additional
files.

The `architecture` output is not exactly the same as for the original
script as the latter does not sort the targets before printing, as the
Python implementation does.

CC: Jo-Philipp Wich 

[0]: 
https://git.openwrt.org/?p=buildbot.git;a=blob;f=scripts/dumpinfo.pl;h=aa97f8d60379076a41b968402e9337cea824ece5;hb=HEAD

Signed-off-by: Paul Spooren 
---
 scripts/dumpinfo.py | 143 
 1 file changed, 143 insertions(+)
 create mode 100755 scripts/dumpinfo.py

diff --git a/scripts/dumpinfo.py b/scripts/dumpinfo.py
new file mode 100755
index 00..41b7c95b85
--- /dev/null
+++ b/scripts/dumpinfo.py
@@ -0,0 +1,143 @@
+#!/usr/bin/env python3
+
+from os import environ
+from pathlib import Path
+import subprocess
+import sys
+
+topdir = Path().cwd()
+
+targets = {}
+architectures = {}
+
+
+def eprint(msg: str):
+"""Print message to stderr and add newline
+
+Args:
+msg (str): Message to print
+"""
+sys.stderr.write(msg + "\n")
+
+
+def get_make_values(cmd: list, target_dir: Path) -> list:
+"""Get Makefile values
+
+Args:
+cmd (list): Values to retrive
+target_dir (Path): Path to run make
+
+Returns:
+(list) Makefile output split by newlines
+"""
+return subprocess.run(
+["make", "-C", target_dir, "--no-print-directory", "TARGET_BUILD=1", 
"DUMP=1"]
++ cmd,
+capture_output=True,
+cwd=topdir,
+text=True,
+env={**environ.copy(), "TOPDIR": topdir, "INCLUDE_DIR": topdir / 
"include"},
+).stdout.splitlines()
+
+
+def parse_targetinfo(target_dir: Path, subtarget: str):
+"""Parse target information like arch and features
+
+After parsing the variables `architectures` and `targets` are 
automatically filled
+
+Args:
+target_dir (Path): Path to run make
+subtarget (str): Subtarget to parse
+"""
+result = get_make_values([f"SUBTARGET={subtarget}"], target_dir)
+for line in result:
+if line.startswith("Target:"):
+target = line.split(": ")[1]
+elif line.startswith("Target-Arch-Packages:"):
+arch = line.split(": ")[1]
+elif line.startswith("Target-Features:"):
+features = line.split(": ")[1]
+elif line == "@@":
+if not (target and arch):
+eprint(f"WARNING: {target} target or arch missing")
+continue
+
+if "broken" in features:
+eprint(f"INFO: {target} skipp broken")
+continue
+
+if "source-only" in features:
+eprint(f"INFO: {target} skipp source-only")
+continue
+
+if arch not in architectures:
+architectures[arch] = set()
+
+architectures[arch].add(target)
+targets[target] = arch
+
+
+def get_targetinfo(target: str = "*"):
+"""Get information of all or specific target
+
+Finds subtargets of target(s) and run `parse_targetinfo`
+
+Args:
+target (str): If set limit parsing to single target
+"""
+for target_makefile in topdir.rglob(f"target/linux/{target}/Makefile"):
+target_dir = target_makefile.parent
+cmd = ["val.BOARD", "val.SUBTARGETS", "val.FEATURES"]
+result = get_make_values(cmd, target_dir)
+
+if len(result) != 3:
+eprint(f"WARNING: {target_makefile} seems broken")
+continue
+
+target, subtargets, features = result
+features = set(features.split())
+
+if "broken" in features:
+eprint(f"INFO: {target} skip broken")
+continue
+
+if "source-only" in features:
+ep

Re: [OpenWrt-Devel] [PATCH 1/2] build: image: add common and reproducible IMG_PART_SIGNATURE variable

2019-11-07 Thread Paul Spooren 
Thank you for reworking this! Daniel already told me that a fallback is 
required if SOURCE_DATE_EPOCH is unset, this looks like a clean solution.


On 11/7/19 4:09 AM, Petr Štetiar wrote:

From: Paul Spooren 

x86, mvebu and tegra targets are currently using more or less same
SIGNATURE variable which provides unique partition ID/signature, so it
makes sense to refactor it out into common variable which could be
reused by all targets.  While at it, make the content of the variable
reproducible.

Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-March/016148.html
Signed-off-by: Paul Spooren 
Suggested-by: Jo-Philipp Wich 
[renamed to IMG_PARTSIGNATURE, reworked with epoch+vermagic hash]
Signed-off-by: Petr Štetiar 
---
  include/image.mk | 1 +
  1 file changed, 1 insertion(+)

diff --git a/include/image.mk b/include/image.mk
index 77d456719711..8755c4832abd 100644
--- a/include/image.mk
+++ b/include/image.mk
@@ -44,6 +44,7 @@ IMG_PREFIX_VERCODE:=$(if 
$(CONFIG_VERSION_CODE_FILENAMES),$(call sanitize,$(VERS
  
IMG_PREFIX:=$(VERSION_DIST_SANITIZED)-$(IMG_PREFIX_VERNUM)$(IMG_PREFIX_VERCODE)$(IMG_PREFIX_EXTRA)$(BOARD)$(if
 $(SUBTARGET),-$(SUBTARGET))
  IMG_ROOTFS:=$(IMG_PREFIX)-rootfs
  IMG_COMBINED:=$(IMG_PREFIX)-combined
+IMG_PART_SIGNATURE:=$(shell echo $(SOURCE_DATE_EPOCH)$(LINUX_VERMAGIC) | 
mkhash md5 | head --bytes 8)
  
  MKFS_DEVTABLE_OPT := -D $(INCLUDE_DIR)/device_table.txt
  


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] ramips, mt7520: reproducible elecom-header uid/gid

2019-11-06 Thread Paul Spooren 

Oh thanks, updated...

On 11/5/19 10:01 PM, Bjørn Mork wrote:

subject typo.  I was curious about that new chip :-)


Bjørn


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH v2] ramips, mt7620: reproducible elecom-header uid/gid

2019-11-06 Thread Paul Spooren 
The elecom-header renames the firmware image to v_0.0.0.bin, stores its
MD5 sum as v_0.0.0.md5 and tars both files again.

Both v_0.0.0 files are created as the build user making it harder to
reproduce.

This commit sets the owner/group of both files to root by adding extra
options to the final tar command.

Before:
0 buildbot   (101) buildbot   (102)  3932164 2019-11-05 14:43:22.00 
v_0.0.0.bin
0 buildbot   (101) buildbot   (102)   33 2019-11-05 14:43:22.00 
v_0.0.0.md5

After:
0 root (0) root (0)  3932164 2019-11-05 23:43:08.00 
v_0.0.0.bin
0 root (0) root (0)   33 2019-11-05 23:43:08.00 
v_0.0.0.md5

Signed-off-by: Paul Spooren 
---
v2: rename mt7520 to mt7620

 target/linux/ramips/image/mt7620.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/linux/ramips/image/mt7620.mk 
b/target/linux/ramips/image/mt7620.mk
index bca2363699..88437a6904 100644
--- a/target/linux/ramips/image/mt7620.mk
+++ b/target/linux/ramips/image/mt7620.mk
@@ -13,7 +13,7 @@ define Build/elecom-header
) | mkhash md5 > $(KDIR)/v_0.0.0.md5
$(STAGING_DIR_HOST)/bin/tar -c \
$(if $(SOURCE_DATE_EPOCH),--mtime=@$(SOURCE_DATE_EPOCH)) \
-   -f $@ -C $(KDIR) v_0.0.0.bin v_0.0.0.md5
+   --owner=0 --group=0 -f $@ -C $(KDIR) v_0.0.0.bin v_0.0.0.md5
 endef
 
 define Device/aigale_ai-br100
-- 
2.24.0.rc1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] ramips, mt7520: reproducible elecom-header uid/gid

2019-11-05 Thread Paul Spooren 
The elecom-header renames the firmware image to v_0.0.0.bin, stores its
MD5 sum as v_0.0.0.md5 and tars both files again.

Both v_0.0.0 files are created as the build user making it harder to
reproduce.

This commit sets the owner/group of both files to root by adding extra
options to the final tar command.

Before:
0 buildbot   (101) buildbot   (102)  3932164 2019-11-05 14:43:22.00 
v_0.0.0.bin
0 buildbot   (101) buildbot   (102)   33 2019-11-05 14:43:22.00 
v_0.0.0.md5

After:
0 root (0) root (0)  3932164 2019-11-05 23:43:08.00 
v_0.0.0.bin
0 root (0) root (0)   33 2019-11-05 23:43:08.00 
v_0.0.0.md5

Signed-off-by: Paul Spooren 
---
I could not runtime test this, I guessed the changed owner shouldn't be
a problem for the device.

 target/linux/ramips/image/mt7620.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/linux/ramips/image/mt7620.mk 
b/target/linux/ramips/image/mt7620.mk
index bca2363699..88437a6904 100644
--- a/target/linux/ramips/image/mt7620.mk
+++ b/target/linux/ramips/image/mt7620.mk
@@ -13,7 +13,7 @@ define Build/elecom-header
) | mkhash md5 > $(KDIR)/v_0.0.0.md5
$(STAGING_DIR_HOST)/bin/tar -c \
$(if $(SOURCE_DATE_EPOCH),--mtime=@$(SOURCE_DATE_EPOCH)) \
-   -f $@ -C $(KDIR) v_0.0.0.bin v_0.0.0.md5
+   --owner=0 --group=0 -f $@ -C $(KDIR) v_0.0.0.bin v_0.0.0.md5
 endef
 
 define Device/aigale_ai-br100
-- 
2.24.0.rc1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] build: image: fix build breakage of some images

2019-11-05 Thread Paul Spooren 

Thanks for debugging this!

On 11/5/19 1:23 PM, Petr Štetiar wrote:

Commit 881ed09ee6e2 ("build: create JSON files containing image info")
has removed the crucial empty new line from the image copy step
resulting in the following errors during make function expansion:

  GZ_SUFFIX :=
  bash: GZ_SUFFIX: command not found
  Makefile:86: recipe for target 
'openwrt-ath79-generic-tplink_archer-c7-v5-squashfs-sysupgrade.bin' failed

Fixes: 881ed09ee6e2 ("build: create JSON files containing image info")
Signed-off-by: Petr Štetiar 
---
  include/image.mk | 1 +
  1 file changed, 1 insertion(+)

diff --git a/include/image.mk b/include/image.mk
index 940ae812ea95..77d456719711 100644
--- a/include/image.mk
+++ b/include/image.mk
@@ -597,6 +597,7 @@ define Device/Build/image
SUPPORTED_DEVICES="$(SUPPORTED_DEVICES)" \
$(TOPDIR)/scripts/json_add_image_info.py \
)
+
  endef
  
  define Device/Build/artifact


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH v2] build: unify SIGNATURE and make it reproducible

2019-11-04 Thread Paul Spooren 
The SIGNATURE variable is a unique ID used as partition identifier for
x86, tegra and mvebu. This patch unifies the generation of SIGNATURE by
creating it once in include/image.mk instead differently for each
target.

Also make it reproducible by using SOURCE_DATE_EPOCH, resulting in equal
SIGNATURE valuess over multiple build with the same commit.

This is another step in the direction of reproducible OpenWrt images.

Signed-off-by: Paul Spooren 
---
I'm currently trying to step up my commit message game, please comment
if the message is unclear or confusing!

 include/image.mk  | 2 ++
 target/linux/mvebu/image/Makefile | 2 --
 target/linux/tegra/image/Makefile | 2 --
 target/linux/x86/image/Makefile   | 1 -
 4 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/include/image.mk b/include/image.mk
index 940ae812ea..4884ad9fe2 100644
--- a/include/image.mk
+++ b/include/image.mk
@@ -45,6 +45,8 @@ 
IMG_PREFIX:=$(VERSION_DIST_SANITIZED)-$(IMG_PREFIX_VERNUM)$(IMG_PREFIX_VERCODE)$
 IMG_ROOTFS:=$(IMG_PREFIX)-rootfs
 IMG_COMBINED:=$(IMG_PREFIX)-combined
 
+SIGNATURE:=$(shell printf "%.8s" $(SOURCE_DATE_EPOCH))
+
 MKFS_DEVTABLE_OPT := -D $(INCLUDE_DIR)/device_table.txt
 
 ifneq ($(CONFIG_BIG_ENDIAN),)
diff --git a/target/linux/mvebu/image/Makefile 
b/target/linux/mvebu/image/Makefile
index 967a1e4ee1..1c96a5e175 100644
--- a/target/linux/mvebu/image/Makefile
+++ b/target/linux/mvebu/image/Makefile
@@ -13,8 +13,6 @@ include $(INCLUDE_DIR)/image.mk
 
 KERNEL_LOADADDR := 0x8000
 
-SIGNATURE:=$(shell printf "%.8s" $(SOURCE_DATE_EPOCH))
-
 define Build/boot-scr
rm -f $@-boot.scr
sed \
diff --git a/target/linux/tegra/image/Makefile 
b/target/linux/tegra/image/Makefile
index 2ce8659995..39073a47d2 100644
--- a/target/linux/tegra/image/Makefile
+++ b/target/linux/tegra/image/Makefile
@@ -7,8 +7,6 @@
 include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/image.mk
 
-SIGNATURE:=$(shell printf "%.8s" $(SOURCE_DATE_EPOCH))
-
 define Build/tegra-sdcard
rm -fR $@.boot
mkdir -p $@.boot
diff --git a/target/linux/x86/image/Makefile b/target/linux/x86/image/Makefile
index ac70e771c8..73e468d38f 100644
--- a/target/linux/x86/image/Makefile
+++ b/target/linux/x86/image/Makefile
@@ -40,7 +40,6 @@ ifneq ($(GRUB_TERMINALS),)
   GRUB_TERMINAL_CONFIG := terminal_input $(GRUB_TERMINALS); terminal_output 
$(GRUB_TERMINALS)
 endif
 
-SIGNATURE:=$(shell perl -e 'printf("%08x", rand(0x))')
 ROOTPART:=$(call qstrip,$(CONFIG_TARGET_ROOTFS_PARTNAME))
 ROOTPART:=$(if $(ROOTPART),$(ROOTPART),PARTUUID=$(SIGNATURE)-02)
 
-- 
2.24.0.rc1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] x86: generate reproducible UUID

2019-11-03 Thread Paul Spooren 
This commit changes the behaviour of UUID generation. Instead of using
the rand module of perl, generating a random UUID per compile, it now
hashes the SOURCE_DATE_EPOCH, resulting in a reproducible UUID.

Signed-off-by: Paul Spooren 
---
 target/linux/x86/image/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/linux/x86/image/Makefile b/target/linux/x86/image/Makefile
index ac70e771c8..68c2bee9d4 100644
--- a/target/linux/x86/image/Makefile
+++ b/target/linux/x86/image/Makefile
@@ -40,7 +40,7 @@ ifneq ($(GRUB_TERMINALS),)
   GRUB_TERMINAL_CONFIG := terminal_input $(GRUB_TERMINALS); terminal_output 
$(GRUB_TERMINALS)
 endif
 
-SIGNATURE:=$(shell perl -e 'printf("%08x", rand(0x))')
+SIGNATURE:=$(shell echo "$(SOURCE_DATE_EPOCH)" | sha256sum | cut -c 1-8 -z)
 ROOTPART:=$(call qstrip,$(CONFIG_TARGET_ROOTFS_PARTNAME))
 ROOTPART:=$(if $(ROOTPART),$(ROOTPART),PARTUUID=$(SIGNATURE)-02)
 
-- 
2.24.0.rc1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [Suggestions] Streamline localization by using Weblate for the project, use LiberaPay or OpenCollective to enable people to donate

2019-10-15 Thread Paul Spooren 


On 9/25/19 3:24 PM, Scott wrote:

‐‐‐ Original Message ‐‐‐
On Tuesday, September 24, 2019 1:13 AM, Paul Spooren  wrote:



I think that's a good idea! As it doesn't need to be directly integrated
in any existing workflow nor requires privileges on any Git, it's
basically just a fancy front-end with translation suggestions for .po
files right?

Out of curiosity I requested a libre account for a quick evaluation, if
anyone is in serious doubt on evaluation it I'll instantly cancel the
request. However I think this is in line with
https://openwrt.org/meetings/hamburg2019/start#luci_translations


Correct, it needs no privileges to update Weblate's .po copy from the 
repository and if you want to commit the localization that has been made by 
contributors you can opt to have the Weblate commit automatically if you're 
feeling daring, or you can just opt to have manually triggered PR where someone 
with merge permission can review per usual contribution workflow. The 
Continuous Localization documentation documents the workflow and possibilities 
pretty well: https://docs.weblate.org/en/latest/admin/continuous.html

Yep, Weblate is largely a browser based localization tool frontend with a pinch 
of middleware components to update Weblate's copy, send out notifications, and 
make commits or PR's.


Weblate approved hosting OpenWrt and it is surprisingly addictive. The 
project is found here[0] and the automatic PR creation works[1] also. 
Thanks for pointing to that project! Happy translating I guess...


Best,
Paul

[0]: https://hosted.weblate.org/projects/openwrt/
[1]: https://github.com/openwrt/luci/pull/3190


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] buildbot, phase1: use buildinfo instead of prepare

2019-10-13 Thread Paul Spooren 
Prepare target is used to compile tools and toolchain, however buildbot
only uses it to create the buildinfo files. This[0] PR splits prepare
and buildinfo allowing the buildbots to run the buildinfo creation only.

This should also fix the current issue with missing json info files:
prepare runs `target/compile` which removes all existing json info files
via `Device/Build`. Only `target/install` creates them via
`Device/Build/image`. However currently the buildbots run
`target/install` before (the second) `target/compile`.

[0]: https://github.com/openwrt/openwrt/pull/2492

Signed-off-by: Paul Spooren 
---
 phase1/master.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/phase1/master.cfg b/phase1/master.cfg
index f0151f6..0aaa079 100644
--- a/phase1/master.cfg
+++ b/phase1/master.cfg
@@ -920,7 +920,7 @@ for target in targets:
factory.addStep(ShellCommand(
name = "buildinfo",
description = "Generating config.buildinfo, version.buildinfo 
and feeds.buildinfo",
-   command=["make", "-j1", "prepare", "V=s"],
+   command=["make", "-j1", "buildinfo", "V=s"],
env = MakeEnv(),
haltOnFailure = True
))
-- 
2.23.0


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] 19.07: backport of reproducibility patches

2019-10-09 Thread Paul Spooren 

Hi team,

there are two recent patches introducing reproducibility of most 
packages and firmware images. Applying them to 19.07 would only change 
timestamps and shorten debug information (of buildpath), therefore 
fairly secure to merge.


Please consider backporting:

4ed356fa71 kernel.mk: add KCFLAGS to make kmods reproducible

4791afa734 kernel-defaults: ensure SOURCE_DATE_EPOCH on /init

Best,
Paul


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] kernel.mk: add KCFLAGS to make kmods reproducible

2019-10-08 Thread Paul Spooren 
Some kmods (gpio-hotplug, wireguard) store the build path in the
compiled files and therefore make it harder to rebuild the official
binaries. As the same "iremap" function is used as for other binaries,
the change is compatible with gcc7 and 8.

Tested with both gcc7 and gcc8 resulting in build path independent
reproducible builds.

Signed-off-by: Paul Spooren 
---
 include/kernel.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/kernel.mk b/include/kernel.mk
index 73645330fe..439e910ebf 100644
--- a/include/kernel.mk
+++ b/include/kernel.mk
@@ -104,6 +104,7 @@ endif
 KERNEL_MAKE = $(MAKE) $(KERNEL_MAKEOPTS)
 
 KERNEL_MAKE_FLAGS = \
+   KCFLAGS="$(call iremap,$(BUILD_DIR),$(notdir $(BUILD_DIR)))" \
HOSTCFLAGS="$(HOST_CFLAGS) -Wall -Wmissing-prototypes 
-Wstrict-prototypes" \
CROSS_COMPILE="$(KERNEL_CROSS)" \
ARCH="$(LINUX_KARCH)" \
-- 
2.23.0


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH v3] toolchain/gcc: switch to version 8 by default

2019-10-08 Thread Paul Spooren 
Main motivation for this commit is the introduction of
`-ffile-prefix-map=` which alows reproducible build path.

The usage of `-ffile-prefix-map=` in include/kernel.mk adds
reproducibility to kmods like gpio-hotplug and wireguard which before
stored the build path as debug information in .rodata.

Compiling tested without errors on the following targets:

* ath79
* brcm2708
* brcm63xx
* ixp4xx
* ramips
* sunxi
* x86

CC: Andre Heider 
CC: Petr Štetiar 

Thanks to Andre for the iremap fixup
Thanks to Petr for his patience on helping which screws to tweak

Signed-off-by: Paul Spooren 
---
v3: add KCFLAGS to make kmods reproducible  


 config/Config-build.in |  2 --
 include/kernel.mk  |  1 +
 .../patches/120-strip-cflags-from-binary.patch |  2 +-
 rules.mk   |  8 
 toolchain/gcc/Config.in|  8 ++--
 toolchain/gcc/Config.version   | 14 --
 6 files changed, 16 insertions(+), 19 deletions(-)

diff --git a/config/Config-build.in b/config/Config-build.in
index 9669fc86c7..872e5c12ab 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -243,7 +243,6 @@ menu "Global build settings"
config PKG_CC_STACKPROTECTOR_STRONG
bool "Strong"
select GCC_LIBSSP if !USE_MUSL
-   depends on !GCC_VERSION_4_8
depends on KERNEL_CC_STACKPROTECTOR_STRONG
endchoice
 
@@ -258,7 +257,6 @@ menu "Global build settings"
config KERNEL_CC_STACKPROTECTOR_REGULAR
bool "Regular"
config KERNEL_CC_STACKPROTECTOR_STRONG
-   depends on !GCC_VERSION_4_8
bool "Strong"
endchoice
 
diff --git a/include/kernel.mk b/include/kernel.mk
index 97d23661c9..451f5bdee3 100644
--- a/include/kernel.mk
+++ b/include/kernel.mk
@@ -104,6 +104,7 @@ endif
 KERNEL_MAKE = $(MAKE) $(KERNEL_MAKEOPTS)
 
 KERNEL_MAKE_FLAGS = \
+   KCFLAGS="$(call iremap,$(BUILD_DIR),$(notdir $(BUILD_DIR)))" \
HOSTCFLAGS="$(HOST_CFLAGS) -Wall -Wmissing-prototypes 
-Wstrict-prototypes" \
CROSS_COMPILE="$(KERNEL_CROSS)" \
ARCH="$(LINUX_KARCH)" \
diff --git a/package/libs/openssl/patches/120-strip-cflags-from-binary.patch 
b/package/libs/openssl/patches/120-strip-cflags-from-binary.patch
index 75fb9d1684..7faec9ab88 100644
--- a/package/libs/openssl/patches/120-strip-cflags-from-binary.patch
+++ b/package/libs/openssl/patches/120-strip-cflags-from-binary.patch
@@ -17,7 +17,7 @@ index 2c619c62e8..893128345a 100644
  
  DEPEND[cversion.o]=buildinf.h
 -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) 
$(CPPFLAGS_Q)" "$(PLATFORM)"
-+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(filter-out -I% -iremap% 
-fmacro-prefix-map%,$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q))" "$(PLATFORM)"
++GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(filter-out -I% -iremap% 
-fmacro-prefix-map% -ffile-prefix-map%,$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q))" 
"$(PLATFORM)"
  DEPEND[buildinf.h]=../configdata.pm
  
  GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
diff --git a/rules.mk b/rules.mk
index b140fbca70..7063cf3ad6 100644
--- a/rules.mk
+++ b/rules.mk
@@ -139,11 +139,11 @@ else
   TOOLCHAIN_DIR_NAME:=toolchain-$(GNU_TARGET_NAME)
 endif
 
-ifeq ($(or 
$(CONFIG_EXTERNAL_TOOLCHAIN),$(CONFIG_GCC_VERSION_4_8),$(CONFIG_TARGET_uml)),)
-  ifeq ($(CONFIG_GCC_USE_EMBEDDED_PATH_REMAP),y)
-iremap = -fmacro-prefix-map=$(1)=$(2)
-  else
+ifeq ($(or $(CONFIG_EXTERNAL_TOOLCHAIN),$(CONFIG_TARGET_uml)),)
+  ifeq ($(CONFIG_GCC_USE_IREMAP),y)
 iremap = -iremap$(1):$(2)
+  else
+iremap = -ffile-prefix-map=$(1)=$(2)
   endif
 endif
 
diff --git a/toolchain/gcc/Config.in b/toolchain/gcc/Config.in
index 0977f9b4e7..3882815d7f 100644
--- a/toolchain/gcc/Config.in
+++ b/toolchain/gcc/Config.in
@@ -2,8 +2,7 @@
 
 choice
prompt "GCC compiler Version" if TOOLCHAINOPTS
-   default GCC_USE_VERSION_8 if arc
-   default GCC_USE_VERSION_7
+   default GCC_USE_VERSION_8
help
  Select the version of gcc you wish to use.
 
@@ -22,6 +21,11 @@ choice
bool "gcc 9.x"
 endchoice
 
+config GCC_USE_IREMAP
+   default y if ( GCC_USE_VERSION_5 || GCC_USE_VERSION_7 )
+   default n
+   bool
+
 config GCC_USE_GRAPHITE
bool
prompt "Compile in support for the new Graphite framework in GCC 4.4+" 
if TOOLCHAINOPTS
diff --git a/toolchain/gcc/Config.version b/toolchain/gcc/Config.version
index d9732b3e0d..0658f3d52b 100644
--- a/toolchain/gcc/Config.version
+++ b/toolchain/gcc/Config.version
@@ -2,23 +2,17 @@ co

Re: [OpenWrt-Devel] [PATCH] ath79: make UBNT Nano/Loco AC factory images reproducible

2019-10-08 Thread Paul Spooren 

Hi,

On 10/7/19 6:38 PM, Petr Štetiar wrote:

as discussed on IRC, this issue is caused by your custom build step[1] and
doesn't exist in the tree, so the proposed patch can be seen just a workaround
and not proper fix so I've rejected it and not going to apply.
Fine for me if the enhancements mentioned below are implemented at some 
point. For now the padding causes images to be unreproducible which I'd 
consider as a upstream problem. The `exchange_signature` step is the 
only way I can think of to make signed images reproducible...

This should be fixed in other places:

  < jow> to me it looks as if two distinct fixes are needed
  < jow> 1) better fwtool signature search heuristics
  < jow> 2) pad the signature before it is factored into the partition size 
calculation

1. https://gitlab.com/aparcar/rebuild/blob/master/rebuild.py#L146

-- ynezz



___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] ath79: make UBNT Nano/Loco AC factory images reproducible

2019-10-07 Thread Paul Spooren 

The issue appear for amips-mt7620-zyxel_keenetic-omni-ii[0] as well.

[0]: 
https://rebuild.aparcar.org/SNAPSHOT/ramips/mt7620/openwrt-ramips-mt7620-zyxel_keenetic-omni-ii-squashfs-factory.bin.html


On 10/6/19 10:22 PM, Petr Štetiar wrote:

Current factory images are built on top of sysupgrade images which
contains metadata which are causing image reproducibility issues, so
let's build factory images from the scratch. While at it, refactor the
shared vars into common base as well.

Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-October/019205.html
Reported-by: Paul Spooren 
Signed-off-by: Petr Štetiar 
---
  target/linux/ath79/image/generic-ubnt.mk | 24 
  1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/target/linux/ath79/image/generic-ubnt.mk 
b/target/linux/ath79/image/generic-ubnt.mk
index 6ae766e29331..9ab11324b411 100644
--- a/target/linux/ath79/image/generic-ubnt.mk
+++ b/target/linux/ath79/image/generic-ubnt.mk
@@ -114,40 +114,40 @@ define Device/ubnt_bullet-m-xw
  endef
  TARGET_DEVICES += ubnt_bullet-m-xw
  
+define Device/ubnt-nano-ac

+  DEVICE_PACKAGES += kmod-ath10k-ct ath10k-firmware-qca988x-ct
+  IMAGE_SIZE := 15744k
+  IMAGE/factory.bin := append-kernel | pad-to (BLOCKSIZE) | \
+   append-rootfs | pad-rootfs | mkubntimage-split | \
+   check-size (IMAGE_SIZE)
+endef
+
  define Device/ubnt_lap-120
$(Device/ubnt-wa)
DEVICE_MODEL := LiteAP ac
DEVICE_VARIANT := LAP-120
-  DEVICE_PACKAGES += kmod-ath10k-ct ath10k-firmware-qca988x-ct
-  IMAGE_SIZE := 15744k
-  IMAGE/factory.bin := $$(IMAGE/sysupgrade.bin) | mkubntimage-split
+  $(Device/ubnt-nano-ac)
  endef
  TARGET_DEVICES += ubnt_lap-120
  
  define Device/ubnt_nanobeam-ac

$(Device/ubnt-wa)
DEVICE_MODEL := NanoBeam AC
-  DEVICE_PACKAGES += kmod-ath10k-ct ath10k-firmware-qca988x-ct
-  IMAGE_SIZE := 15744k
-  IMAGE/factory.bin := $$(IMAGE/sysupgrade.bin) | mkubntimage-split
+  $(Device/ubnt-nano-ac)
  endef
  TARGET_DEVICES += ubnt_nanobeam-ac
  
  define Device/ubnt_nanostation-ac

$(Device/ubnt-wa)
DEVICE_MODEL := Nanostation AC
-  DEVICE_PACKAGES += kmod-ath10k-ct ath10k-firmware-qca988x-ct
-  IMAGE_SIZE := 15744k
-  IMAGE/factory.bin := $$(IMAGE/sysupgrade.bin) | mkubntimage-split
+  $(Device/ubnt-nano-ac)
  endef
  TARGET_DEVICES += ubnt_nanostation-ac
  
  define Device/ubnt_nanostation-ac-loco

$(Device/ubnt-wa)
DEVICE_MODEL := Nanostation AC loco
-  DEVICE_PACKAGES += kmod-ath10k-ct ath10k-firmware-qca988x-ct
-  IMAGE_SIZE := 15744k
-  IMAGE/factory.bin := $$(IMAGE/sysupgrade.bin) | mkubntimage-split
+  $(Device/ubnt-nano-ac)
  endef
  TARGET_DEVICES += ubnt_nanostation-ac-loco
  


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] ath79: make UBNT Nano/Loco AC factory images reproducible

2019-10-07 Thread Paul Spooren 

On 10/6/19 10:22 PM, Petr Štetiar wrote:

Current factory images are built on top of sysupgrade images which
contains metadata which are causing image reproducibility issues, so
let's build factory images from the scratch. While at it, refactor the
shared vars into common base as well.


Compiled and the signature is (obviously) gone, perfect!

Can't do any runtime tests, but I guess it's good for merging!

Thanks for the quick response!

Paul



Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-October/019205.html
Reported-by: Paul Spooren 
Signed-off-by: Petr Štetiar 
---
  target/linux/ath79/image/generic-ubnt.mk | 24 
  1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/target/linux/ath79/image/generic-ubnt.mk 
b/target/linux/ath79/image/generic-ubnt.mk
index 6ae766e29331..9ab11324b411 100644
--- a/target/linux/ath79/image/generic-ubnt.mk
+++ b/target/linux/ath79/image/generic-ubnt.mk
@@ -114,40 +114,40 @@ define Device/ubnt_bullet-m-xw
  endef
  TARGET_DEVICES += ubnt_bullet-m-xw
  
+define Device/ubnt-nano-ac

+  DEVICE_PACKAGES += kmod-ath10k-ct ath10k-firmware-qca988x-ct
+  IMAGE_SIZE := 15744k
+  IMAGE/factory.bin := append-kernel | pad-to (BLOCKSIZE) | \
+   append-rootfs | pad-rootfs | mkubntimage-split | \
+   check-size (IMAGE_SIZE)
+endef
+
  define Device/ubnt_lap-120
$(Device/ubnt-wa)
DEVICE_MODEL := LiteAP ac
DEVICE_VARIANT := LAP-120
-  DEVICE_PACKAGES += kmod-ath10k-ct ath10k-firmware-qca988x-ct
-  IMAGE_SIZE := 15744k
-  IMAGE/factory.bin := $$(IMAGE/sysupgrade.bin) | mkubntimage-split
+  $(Device/ubnt-nano-ac)
  endef
  TARGET_DEVICES += ubnt_lap-120
  
  define Device/ubnt_nanobeam-ac

$(Device/ubnt-wa)
DEVICE_MODEL := NanoBeam AC
-  DEVICE_PACKAGES += kmod-ath10k-ct ath10k-firmware-qca988x-ct
-  IMAGE_SIZE := 15744k
-  IMAGE/factory.bin := $$(IMAGE/sysupgrade.bin) | mkubntimage-split
+  $(Device/ubnt-nano-ac)
  endef
  TARGET_DEVICES += ubnt_nanobeam-ac
  
  define Device/ubnt_nanostation-ac

$(Device/ubnt-wa)
DEVICE_MODEL := Nanostation AC
-  DEVICE_PACKAGES += kmod-ath10k-ct ath10k-firmware-qca988x-ct
-  IMAGE_SIZE := 15744k
-  IMAGE/factory.bin := $$(IMAGE/sysupgrade.bin) | mkubntimage-split
+  $(Device/ubnt-nano-ac)
  endef
  TARGET_DEVICES += ubnt_nanostation-ac
  
  define Device/ubnt_nanostation-ac-loco

$(Device/ubnt-wa)
DEVICE_MODEL := Nanostation AC loco
-  DEVICE_PACKAGES += kmod-ath10k-ct ath10k-firmware-qca988x-ct
-  IMAGE_SIZE := 15744k
-  IMAGE/factory.bin := $$(IMAGE/sysupgrade.bin) | mkubntimage-split
+  $(Device/ubnt-nano-ac)
  endef
  TARGET_DEVICES += ubnt_nanostation-ac-loco
  


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] ath79: ubnt factory images with attached signatures

2019-10-06 Thread Paul Spooren 

Aloha,

I'm currently working on the reproducibility of OpenWrt snapshot images 
and packages and came across the following problem:


Some of the ath79 images have a signature attached to the factory images 
which is pointless as stock roms wont evaluate those anyway. However, as 
these factory images are padded after signature attaching the fwtool 
fails to replace them. An example of the situation is here[0].


This seems to be the case as the factory images simplify perform 
modifications on top of the sysupgrade images.


I'm not familiar enough with the build process, so if anyone would be up 
for help please let me know!


The affected profiles are

- ubnt_lap-120
- ubnt_nanobeam-ac
- ubnt_nanostation-ac-loco
- ubnt_nanostation-ac

Best,
Paul

[0]: 
https://rebuild.aparcar.org/SNAPSHOT/ath79/generic/openwrt-ath79-generic-ubnt_nanostation-ac-squashfs-factory.bin.html



___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH v2] toolchain/gcc: switch to version 8 by default

2019-10-02 Thread Paul Spooren 
Main motivation for this commit is the introduction of
`-ffile-prefix-map=` which alows reproducible build path.

Compiling tested without errors on the following targets:

* ath79
* brcm2708
* brcm63xx
* ixp4xx
* ramips
* sunxi
* x86

CC: Andre Heider 

Thanks to Andre for the iremap fixup

Signed-off-by: Paul Spooren 
---
 config/Config-build.in |  2 --
 .../patches/120-strip-cflags-from-binary.patch |  2 +-
 rules.mk   |  8 
 toolchain/gcc/Config.in|  8 ++--
 toolchain/gcc/Config.version   | 14 --
 5 files changed, 15 insertions(+), 19 deletions(-)

diff --git a/config/Config-build.in b/config/Config-build.in
index 9669fc86c7..872e5c12ab 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -243,7 +243,6 @@ menu "Global build settings"
config PKG_CC_STACKPROTECTOR_STRONG
bool "Strong"
select GCC_LIBSSP if !USE_MUSL
-   depends on !GCC_VERSION_4_8
depends on KERNEL_CC_STACKPROTECTOR_STRONG
endchoice
 
@@ -258,7 +257,6 @@ menu "Global build settings"
config KERNEL_CC_STACKPROTECTOR_REGULAR
bool "Regular"
config KERNEL_CC_STACKPROTECTOR_STRONG
-   depends on !GCC_VERSION_4_8
bool "Strong"
endchoice
 
diff --git a/package/libs/openssl/patches/120-strip-cflags-from-binary.patch 
b/package/libs/openssl/patches/120-strip-cflags-from-binary.patch
index 75fb9d1684..7faec9ab88 100644
--- a/package/libs/openssl/patches/120-strip-cflags-from-binary.patch
+++ b/package/libs/openssl/patches/120-strip-cflags-from-binary.patch
@@ -17,7 +17,7 @@ index 2c619c62e8..893128345a 100644
  
  DEPEND[cversion.o]=buildinf.h
 -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) 
$(CPPFLAGS_Q)" "$(PLATFORM)"
-+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(filter-out -I% -iremap% 
-fmacro-prefix-map%,$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q))" "$(PLATFORM)"
++GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(filter-out -I% -iremap% 
-fmacro-prefix-map% -ffile-prefix-map%,$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q))" 
"$(PLATFORM)"
  DEPEND[buildinf.h]=../configdata.pm
  
  GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
diff --git a/rules.mk b/rules.mk
index b140fbca70..7063cf3ad6 100644
--- a/rules.mk
+++ b/rules.mk
@@ -139,11 +139,11 @@ else
   TOOLCHAIN_DIR_NAME:=toolchain-$(GNU_TARGET_NAME)
 endif
 
-ifeq ($(or 
$(CONFIG_EXTERNAL_TOOLCHAIN),$(CONFIG_GCC_VERSION_4_8),$(CONFIG_TARGET_uml)),)
-  ifeq ($(CONFIG_GCC_USE_EMBEDDED_PATH_REMAP),y)
-iremap = -fmacro-prefix-map=$(1)=$(2)
-  else
+ifeq ($(or $(CONFIG_EXTERNAL_TOOLCHAIN),$(CONFIG_TARGET_uml)),)
+  ifeq ($(CONFIG_GCC_USE_IREMAP),y)
 iremap = -iremap$(1):$(2)
+  else
+iremap = -ffile-prefix-map=$(1)=$(2)
   endif
 endif
 
diff --git a/toolchain/gcc/Config.in b/toolchain/gcc/Config.in
index 0977f9b4e7..3882815d7f 100644
--- a/toolchain/gcc/Config.in
+++ b/toolchain/gcc/Config.in
@@ -2,8 +2,7 @@
 
 choice
prompt "GCC compiler Version" if TOOLCHAINOPTS
-   default GCC_USE_VERSION_8 if arc
-   default GCC_USE_VERSION_7
+   default GCC_USE_VERSION_8
help
  Select the version of gcc you wish to use.
 
@@ -22,6 +21,11 @@ choice
bool "gcc 9.x"
 endchoice
 
+config GCC_USE_IREMAP
+   default y if ( GCC_USE_VERSION_5 || GCC_USE_VERSION_7 )
+   default n
+   bool
+
 config GCC_USE_GRAPHITE
bool
prompt "Compile in support for the new Graphite framework in GCC 4.4+" 
if TOOLCHAINOPTS
diff --git a/toolchain/gcc/Config.version b/toolchain/gcc/Config.version
index d9732b3e0d..0658f3d52b 100644
--- a/toolchain/gcc/Config.version
+++ b/toolchain/gcc/Config.version
@@ -2,23 +2,17 @@ config GCC_VERSION_5
default y if GCC_USE_VERSION_5
bool
 
-config GCC_VERSION_8
-   default y if GCC_USE_VERSION_8
-   default y if arc && !GCC_USE_VERSION_9
+config GCC_VERSION_7
+   default y if GCC_USE_VERSION_7
bool
 
 config GCC_VERSION_9
default y if GCC_USE_VERSION_9
bool
 
-config GCC_USE_EMBEDDED_PATH_REMAP
-   default y if ( GCC_VERSION_8 || GCC_VERSION_9 )
-   default n
-   bool
-
 config GCC_VERSION
string
default "5.5.0" if GCC_VERSION_5
-   default "8.3.0" if GCC_VERSION_8
+   default "7.4.0" if GCC_VERSION_7
default "9.2.0" if GCC_VERSION_9
-   default "7.4.0"
+   default "8.3.0"
-- 
2.23.0


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] toolchain/gcc: switch to version 8 by default

2019-09-30 Thread Paul Spooren 

On 28.09.19 11:04, Daniel Golle wrote:

Hi Paul,

On Sat, Sep 28, 2019 at 10:44:48AM -1000, Paul Spooren wrote:

Main motivation for this commit is the introduction of
`-ffile-prefix-map=` which alows reproducible build path.

Imho definitely a good reason to move forward with the switch to GCC 8.


Compiling tested without errors on the following targets:

* ath79
* brcm2708
* brcm63xx
* ixp4xx
* ramips
* sunxi
* x86

Signed-off-by: Paul Spooren 
---
Please let me know if I should compile more targets.

Maybe try apm821xx and octeon as well to cover powerpc and mips64.
I'll give it a shot tomorrow and run-test on ramips/mt76x8.


I compiled some more I couldn't detect any compile problems, however I 
did not yet perform any runtime tests.


The sizes for most images seems slightly smaller, I run a script to 
compare the sizes:


-   -993B /packages/mips_24kc/base/busybox_1.31.0-1_mips_24kc.ipk
+ 21B /packages/mips_24kc/base/dnsmasq_2.80-14_mips_24kc.ipk
-   -222B /packages/mips_24kc/base/dropbear_2019.78-2_mips_24kc.ipk
+    196B 
/packages/mips_24kc/base/firewall_2019-09-18-383eb58f-1_mips_24kc.ipk
+ 16B 
/packages/mips_24kc/base/getrandom_2019-06-16-4df34a4d-3_mips_24kc.ipk
+ 20B 
/packages/mips_24kc/base/hostapd-common_2019-08-08-ca8c2bd2-1_mips_24kc.ipk

+  5B /packages/mips_24kc/base/iw_5.0.1-1_mips_24kc.ipk
-    -16B 
/packages/mips_24kc/base/jshn_2019-06-16-ecf56174-1_mips_24kc.ipk
-    -13B 
/packages/mips_24kc/base/jsonfilter_2018-02-04-c7e938d6-1_mips_24kc.ipk
-    -16B 
/packages/mips_24kc/base/libblobmsg-json_2019-06-16-ecf56174-1_mips_24kc.ipk

+ 57B /packages/mips_24kc/base/libjson-c4_0.13.1-1_mips_24kc.ipk
+ 17B 
/packages/mips_24kc/base/libjson-script_2019-06-16-ecf56174-1_mips_24kc.ipk

-    -35B /packages/mips_24kc/base/libnl-tiny_0.1-5_mips_24kc.ipk
+  4B 
/packages/mips_24kc/base/libubox20170601_2019-06-16-ecf56174-1_mips_24kc.ipk
+ 17B 
/packages/mips_24kc/base/libubus20170705_2018-10-06-221ce7e7-1_mips_24kc.ipk
+ 21B 
/packages/mips_24kc/base/libuci20130104_2019-09-01-415f9e48-3_mips_24kc.ipk
-    -32B 
/packages/mips_24kc/base/libuclient20160123_2019-05-30-3b3e368d-1_mips_24kc.ipk
- -9B 
/packages/mips_24kc/base/logd_2019-06-16-4df34a4d-3_mips_24kc.ipk
-    -38B 
/packages/mips_24kc/base/netifd_2019-08-05-5e02f944-1_mips_24kc.ipk
+ 15B 
/packages/mips_24kc/base/odhcp6c_2019-01-11-e199804b-16_mips_24kc.ipk
-   -209B 
/packages/mips_24kc/base/odhcpd-ipv6only_2019-09-15-1d240094-3_mips_24kc.ipk
+ 26B 
/packages/mips_24kc/base/openwrt-keyring_2019-07-25-8080ef34-1_mips_24kc.ipk
+ 53B 
/packages/mips_24kc/base/opkg_2019-06-14-dcbc142e-1_mips_24kc.ipk
-    -57B 
/packages/mips_24kc/base/ppp-mod-pppoe_2.4.7.git-2019-05-25-2_mips_24kc.ipk
-    -56B 
/packages/mips_24kc/base/ppp_2.4.7.git-2019-05-25-2_mips_24kc.ipk
-    -80B 
/packages/mips_24kc/base/procd_2019-09-21-8e9fb51f-2_mips_24kc.ipk

+ 33B /packages/mips_24kc/base/swconfig_12_mips_24kc.ipk
-   -105B 
/packages/mips_24kc/base/ubox_2019-06-16-4df34a4d-3_mips_24kc.ipk
+ 14B 
/packages/mips_24kc/base/ubus_2018-10-06-221ce7e7-1_mips_24kc.ipk
-    -44B 
/packages/mips_24kc/base/ubusd_2018-10-06-221ce7e7-1_mips_24kc.ipk
+ 13B 
/packages/mips_24kc/base/uci_2019-09-01-415f9e48-3_mips_24kc.ipk
+ 10B 
/packages/mips_24kc/base/uclient-fetch_2019-05-30-3b3e368d-1_mips_24kc.ipk

+ 11B /packages/mips_24kc/base/urandom-seed_1.0-1_mips_24kc.ipk
+ 18B 
/packages/mips_24kc/base/urngd_2019-06-17-c057e177-1_mips_24kc.ipk
+ 86B 
/packages/mips_24kc/base/usign_2019-09-21-f34a383e-1_mips_24kc.ipk

+ 25B /packages/mips_24kc/base/wireless-regdb_2019.06.03_all.ipk
- -12043B 
/packages/mips_24kc/base/wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk
-    -103656B 
/targets/ath79/generic/openwrt-ath79-generic-8dev_carambola2-initramfs-kernel.bin
-    -196110B 
/targets/ath79/generic/openwrt-ath79-generic-8dev_carambola2-squashfs-sysupgrade.bin
-    -353608B 
/targets/ath79/generic/openwrt-ath79-generic-adtran_bsap1800-v2-initramfs-kernel.bin
- -65536B 
/targets/ath79/generic/openwrt-ath79-generic-adtran_bsap1800-v2-squashfs-kernel.bin
- -60942B 
/targets/ath79/generic/openwrt-ath79-generic-adtran_bsap1800-v2-squashfs-sysupgrade.bin
-    -353608B 
/targets/ath79/generic/openwrt-ath79-generic-adtran_bsap1840-initramfs-kernel.bin
- -65536B 
/targets/ath79/generic/openwrt-ath79-generic-adtran_bsap1840-squashfs-kernel.bin
- -60942B 
/targets/ath79/generic/openwrt-ath79-generic-adtran_bsap1840-squashfs-sysupgrade.bin
-    -103654B 
/targets/ath79/generic/openwrt-ath79-generic-alfa-network_ap121f-initramfs-kernel.bin
-    -261646B 
/targets/ath79/generic/openwrt-ath79-generic-alfa-network_ap121f-squashfs-sysupgrade.bin
-    -103647B 
/targets/ath79/generic/openwrt-ath79-generic-aruba_ap-105-initramfs-kernel.bin
-    -130574B

[OpenWrt-Devel] [PATCH] kernel-defaults: ensure SOURCE_DATE_EPOCH on /init

2019-09-29 Thread Paul Spooren 
This is a follow up of 8cb13f4e6d which sets the right timestamp for the
/init file in initramfs. The previous patch doesn't cover it as the
files appear to come from a later step during compilation.

CC: Alexander Couzens 

Signed-off-by: Paul Spooren 
---
 include/kernel-defaults.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/kernel-defaults.mk b/include/kernel-defaults.mk
index cc1e2361be..db93a53d71 100644
--- a/include/kernel-defaults.mk
+++ b/include/kernel-defaults.mk
@@ -146,6 +146,7 @@ ifneq ($(CONFIG_TARGET_ROOTFS_INITRAMFS),)
 define Kernel/CompileImage/Initramfs
$(call Kernel/Configure/Initramfs)
$(CP) $(GENERIC_PLATFORM_DIR)/other-files/init $(TARGET_DIR)/init
+   $(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" 
$(TARGET_DIR)/init)
rm -rf 
$(KERNEL_BUILD_DIR)/linux-$(LINUX_VERSION)/usr/initramfs_data.cpio*
+$(KERNEL_MAKE) $(if $(KERNELNAME),$(KERNELNAME),all) modules
$(call Kernel/CopyImage,-initramfs)
-- 
2.23.0


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] rules: allow arbitrary log destination

2019-09-28 Thread Paul Spooren 
Add option BUILD_LOG_DIR to menuconfig to change log destination.

The mix-up of *DIR* and *FOLDER* is confusing however.

Signed-off-by: Paul Spooren 
---
 config/Config-devel.in | 7 +++
 rules.mk   | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/config/Config-devel.in b/config/Config-devel.in
index fd7c3ead1e..70ec0ce9a7 100644
--- a/config/Config-devel.in
+++ b/config/Config-devel.in
@@ -105,6 +105,13 @@ menuconfig DEVEL
help
  If enabled, log files will be written to the ./log directory.
 
+   config BUILD_LOG_DIR
+   string "Log folder" if DEVEL
+   default ""
+   help
+ Store build logs in this directory.
+ If not set, uses './logs'
+
config SRC_TREE_OVERRIDE
bool "Enable package source tree override" if DEVEL
help
diff --git a/rules.mk b/rules.mk
index 80cb3d63f4..b140fbca70 100644
--- a/rules.mk
+++ b/rules.mk
@@ -159,7 +159,7 @@ TARGET_ROOTFS_DIR?=$(if $(call 
qstrip,$(CONFIG_TARGET_ROOTFS_DIR)),$(call qstrip
 TARGET_DIR:=$(TARGET_ROOTFS_DIR)/root-$(BOARD)
 STAGING_DIR_ROOT:=$(STAGING_DIR)/root-$(BOARD)
 STAGING_DIR_IMAGE:=$(STAGING_DIR)/image
-BUILD_LOG_DIR:=$(TOPDIR)/logs
+BUILD_LOG_DIR:=$(if $(call qstrip,$(CONFIG_BUILD_LOG_DIR)),$(call 
qstrip,$(CONFIG_BUILD_LOG_DIR)),$(TOPDIR)/logs)
 PKG_INFO_DIR := $(STAGING_DIR)/pkginfo
 
 BUILD_DIR_HOST:=$(if 
$(IS_PACKAGE_BUILD),$(BUILD_DIR_BASE)/hostpkg,$(BUILD_DIR_BASE)/host)
-- 
2.23.0


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] toolchain/gcc: switch to version 8 by default

2019-09-28 Thread Paul Spooren 
Main motivation for this commit is the introduction of
`-ffile-prefix-map=` which alows reproducible build path.

Compiling tested without errors on the following targets:

* ath79
* brcm2708
* brcm63xx
* ixp4xx
* ramips
* sunxi
* x86

Signed-off-by: Paul Spooren 
---
Please let me know if I should compile more targets.

 toolchain/gcc/Config.in  | 3 +--
 toolchain/gcc/Config.version | 9 -
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/toolchain/gcc/Config.in b/toolchain/gcc/Config.in
index 0977f9b4e7..7d7f34210a 100644
--- a/toolchain/gcc/Config.in
+++ b/toolchain/gcc/Config.in
@@ -2,8 +2,7 @@
 
 choice
prompt "GCC compiler Version" if TOOLCHAINOPTS
-   default GCC_USE_VERSION_8 if arc
-   default GCC_USE_VERSION_7
+   default GCC_USE_VERSION_8
help
  Select the version of gcc you wish to use.
 
diff --git a/toolchain/gcc/Config.version b/toolchain/gcc/Config.version
index d9732b3e0d..1a86bcb8a6 100644
--- a/toolchain/gcc/Config.version
+++ b/toolchain/gcc/Config.version
@@ -2,9 +2,8 @@ config GCC_VERSION_5
default y if GCC_USE_VERSION_5
bool
 
-config GCC_VERSION_8
-   default y if GCC_USE_VERSION_8
-   default y if arc && !GCC_USE_VERSION_9
+config GCC_VERSION_7
+   default y if GCC_USE_VERSION_7
bool
 
 config GCC_VERSION_9
@@ -19,6 +18,6 @@ config GCC_USE_EMBEDDED_PATH_REMAP
 config GCC_VERSION
string
default "5.5.0" if GCC_VERSION_5
-   default "8.3.0" if GCC_VERSION_8
+   default "7.4.0" if GCC_VERSION_7
default "9.2.0" if GCC_VERSION_9
-   default "7.4.0"
+   default "8.3.0"
-- 
2.23.0


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 2/2] build: add script to sign packages

2019-09-24 Thread Paul Spooren 
This script allows image signing indipendend of the actual build
process, to run on a master server after receiving freshly backed
images. Idea is to avoid storying private keys on third party builders
while still beeing to be able to sign packages.

Run ./scripts/sign_images.sh with the following env vars:

* TOP_DIR where to search for sysupgrade.bin images
* BUILD_KEY place of key-build{,.pub,.ucert}
* REMOVE_OTHER_SIGNATURES removes signatures added by e.g. buildbots

Only sysupgrade.bin files are touched as factory.bin signatures wouldn't
be evaluated on stock from.

Signed-off-by: Paul Spooren 
---
 scripts/sign_images.sh | 27 +++
 1 file changed, 27 insertions(+)
 create mode 100755 scripts/sign_images.sh

diff --git a/scripts/sign_images.sh b/scripts/sign_images.sh
new file mode 100755
index 00..c41b21e091
--- /dev/null
+++ b/scripts/sign_images.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# directory where search for images
+TOP_DIR="${TOP_DIR:-./bin/targets}"
+# key to sign images
+BUILD_KEY="${BUILD_KEY:-key-build}" # TODO unifiy naming?
+# remove other signatures (added e.g.  by buildbot)
+REMOVE_OTER_SIGNATURES="${REMOVE_OTER_SIGNATURES:-1}"
+
+# find all sysupgrade images in TOP_DIR
+# factory images don't need signatures as non OpenWrt system doen't check them 
anyway
+for image in $(find $TOP_DIR -type f -name "*-sysupgrade.bin"); do
+   # check if image actually support metadata
+   if fwtool -i /dev/null "$image"; then
+   # remove all previous signatures
+   if [ -n "$REMOVE_OTER_SIGNATURES" ]; then
+   while [ "$?" = 0 ]; do
+   fwtool -t -s /dev/null "$image"
+   done
+   fi
+   # run same operation as build root does for signing
+   cp "$BUILD_KEY.ucert" "$image.ucert"
+   usign -S -m "$image" -s "$BUILD_KEY" -x "$image.sig"
+   ucert -A -c "$image.ucert" -x "$image.sig"
+   fwtool -S "$image.ucert" "$image"
+   fi
+done
-- 
2.23.0


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 1/2] build: separate signing logic

2019-09-24 Thread Paul Spooren 
This separates the options for signature creation and verification

* SIGNED_PACKAGES create Packages.sig
* SIGNED_IMAGES add ucert signature to created images
* CHECK_SIGNATURE add verification capabilities to images
* INSTALL_LOCAL_KEY add local key-build to /etc/opkg/keys

Right now the buildbot.git contains some hacks to create images that
have signature verification capabilities while not storing private keys
on buildbot slaves. This commit allows to disable these steps for the
buildbots and only perform signing on the master.

Signed-off-by: Paul Spooren 
---
 config/Config-build.in  | 12 ++--
 include/image-commands.mk   | 13 -
 package/base-files/Makefile | 17 +
 3 files changed, 27 insertions(+), 15 deletions(-)

diff --git a/config/Config-build.in b/config/Config-build.in
index 35341833e3..fd2ae5bbdd 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -30,13 +30,21 @@ menu "Global build settings"
  - Enabling per-device rootfs support
  ...
 
+   config INSTALL_LOCAL_KEY
+   bool "Install local usign key into image"
+   default n
+
config SIGNED_PACKAGES
bool "Cryptographically signed package lists"
-   default y
+   default n
+
+   config SIGNED_IMAGES
+   bool "Cryptographically signed firmware images"
+   default n
 
config SIGNATURE_CHECK
bool "Enable signature checking in opkg"
-   default SIGNED_PACKAGES
+   default y
 
comment "General build options"
 
diff --git a/include/image-commands.mk b/include/image-commands.mk
index 1d0aed1918..d4d19a40e1 100644
--- a/include/image-commands.mk
+++ b/include/image-commands.mk
@@ -370,11 +370,14 @@ metadata_json = \
 
 define Build/append-metadata
$(if $(SUPPORTED_DEVICES),-echo $(call 
metadata_json,$(SUPPORTED_DEVICES)) | fwtool -I - $@)
-   [ ! -s "$(BUILD_KEY)" -o ! -s "$(BUILD_KEY).ucert" -o ! -s "$@" ] || { \
-   cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
-   usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\
-   ucert -A -c "$@.ucert" -x "$@.sig" ;\
-   fwtool -S "$@.ucert" "$@" ;\
+   [ -z "$(SIGNED_IMAGES)" \
+   -o ! -s "$(BUILD_KEY)" \
+   -o ! -s "$(BUILD_KEY).ucert" \
+   -o ! -s "$@" ] || { \
+   cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
+   usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\
+   ucert -A -c "$@.ucert" -x "$@.sig" ;\
+   fwtool -S "$@.ucert" "$@" ;\
}
 endef
 
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
index f105d2cd27..588c958f80 100644
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -37,7 +37,7 @@ endif
 define Package/base-files
   SECTION:=base
   CATEGORY:=Base system
-  DEPENDS:=+netifd +libc +procd +jsonfilter +SIGNED_PACKAGES:usign 
+SIGNED_PACKAGES:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
+  DEPENDS:=+netifd +libc +procd +jsonfilter +SIGNATURE_CHECK:usign 
+SIGNATURE_CHECK:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
   TITLE:=Base filesystem for OpenWrt
   URL:=http://openwrt.org/
   VERSION:=$(PKG_RELEASE)-$(REVISION)
@@ -116,12 +116,6 @@ ifdef CONFIG_SIGNED_PACKAGES
$(STAGING_DIR_HOST)/bin/ucert -I -c $(BUILD_KEY).ucert -p 
$(BUILD_KEY).pub -s $(BUILD_KEY)
 
   endef
-
-  define Package/base-files/install-key
-   mkdir -p $(1)/etc/opkg/keys
-   $(CP) $(BUILD_KEY).pub 
$(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign -F -p $(BUILD_KEY).pub`
-
-  endef
 endif
 
 ifeq ($(CONFIG_NAND_SUPPORT),)
@@ -130,9 +124,16 @@ ifeq ($(CONFIG_NAND_SUPPORT),)
   endef
 endif
 
+ifdef CONFIG_INSTALL_LOCAL_KEY
+  define Package/base-files/install-local-key
+   mkdir -p $(1)/etc/opkg/keys
+   $(CP) $(BUILD_KEY).pub 
$(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign \
+   -F -p $(BUILD_KEY).pub`
+endef
+
 define Package/base-files/install
$(CP) ./files/* $(1)/
-   $(Package/base-files/install-key)
+   $(Package/base-files/install-local-key)
$(Package/base-files/nand-support)
if [ -d $(GENERIC_PLATFORM_DIR)/base-files/. ]; then \
$(CP) $(GENERIC_PLATFORM_DIR)/base-files/* $(1)/; \
-- 
2.23.0


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] buildbot: store key-build.pub as 0644

2019-09-24 Thread Paul Spooren 
All other keys are stored as 0644, the only reason this key is 0600 is
as the key-build should be hidden from others. Changing the public key
it to 0644 it is in line with all other keys in /etc/opkg/keys.

Signed-off-by: Paul Spooren 
---
 phase1/master.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/phase1/master.cfg b/phase1/master.cfg
index ee26fe4..f0151f6 100644
--- a/phase1/master.cfg
+++ b/phase1/master.cfg
@@ -763,7 +763,7 @@ for target in targets:
name = "dlkeybuildpub",
s = UsignSec2Pub(usign_key, usign_comment),
slavedest = "key-build.pub",
-   mode = 0600,
+   mode = 0644,
))
 
factory.addStep(StringDownload(
-- 
2.23.0


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [Suggestions] Streamline localization by using Weblate for the project, use LiberaPay or OpenCollective to enable people to donate

2019-09-24 Thread Paul Spooren 

Hi Scott,

On 23.09.19 16:15, Scott via openwrt-devel wrote:

First and foremost, as a user of OpenWrt and LuCI by way of TurrisOS thanks for 
everyone who has contributed to OpenWrt. As someone who's seeking to give back 
to the project via localization I noticed that while OpenWrt has relatively 
straightforward documentation on contributing localization 
(https://github.com/openwrt/luci/wiki/i18n), the process could be streamlined a 
great deal more. In particular by using Weblate thus making easier it for those 
who don't know Git and providing significant quality of life improvements even 
for those who do know Git. Those who want to do offline localization could 
continue to do so w/o issue.

For those who aren't familiar with localization, Weblate is basically a web 
based tool that allows to contribute by simply entering in a localized string 
and hitting 'suggest' rather than having to Git clone, download an offline 
client like Lokalize, and then make a PR. There's also a good number of nice 
things to improve localization. It's easy to visually see what languages need 
localization work, you can be notified when there's new strings or a few other 
trigger events, and you can utilize not only the 'translation memory' of 
OpenWrt itself, but other FOSS such as related routing projects like Foris. The 
great thing is that while you can self host your own Weblate server, because 
OpenWrt is FOSS, the folk behind Weblate would likely offer free hosting given 
their Gratis for libre projects pricing. To better see what I'm talking about 
in action please check out:https://hosted.weblate.org/projects/


I think that's a good idea! As it doesn't need to be directly integrated 
in any existing workflow nor requires privileges on any Git, it's 
basically just a fancy front-end with translation suggestions for .po 
files right?


Out of curiosity I requested a libre account for a quick evaluation, if 
anyone is in serious doubt on evaluation it I'll instantly cancel the 
request. However I think this is in line with 
https://openwrt.org/meetings/hamburg2019/start#luci_translations



As a secondary note in what sounds like was written in late 2016, there were 
private discussions about public crowdfunding to help pay for servers 
(https://openwrt.org/infrastructure). Talking with tmomas on the forums it 
sounds like the current bottleneck is people power. Any surplus donations 
beyond infrastructure could be used to pay for part or full time development or 
for bounties. Between the LiberaPay and OpenCollective, OpenCollective may be 
preferable because it is designed to allow both reoccurring and one off 
donations.


Also a nice idea, I heard a couple of times people want to donate but 
there is no convenient way to do so. Having some funding for 
rpcd-doc-writing or a simplified web interface would be great!


Maybe jow can come up with a comment on this, I remember there were some 
issues on how to manage the money in an organizational way...


Best,
Paul


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] treewide: add Generic subtarget if missing

2019-09-20 Thread Paul Spooren 

On 17.09.19 00:25, Jonas Gorski wrote:

On Sun, 15 Sep 2019 at 12:49, Paul Spooren  wrote:

What you suggest is about what we have right now. This kind of creates a misleading situation where 
for some targets subtargets are present, while for others paths and image names are 
"fixed" in several places to include a "generic". The reason for Paul's patch 
was to get rid of the fixes at individual places (which was/is applied somewhat inconsistently) by 
just making all targets apply to the same logic (i.e. that there is at least one subtarget).
So, the empty files are introduced to make the process of building and creating 
images afterwards simpler (to follow/understand).

I was suffering from the same problem when I dealt with OpenWrt-derived 
firmware, where I suddenly encountered a target without subtargets and had to 
implement extra code to work around that.

However, I also wondered whether one couldn't code around the necessity of the 
empty file, and just add the SUBTARGET/SUBTARGETS variables here...

Thanks for commenting, that's very much my point!

Maybe the easiest solution is to add `SUBTARGET ?= generic` to
include/image.mk instead of introducing empty files. Will try that tomorrow.

Thanks, this is what I meant, providing some sensible default value(s).

I have to admit, even after reading your changelog and Adrian's email
twice, I still don't quite grasp what issue this change is trying to
fix. An example might be nice in the changelog.


The idea is to have always the same naming pattern for images:



This allows you to be certain to find an image (or related files) at the 
excepted place, instead of guessing if the generic "subtarget" actually 
appears in the filename or not.


To illustrate: I'm trying to create an index with all created images. 
The index maps images and device titels to make it easier finding the 
right firmware. The more variation in the openwrt buildroot, the more I 
have to work around it.


I created an updated PR here[0] which also adds the new subtargets to uboot.

Regards
Paul

[0]: https://github.com/openwrt/openwrt/pull/2431


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] treewide: add Generic subtarget if missing

2019-09-15 Thread Paul Spooren 

What you suggest is about what we have right now. This kind of creates a misleading situation where 
for some targets subtargets are present, while for others paths and image names are 
"fixed" in several places to include a "generic". The reason for Paul's patch 
was to get rid of the fixes at individual places (which was/is applied somewhat inconsistently) by 
just making all targets apply to the same logic (i.e. that there is at least one subtarget).
So, the empty files are introduced to make the process of building and creating 
images afterwards simpler (to follow/understand).

I was suffering from the same problem when I dealt with OpenWrt-derived 
firmware, where I suddenly encountered a target without subtargets and had to 
implement extra code to work around that.

However, I also wondered whether one couldn't code around the necessity of the 
empty file, and just add the SUBTARGET/SUBTARGETS variables here...


Thanks for commenting, that's very much my point!

Maybe the easiest solution is to add `SUBTARGET ?= generic` to 
include/image.mk instead of introducing empty files. Will try that tomorrow.


Best,
Paul


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] treewide: add Generic subtarget if missing

2019-09-12 Thread Paul Spooren 

I posted this a while ago could somebody please apply this?

On 22.08.19 23:02, Paul Spooren wrote:

As in 853e4dd OpenWrt should follow a unified structure, where every
device has a target/subtarget combination, if there is only one
subtarget, call it "Generic". This introduces predictable filenames.

CC: Alexander Couzens 
CC: Felix Fietkau 
CC: Jason Wu 
CC: John Crispin 
CC: Luka Perkov 
CC: Roman Yeryomin 
CC: Sergey Ryazanov 
CC: Tim Harvey 
CC: Tomasz Maciej Nowak 

Signed-off-by: Paul Spooren 
---
  target/linux/ath25/Makefile  | 1 +
  target/linux/ath25/generic/target.mk | 1 +
  target/linux/cns3xxx/Makefile| 1 +
  target/linux/cns3xxx/generic/target.mk   | 1 +
  target/linux/gemini/Makefile | 1 +
  target/linux/gemini/generic/target.mk| 1 +
  target/linux/imx6/Makefile   | 1 +
  target/linux/imx6/generic/target.mk  | 1 +
  target/linux/kirkwood/Makefile   | 1 +
  target/linux/kirkwood/generic/target.mk  | 1 +
  target/linux/octeon/Makefile | 1 +
  target/linux/octeon/generic/target.mk| 1 +
  target/linux/octeontx/Makefile   | 1 +
  target/linux/octeontx/generic/target.mk  | 1 +
  target/linux/omap/Makefile   | 1 +
  target/linux/omap/generic/target.mk  | 1 +
  target/linux/pistachio/Makefile  | 1 +
  target/linux/pistachio/generic/target.mk | 1 +
  target/linux/rb532/Makefile  | 1 +
  target/linux/rb532/generic/target.mk | 1 +
  target/linux/tegra/Makefile  | 1 +
  target/linux/tegra/generic/target.mk | 1 +
  target/linux/zynq/Makefile   | 1 +
  target/linux/zynq/generic/target.mk  | 1 +
  24 files changed, 24 insertions(+)
  create mode 100644 target/linux/ath25/generic/target.mk
  create mode 100644 target/linux/cns3xxx/generic/target.mk
  create mode 100644 target/linux/gemini/generic/target.mk
  create mode 100644 target/linux/imx6/generic/target.mk
  create mode 100644 target/linux/kirkwood/generic/target.mk
  create mode 100644 target/linux/octeon/generic/target.mk
  create mode 100644 target/linux/octeontx/generic/target.mk
  create mode 100644 target/linux/omap/generic/target.mk
  create mode 100644 target/linux/pistachio/generic/target.mk
  create mode 100644 target/linux/rb532/generic/target.mk
  create mode 100644 target/linux/tegra/generic/target.mk
  create mode 100644 target/linux/zynq/generic/target.mk

diff --git a/target/linux/ath25/Makefile b/target/linux/ath25/Makefile
index cb8b7ec1be..a253b4ceb3 100644
--- a/target/linux/ath25/Makefile
+++ b/target/linux/ath25/Makefile
@@ -10,6 +10,7 @@ ARCH:=mips
  BOARD:=ath25
  BOARDNAME:=Atheros AR231x/AR5312
  FEATURES:=squashfs low_mem small_flash
+SUBTARGETS:=generic
  MAINTAINER:=Sergey Ryazanov 
  
  KERNEL_PATCHVER:=4.14

diff --git a/target/linux/ath25/generic/target.mk 
b/target/linux/ath25/generic/target.mk
new file mode 100644
index 00..f5cb1fb19b
--- /dev/null
+++ b/target/linux/ath25/generic/target.mk
@@ -0,0 +1 @@
+BOARDNAME:=Generic
diff --git a/target/linux/cns3xxx/Makefile b/target/linux/cns3xxx/Makefile
index f21ad06248..7930b959b6 100644
--- a/target/linux/cns3xxx/Makefile
+++ b/target/linux/cns3xxx/Makefile
@@ -12,6 +12,7 @@ BOARDNAME:=Cavium Networks Econa CNS3xxx
  FEATURES:=squashfs fpu gpio pcie usb usbgadget
  CPU_TYPE:=mpcore
  CPU_SUBTYPE:=vfp
+SUBTARGETS:=generic
  MAINTAINER:=Felix Fietkau , \
Koen Vandeputte 
  KERNEL_PATCHVER:=4.19
diff --git a/target/linux/cns3xxx/generic/target.mk 
b/target/linux/cns3xxx/generic/target.mk
new file mode 100644
index 00..f5cb1fb19b
--- /dev/null
+++ b/target/linux/cns3xxx/generic/target.mk
@@ -0,0 +1 @@
+BOARDNAME:=Generic
diff --git a/target/linux/gemini/Makefile b/target/linux/gemini/Makefile
index 3afc643023..1f1486f0c5 100644
--- a/target/linux/gemini/Makefile
+++ b/target/linux/gemini/Makefile
@@ -11,6 +11,7 @@ BOARD:=gemini
  BOARDNAME:=Cortina Systems CS351x
  FEATURES:=squashfs pci rtc usb dt gpio display ext4 rootfs-part boot-part
  CPU_TYPE:=fa526
+SUBTARGETS:=generic
  MAINTAINER:=Roman Yeryomin 
  
  KERNEL_PATCHVER:=4.19

diff --git a/target/linux/gemini/generic/target.mk 
b/target/linux/gemini/generic/target.mk
new file mode 100644
index 00..f5cb1fb19b
--- /dev/null
+++ b/target/linux/gemini/generic/target.mk
@@ -0,0 +1 @@
+BOARDNAME:=Generic
diff --git a/target/linux/imx6/Makefile b/target/linux/imx6/Makefile
index ac4300f7eb..570898cb9c 100644
--- a/target/linux/imx6/Makefile
+++ b/target/linux/imx6/Makefile
@@ -12,6 +12,7 @@ BOARDNAME:=Freescale i.MX 6
  FEATURES:=audio display fpu gpio pcie rtc usb usbgadget squashfs targz nand 
ubifs boot-part rootfs-part
  CPU_TYPE:=cortex-a9
  CPU_SUBTYPE:=neon
+SUBTARGETS:=generic
  MAINTAINER:=Luka Perkov 
  
  KERNEL_PATCHVER:=4.19

diff --git a/target/linux/imx6/generic/target.mk 
b/target/linux/imx6/generic/target.mk
new file mode 100644
index 00..f5cb1fb19b
--- /dev/null
+++ b/target/linux/im

[OpenWrt-Devel] [PATCH] phase1: run prepare instead of diffconfig

2019-09-03 Thread Paul Spooren 
This will not only create config.buildinfo as before, but also
version.buildinfo and feeds.buidinfo.

CC: Jo-Philipp Wich 

Signed-off-by: Paul Spooren 
---
 phase1/master.cfg | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/phase1/master.cfg b/phase1/master.cfg
index a91864a..e5a13ba 100644
--- a/phase1/master.cfg
+++ b/phase1/master.cfg
@@ -918,9 +918,9 @@ for target in targets:
))
 
factory.addStep(ShellCommand(
-   name = "diffconfig",
-   description = "Generating config.seed",
-   command=["make", "-j1", "diffconfig", "V=s"],
+   name = "prepare",
+   description = "Generating config.buildinfo, version.buildinfo 
and feeds.buildinfo",
+   command=["make", "-j1", "prepare", "V=s"],
env = MakeEnv(),
haltOnFailure = True
))
-- 
2.23.0.rc1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] procd: allow running with pid != 1

2019-09-03 Thread Paul Spooren 
Allow to run procd from a bash script and still let it fire up system
services. This is handy when running from within a container that does
not start any init command on pid 1, like on GitLab CI.

Signed-off-by: Paul Spooren 
---
 procd.c | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/procd.c b/procd.c
index 3de6208..a78c538 100644
--- a/procd.c
+++ b/procd.c
@@ -74,10 +74,7 @@ int main(int argc, char **argv)
setsid();
uloop_init();
procd_signal();
-   if (getpid() != 1)
-   procd_connect_ubus();
-   else
-   procd_state_next();
+   procd_state_next();
uloop_run();
uloop_done();
 
-- 
2.23.0.rc1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [RFC] use Debian like release channel identifiers?

2019-08-26 Thread Paul Spooren 

On 25.08.19 22:08, Bjørn Mork wrote:

Paul Spooren  writes:


as 19.07 is *just around the corner* I was wondering if there's a
better way of distinguishing between versions.

Right now, I see 4 different *channels* which somewhat match the
Debian style, therefore a possible mapping:

18.06.N -> stable
19.07-rcN -> testing
19.07-SNAPSHOT -> unstable
SNAPSHOT -> experimental

This looks fine right now.  But such mappings tend to confuse users over
time, when "stable" suddenly is redefined to 19.07.1, 22.09.1 etc.  And
what do you call 18.06.97 when 22.09.1 is "stable"?


I guess that's a good point, how to handle multiple stable (point) 
releases at the same time? I'd think a user running 20.5.2 should be 
offered to upgrade to 21.0.1 and 20.5.3. Whereas the former is 
recommended, not?



Debian had a long discussion about dropping code names in favour of
release versions recently See:
https://lwn.net/Articles/792646/


Thanks for the article. Looking at some vendor implementations, they 
offer something like a stable and beta channel, where the stable channel 
also "suddenly" changes once a new release appears. Isn't that desired 
to keep users with the latest software?


Applying the schema mentioned above, I'd suggest the following upgrade 
behaviors


* (stable) point upgrades to newer point releases or major release, but 
only one major at a time. (not 19.01 to 20.01 but to 19.07 first).


* (testing) rc upgrade to newest point or rc release, but also max one 
in between. So 19.07-rc2 to 19.07-rc3 or 20.01-rc1.


* (unstable) release snapshot to whatever newest release snapshot, rc or 
point. Upgrading from snap to rc can be based on revision.


* (experimental) snapshot to whatever revision snapshot is more recent

As two releases are planed per year, I see it necessary to simplify the 
upgrade process between those.



I am not sure if they have reached any conclusion.  But I believe we
should think about the possible drawbacks here before deciding to change
the release naming yet again.  I for one would prefer any scheme which
lasted more than 2 releases


Very right :)

Paul


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [RFC] use Debian like release channel identifiers?

2019-08-25 Thread Paul Spooren 

Hi all,

as 19.07 is *just around the corner* I was wondering if there's a better 
way of distinguishing between versions.


Right now, I see 4 different *channels* which somewhat match the Debian 
style, therefore a possible mapping:


18.06.N -> stable
19.07-rcN -> testing
19.07-SNAPSHOT -> unstable
SNAPSHOT -> experimental

This naming could allow users to choose different "upgrade" channels, 
like for Debian, Nextcloud, Firefox, etc. They could be informed about a 
new upgrades via the LuCi interface or a cron-mail-daemon-service-thing.


The tool to check for upgrades could be build on-top of a PR[0] 
introducing JSON information of versions, targets and created images.


A Luci app is currently being created[1], I'd work on some rpcd code to 
work in the background.


It's somewhat cosmetic only but also simplifies user understanding of 
what they're using - right?


Best,
Paul

[0]: https://github.com/openwrt/openwrt/pull/2192.diff
[1]: 
https://github.com/sudhanshu16/luci/commit/750c3e22c7b4f6e98363cc16813355132558b1bf



___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [RFC]remove outdated targets from snapshots

2019-08-23 Thread Paul Spooren 

Hi,

various targets at OpenWrt/snapshots[0] are no longer build and cause 
(at least for me) from time to time some trouble. Would it be possible 
to add a cron job removing all files from snapshots/ which are older 
than, a week? The folder is not intented as an archive, right?


Sunshine,
    Paul

[0]: https://downloads.openwrt.org/snapshots/targets/


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] treewide: add Generic subtarget if missing

2019-08-23 Thread Paul Spooren 
As in 853e4dd OpenWrt should follow a unified structure, where every
device has a target/subtarget combination, if there is only one
subtarget, call it "Generic". This introduces predictable filenames.

CC: Alexander Couzens 
CC: Felix Fietkau 
CC: Jason Wu 
CC: John Crispin 
CC: Luka Perkov 
CC: Roman Yeryomin 
CC: Sergey Ryazanov 
CC: Tim Harvey 
CC: Tomasz Maciej Nowak 

Signed-off-by: Paul Spooren 
---
 target/linux/ath25/Makefile  | 1 +
 target/linux/ath25/generic/target.mk | 1 +
 target/linux/cns3xxx/Makefile| 1 +
 target/linux/cns3xxx/generic/target.mk   | 1 +
 target/linux/gemini/Makefile | 1 +
 target/linux/gemini/generic/target.mk| 1 +
 target/linux/imx6/Makefile   | 1 +
 target/linux/imx6/generic/target.mk  | 1 +
 target/linux/kirkwood/Makefile   | 1 +
 target/linux/kirkwood/generic/target.mk  | 1 +
 target/linux/octeon/Makefile | 1 +
 target/linux/octeon/generic/target.mk| 1 +
 target/linux/octeontx/Makefile   | 1 +
 target/linux/octeontx/generic/target.mk  | 1 +
 target/linux/omap/Makefile   | 1 +
 target/linux/omap/generic/target.mk  | 1 +
 target/linux/pistachio/Makefile  | 1 +
 target/linux/pistachio/generic/target.mk | 1 +
 target/linux/rb532/Makefile  | 1 +
 target/linux/rb532/generic/target.mk | 1 +
 target/linux/tegra/Makefile  | 1 +
 target/linux/tegra/generic/target.mk | 1 +
 target/linux/zynq/Makefile   | 1 +
 target/linux/zynq/generic/target.mk  | 1 +
 24 files changed, 24 insertions(+)
 create mode 100644 target/linux/ath25/generic/target.mk
 create mode 100644 target/linux/cns3xxx/generic/target.mk
 create mode 100644 target/linux/gemini/generic/target.mk
 create mode 100644 target/linux/imx6/generic/target.mk
 create mode 100644 target/linux/kirkwood/generic/target.mk
 create mode 100644 target/linux/octeon/generic/target.mk
 create mode 100644 target/linux/octeontx/generic/target.mk
 create mode 100644 target/linux/omap/generic/target.mk
 create mode 100644 target/linux/pistachio/generic/target.mk
 create mode 100644 target/linux/rb532/generic/target.mk
 create mode 100644 target/linux/tegra/generic/target.mk
 create mode 100644 target/linux/zynq/generic/target.mk

diff --git a/target/linux/ath25/Makefile b/target/linux/ath25/Makefile
index cb8b7ec1be..a253b4ceb3 100644
--- a/target/linux/ath25/Makefile
+++ b/target/linux/ath25/Makefile
@@ -10,6 +10,7 @@ ARCH:=mips
 BOARD:=ath25
 BOARDNAME:=Atheros AR231x/AR5312
 FEATURES:=squashfs low_mem small_flash
+SUBTARGETS:=generic
 MAINTAINER:=Sergey Ryazanov 
 
 KERNEL_PATCHVER:=4.14
diff --git a/target/linux/ath25/generic/target.mk 
b/target/linux/ath25/generic/target.mk
new file mode 100644
index 00..f5cb1fb19b
--- /dev/null
+++ b/target/linux/ath25/generic/target.mk
@@ -0,0 +1 @@
+BOARDNAME:=Generic
diff --git a/target/linux/cns3xxx/Makefile b/target/linux/cns3xxx/Makefile
index f21ad06248..7930b959b6 100644
--- a/target/linux/cns3xxx/Makefile
+++ b/target/linux/cns3xxx/Makefile
@@ -12,6 +12,7 @@ BOARDNAME:=Cavium Networks Econa CNS3xxx
 FEATURES:=squashfs fpu gpio pcie usb usbgadget
 CPU_TYPE:=mpcore
 CPU_SUBTYPE:=vfp
+SUBTARGETS:=generic
 MAINTAINER:=Felix Fietkau , \
Koen Vandeputte 
 KERNEL_PATCHVER:=4.19
diff --git a/target/linux/cns3xxx/generic/target.mk 
b/target/linux/cns3xxx/generic/target.mk
new file mode 100644
index 00..f5cb1fb19b
--- /dev/null
+++ b/target/linux/cns3xxx/generic/target.mk
@@ -0,0 +1 @@
+BOARDNAME:=Generic
diff --git a/target/linux/gemini/Makefile b/target/linux/gemini/Makefile
index 3afc643023..1f1486f0c5 100644
--- a/target/linux/gemini/Makefile
+++ b/target/linux/gemini/Makefile
@@ -11,6 +11,7 @@ BOARD:=gemini
 BOARDNAME:=Cortina Systems CS351x
 FEATURES:=squashfs pci rtc usb dt gpio display ext4 rootfs-part boot-part
 CPU_TYPE:=fa526
+SUBTARGETS:=generic
 MAINTAINER:=Roman Yeryomin 
 
 KERNEL_PATCHVER:=4.19
diff --git a/target/linux/gemini/generic/target.mk 
b/target/linux/gemini/generic/target.mk
new file mode 100644
index 00..f5cb1fb19b
--- /dev/null
+++ b/target/linux/gemini/generic/target.mk
@@ -0,0 +1 @@
+BOARDNAME:=Generic
diff --git a/target/linux/imx6/Makefile b/target/linux/imx6/Makefile
index ac4300f7eb..570898cb9c 100644
--- a/target/linux/imx6/Makefile
+++ b/target/linux/imx6/Makefile
@@ -12,6 +12,7 @@ BOARDNAME:=Freescale i.MX 6
 FEATURES:=audio display fpu gpio pcie rtc usb usbgadget squashfs targz nand 
ubifs boot-part rootfs-part
 CPU_TYPE:=cortex-a9
 CPU_SUBTYPE:=neon
+SUBTARGETS:=generic
 MAINTAINER:=Luka Perkov 
 
 KERNEL_PATCHVER:=4.19
diff --git a/target/linux/imx6/generic/target.mk 
b/target/linux/imx6/generic/target.mk
new file mode 100644
index 00..f5cb1fb19b
--- /dev/null
+++ b/target/linux/imx6/generic/target.mk
@@ -0,0 +1 @@
+BOARDNAME:=Generic
diff --git a/target/linux/kirkwood/Makefile b/target/linux/kirkwood/Makefile
index adc7a496e1..e185eca093 100644
--

[OpenWrt-Devel] [PATCH] bcm53xx: add generic subtarget

2019-08-23 Thread Paul Spooren 
Same game as for 853e4dd3062df7cb5704b15d6af6730e3194b571. Add generic
to the filenames.

CC: Hauke Mehrtens 

Signed-off-by: Paul Spooren 
---
 target/linux/bcm53xx/Makefile  | 1 +
 target/linux/bcm53xx/generic/target.mk | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 target/linux/bcm53xx/generic/target.mk

diff --git a/target/linux/bcm53xx/Makefile b/target/linux/bcm53xx/Makefile
index 4171a04ee4..6c19263fdf 100644
--- a/target/linux/bcm53xx/Makefile
+++ b/target/linux/bcm53xx/Makefile
@@ -12,6 +12,7 @@ BOARDNAME:=Broadcom BCM47xx/53xx (ARM)
 FEATURES:=squashfs nand usb pci pcie gpio
 MAINTAINER:=Hauke Mehrtens 
 CPU_TYPE:=cortex-a9
+SUBTARGETS:=generic
 
 KERNEL_PATCHVER:=4.14
 KERNEL_TESTING_PATCHVER := 4.19
diff --git a/target/linux/bcm53xx/generic/target.mk 
b/target/linux/bcm53xx/generic/target.mk
new file mode 100644
index 00..f5cb1fb19b
--- /dev/null
+++ b/target/linux/bcm53xx/generic/target.mk
@@ -0,0 +1 @@
+BOARDNAME:=Generic
-- 
2.23.0.rc1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] ipqx0xx: add Generic subtarget

2019-08-22 Thread Paul Spooren 



On 22.08.19 00:11, John Crispin wrote:


On 22/08/2019 08:47, Paul Spooren wrote:

Hi John,
This commit adds the Generic subtarget resulting in consistent naming. 


and

already uses `x/generic/` as subfolder as if the subtarget would exist. 


I'm very much in favor of consistent names[0][1][2] as it reduces the 
hassle when trying automate things, like building images via an API[3].


Is the subtarget causing any harm except for eight additional 
characters per filename?


Paul

[0]: https://github.com/openwrt/openwrt/pull/2330
[1]: https://github.com/openwrt/openwrt/pull/2334
[2]: https://github.com/openwrt/openwrt/pull/2326
[3]: https://github.com/aparcar/attendedsysupgrade-server


dont really care, just wondering why


If you don't mind please merge it, I think it's the last target without 
a defined subtarget.


Paul



___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] ipqx0xx: add Generic subtarget

2019-08-22 Thread Paul Spooren 

Hi John,
This commit adds the Generic subtarget resulting in consistent naming. 


and

already uses `x/generic/` as subfolder as if the subtarget would exist. 


I'm very much in favor of consistent names[0][1][2] as it reduces the 
hassle when trying automate things, like building images via an API[3].


Is the subtarget causing any harm except for eight additional characters 
per filename?


Paul

[0]: https://github.com/openwrt/openwrt/pull/2330
[1]: https://github.com/openwrt/openwrt/pull/2334
[2]: https://github.com/openwrt/openwrt/pull/2326
[3]: https://github.com/aparcar/attendedsysupgrade-server


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] ipqx0xx: add Generic subtarget

2019-08-21 Thread Paul Spooren 
Both targets miss a subtarget causing an image naming style which is
different from other all othe targets, even tho it already uses
`x/generic/` as subfolder as if the subtarget would exist.

This commit adds the Generic subtarget resulting in consistent naming.

~/src/openwrt/openwrt/bin/targets/ipq806x/generic$ ls
openwrt-ipq806x-generic-netgear_d7800-initramfs-uImage
openwrt-ipq806x-generic-netgear-d7800.manifest
openwrt-ipq806x-generic-netgear_d7800-squashfs-factory.img
openwrt-ipq806x-generic-netgear_d7800-squashfs-sysupgrade.bin

CC: John Crispin 

Signed-off-by: Paul Spooren 
---
 target/linux/ipq40xx/Makefile  | 1 +
 target/linux/ipq40xx/generic/target.mk | 1 +
 target/linux/ipq806x/Makefile  | 1 +
 target/linux/ipq806x/generic/target.mk | 1 +
 4 files changed, 4 insertions(+)
 create mode 100644 target/linux/ipq40xx/generic/target.mk
 create mode 100644 target/linux/ipq806x/generic/target.mk

diff --git a/target/linux/ipq40xx/Makefile b/target/linux/ipq40xx/Makefile
index 9b78d1f1bf..9e26b277fa 100644
--- a/target/linux/ipq40xx/Makefile
+++ b/target/linux/ipq40xx/Makefile
@@ -7,6 +7,7 @@ FEATURES:=squashfs fpu ramdisk nand
 CPU_TYPE:=cortex-a7
 CPU_SUBTYPE:=neon-vfpv4
 MAINTAINER:=John Crispin 
+SUBTARGETS:=generic
 
 KERNEL_PATCHVER:=4.19
 
diff --git a/target/linux/ipq40xx/generic/target.mk 
b/target/linux/ipq40xx/generic/target.mk
new file mode 100644
index 00..f5cb1fb19b
--- /dev/null
+++ b/target/linux/ipq40xx/generic/target.mk
@@ -0,0 +1 @@
+BOARDNAME:=Generic
diff --git a/target/linux/ipq806x/Makefile b/target/linux/ipq806x/Makefile
index cd0e8b82ea..19ed015ebc 100644
--- a/target/linux/ipq806x/Makefile
+++ b/target/linux/ipq806x/Makefile
@@ -9,6 +9,7 @@ FEATURES:=squashfs nand fpu ramdisk
 CPU_TYPE:=cortex-a15
 CPU_SUBTYPE:=neon-vfpv4
 MAINTAINER:=John Crispin 
+SUBTARGETS:=generic
 
 KERNEL_PATCHVER:=4.14
 
diff --git a/target/linux/ipq806x/generic/target.mk 
b/target/linux/ipq806x/generic/target.mk
new file mode 100644
index 00..f5cb1fb19b
--- /dev/null
+++ b/target/linux/ipq806x/generic/target.mk
@@ -0,0 +1 @@
+BOARDNAME:=Generic
-- 
2.23.0.rc1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH v2] image.mk: remove device_ from manifest filename

2019-08-12 Thread Paul Spooren 
The manifest file is based on IMG_PREFIX and PROFILE_SANITIZED, whereas
the latter takes a string like DEVICE_8dev_carambola2 and sanitizes it.
This behaviour results in a useless "device_" profile-prefix in the
device manifest filename. Now uses *subst* to remove that.

Therefore this patch results more consistent device file names:

openwrt-ath79-generic-8dev_carambola2-initramfs-kernel.bin
openwrt-ath79-generic-8dev-carambola2.manifest
openwrt-ath79-generic-8dev_carambola2-squashfs-sysupgrade.bin

instead of a single file being called

openwrt-ath79-generic-device_8dev-carambola2.manifest

Signed-off-by: Paul Spooren 
---
v2: removed senseless newline - sorry

 include/image.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/image.mk b/include/image.mk
index e55ac22d0d..c6a6ab7993 100644
--- a/include/image.mk
+++ b/include/image.mk
@@ -106,7 +106,7 @@ define add_jffs2_mark
echo -ne '\xde\xad\xc0\xde' >> $(1)
 endef
 
-PROFILE_SANITIZED := $(call sanitize,$(PROFILE))
+PROFILE_SANITIZED := $(call sanitize,$(subst DEVICE_,,$(PROFILE)))
 
 define split_args
 $(foreach data, \
-- 
2.20.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] image.mk: remove device_ from manifest filename

2019-08-12 Thread Paul Spooren 
The manifest file is based on IMG_PREFIX and PROFILE_SANITIZED, whereas
the latter takes a string like DEVICE_8dev_carambola2 and sanitizes it.
This behaviour results in a useless "device_" profile-prefix in the
device manifest filename. Now uses *subst* to remove that.

Therefore this patch results more consistent device file names:

openwrt-ath79-generic-8dev_carambola2-initramfs-kernel.bin
openwrt-ath79-generic-8dev-carambola2.manifest
openwrt-ath79-generic-8dev_carambola2-squashfs-sysupgrade.bin

instead of a single file being called

openwrt-ath79-generic-device_8dev-carambola2.manifest

Signed-off-by: Paul Spooren 
---
 include/image.mk | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/image.mk b/include/image.mk
index e55ac22d0d..cc333052a2 100644
--- a/include/image.mk
+++ b/include/image.mk
@@ -106,7 +106,7 @@ define add_jffs2_mark
echo -ne '\xde\xad\xc0\xde' >> $(1)
 endef
 
-PROFILE_SANITIZED := $(call sanitize,$(PROFILE))
+PROFILE_SANITIZED := $(call sanitize,$(subst DEVICE_,,$(PROFILE)))
 
 define split_args
 $(foreach data, \
@@ -298,6 +298,7 @@ endef
 define Image/Manifest
$(call opkg,$(TARGET_DIR_ORIG)) list-installed > \
$(BIN_DIR)/$(IMG_PREFIX)$(if 
$(PROFILE_SANITIZED),-$(PROFILE_SANITIZED)).manifest
+
 endef
 
 define Image/gzip-ext4-padded-squashfs
-- 
2.20.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] procd: fix shutdown when running in a container

2019-08-05 Thread Paul Spooren 
Applies patch from @mikma [0] to fix Docker shutdown. Added detection to
state.c if running in a containre or not.

Tested with a x86/64 Docker image.

Fixes FS#2425

CC: Mikael Magnusson 
CC: Petr Štetiar 

[0]: 
https://github.com/mikma/lxd-openwrt/blob/master/patches/procd-master/0003-docker-fix-problem-stopping-container.patch

Signed-off-by: Paul Spooren 
---
 state.c | 25 +++--
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/state.c b/state.c
index ccf4104..b7cba88 100644
--- a/state.c
+++ b/state.c
@@ -20,6 +20,7 @@
 #include 
 #include 
 
+#include "container.h"
 #include "procd.h"
 #include "syslog.h"
 #include "plug/hotplug.h"
@@ -157,18 +158,22 @@ static void state_enter(void)
else
LOG("- reboot -\n");
 
-   /* Allow time for last message to reach serial console, etc */
-   sleep(1);
+   if(!is_container()) {
+   /* Allow time for last message to reach serial console, 
etc */
+   sleep(1);
 
-   /* We have to fork here, since the kernel calls 
do_exit(EXIT_SUCCESS)
-* in linux/kernel/sys.c, which can cause the machine to panic 
when
-* the init process exits... */
-   if (!vfork( )) { /* child */
-   reboot(reboot_event);
-   _exit(EXIT_SUCCESS);
+   /* We have to fork here, since the kernel calls 
do_exit(EXIT_SUCCESS)
+* in linux/kernel/sys.c, which can cause the machine 
to panic when
+* the init process exits... */
+   if (!vfork( )) { /* child */
+   reboot(reboot_event);
+   _exit(EXIT_SUCCESS);
+   }
+   while (1)
+   sleep(1);
+   } else {
+   exit(0);
}
-   while (1)
-   sleep(1);
 #else
exit(0);
 #endif
-- 
2.20.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH v2] procd: add daemon mode and remove pid 1 check

2019-08-02 Thread Paul Spooren 
Add arg -D to start procd in daemon mode. This allows running procd
directly, not only via /init. Useful for CI environments to start
services like ubus and netifd without needing the whole init process.

To make this work procd also spawns services when running on a different
pid than 1, normal when started via terminal. Before it would only try
to connect to an existing ubus instance.

The -D arg handling was kindly created (with < 60 seconds RTT) by John,
I just created the patch and removed pid checking.

CC: John Crispin 
Signed-off-by: Paul Spooren 
---
v2: added usage/help message

 procd.c | 11 ++-
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/procd.c b/procd.c
index 3de6208..aaef4fe 100644
--- a/procd.c
+++ b/procd.c
@@ -35,6 +35,7 @@ static int usage(const char *prog)
"   -hrun as hotplug daemon\n"
"   -d   Enable debug messages\n"
"   -S  Print messages to stdout\n"
+   "   -D  Run procd as daemon process\n"
"\n", prog);
return 1;
 }
@@ -50,7 +51,7 @@ int main(int argc, char **argv)
unsetenv("DBGLVL");
}
 
-   while ((ch = getopt(argc, argv, "d:s:h:S")) != -1) {
+   while ((ch = getopt(argc, argv, "d:s:h:SD")) != -1) {
switch (ch) {
case 'h':
return hotplug_run(optarg);
@@ -63,6 +64,9 @@ int main(int argc, char **argv)
case 'S':
ulog_channels = ULOG_STDIO;
break;
+   case 'D':
+   daemon(1, 1);
+   break;
default:
return usage(argv[0]);
}
@@ -74,10 +78,7 @@ int main(int argc, char **argv)
setsid();
uloop_init();
procd_signal();
-   if (getpid() != 1)
-   procd_connect_ubus();
-   else
-   procd_state_next();
+   procd_state_next();
uloop_run();
uloop_done();
 
-- 
2.20.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH v2] build: include BUILD_VARIANT in PKG_BUILD_DIR

2019-08-02 Thread Paul Spooren 
Hey,

on commit 5e928acf22cdc956eabe6e4b2327b34eb0ee66da applying fails:

error: patch failed: package/libs/ustream-ssl/Makefile:10
error: package/libs/ustream-ssl/Makefile: patch does not apply

However removing the ustream-ssl part of the patch results in a working
version for (at least) all three openvpn variants!

Best,
Paul

On 02.08.19 21:15, Jeffery To wrote:
> On Wed, May 15, 2019 at 8:32 PM Jeffery To  > wrote:
>
> This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into
> account (if set), so that packages do not need to manually override
> PKG_BUILD_DIR just to handle variants.
>
> This also updates most base packages with variants to use the updated
> default PKG_BUILD_DIR.
>
> Signed-off-by: Jeffery To  >
> ---
> v2: updated PKG_BUILD_DIR in include/kernel.mk ,
> removed undefines
>
>
> Can someone take a look at this patch? (I have un-delegated it in
> patchwork.)
>
> Thanks,
> Jeff
>
>
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] procd: add daemon mode and remove pid 1 check

2019-08-02 Thread Paul Spooren 
Add arg -D to start procd in daemon mode. This allows running procd
directly, not only via /init. Useful for CI environments to start
services like ubus and netifd without needing the whole init process.

To make this work procd also spawns services when running on a different
pid than 1, normal when started via terminal. Before it would only try
to connect to an existing ubus instance.

The -D arg handling was kindly created (with < 60 seconds RTT) by John,
I just created the patch and removed pid checking.

CC: John Crispin 
Signed-off-by: Paul Spooren 
---
 procd.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/procd.c b/procd.c
index 3de6208..10b974b 100644
--- a/procd.c
+++ b/procd.c
@@ -50,7 +50,7 @@ int main(int argc, char **argv)
unsetenv("DBGLVL");
}
 
-   while ((ch = getopt(argc, argv, "d:s:h:S")) != -1) {
+   while ((ch = getopt(argc, argv, "d:s:h:SD")) != -1) {
switch (ch) {
case 'h':
return hotplug_run(optarg);
@@ -63,6 +63,9 @@ int main(int argc, char **argv)
case 'S':
ulog_channels = ULOG_STDIO;
break;
+   case 'D':
+   daemon(1, 1);
+   break;
default:
return usage(argv[0]);
}
@@ -74,10 +77,7 @@ int main(int argc, char **argv)
setsid();
uloop_init();
procd_signal();
-   if (getpid() != 1)
-   procd_connect_ubus();
-   else
-   procd_state_next();
+   procd_state_next();
uloop_run();
uloop_done();
 
-- 
2.20.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [RFC]merge routing repository to packages

2019-07-07 Thread Paul Spooren 
Hi Gio,

> So either we give commit access to all those people 

parsing the Makefiles for maintainers I find 11 people (CC'ed) without
commit access to packages.git. I'd be okay with granting them access,
currently 57 people have commit access.

To the current maintainers: please share your thoughts of this transfer!

Thanks for your time,
Paul

> or we fall back in the 
> past problematic situation.
>
> Cheers!
> Gio  
>
> On Friday, 5 July 2019 14:26:31 CEST Paul Spooren wrote:
>> Hi all,
>>
>> just as a notification as I don't want to spread the discussion to all
>> kinds of platforms:
>>
>> I proposed (actually jow in 2017) to merge openwrt-routing/packages into
>> openwrt/packages subfolder net.
>>
>> Please find the current discussion at GitHub[0].
>>
>> This is intended to be a transfer, not a fixup. Fixes of legacy/broken
>> Makefiles are welcome in the future!
>>
>> Sunshine,
>> Paul
>>
>> [0]: https://github.com/openwrt/packages/pull/9399
>>
>>
>>
>> ___
>> openwrt-devel mailing list
>> openwrt-devel@lists.openwrt.org
>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>
>
>

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [RFC]merge routing repository to packages

2019-07-05 Thread Paul Spooren 
Hi all,

just as a notification as I don't want to spread the discussion to all
kinds of platforms:

I proposed (actually jow in 2017) to merge openwrt-routing/packages into
openwrt/packages subfolder net.

Please find the current discussion at GitHub[0].

This is intended to be a transfer, not a fixup. Fixes of legacy/broken
Makefiles are welcome in the future!

Sunshine,
Paul

[0]: https://github.com/openwrt/packages/pull/9399



___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [RFC]split DEVICE_TITLE in multiple variables

2019-07-05 Thread Paul Spooren 
The PR was accepted, I'd be happy if newly ported devices could follow
this style!

I'll do some work on reorganizing existing targets.

Best,
Paul

> [0]: https://github.com/openwrt/openwrt/pull/2124
> [1]: https://sudhanshu16.github.io/openwrt-firmware-selector/
>
>
>
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [RFC]split DEVICE_TITLE in multiple variables

2019-07-02 Thread Paul Spooren 
Hi all,

some days ago I wrote this proposal[0] to split DEVICE_TITLE in
DEVICE_VENDOR, DEVICE_MODEL and DEVICE_VARIANT (holding revisions and
storage sizes if applicable).

I extended the image.mk to to use the newly introduced variables if
DEVICE_TITLE is empty, meaning it can be used as a drop in.

   DEVICE_TITLE = $$(DEVICE_VENDOR) $$(DEVICE_MODEL)$$(if $$(value
DEVICE_VARIANT), $$(DEVICE_VARIANT))

This simplifies and unifies the DEVICE_TITLE creation and introduces the
possibility to search and sort devices based on vendor etc. A proof of
concept is available here[1].

In future PRs I'd rework existing targets (not only ath79 as in [0]) and
suggest developers adding new devices to use DEVICE_MODEL rather than
the full DEVICE_TILE in their patches.

I'd be happy to hear some comments!

Best regards,
Paul

[0]: https://github.com/openwrt/openwrt/pull/2124
[1]: https://sudhanshu16.github.io/openwrt-firmware-selector/



___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH v2] opkg: add --license arg for installed packages

2019-06-13 Thread Paul Spooren 
add --license option to print (SPDX) license tag in the
`installed-packages` overview. This is useful for manifest generation,
as it show all licenses used within an image. In case the license is not
available, a question mark (?) is printed instead.

base-files - 198-r10203+1-c12bd3a21b - GPL-2.0
bnx2-firmware - 20190416-1 - ?
busybox - 1.30.1-4 - GPL-2.0
dnsmasq - 2.80-13 - GPL-2.0
dropbear - 2019.78-2 - MIT
e2fsprogs - 1.44.5-1 - GPL-2.0
firewall - 2019-01-02-70f8785b-2 - ISC
fstools - 2019-03-28-ff1ded63-4 - GPL-2.0
fwtool - 1 - ?
getrandom - 2019-04-07-5130fa4d-2 - GPL-2.0
ip6tables - 1.8.2-3 - GPL-2.0
iptables - 1.8.2-3 - GPL-2.0
jshn - 2019-02-27-eeef7b50-1 - ISC
jsonfilter - 2018-02-04-c7e938d6-1 - ISC
...

CC: Jo-Philipp Wich 
Signed-off-by: Paul Spooren 
---
v2 <- v1 ignore license via PFM_LICENSE in opkg_cmd.c when not actually needed

 libopkg/opkg_cmd.c  | 51 +
 libopkg/opkg_conf.c |  1 +
 libopkg/opkg_conf.h |  1 +
 libopkg/pkg.c   | 11 ++
 libopkg/pkg.h   |  1 +
 libopkg/pkg_parse.c |  5 +
 libopkg/pkg_parse.h |  1 +
 src/opkg-cl.c   |  7 +++
 8 files changed, 55 insertions(+), 23 deletions(-)

diff --git a/libopkg/opkg_cmd.c b/libopkg/opkg_cmd.c
index c823df8..5fc9ae5 100644
--- a/libopkg/opkg_cmd.c
+++ b/libopkg/opkg_cmd.c
@@ -45,9 +45,12 @@ static void print_pkg(pkg_t * pkg)
 {
char *version = pkg_version_str_alloc(pkg);
char *description = pkg_get_string(pkg, PKG_DESCRIPTION);
+   char *license = pkg_get_string(pkg, PKG_LICENSE);
printf("%s - %s", pkg->name, version);
if (conf->size)
printf(" - %lu", (unsigned long) pkg_get_int(pkg, PKG_SIZE));
+   if (conf->license)
+   printf(" - %s", license ? license : "?");
if (description)
printf(" - %s", description);
printf("\n");
@@ -1255,10 +1258,10 @@ static int opkg_print_architecture_cmd(int argc, char 
**argv)
array for easier maintenance */
 static opkg_cmd_t cmds[] = {
{"update", 0, (opkg_cmd_fun_t) opkg_update_cmd,
-PFM_DESCRIPTION | PFM_SOURCE},
+PFM_DESCRIPTION | PFM_SOURCE | PFM_LICENSE},
{"upgrade", 1, (opkg_cmd_fun_t) opkg_upgrade_cmd,
 PFM_DESCRIPTION | PFM_SOURCE},
-   {"list", 0, (opkg_cmd_fun_t) opkg_list_cmd, PFM_SOURCE},
+   {"list", 0, (opkg_cmd_fun_t) opkg_list_cmd, PFM_SOURCE | PFM_LICENSE},
{"list_installed", 0, (opkg_cmd_fun_t) opkg_list_installed_cmd,
 PFM_SOURCE},
{"list-installed", 0, (opkg_cmd_fun_t) opkg_list_installed_cmd,
@@ -1268,55 +1271,57 @@ static opkg_cmd_t cmds[] = {
{"list-upgradable", 0, (opkg_cmd_fun_t) opkg_list_upgradable_cmd,
 PFM_SOURCE},
{"list_changed_conffiles", 0,
-(opkg_cmd_fun_t) opkg_list_changed_conffiles_cmd, PFM_SOURCE},
+(opkg_cmd_fun_t) opkg_list_changed_conffiles_cmd,
+PFM_SOURCE | PFM_LICENSE},
{"list-changed-conffiles", 0,
-(opkg_cmd_fun_t) opkg_list_changed_conffiles_cmd, PFM_SOURCE},
+(opkg_cmd_fun_t) opkg_list_changed_conffiles_cmd,
+PFM_SOURCE | PFM_LICENSE},
{"info", 0, (opkg_cmd_fun_t) opkg_info_cmd, 0},
{"flag", 1, (opkg_cmd_fun_t) opkg_flag_cmd,
-PFM_DESCRIPTION | PFM_SOURCE},
+PFM_DESCRIPTION | PFM_SOURCE | PFM_LICENSE},
{"status", 0, (opkg_cmd_fun_t) opkg_status_cmd,
 PFM_DESCRIPTION | PFM_SOURCE},
{"install", 1, (opkg_cmd_fun_t) opkg_install_cmd,
 PFM_DESCRIPTION | PFM_SOURCE},
{"remove", 1, (opkg_cmd_fun_t) opkg_remove_cmd,
-PFM_DESCRIPTION | PFM_SOURCE},
+PFM_DESCRIPTION | PFM_SOURCE | PFM_LICENSE},
{"configure", 0, (opkg_cmd_fun_t) opkg_configure_cmd,
-PFM_DESCRIPTION | PFM_SOURCE},
+PFM_DESCRIPTION | PFM_SOURCE | PFM_LICENSE},
{"files", 1, (opkg_cmd_fun_t) opkg_files_cmd,
-PFM_DESCRIPTION | PFM_SOURCE},
+PFM_DESCRIPTION | PFM_SOURCE | PFM_LICENSE},
{"search", 1, (opkg_cmd_fun_t) opkg_search_cmd,
-PFM_DESCRIPTION | PFM_SOURCE},
-   {"find", 1, (opkg_cmd_fun_t) opkg_find_cmd, PFM_SOURCE},
+PFM_DESCRIPTION | PFM_SOURCE | PFM_LICENSE},
+   {"find", 1, (opkg_cmd_fun_t) opkg_find_cmd, PFM_SOURCE | PFM_LICENSE},
{"download", 1, (opkg_cmd_fun_t) opkg_download_cmd,
-PFM_DESCRIPTION | PFM_SOURCE},
+PFM_DESCRIPTION | PFM_SOURCE | PFM_LICENSE},
{"compare_versions", 1, (opkg_cmd_fun_t) opkg_compare_versions_cmd, 0},
{"compare-versions", 1, (opkg_cmd_fun_t) opkg_compare_versions_cmd, 0},
{"print-architecture", 0, (opkg_cmd_fun_t) opkg_print_architecture

Re: [OpenWrt-Devel] [RFC] additional Docker images and CI testing

2019-06-12 Thread Paul Spooren 
Hi Ted,
> This sounds like a good idea - would giving you commit access to our
> docker hub [0] repo be of any help? Is there anything else I could
> help with?

I'd be happy with commit access to the docker hub (not to mistake with
git commit access).

Please find here a reworked version with a README and scripts that can
also run locally:

https://github.com/aparcar/openwrt-docker

>
> I don't know if you saw this posting I made last year about a simple
> use of our Docker image for test buiilds. Issue #7735 [1]. I had
> pinned it
> but for some reason @heil un-pinned it and I left it be.

I hadn't checked the PR yet but will do so soonish!

Paul

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] opkg: add --license arg for installed packages

2019-06-12 Thread Paul Spooren 
add --license option to print (SPDX) license tag in the
`installed-packages` overview. This is useful for manifest generation,
as it show all licenses used within an image. In case the license is not
available, a question mark (?) is printed instead.

base-files - 198-r10203+1-c12bd3a21b - GPL-2.0
bnx2-firmware - 20190416-1 - ?
busybox - 1.30.1-4 - GPL-2.0
dnsmasq - 2.80-13 - GPL-2.0
dropbear - 2019.78-2 - MIT
e2fsprogs - 1.44.5-1 - GPL-2.0
firewall - 2019-01-02-70f8785b-2 - ISC
fstools - 2019-03-28-ff1ded63-4 - GPL-2.0
fwtool - 1 - ?
getrandom - 2019-04-07-5130fa4d-2 - GPL-2.0
ip6tables - 1.8.2-3 - GPL-2.0
iptables - 1.8.2-3 - GPL-2.0
jshn - 2019-02-27-eeef7b50-1 - ISC
jsonfilter - 2018-02-04-c7e938d6-1 - ISC
...

CC: Jo-Philipp Wich 
Signed-off-by: Paul Spooren 
---
 libopkg/opkg_cmd.c  |  3 +++
 libopkg/opkg_conf.c |  1 +
 libopkg/opkg_conf.h |  1 +
 libopkg/pkg.c   | 11 +++
 libopkg/pkg.h   |  1 +
 libopkg/pkg_parse.c |  5 +
 libopkg/pkg_parse.h |  1 +
 src/opkg-cl.c   |  7 +++
 8 files changed, 30 insertions(+)

diff --git a/libopkg/opkg_cmd.c b/libopkg/opkg_cmd.c
index c823df8..e8a34f4 100644
--- a/libopkg/opkg_cmd.c
+++ b/libopkg/opkg_cmd.c
@@ -45,9 +45,12 @@ static void print_pkg(pkg_t * pkg)
 {
char *version = pkg_version_str_alloc(pkg);
char *description = pkg_get_string(pkg, PKG_DESCRIPTION);
+   char *license = pkg_get_string(pkg, PKG_LICENSE);
printf("%s - %s", pkg->name, version);
if (conf->size)
printf(" - %lu", (unsigned long) pkg_get_int(pkg, PKG_SIZE));
+   if (conf->license)
+   printf(" - %s", license ? license : "?");
if (description)
printf(" - %s", description);
printf("\n");
diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c
index 08855eb..40b1734 100644
--- a/libopkg/opkg_conf.c
+++ b/libopkg/opkg_conf.c
@@ -70,6 +70,7 @@ opkg_option_t options[] = {
{"proxy_user", OPKG_OPT_TYPE_STRING, &_conf.proxy_user},
{"query-all", OPKG_OPT_TYPE_BOOL, &_conf.query_all},
{"size", OPKG_OPT_TYPE_BOOL, &_conf.size},
+   {"license", OPKG_OPT_TYPE_BOOL, &_conf.license},
{"tmp_dir", OPKG_OPT_TYPE_STRING, &_conf.tmp_dir},
{"verbosity", OPKG_OPT_TYPE_INT, &_conf.verbosity},
{NULL, 0, NULL}
diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h
index 37f95a1..0413ccd 100644
--- a/libopkg/opkg_conf.h
+++ b/libopkg/opkg_conf.h
@@ -87,6 +87,7 @@ struct opkg_conf {
int verbosity;
int noaction;
int size;
+   int license;
int download_only;
char *cache;
 
diff --git a/libopkg/pkg.c b/libopkg/pkg.c
index e5bfe6f..fb1b2f1 100644
--- a/libopkg/pkg.c
+++ b/libopkg/pkg.c
@@ -777,6 +777,15 @@ void pkg_formatted_field(FILE * fp, pkg_t * pkg, const 
char *field)
}
}
break;
+   case 'l':
+   case 'L':
+   if (strcasecmp(field, "License") == 0) {
+   p = pkg_get_string(pkg, PKG_LICENSE);
+   if (p && *p) {
+   fprintf(fp, "License: %s\n", p);
+   }
+   }
+   break;
case 'm':
case 'M':
if (strcasecmp(field, "Maintainer") == 0) {
@@ -926,6 +935,7 @@ void pkg_formatted_info(FILE * fp, pkg_t * pkg)
pkg_formatted_field(fp, pkg, "Package");
pkg_formatted_field(fp, pkg, "Version");
pkg_formatted_field(fp, pkg, "Depends");
+   pkg_formatted_field(fp, pkg, "License");
pkg_formatted_field(fp, pkg, "Recommends");
pkg_formatted_field(fp, pkg, "Suggests");
pkg_formatted_field(fp, pkg, "Provides");
@@ -956,6 +966,7 @@ void pkg_print_status(pkg_t * pkg, FILE * file)
pkg_formatted_field(file, pkg, "Package");
pkg_formatted_field(file, pkg, "Version");
pkg_formatted_field(file, pkg, "Depends");
+   pkg_formatted_field(file, pkg, "License");
pkg_formatted_field(file, pkg, "Recommends");
pkg_formatted_field(file, pkg, "Suggests");
pkg_formatted_field(file, pkg, "Provides");
diff --git a/libopkg/pkg.h b/libopkg/pkg.h
index 600fc9e..0065043 100644
--- a/libopkg/pkg.h
+++ b/libopkg/pkg.h
@@ -79,6 +79,7 @@ typedef enum pkg_state_status pkg_state_status_t;
 
 enum pkg_fields {
PKG_MAINTAINER,
+   PKG_LICENSE,
PKG_PRIORITY,
PKG_SOURCE,
PKG_TAGS,
diff --git a/libopkg/pkg_parse.c b/libopkg/pkg_parse.c
index 0baa4db..87db2fa 100644
--- a/libopkg/pkg_parse.c
+++ b/libopkg/pkg_parse.c
@@ -269,6 +269,11 @@ int pkg_parse_line(void *ptr, c

[OpenWrt-Devel] [RFC] additional Docker images and CI testing

2019-06-01 Thread Paul Spooren 
Hi all,

currently OpenWrt only offers a very basic Docker image[0] for testing
of the packages.git repo. The image is not directly usable as the CI
does most of the work, like setting up the SDK and adding feeds[1]. I'd
like to propose two additional images and added CI test examples for
illustration, `openwrt` and `openwrt-sdk`

## openwrt:x86-64

Now that OpenWrt can run within Docker containers[2] (thanks @mikma,
@dangowrt and @ynezz) it's possible for local or CI tests:

* Running the image locally:

    docker run --rm -it aparcar/openwrt:x86-64

* Test example via CircleCI

Checks if procd starts basic services[3].

The container image is created via a config.yml similar to the one from
packages.git[4].

## openwrt-sdk:x86-64

The OpenWrt SDK in a Docker container, also usable for local building or CI:

* Using the SDK locally

    docker run --rm -v ./bin/:/sdk/bin -it aparcar/openwrt-sdk:x86-64
    # within the Docker container
    ./scripts/feeds update base
    make defconfig
    ./scripts/feeds install firewall
    make package/firewall/{clean,compile} -j$(nproc)

The compiled output is found in ./bin/

* Test example via CircleCI

Compiles firewall package[5].

The openwrt-sdk container image is also created via CI[6].

All examples are based on this[7] repo and the *interesting* branches are:

* openwrt
* openwrt-test
* openwrt-sdk
* openwrt-sdk-test

I'd be happy if OpenWrt offers OS, SDK and ImageBuilder container images
in the future. Currently only the x86/64 target is supported, however
it'd be easy to support all (popular) targets via tags.

Eventually we could use this to develop test cases for OpenWrt specific
tools like netifd, procd, ubus, firewall3, etc...

Best,
Paul

[0]: https://hub.docker.com/r/openwrtorg/packages-cci
[1]:
https://git.openwrt.org/?p=feed/packages.git;a=blob;f=.circleci/config.yml;h=02a87146d91f19638bfbfc1fbc46913256cf358d;hb=refs/heads/master
[2]:
https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=6a92eb5b382860017fd00cd05350a648c4a4ac56
[3]: https://circleci.com/gh/aparcar/openwrt-ci-test/53#config/containers/0
[4]: https://circleci.com/gh/aparcar/openwrt-ci-test/41#config/containers/0
[5]: https://circleci.com/gh/aparcar/openwrt-ci-test/45#config/containers/0
[6]: https://circleci.com/gh/aparcar/openwrt-ci-test/46#config/containers/0
[7]: https://github.com/aparcar/openwrt-ci-test



___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] procd: fixup double negative docker detection

2019-05-30 Thread Paul Spooren 
Double `!!` results in false positives, making the snapshot unusable as
procd won't mount essential things on *non virtial machines*.

Signed-off-by: Paul Spooren 
---
 container.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/container.h b/container.h
index dd2e432..3c388ce 100644
--- a/container.h
+++ b/container.h
@@ -20,7 +20,7 @@
 
 static inline bool is_container() {
struct stat s;
-   return !!getenv("container") || !!stat("/.dockerenv", );
+   return !!getenv("container") || !stat("/.dockerenv", );
 }
 
 #endif
-- 
2.20.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH v2] opkg: add License info

2019-05-27 Thread Paul Spooren 
show license in `opkg info `.

CC: Jo-Philipp Wich 
Signed-off-by: Paul Spooren 
---
 libopkg/opkg_cmd.c  |  3 +++
 libopkg/pkg.c   | 10 ++
 libopkg/pkg.h   |  1 +
 libopkg/pkg_parse.c |  5 +
 libopkg/pkg_parse.h |  1 +
 5 files changed, 20 insertions(+)

diff --git a/libopkg/opkg_cmd.c b/libopkg/opkg_cmd.c
index c823df8..81f9a29 100644
--- a/libopkg/opkg_cmd.c
+++ b/libopkg/opkg_cmd.c
@@ -45,7 +45,10 @@ static void print_pkg(pkg_t * pkg)
 {
char *version = pkg_version_str_alloc(pkg);
char *description = pkg_get_string(pkg, PKG_DESCRIPTION);
+   char *license = pkg_get_string(pkg, PKG_LICENSE);
printf("%s - %s", pkg->name, version);
+   if (license)
+   printf(" - %s", license);
if (conf->size)
printf(" - %lu", (unsigned long) pkg_get_int(pkg, PKG_SIZE));
if (description)
diff --git a/libopkg/pkg.c b/libopkg/pkg.c
index e5bfe6f..1971689 100644
--- a/libopkg/pkg.c
+++ b/libopkg/pkg.c
@@ -777,6 +777,15 @@ void pkg_formatted_field(FILE * fp, pkg_t * pkg, const 
char *field)
}
}
break;
+   case 'l':
+   case 'L':
+   if (strcasecmp(field, "License") == 0) {
+   p = pkg_get_string(pkg, PKG_LICENSE);
+   if (p) {
+   fprintf(fp, "License: %s\n", p);
+   }
+   }
+   break;
case 'm':
case 'M':
if (strcasecmp(field, "Maintainer") == 0) {
@@ -926,6 +935,7 @@ void pkg_formatted_info(FILE * fp, pkg_t * pkg)
pkg_formatted_field(fp, pkg, "Package");
pkg_formatted_field(fp, pkg, "Version");
pkg_formatted_field(fp, pkg, "Depends");
+   pkg_formatted_field(fp, pkg, "License");
pkg_formatted_field(fp, pkg, "Recommends");
pkg_formatted_field(fp, pkg, "Suggests");
pkg_formatted_field(fp, pkg, "Provides");
diff --git a/libopkg/pkg.h b/libopkg/pkg.h
index 600fc9e..0065043 100644
--- a/libopkg/pkg.h
+++ b/libopkg/pkg.h
@@ -79,6 +79,7 @@ typedef enum pkg_state_status pkg_state_status_t;
 
 enum pkg_fields {
PKG_MAINTAINER,
+   PKG_LICENSE,
PKG_PRIORITY,
PKG_SOURCE,
PKG_TAGS,
diff --git a/libopkg/pkg_parse.c b/libopkg/pkg_parse.c
index 0baa4db..a294258 100644
--- a/libopkg/pkg_parse.c
+++ b/libopkg/pkg_parse.c
@@ -269,6 +269,11 @@ int pkg_parse_line(void *ptr, char *line, uint mask)
pkg_set_int(pkg, PKG_INSTALLED_TIME, strtoul(line + 
strlen("Installed-Time") + 1, NULL, 0));
}
break;
+   case 'l':
+   case 'L':
+   if ((mask & PFM_LICENSE) && is_field("License", line))
+   pkg_set_string(pkg, PKG_LICENSE, line + 
strlen("License") + 1);
+   break;
 
case 'M':
if ((mask & PFM_MD5SUM) && (is_field("MD5sum:", line) || 
is_field("MD5Sum:", line)))
diff --git a/libopkg/pkg_parse.h b/libopkg/pkg_parse.h
index d1f901a..ccb97aa 100644
--- a/libopkg/pkg_parse.h
+++ b/libopkg/pkg_parse.h
@@ -54,6 +54,7 @@ int pkg_parse_line(void *ptr, char *line, uint mask);
 #define PFM_SUGGESTS   (1 << 25)
 #define PFM_TAGS   (1 << 26)
 #define PFM_VERSION(1 << 27)
+#define PFM_LICENSE(1 << 28)
 
 #define PFM_ALL(~(uint)0)
 
-- 
2.20.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH v2] procd: add docker support

2019-05-27 Thread Paul Spooren 
detects if running in a docker container, which then requires special
treatment of mounts. OpenWrt within Docker is useful for CI testing.

Signed-off-by: Paul Spooren 
---
 container.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/container.h b/container.h
index d33fa32..dd2e432 100644
--- a/container.h
+++ b/container.h
@@ -16,9 +16,11 @@
 
 #include 
 #include 
+#include 
 
 static inline bool is_container() {
-   return !!getenv("container");
+   struct stat s;
+   return !!getenv("container") || !!stat("/.dockerenv", );
 }
 
 #endif
-- 
2.20.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 1/2] procd: add docker support

2019-05-23 Thread Paul Spooren 

On 5/23/19 2:16 PM, Petr Štetiar wrote:
> Paul Spooren  [2019-05-23 13:36:37]:
>
>> No, thanks for the link. Seems that Docker now uses LXC anyway which
> No more[1] :-)
>
>  Remove LXC support.
>
>  The LXC driver was deprecated in Docker 1.8.  Following the deprecation
>  rules, we can remove a deprecated feature after two major releases. LXC won't
>  be supported anymore starting on Docker 1.10.
Oh sorry I'm losing track...
>> results in the availability of container=lxc in /proc/1/environ:
>>
>>     root@df9992e4c518:/# cat /proc/1/environ
>>    
>> HOSTNAME=df9992e4c518SHLVL=1HOME=/rootcontainer=lxcTERM=xtermPATH=/usr/sbin:/usr/bin:/sbin:/binPWD=/root@df9992e4c518:/#
> You're probably just using some already obsolete version of docker-ce.

Is it?

root@dawn:/home/a# docker -v
Docker version 18.09.6, build 481bc77

root@f62c16ac8fa3:/# ls -a .dockerenv
.dockerenv

root@f62c16ac8fa3:/# cat /proc/1/environ
HOSTNAME=f62c16ac8fa3SHLVL=1HOME=/rootcontainer=lxcTERM=xtermPATH=/usr/sbin:/usr/bin:/sbin:/binPWD=/

So I'm guessing replace .dockerinit with .dockerenv should do the job?

Best,
Paul

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] procd: add notification if running in container

2019-05-23 Thread Paul Spooren 
On 5/23/19 10:42 AM, Petr Štetiar wrote:
> Paul Spooren  [2019-05-22 19:24:19]:
>
>> Signed-off-by: Paul Spooren 
>> ---
>>  state.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/state.c b/state.c
>> index ff1734f..9f196ee 100644
>> --- a/state.c
>> +++ b/state.c
>> @@ -101,6 +101,9 @@ static void state_enter(void)
>>  switch (state) {
>>  case STATE_EARLY:
>>  LOG("- early -\n");
>> +if (is_container())
>> +LOG("This isn't real life. I'm running in a 
>> container.\n");
> your commit message is missing (it's required BTW), so I don't know the reason
> why do you need this change. 
I can amend the patch if it's of interest.
> Anyway, I don't see any valid reason to have
> this in procd.

My motivation was to log when procd detects a container and therefore
don't mount stuff. Anyway, if it bloats the log, reject this patch.

Best,
Paul


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 1/2] procd: add docker support

2019-05-23 Thread Paul Spooren 
Hi,

On 5/23/19 12:30 PM, Petr Štetiar wrote:
> I'm wondering if this Docker related changes shouldn't be included as a part
> of a patch series which would add complete Docker support to OpenWrt (do you
> plan to do this?), so it could be tested together.
>
> Or is it now possible to just download OpenWrt image and use it inside the
> Docker as it is?
The latter, running OpenWrt within a Docker container (for CI). I'm
aware of the docker-ce package porting, however did not do anything in
this area.
>> The additional exit(0) treatment in state.c is based on @mikma code[0].
>> It should fix stopping problems of containers.
>>
>> [0]: 
>> https://github.com/mikma/lxd-openwrt/blob/master/patches/procd-master/0003-docker-fix-problem-stopping-container.patch
> This patch looks like a hack, which was probably just cherry-picked without
> actually looking into the surrounding code. See bellow.
>
>> --- a/container.h
>> +++ b/container.h
>> @@ -16,9 +16,11 @@
>>  
>>  #include 
>>  #include 
>> +#include 
>>  
>>  static inline bool is_container() {
>> -return !!getenv("container");
>> +struct stat s;
>> +return !!getenv("container") || !!stat("/.dockerinit", );
>>  }
> Have you noticed "Remove dockerinit once and for all"[1]?

No, thanks for the link. Seems that Docker now uses LXC anyway which
results in the availability of container=lxc in /proc/1/environ:

    root@df9992e4c518:/# cat /proc/1/environ
   
HOSTNAME=df9992e4c518SHLVL=1HOME=/rootcontainer=lxcTERM=xtermPATH=/usr/sbin:/usr/bin:/sbin:/binPWD=/root@df9992e4c518:/#


Meaning, the whole patch is superfluous!

>> --- a/state.c
>> +++ b/state.c
>> @@ -21,6 +21,7 @@
>>  #include 
>>  
>>  #include "procd.h"
>> +#include "container.h"
>>  #include "syslog.h"
>>  #include "plug/hotplug.h"
>>  #include "watchdog.h"
>> @@ -157,6 +158,9 @@ static void state_enter(void)
>>  else
>>  LOG("- reboot -\n");
>>  
>> +if (is_container())
>> +exit(0);
> if you look at that file, you'll notice following:
>
>  #ifndef DISABLE_INIT
> ...
>  #else
>   exit(0);
>  #endif
>
> which makes me wonder if this is proper approach as maybe the proper fix would
> be conversion of compile time DISABLE_INIT functionality into runtime one,
> something like following: 
>
>  inline bool is_init_disabled()
>  {
>  #ifdef DISABLE_INIT
>   return true;
>  #else
>   return is_container();
>  #endif
>  }
>
> It seems like that DISABLE_INIT touches more parts of procd which probably
> should be considered in case if procd is running in container as well (or
> maybe not):
>
>  $ git grep DISABLE_INIT
>
>  plug/hotplug.h:#ifndef DISABLE_INIT
>  signal.c:#ifndef DISABLE_INIT
>  signal.c:#ifndef DISABLE_INIT
>  state.c:#ifndef DISABLE_INIT
>  watchdog.h:#ifndef DISABLE_INIT
>
> This will probably incur more work, but it will likely result in a proper
> solution.

Thanks, I'll look into that. As I understand, the containers don't need
*init*, but the deactivation would be required on run time, not?

Thanks for you time,
Paul


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 1/2] procd: add docker support

2019-05-22 Thread Paul Spooren 
detects if running in a docker container, which then requires special
treatment of mounts. OpenWrt within Docker is useful for CI testing.

The additional exit(0) treatment in state.c is based on @mikma code[0].
It should fix stopping problems of containers.

[0]: 
https://github.com/mikma/lxd-openwrt/blob/master/patches/procd-master/0003-docker-fix-problem-stopping-container.patch

Signed-off-by: Paul Spooren 
---
 container.h | 4 +++-
 state.c | 4 
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/container.h b/container.h
index d33fa32..04d63ed 100644
--- a/container.h
+++ b/container.h
@@ -16,9 +16,11 @@
 
 #include 
 #include 
+#include 
 
 static inline bool is_container() {
-   return !!getenv("container");
+   struct stat s;
+   return !!getenv("container") || !!stat("/.dockerinit", );
 }
 
 #endif
diff --git a/state.c b/state.c
index ccf4104..ff1734f 100644
--- a/state.c
+++ b/state.c
@@ -21,6 +21,7 @@
 #include 
 
 #include "procd.h"
+#include "container.h"
 #include "syslog.h"
 #include "plug/hotplug.h"
 #include "watchdog.h"
@@ -157,6 +158,9 @@ static void state_enter(void)
else
LOG("- reboot -\n");
 
+   if (is_container())
+   exit(0);
+
/* Allow time for last message to reach serial console, etc */
sleep(1);
 
-- 
2.20.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 2/2] iptables.c: lock the xtables.lock

2019-05-17 Thread Paul Spooren 
From: Alexander Couzens 

When using fw3 together with other applications or scripts a race
conditions might occur. When fw3 is preparing the new tables, another
application can use the executable `iptables` which modifies the
kernel-tables.  libxtables will notify this and fails when fw3 is
committing the changes resulting in a failed firewall.

Now waits in a while loop until the lock is gone, activate the lock
itself and applies changes.

To reproduce the bug the following two scripts should run in parrallel,
after a few seconds the latter stop and leaves a broken firewall:

while true; do iptables -N locking; done

and

while [ "$(iptables -w -L OUTPUT | wc -l)" -gt 2 ]; do fw3 reload; done

The following message will appear

Warning: iptc_commit(): Resource temporarily unavailable

and connectivity is gone.

Tested in an LXC and Qemu container.

Signed-off-by: Alexander Couzens 
[fixed waiting for unlock and commit message]
Signed-off-by: Paul Spooren 
---
 iptables.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/iptables.c b/iptables.c
index a095621..559fe7d 100644
--- a/iptables.c
+++ b/iptables.c
@@ -55,6 +55,8 @@
 
 #include "iptables.h"
 
+#define XT_LOCK_NAME "/var/run/xtables.lock"
+static int xt_lock_fd = -1;
 
 struct fw3_ipt_rule {
struct fw3_ipt_handle *h;
@@ -168,6 +170,11 @@ fw3_ipt_open(enum fw3_family family, enum fw3_table table)
 
xtables_init();
 
+   while (!fw3_lock_path(_lock_fd, XT_LOCK_NAME)) {
+   warn("Currently busy xtables.lock - wait 1 second");
+   sleep(1);
+   }
+
if (family == FW3_FAMILY_V6)
{
 #ifndef DISABLE_IPV6
@@ -192,6 +199,7 @@ fw3_ipt_open(enum fw3_family family, enum fw3_table table)
if (!h->handle)
{
free(h);
+   fw3_unlock_path(_lock_fd, XT_LOCK_NAME);
return NULL;
}
 
@@ -561,6 +569,7 @@ fw3_ipt_commit(struct fw3_ipt_handle *h)
 void
 fw3_ipt_close(struct fw3_ipt_handle *h)
 {
+   fw3_unlock_path(_lock_fd, XT_LOCK_NAME);
free(h);
 }
 
-- 
2.20.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 1/2] utils: implement fw3_lock_path() & fw3_unlock_path()

2019-05-17 Thread Paul Spooren 
From: Alexander Couzens 

To lock a second lock file at the same time, introduce fw3_{un,}lock_path.
fw3_lock_path support the path as parameter in difference to fw3_lock which
only locks the fw3 lock file (/var/run/fw3.lock)

Signed-off-by: Alexander Couzens 
---
 utils.c | 34 +-
 utils.h |  2 ++
 2 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/utils.c b/utils.c
index 7f09787..6360279 100644
--- a/utils.c
+++ b/utils.c
@@ -28,7 +28,7 @@
 #include "ipsets.h"
 
 
-static int lock_fd = -1;
+static int fw3_lock_fd = -1;
 static pid_t pipe_pid = -1;
 static FILE *pipe_fd = NULL;
 
@@ -346,13 +346,13 @@ fw3_has_table(bool ipv6, const char *table)
 
 
 bool
-fw3_lock(void)
+fw3_lock_path(int *fd, const char *path)
 {
-   lock_fd = open(FW3_LOCKFILE, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR);
+   int lock_fd = open(path, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR);
 
if (lock_fd < 0)
{
-   warn("Cannot create lock file %s: %s", FW3_LOCKFILE, 
strerror(errno));
+   warn("Cannot create lock file %s: %s", path, strerror(errno));
return false;
}
 
@@ -362,22 +362,38 @@ fw3_lock(void)
return false;
}
 
+   *fd = lock_fd;
+
return true;
 }
 
+bool
+fw3_lock()
+{
+   return fw3_lock_path(_lock_fd, FW3_LOCKFILE);
+}
+
+
 void
-fw3_unlock(void)
+fw3_unlock_path(int *fd, const char *lockpath)
 {
-   if (lock_fd < 0)
+   if (*fd < 0)
return;
 
-   if (flock(lock_fd, LOCK_UN))
+   if (flock(*fd, LOCK_UN))
warn("Cannot release exclusive lock: %s", strerror(errno));
 
-   close(lock_fd);
+   close(*fd);
unlink(FW3_LOCKFILE);
 
-   lock_fd = -1;
+   *fd = -1;
+}
+
+
+void
+fw3_unlock(void)
+{
+   fw3_unlock_path(_lock_fd, FW3_LOCKFILE);
 }
 
 
diff --git a/utils.h b/utils.h
index 1ada0dd..2388072 100644
--- a/utils.h
+++ b/utils.h
@@ -102,6 +102,8 @@ bool fw3_has_table(bool ipv6, const char *table);
 
 bool fw3_lock(void);
 void fw3_unlock(void);
+bool fw3_lock_path(int *fw3_lock_fd, const char *path);
+void fw3_unlock_path(int *fw3_lock_fd, const char *path);
 
 
 void fw3_write_statefile(void *state);
-- 
2.20.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH v2 2/2] procd: apply official kernel clang-format style

2019-05-14 Thread Paul Spooren 


On 5/14/19 6:24 PM, Daniel Golle wrote:
> I don't think adding formatter-information into the code makes sense
> at this stage, as this is meant for exeptions from an otherwise applied
> style. Here, obviously clang-format defintions don't reflect the
> current style.

They don't, they reflect the kernels style (at lest, as much as I
understand using the .clang-configuration file). If it's ugly, it's not
a matter of clang-format but of the kernels code style, not?

To not spam this list to much, I pushed two branches to GitHub with
default style:

clang-format-7 default:
https://github.com/aparcar/procd/commit/ad7a052dad6f0f6a7e429dc3c7bac4206280aafd

clang-format-9 default:
https://github.com/aparcar/procd/commit/fca19bb9c0d14e7da80dd9248e4dc75eedee8dc7

I'd be happy if you could give this a few minutes and send a config you
like:
https://zed0.co.uk/clang-format-configurator/

Sunshine,
Paul



___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH v2 1/2] procd: add clang-format kernel style

2019-05-14 Thread Paul Spooren 
copied from the official kernel style:

https://github.com/torvalds/linux/blob/master/.clang-format

also modify gitignore to unignore the style file

Signed-off-by: Paul Spooren 
---
Added a single OpenWrt specific ForEachMacro rule

 .clang-format | 496 ++
 .gitignore|   1 +
 2 files changed, 497 insertions(+)
 create mode 100644 .clang-format

diff --git a/.clang-format b/.clang-format
new file mode 100644
index 000..3ee1935
--- /dev/null
+++ b/.clang-format
@@ -0,0 +1,496 @@
+# SPDX-License-Identifier: GPL-2.0
+#
+# clang-format configuration file. Intended for clang-format >= 4.
+#
+# For more information, see:
+#
+#   Documentation/process/clang-format.rst
+#   https://clang.llvm.org/docs/ClangFormat.html
+#   https://clang.llvm.org/docs/ClangFormatStyleOptions.html
+#
+---
+AccessModifierOffset: -4
+AlignAfterOpenBracket: Align
+AlignConsecutiveAssignments: false
+AlignConsecutiveDeclarations: false
+#AlignEscapedNewlines: Left # Unknown to clang-format-4.0
+AlignOperands: true
+AlignTrailingComments: false
+AllowAllParametersOfDeclarationOnNextLine: false
+AllowShortBlocksOnASingleLine: false
+AllowShortCaseLabelsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: None
+AllowShortIfStatementsOnASingleLine: false
+AllowShortLoopsOnASingleLine: false
+AlwaysBreakAfterDefinitionReturnType: None
+AlwaysBreakAfterReturnType: None
+AlwaysBreakBeforeMultilineStrings: false
+AlwaysBreakTemplateDeclarations: false
+BinPackArguments: true
+BinPackParameters: true
+BraceWrapping:
+  AfterClass: false
+  AfterControlStatement: false
+  AfterEnum: false
+  AfterFunction: true
+  AfterNamespace: true
+  AfterObjCDeclaration: false
+  AfterStruct: false
+  AfterUnion: false
+  #AfterExternBlock: false # Unknown to clang-format-5.0
+  BeforeCatch: false
+  BeforeElse: false
+  IndentBraces: false
+  #SplitEmptyFunction: true # Unknown to clang-format-4.0
+  #SplitEmptyRecord: true # Unknown to clang-format-4.0
+  #SplitEmptyNamespace: true # Unknown to clang-format-4.0
+BreakBeforeBinaryOperators: None
+BreakBeforeBraces: Custom
+#BreakBeforeInheritanceComma: false # Unknown to clang-format-4.0
+BreakBeforeTernaryOperators: false
+BreakConstructorInitializersBeforeComma: false
+#BreakConstructorInitializers: BeforeComma # Unknown to clang-format-4.0
+BreakAfterJavaFieldAnnotations: false
+BreakStringLiterals: false
+ColumnLimit: 80
+CommentPragmas: '^ IWYU pragma:'
+#CompactNamespaces: false # Unknown to clang-format-4.0
+ConstructorInitializerAllOnOneLineOrOnePerLine: false
+ConstructorInitializerIndentWidth: 8
+ContinuationIndentWidth: 8
+Cpp11BracedListStyle: false
+DerivePointerAlignment: false
+DisableFormat: false
+ExperimentalAutoDetectBinPacking: false
+#FixNamespaceComments: false # Unknown to clang-format-4.0
+
+# Taken from:
+#   git grep -h '^#define [^[:space:]]*for_each[^[:space:]]*(' include/ \
+#   | sed "s,^#define \([^[:space:]]*for_each[^[:space:]]*\)(.*$,  - '\1'," \
+#   | sort | uniq
+ForEachMacros:
+# OpenWrt specific
+  - 'blobmsg_list_for_each'
+# Default
+  - 'apei_estatus_for_each_section'
+  - 'ata_for_each_dev'
+  - 'ata_for_each_link'
+  - '__ata_qc_for_each'
+  - 'ata_qc_for_each'
+  - 'ata_qc_for_each_raw'
+  - 'ata_qc_for_each_with_internal'
+  - 'ax25_for_each'
+  - 'ax25_uid_for_each'
+  - '__bio_for_each_bvec'
+  - 'bio_for_each_bvec'
+  - 'bio_for_each_integrity_vec'
+  - '__bio_for_each_segment'
+  - 'bio_for_each_segment'
+  - 'bio_for_each_segment_all'
+  - 'bio_list_for_each'
+  - 'bip_for_each_vec'
+  - 'blkg_for_each_descendant_post'
+  - 'blkg_for_each_descendant_pre'
+  - 'blk_queue_for_each_rl'
+  - 'bond_for_each_slave'
+  - 'bond_for_each_slave_rcu'
+  - 'bpf_for_each_spilled_reg'
+  - 'btree_for_each_safe128'
+  - 'btree_for_each_safe32'
+  - 'btree_for_each_safe64'
+  - 'btree_for_each_safel'
+  - 'card_for_each_dev'
+  - 'cgroup_taskset_for_each'
+  - 'cgroup_taskset_for_each_leader'
+  - 'cpufreq_for_each_entry'
+  - 'cpufreq_for_each_entry_idx'
+  - 'cpufreq_for_each_valid_entry'
+  - 'cpufreq_for_each_valid_entry_idx'
+  - 'css_for_each_child'
+  - 'css_for_each_descendant_post'
+  - 'css_for_each_descendant_pre'
+  - 'device_for_each_child_node'
+  - 'drm_atomic_crtc_for_each_plane'
+  - 'drm_atomic_crtc_state_for_each_plane'
+  - 'drm_atomic_crtc_state_for_each_plane_state'
+  - 'drm_atomic_for_each_plane_damage'
+  - 'drm_connector_for_each_possible_encoder'
+  - 'drm_for_each_connector_iter'
+  - 'drm_for_each_crtc'
+  - 'drm_for_each_encoder'
+  - 'drm_for_each_encoder_mask'
+  - 'drm_for_each_fb'
+  - 'drm_for_each_legacy_plane'
+  - 'drm_for_each_plane'
+  - 'drm_for_each_plane_mask'
+  - 'drm_for_each_privobj'
+  - 'drm_mm_for_each_hole'
+  - 'drm_mm_for_each_node'
+  - 'drm_mm_for_each_node_in_range'
+  - 'drm_mm_for_each_node_safe'
+  - 'flow_action_for_each'
+  - 'for_each_active_drhd_unit'
+  - 'for_each_active_iommu'
+  - 'for_each_available_child_of_node'
+  -

[OpenWrt-Devel] [PATCH v2 2/2] procd: apply official kernel clang-format style

2019-05-14 Thread Paul Spooren 
using clang-format-9

Signed-off-by: Paul Spooren 
---
 container.h   |   5 +-
 inittab.c | 108 +
 libc-compat.h |   5 +-
 log.h |  12 ++--
 preload.h |  49 ++-
 procd.c   |  16 ++---
 rcS.c |  18 +++---
 signal.c  |  22 +++
 state.c   |  76 ---
 system.c  | 162 ++
 sysupgrade.c  |   6 +-
 sysupgrade.h  |   2 -
 ubus.c|  16 ++---
 watchdog.c|  14 ++---
 watchdog.h|   4 +-
 15 files changed, 241 insertions(+), 274 deletions(-)

diff --git a/container.h b/container.h
index d33fa32..749b33f 100644
--- a/container.h
+++ b/container.h
@@ -14,10 +14,11 @@
 #ifndef __CONTAINER_H
 #define __CONTAINER_H
 
-#include 
 #include 
+#include 
 
-static inline bool is_container() {
+static inline bool is_container()
+{
return !!getenv("container");
 }
 
diff --git a/inittab.c b/inittab.c
index 4b9..a2680ce 100644
--- a/inittab.c
+++ b/inittab.c
@@ -13,41 +13,41 @@
  */
 
 #define _GNU_SOURCE
-#include 
-#include 
 #include 
+#include 
+#include 
 
+#include 
 #include 
+#include 
 #include 
 #include 
 #include 
-#include 
-#include 
 
-#include 
 #include 
+#include 
 
-#include "utils/utils.h"
 #include "procd.h"
 #include "rcS.h"
+#include "utils/utils.h"
 
 #ifndef O_PATH
-#define O_PATH 01000
+#define O_PATH 01000
 #endif
 
-#define TAG_ID 0
-#define TAG_RUNLVL 1
-#define TAG_ACTION 2
-#define TAG_PROCESS3
+#define TAG_ID 0
+#define TAG_RUNLVL 1
+#define TAG_ACTION 2
+#define TAG_PROCESS 3
 
-#define MAX_ARGS   8
+#define MAX_ARGS 8
 
 struct init_action;
 char *console = NULL;
 
 struct init_handler {
const char *name;
-   void (*cb) (struct init_action *a);
+   void (*cb)(struct init_action *a);
int multi;
 };
 
@@ -74,7 +74,7 @@ static int dev_exist(const char *dev)
 {
int dfd, fd;
 
-   dfd = open("/dev", O_PATH|O_DIRECTORY);
+   dfd = open("/dev", O_PATH | O_DIRECTORY);
 
if (dfd < 0)
return 0;
@@ -109,9 +109,8 @@ static void fork_worker(struct init_action *a)
}
 
if (a->proc.pid > 0) {
-   DEBUG(4, "Launched new %s action, pid=%d\n",
-   a->handler->name,
-   (int) a->proc.pid);
+   DEBUG(4, "Launched new %s action, pid=%d\n", a->handler->name,
+ (int)a->proc.pid);
uloop_process_add(>proc);
}
 }
@@ -121,7 +120,7 @@ static void child_exit(struct uloop_process *proc, int ret)
struct init_action *a = container_of(proc, struct init_action, proc);
 
DEBUG(4, "pid:%d\n", proc->pid);
-uloop_timeout_set(>tout, a->respawn);
+   uloop_timeout_set(>tout, a->respawn);
 }
 
 static void respawn(struct uloop_timeout *tout)
@@ -184,8 +183,7 @@ static void askconsole(struct init_action *a)
 
console = strdup(tty);
a->id = strdup(tty);
-   }
-   else {
+   } else {
console = NULL;
a->id = NULL;
}
@@ -209,35 +207,39 @@ static void rcrespawn(struct init_action *a)
fork_worker(a);
 }
 
-static struct init_handler handlers[] = {
-   {
-   .name = "sysinit",
-   .cb = runrc,
-   }, {
-   .name = "shutdown",
-   .cb = runrc,
-   }, {
-   .name = "askfirst",
-   .cb = askfirst,
-   .multi = 1,
-   }, {
-   .name = "askconsole",
-   .cb = askconsole,
-   .multi = 1,
-   }, {
-   .name = "respawn",
-   .cb = rcrespawn,
-   .multi = 1,
-   }, {
-   .name = "askconsolelate",
-   .cb = askconsole,
-   .multi = 1,
-   }, {
-   .name = "respawnlate",
-   .cb = rcrespawn,
-   .multi = 1,
-   }
-};
+static struct init_handler handlers[] = { {
+ .name = "sysinit",
+ .cb = runrc,
+ },
+ {
+ .name = "shutdown",
+ .cb = runrc,
+ },
+ {
+ .name = "askfirst",
+ .cb = askfirst,
+

Re: [OpenWrt-Devel] [PATCH 2/2] procd: apply official kernel clang-format style

2019-05-14 Thread Paul Spooren 
On 5/14/19 4:08 PM, Petr Štetiar wrote:
> Paul Spooren  [2019-05-10 17:36:21]:
>
> Hi,
>
>> Currently some files use a mixture of spaces and tabs within a single
>> file, instead of fixing style manually, a tool could do the job.
> I find consistent coding style important, but I also know, how hard is it to
> achieve it. It's some time already, so I don't remember all the glory details,
> but different clang-format versions produce different results, doesn't support
> certain options etc., so it's pretty confusing and introducing another
> overhead.
True, that's why I liked the idea of using the kernels style.
> Then you should enforce it somehow (commit hooks, make target),
> otherwise it's going to bitrot after sometime again etc.
I'd start working on some CI to test for functionality and also code style.
>
>> +static struct init_handler handlers[] = { {
>> +  .name = "sysinit",
>> +  .cb = runrc,
>> +  },
>> +  {
>> +  .name = "shutdown",
>> +  .cb = runrc,
>> +  },
>> +  {
>> +  .name = "askfirst",
>> +  .cb = askfirst,
>> +  .multi = 1,
>> +  },
>> +  {
>> +  .name = "askconsole",
>> +  .cb = askconsole,
>> +  .multi = 1,
>> +  },
>> +  {
>> +  .name = "respawn",
>> +  .cb = rcrespawn,
>> +  .multi = 1,
>> +  },
>> +  {
>> +  .name = "askconsolelate",
>> +  .cb = askconsole,
>> +  .multi = 1,
>> +  },
>> +  {
>> +  .name = "respawnlate",
>> +  .cb = rcrespawn,
>> +  .multi = 1,
>> +  } };
> it's just me or is this very ugly?

Very true, I think. For some cases it could make sense to disable
clang-format:

int formatted_code;
// clang-format off
    void    unformatted_code  ;
// clang-format on
void formatted_code_again;

>> -list_for_each_entry(a, , list)
>> -if (!strcmp(a->handler->name, handler)) {
>> -if (a->handler->multi) {
>> -a->handler->cb(a);
>> -continue;
>> -}
>> +list_for_each_entry(a, ,
>> +list) if (!strcmp(a->handler->name, handler))
>> +{
>> +if (a->handler->multi) {
> eh? (I've stopped reading the changes any further)

I think it's because I removed the ForEachMacro definition, I'll send a v2.

Best,
Paul




___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] RFC: add metadata to buildroot

2019-05-14 Thread Paul Spooren 
Glad you like it, my main goal would be to motivate device porters to
deliver a uniform yaml file when requesting to add a new device. Do you
see this as a possibility once a reasonable yaml template is created?

Best,
Paul

On 5/14/19 4:49 PM, Petr Štetiar wrote:
> [adding Thomas and Alberto to the Cc loop]
>
> Paul Spooren  [2019-05-04 17:48:03]:
>
> Hi,
>
>> from my point of view the current OpenWrt device documentation lacks
>> some unity, meaning the table of hardware is partly incomplete or
>> inconsistent. Also documentations are often rewritten with different
>> precision and "tongue".
>>
>> To unify things I created a *PoC*[0], mostly based on the official
>> LineageOS Wiki[1], as they have a similar situation regarding devices.
>>
>> The idea is to define templates describing common information and fill
>> them with device metadata.
>>
>> The *PoC* above is based on the following metadata here[2]. Most parts
>> of the metadata are scraped from the current ToH[3], however some small
>> pieces are added and later rendered in something useful:
>>
>>     tftp_image: ArcherC5v1_tp_recovery.bin
>>     tftp_ip: 192.168.0.66
>>
>> Result in a small text to explain how to use the TFTP recovery.
>>
>>     switch_ports:
>>       0: ETH1
>>       1: WAN
>>       2: LAN1
>>       3: LAN2
>>       4: LAN3
>>       5: LAN4
>>       6: ETH0
>>
>> Creates a table with the switch port messing.
>>
>> Same could be done with the flash layout, LEDs, etc.
>>
>> All these information are (hopefully) available to the developer adding
>> a new device, therefore easy to supply such a `yaml` metadata file as
>> well. Often these information are (re-formulated) in commit messages
>> anyway[4]. Meaning, somewhere in the buildroot could be a store of
>> `yaml` files, which could even be reused for building itself.
>>
>> A second repository like openwrt-device.git[5] could be added to render
>> the wiki pages and organize the templates.
>>
>> I'd be happy to hear your opinions.
> I really like, it's nice and I applaud your effort. Thanks!
>
>> Best,
>> Paul
>>
>> PS: I'm afraid I don't know the mail address of tmomas...
>>
>> [0]: 
>> https://aparcar.github.io/openwrt-devices/devices/tp-link_archer_c5_ac1200_v1/
>> [1]: http://wiki.lineageos.org/devices/
>> [2]: 
>> https://github.com/aparcar/openwrt-devices/blob/master/_data/devices/tp-link_archer_c5_ac1200_v1.yml
>> [3]: https://openwrt.org/toh/hwdata/tp-link/tp-link_archer_c5_ac1200_v1
>> [4]: 
>> https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=43e8c37cb4da64a12a3cb88a84b19db7f2fc640c
>> [5]: https://github.com/aparcar/openwrt-devices
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH][RFC] opkg: add License to info command

2019-05-11 Thread Paul Spooren 
show license in `opkg info `.

Signed-off-by: Paul Spooren 
---
This patch isn't complete yet. It show the license info as long as the package
isn't installed. Once it's installed it seems to forget the information. I can't
figure out why. Also printing `opkg list` doesn't add the License, neither for
installed nor available.

 libopkg/opkg_cmd.c  |  3 +++
 libopkg/pkg.c   | 10 ++
 libopkg/pkg.h   |  1 +
 libopkg/pkg_parse.c |  5 +
 libopkg/pkg_parse.h |  1 +
 5 files changed, 20 insertions(+)

diff --git a/libopkg/opkg_cmd.c b/libopkg/opkg_cmd.c
index c823df8..81f9a29 100644
--- a/libopkg/opkg_cmd.c
+++ b/libopkg/opkg_cmd.c
@@ -45,7 +45,10 @@ static void print_pkg(pkg_t * pkg)
 {
char *version = pkg_version_str_alloc(pkg);
char *description = pkg_get_string(pkg, PKG_DESCRIPTION);
+   char *license = pkg_get_string(pkg, PKG_LICENSE);
printf("%s - %s", pkg->name, version);
+   if (license)
+   printf(" - %s", license);
if (conf->size)
printf(" - %lu", (unsigned long) pkg_get_int(pkg, PKG_SIZE));
if (description)
diff --git a/libopkg/pkg.c b/libopkg/pkg.c
index e5bfe6f..1971689 100644
--- a/libopkg/pkg.c
+++ b/libopkg/pkg.c
@@ -777,6 +777,15 @@ void pkg_formatted_field(FILE * fp, pkg_t * pkg, const 
char *field)
}
}
break;
+   case 'l':
+   case 'L':
+   if (strcasecmp(field, "License") == 0) {
+   p = pkg_get_string(pkg, PKG_LICENSE);
+   if (p) {
+   fprintf(fp, "License: %s\n", p);
+   }
+   }
+   break;
case 'm':
case 'M':
if (strcasecmp(field, "Maintainer") == 0) {
@@ -926,6 +935,7 @@ void pkg_formatted_info(FILE * fp, pkg_t * pkg)
pkg_formatted_field(fp, pkg, "Package");
pkg_formatted_field(fp, pkg, "Version");
pkg_formatted_field(fp, pkg, "Depends");
+   pkg_formatted_field(fp, pkg, "License");
pkg_formatted_field(fp, pkg, "Recommends");
pkg_formatted_field(fp, pkg, "Suggests");
pkg_formatted_field(fp, pkg, "Provides");
diff --git a/libopkg/pkg.h b/libopkg/pkg.h
index 600fc9e..0065043 100644
--- a/libopkg/pkg.h
+++ b/libopkg/pkg.h
@@ -79,6 +79,7 @@ typedef enum pkg_state_status pkg_state_status_t;
 
 enum pkg_fields {
PKG_MAINTAINER,
+   PKG_LICENSE,
PKG_PRIORITY,
PKG_SOURCE,
PKG_TAGS,
diff --git a/libopkg/pkg_parse.c b/libopkg/pkg_parse.c
index 0baa4db..e0389df 100644
--- a/libopkg/pkg_parse.c
+++ b/libopkg/pkg_parse.c
@@ -269,6 +269,11 @@ int pkg_parse_line(void *ptr, char *line, uint mask)
pkg_set_int(pkg, PKG_INSTALLED_TIME, strtoul(line + 
strlen("Installed-Time") + 1, NULL, 0));
}
break;
+   case 'l':
+   case 'L':
+   if (is_field("License", line))
+   pkg_set_string(pkg, PKG_LICENSE, line + 
strlen("License") + 1);
+   break;
 
case 'M':
if ((mask & PFM_MD5SUM) && (is_field("MD5sum:", line) || 
is_field("MD5Sum:", line)))
diff --git a/libopkg/pkg_parse.h b/libopkg/pkg_parse.h
index d1f901a..ccb97aa 100644
--- a/libopkg/pkg_parse.h
+++ b/libopkg/pkg_parse.h
@@ -54,6 +54,7 @@ int pkg_parse_line(void *ptr, char *line, uint mask);
 #define PFM_SUGGESTS   (1 << 25)
 #define PFM_TAGS   (1 << 26)
 #define PFM_VERSION(1 << 27)
+#define PFM_LICENSE(1 << 28)
 
 #define PFM_ALL(~(uint)0)
 
-- 
2.20.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 1/2] procd: add clang-format kernel style

2019-05-10 Thread Paul Spooren 
copied from the official kernel style:

https://github.com/torvalds/linux/blob/master/.clang-format

also modify gitignore to unignore the style file

Signed-off-by: Paul Spooren 
---
 .clang-format | 117 ++
 .gitignore|   1 +
 2 files changed, 118 insertions(+)
 create mode 100644 .clang-format

diff --git a/.clang-format b/.clang-format
new file mode 100644
index 000..9d819d4
--- /dev/null
+++ b/.clang-format
@@ -0,0 +1,117 @@
+# SPDX-License-Identifier: GPL-2.0
+#
+# clang-format configuration file. Intended for clang-format >= 4.
+#
+# For more information, see:
+#
+#   Documentation/process/clang-format.rst
+#   https://clang.llvm.org/docs/ClangFormat.html
+#   https://clang.llvm.org/docs/ClangFormatStyleOptions.html
+#
+---
+AccessModifierOffset: -4
+AlignAfterOpenBracket: Align
+AlignConsecutiveAssignments: false
+AlignConsecutiveDeclarations: false
+#AlignEscapedNewlines: Left # Unknown to clang-format-4.0
+AlignOperands: true
+AlignTrailingComments: false
+AllowAllParametersOfDeclarationOnNextLine: false
+AllowShortBlocksOnASingleLine: false
+AllowShortCaseLabelsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: None
+AllowShortIfStatementsOnASingleLine: false
+AllowShortLoopsOnASingleLine: false
+AlwaysBreakAfterDefinitionReturnType: None
+AlwaysBreakAfterReturnType: None
+AlwaysBreakBeforeMultilineStrings: false
+AlwaysBreakTemplateDeclarations: false
+BinPackArguments: true
+BinPackParameters: true
+BraceWrapping:
+  AfterClass: false
+  AfterControlStatement: false
+  AfterEnum: false
+  AfterFunction: true
+  AfterNamespace: true
+  AfterObjCDeclaration: false
+  AfterStruct: false
+  AfterUnion: false
+  #AfterExternBlock: false # Unknown to clang-format-5.0
+  BeforeCatch: false
+  BeforeElse: false
+  IndentBraces: false
+  #SplitEmptyFunction: true # Unknown to clang-format-4.0
+  #SplitEmptyRecord: true # Unknown to clang-format-4.0
+  #SplitEmptyNamespace: true # Unknown to clang-format-4.0
+BreakBeforeBinaryOperators: None
+BreakBeforeBraces: Custom
+#BreakBeforeInheritanceComma: false # Unknown to clang-format-4.0
+BreakBeforeTernaryOperators: false
+BreakConstructorInitializersBeforeComma: false
+#BreakConstructorInitializers: BeforeComma # Unknown to clang-format-4.0
+BreakAfterJavaFieldAnnotations: false
+BreakStringLiterals: false
+ColumnLimit: 80
+CommentPragmas: '^ IWYU pragma:'
+#CompactNamespaces: false # Unknown to clang-format-4.0
+ConstructorInitializerAllOnOneLineOrOnePerLine: false
+ConstructorInitializerIndentWidth: 8
+ContinuationIndentWidth: 8
+Cpp11BracedListStyle: false
+DerivePointerAlignment: false
+DisableFormat: false
+ExperimentalAutoDetectBinPacking: false
+#FixNamespaceComments: false # Unknown to clang-format-4.0
+#IncludeBlocks: Preserve # Unknown to clang-format-5.0
+IncludeCategories:
+  - Regex: '.*'
+Priority: 1
+IncludeIsMainRegex: '(Test)?$'
+IndentCaseLabels: false
+#IndentPPDirectives: None # Unknown to clang-format-5.0
+IndentWidth: 8
+IndentWrappedFunctionNames: false
+JavaScriptQuotes: Leave
+JavaScriptWrapImports: true
+KeepEmptyLinesAtTheStartOfBlocks: false
+MacroBlockBegin: ''
+MacroBlockEnd: ''
+MaxEmptyLinesToKeep: 1
+NamespaceIndentation: Inner
+#ObjCBinPackProtocolList: Auto # Unknown to clang-format-5.0
+ObjCBlockIndentWidth: 8
+ObjCSpaceAfterProperty: true
+ObjCSpaceBeforeProtocolList: true
+
+# Taken from git's rules
+#PenaltyBreakAssignment: 10 # Unknown to clang-format-4.0
+PenaltyBreakBeforeFirstCallParameter: 30
+PenaltyBreakComment: 10
+PenaltyBreakFirstLessLess: 0
+PenaltyBreakString: 10
+PenaltyExcessCharacter: 100
+PenaltyReturnTypeOnItsOwnLine: 60
+
+PointerAlignment: Right
+ReflowComments: false
+SortIncludes: false
+#SortUsingDeclarations: false # Unknown to clang-format-4.0
+SpaceAfterCStyleCast: false
+SpaceAfterTemplateKeyword: true
+SpaceBeforeAssignmentOperators: true
+#SpaceBeforeCtorInitializerColon: true # Unknown to clang-format-5.0
+#SpaceBeforeInheritanceColon: true # Unknown to clang-format-5.0
+SpaceBeforeParens: ControlStatements
+#SpaceBeforeRangeBasedForLoopColon: true # Unknown to clang-format-5.0
+SpaceInEmptyParentheses: false
+SpacesBeforeTrailingComments: 1
+SpacesInAngles: false
+SpacesInContainerLiterals: false
+SpacesInCStyleCastParentheses: false
+SpacesInParentheses: false
+SpacesInSquareBrackets: false
+Standard: Cpp03
+TabWidth: 8
+UseTab: Always
+...
diff --git a/.gitignore b/.gitignore
index 9d80a74..7896aa0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,4 +10,5 @@ utrace
 ujail
 *.so
 *.cmake
+!.clang-format
 install_manifest.txt
-- 
2.20.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 2/2] procd: apply official kernel clang-format style

2019-05-10 Thread Paul Spooren 
Currently some files use a mixture of spaces and tabs within a single
file, instead of fixing style manually, a tool could do the job.

Signed-off-by: Paul Spooren 
---
 container.h   |   3 +-
 inittab.c | 109 +++-
 libc-compat.h |   5 +-
 log.h |  12 ++--
 preload.h |  49 ++--
 procd.c   |   6 +-
 rcS.c |  10 ++--
 signal.c  |  22 +++-
 state.c   |  52 -
 system.c  | 151 +-
 sysupgrade.c  |   4 +-
 sysupgrade.h  |   2 -
 ubus.c|  12 ++--
 watchdog.c|  10 ++--
 watchdog.h|   4 +-
 15 files changed, 207 insertions(+), 244 deletions(-)

diff --git a/container.h b/container.h
index d33fa32..4bc0191 100644
--- a/container.h
+++ b/container.h
@@ -17,7 +17,8 @@
 #include 
 #include 
 
-static inline bool is_container() {
+static inline bool is_container()
+{
return !!getenv("container");
 }
 
diff --git a/inittab.c b/inittab.c
index 4b9..c955bc6 100644
--- a/inittab.c
+++ b/inittab.c
@@ -32,22 +32,22 @@
 #include "rcS.h"
 
 #ifndef O_PATH
-#define O_PATH 01000
+#define O_PATH 01000
 #endif
 
-#define TAG_ID 0
-#define TAG_RUNLVL 1
-#define TAG_ACTION 2
-#define TAG_PROCESS3
+#define TAG_ID 0
+#define TAG_RUNLVL 1
+#define TAG_ACTION 2
+#define TAG_PROCESS 3
 
-#define MAX_ARGS   8
+#define MAX_ARGS 8
 
 struct init_action;
 char *console = NULL;
 
 struct init_handler {
const char *name;
-   void (*cb) (struct init_action *a);
+   void (*cb)(struct init_action *a);
int multi;
 };
 
@@ -74,7 +74,7 @@ static int dev_exist(const char *dev)
 {
int dfd, fd;
 
-   dfd = open("/dev", O_PATH|O_DIRECTORY);
+   dfd = open("/dev", O_PATH | O_DIRECTORY);
 
if (dfd < 0)
return 0;
@@ -109,9 +109,8 @@ static void fork_worker(struct init_action *a)
}
 
if (a->proc.pid > 0) {
-   DEBUG(4, "Launched new %s action, pid=%d\n",
-   a->handler->name,
-   (int) a->proc.pid);
+   DEBUG(4, "Launched new %s action, pid=%d\n", a->handler->name,
+ (int)a->proc.pid);
uloop_process_add(>proc);
}
 }
@@ -121,7 +120,7 @@ static void child_exit(struct uloop_process *proc, int ret)
struct init_action *a = container_of(proc, struct init_action, proc);
 
DEBUG(4, "pid:%d\n", proc->pid);
-uloop_timeout_set(>tout, a->respawn);
+   uloop_timeout_set(>tout, a->respawn);
 }
 
 static void respawn(struct uloop_timeout *tout)
@@ -184,8 +183,7 @@ static void askconsole(struct init_action *a)
 
console = strdup(tty);
a->id = strdup(tty);
-   }
-   else {
+   } else {
console = NULL;
a->id = NULL;
}
@@ -209,35 +207,39 @@ static void rcrespawn(struct init_action *a)
fork_worker(a);
 }
 
-static struct init_handler handlers[] = {
-   {
-   .name = "sysinit",
-   .cb = runrc,
-   }, {
-   .name = "shutdown",
-   .cb = runrc,
-   }, {
-   .name = "askfirst",
-   .cb = askfirst,
-   .multi = 1,
-   }, {
-   .name = "askconsole",
-   .cb = askconsole,
-   .multi = 1,
-   }, {
-   .name = "respawn",
-   .cb = rcrespawn,
-   .multi = 1,
-   }, {
-   .name = "askconsolelate",
-   .cb = askconsole,
-   .multi = 1,
-   }, {
-   .name = "respawnlate",
-   .cb = rcrespawn,
-   .multi = 1,
-   }
-};
+static struct init_handler handlers[] = { {
+ .name = "sysinit",
+ .cb = runrc,
+ },
+ {
+ .name = "shutdown",
+ .cb = runrc,
+ },
+ {
+ .name = "askfirst",
+ .cb = askfirst,
+ .multi = 1,
+ },
+ {
+ .name = "askconsole",
+ .cb = askconsole,
+

[OpenWrt-Devel] [PATCH 1/2] add clang-format kernel style

2019-05-10 Thread Paul Spooren 
copied from the official kernel style:

https://github.com/torvalds/linux/blob/master/.clang-format

Signed-off-by: Paul Spooren 
---
 .clang-format | 118 ++
 1 file changed, 118 insertions(+)
 create mode 100644 .clang-format

diff --git a/.clang-format b/.clang-format
new file mode 100644
index 000..3fd09cd
--- /dev/null
+++ b/.clang-format
@@ -0,0 +1,118 @@
+# SPDX-License-Identifier: GPL-2.0
+#
+# clang-format configuration file. Intended for clang-format >= 4.
+#
+# For more information, see:
+#
+#   Documentation/process/clang-format.rst
+#   https://clang.llvm.org/docs/ClangFormat.html
+#   https://clang.llvm.org/docs/ClangFormatStyleOptions.html
+#
+---
+AccessModifierOffset: -4
+AlignAfterOpenBracket: Align
+AlignConsecutiveAssignments: false
+AlignConsecutiveDeclarations: false
+#AlignEscapedNewlines: Left # Unknown to clang-format-4.0
+AlignOperands: true
+AlignTrailingComments: false
+AllowAllParametersOfDeclarationOnNextLine: false
+AllowShortBlocksOnASingleLine: false
+AllowShortCaseLabelsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: None
+AllowShortIfStatementsOnASingleLine: false
+AllowShortLoopsOnASingleLine: false
+AlwaysBreakAfterDefinitionReturnType: None
+AlwaysBreakAfterReturnType: None
+AlwaysBreakBeforeMultilineStrings: false
+AlwaysBreakTemplateDeclarations: false
+BinPackArguments: true
+BinPackParameters: true
+BraceWrapping:
+  AfterClass: false
+  AfterControlStatement: false
+  AfterEnum: false
+  AfterFunction: true
+  AfterNamespace: true
+  AfterObjCDeclaration: false
+  AfterStruct: false
+  AfterUnion: false
+  #AfterExternBlock: false # Unknown to clang-format-5.0
+  BeforeCatch: false
+  BeforeElse: false
+  IndentBraces: false
+  #SplitEmptyFunction: true # Unknown to clang-format-4.0
+  #SplitEmptyRecord: true # Unknown to clang-format-4.0
+  #SplitEmptyNamespace: true # Unknown to clang-format-4.0
+BreakBeforeBinaryOperators: None
+BreakBeforeBraces: Custom
+#BreakBeforeInheritanceComma: false # Unknown to clang-format-4.0
+BreakBeforeTernaryOperators: false
+BreakConstructorInitializersBeforeComma: false
+#BreakConstructorInitializers: BeforeComma # Unknown to clang-format-4.0
+BreakAfterJavaFieldAnnotations: false
+BreakStringLiterals: false
+ColumnLimit: 80
+CommentPragmas: '^ IWYU pragma:'
+#CompactNamespaces: false # Unknown to clang-format-4.0
+ConstructorInitializerAllOnOneLineOrOnePerLine: false
+ConstructorInitializerIndentWidth: 8
+ContinuationIndentWidth: 8
+Cpp11BracedListStyle: false
+DerivePointerAlignment: false
+DisableFormat: false
+ExperimentalAutoDetectBinPacking: false
+#FixNamespaceComments: false # Unknown to clang-format-4.0
+#IncludeBlocks: Preserve # Unknown to clang-format-5.0
+IncludeCategories:
+  - Regex: '.*'
+Priority: 1
+IncludeIsMainRegex: '(Test)?$'
+IndentCaseLabels: false
+#IndentPPDirectives: None # Unknown to clang-format-5.0
+IndentWidth: 8
+IndentWrappedFunctionNames: false
+JavaScriptQuotes: Leave
+JavaScriptWrapImports: true
+KeepEmptyLinesAtTheStartOfBlocks: false
+MacroBlockBegin: ''
+MacroBlockEnd: ''
+MaxEmptyLinesToKeep: 1
+NamespaceIndentation: Inner
+#ObjCBinPackProtocolList: Auto # Unknown to clang-format-5.0
+ObjCBlockIndentWidth: 8
+ObjCSpaceAfterProperty: true
+ObjCSpaceBeforeProtocolList: true
+
+# Taken from git's rules
+#PenaltyBreakAssignment: 10 # Unknown to clang-format-4.0
+PenaltyBreakBeforeFirstCallParameter: 30
+PenaltyBreakComment: 10
+PenaltyBreakFirstLessLess: 0
+PenaltyBreakString: 10
+PenaltyExcessCharacter: 100
+PenaltyReturnTypeOnItsOwnLine: 60
+
+PointerAlignment: Right
+ReflowComments: false
+SortIncludes: false
+#SortUsingDeclarations: false # Unknown to clang-format-4.0
+SpaceAfterCStyleCast: false
+SpaceAfterTemplateKeyword: true
+SpaceBeforeAssignmentOperators: true
+#SpaceBeforeCtorInitializerColon: true # Unknown to clang-format-5.0
+#SpaceBeforeInheritanceColon: true # Unknown to clang-format-5.0
+SpaceBeforeParens: ControlStatements
+#SpaceBeforeRangeBasedForLoopColon: true # Unknown to clang-format-5.0
+SpaceInEmptyParentheses: false
+SpacesBeforeTrailingComments: 1
+SpacesInAngles: false
+SpacesInContainerLiterals: false
+SpacesInCStyleCastParentheses: false
+SpacesInParentheses: false
+SpacesInSquareBrackets: false
+Standard: Cpp03
+TabWidth: 8
+UseTab: Always
+...
+
-- 
2.20.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH v3] procd: detect lxc container and behave accordingly

2019-05-05 Thread Paul Spooren 
meaning to not mount some specific parts witch cause trouble.

The patch is based on previous work of @mikma to combine OpenWrt with
lxd[0]. This patch however adds a detection copied from *virt-what* to
check /proc/1/environment for the string "container".

Thanks to @dangowrt for the cleanup.

[0]: 
https://github.com/containercraft/openwrt-lxd/blob/master/patches/procd-openwrt-18.06/001_lxd_no_mounts.patch

Signed-off-by: Paul Spooren 
---
 container.h | 22 ++
 initd/early.c   | 20 
 initd/zram.c| 11 +++
 plug/coldplug.c | 14 +-
 4 files changed, 50 insertions(+), 17 deletions(-)
 create mode 100644 container.h

diff --git a/container.h b/container.h
new file mode 100644
index 000..7fb0768
--- /dev/null
+++ b/container.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2019 Paul Spooren 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 2.1
+ * as published by the Free Software Foundation
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#ifndef __CONTAINER_H
+#define __CONTAINER_H
+#include 
+
+static inline bool is_container() {
+   return !!getenv("container");
+}
+
+#endif
diff --git a/initd/early.c b/initd/early.c
index 2e15112..7b281b2 100644
--- a/initd/early.c
+++ b/initd/early.c
@@ -25,6 +25,7 @@
 #include "../utils/utils.h"
 #include "init.h"
 #include "../libc-compat.h"
+#include "../container.h"
 
 static void
 early_dev(void)
@@ -56,14 +57,17 @@ early_mounts(void)
 {
unsigned int oldumask = umask(0);
 
-   mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | MS_NOEXEC | 
MS_NOSUID, 0);
-   mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | MS_NOEXEC | 
MS_NOSUID, 0);
-   mount("cgroup", "/sys/fs/cgroup", "cgroup",  MS_NODEV | MS_NOEXEC | 
MS_NOSUID, 0);
-   mount("tmpfs", "/dev", "tmpfs", MS_NOATIME | MS_NOSUID, 
"mode=0755,size=512K");
-   ignore(symlink("/tmp/shm", "/dev/shm"));
-   mkdir("/dev/pts", 0755);
-   mount("devpts", "/dev/pts", "devpts", MS_NOATIME | MS_NOEXEC | 
MS_NOSUID, "mode=600");
-   early_dev();
+   if (!is_container()) {
+   mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | 
MS_NOEXEC | MS_NOSUID, 0);
+   mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | 
MS_NOEXEC | MS_NOSUID, 0);
+   mount("cgroup", "/sys/fs/cgroup", "cgroup",  MS_NODEV | 
MS_NOEXEC | MS_NOSUID, 0);
+   mount("tmpfs", "/dev", "tmpfs", MS_NOATIME | MS_NOSUID, 
"mode=0755,size=512K");
+   ignore(symlink("/tmp/shm", "/dev/shm"));
+   mkdir("/dev/pts", 0755);
+   mount("devpts", "/dev/pts", "devpts", MS_NOATIME | MS_NOEXEC | 
MS_NOSUID, "mode=600");
+
+   early_dev();
+   }
 
early_console("/dev/console");
if (mount_zram_on_tmp()) {
diff --git a/initd/zram.c b/initd/zram.c
index b41bfd9..487d3d6 100644
--- a/initd/zram.c
+++ b/initd/zram.c
@@ -12,6 +12,7 @@
 #include 
 
 #include "../log.h"
+#include "../container.h"
 
 #include "init.h"
 
@@ -116,10 +117,12 @@ mount_zram_on_tmp(void)
waitpid(pid, NULL, 0);
}
 
-   ret = mount("/dev/zram0", "/tmp", "ext4", MS_NOSUID | MS_NODEV | 
MS_NOATIME, "errors=continue,noquota");
-   if (ret < 0) {
-   ERROR("Can't mount /dev/zram0 on /tmp: %m\n");
-   return errno;
+   if (!is_container()) {
+   ret = mount("/dev/zram0", "/tmp", "ext4", MS_NOSUID | MS_NODEV 
| MS_NOATIME, "errors=continue,noquota");
+   if (ret < 0) {
+   ERROR("Can't mount /dev/zram0 on /tmp: %m\n");
+   return errno;
+   }
}
 
LOG("Using up to %ld kB of RAM as ZRAM storage on /mnt\n", zramsize);
diff --git a/plug/coldplug.c b/plug/coldplug.c
index c6a89c3..12df421 100644
--- a/plug/coldplug.c
+++ b/plug/coldplug.c
@@ -22,6 +22,7 @@
 #include "../libc-compat.h"
 
 #include "hotplug.h"
+#include "../container.h"
 
 static struct uloop_process udevtrigger;
 
@@ -43,13 +4

[OpenWrt-Devel] [PATCH v2] procd: detect lxc container and behave accordingly

2019-05-04 Thread Paul Spooren 
meaning to not mount some specific parts witch cause trouble.

The patch is based on previous work of @mikma to combine OpenWrt with
lxd[0]. This patch however adds a detection copied from *virt-what* to
check /proc/1/environment for the string "container".

Thanks to @dangowrt for the cleanup.

[0]: 
https://github.com/containercraft/openwrt-lxd/blob/master/patches/procd-openwrt-18.06/001_lxd_no_mounts.patch

Signed-off-by: Paul Spooren 
---
 container.h | 22 ++
 initd/early.c   | 20 
 initd/zram.c| 11 +++
 plug/coldplug.c | 14 +-
 4 files changed, 50 insertions(+), 17 deletions(-)
 create mode 100644 container.h

diff --git a/container.h b/container.h
new file mode 100644
index 000..c9b5e46
--- /dev/null
+++ b/container.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2019 Paul Spooren 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 2.1
+ * as published by the Free Software Foundation
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#ifndef __CONTAINER_H
+#define __CONTAINER_H
+#include 
+
+static inline unsigned short int is_container() {
+   return !!getenv("container");
+}
+
+#endif
diff --git a/initd/early.c b/initd/early.c
index 2e15112..7b281b2 100644
--- a/initd/early.c
+++ b/initd/early.c
@@ -25,6 +25,7 @@
 #include "../utils/utils.h"
 #include "init.h"
 #include "../libc-compat.h"
+#include "../container.h"
 
 static void
 early_dev(void)
@@ -56,14 +57,17 @@ early_mounts(void)
 {
unsigned int oldumask = umask(0);
 
-   mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | MS_NOEXEC | 
MS_NOSUID, 0);
-   mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | MS_NOEXEC | 
MS_NOSUID, 0);
-   mount("cgroup", "/sys/fs/cgroup", "cgroup",  MS_NODEV | MS_NOEXEC | 
MS_NOSUID, 0);
-   mount("tmpfs", "/dev", "tmpfs", MS_NOATIME | MS_NOSUID, 
"mode=0755,size=512K");
-   ignore(symlink("/tmp/shm", "/dev/shm"));
-   mkdir("/dev/pts", 0755);
-   mount("devpts", "/dev/pts", "devpts", MS_NOATIME | MS_NOEXEC | 
MS_NOSUID, "mode=600");
-   early_dev();
+   if (!is_container()) {
+   mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | 
MS_NOEXEC | MS_NOSUID, 0);
+   mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | 
MS_NOEXEC | MS_NOSUID, 0);
+   mount("cgroup", "/sys/fs/cgroup", "cgroup",  MS_NODEV | 
MS_NOEXEC | MS_NOSUID, 0);
+   mount("tmpfs", "/dev", "tmpfs", MS_NOATIME | MS_NOSUID, 
"mode=0755,size=512K");
+   ignore(symlink("/tmp/shm", "/dev/shm"));
+   mkdir("/dev/pts", 0755);
+   mount("devpts", "/dev/pts", "devpts", MS_NOATIME | MS_NOEXEC | 
MS_NOSUID, "mode=600");
+
+   early_dev();
+   }
 
early_console("/dev/console");
if (mount_zram_on_tmp()) {
diff --git a/initd/zram.c b/initd/zram.c
index b41bfd9..487d3d6 100644
--- a/initd/zram.c
+++ b/initd/zram.c
@@ -12,6 +12,7 @@
 #include 
 
 #include "../log.h"
+#include "../container.h"
 
 #include "init.h"
 
@@ -116,10 +117,12 @@ mount_zram_on_tmp(void)
waitpid(pid, NULL, 0);
}
 
-   ret = mount("/dev/zram0", "/tmp", "ext4", MS_NOSUID | MS_NODEV | 
MS_NOATIME, "errors=continue,noquota");
-   if (ret < 0) {
-   ERROR("Can't mount /dev/zram0 on /tmp: %m\n");
-   return errno;
+   if (!is_container()) {
+   ret = mount("/dev/zram0", "/tmp", "ext4", MS_NOSUID | MS_NODEV 
| MS_NOATIME, "errors=continue,noquota");
+   if (ret < 0) {
+   ERROR("Can't mount /dev/zram0 on /tmp: %m\n");
+   return errno;
+   }
}
 
LOG("Using up to %ld kB of RAM as ZRAM storage on /mnt\n", zramsize);
diff --git a/plug/coldplug.c b/plug/coldplug.c
index c6a89c3..12df421 100644
--- a/plug/coldplug.c
+++ b/plug/coldplug.c
@@ -22,6 +22,7 @@
 #include "../libc-compat.h"
 
 #include "hotplug.h"
+#include "../container.h"
 
 static struct uloo

[OpenWrt-Devel] RFC: add metadata to buildroot

2019-05-04 Thread Paul Spooren 
Hi all,

from my point of view the current OpenWrt device documentation lacks
some unity, meaning the table of hardware is partly incomplete or
inconsistent. Also documentations are often rewritten with different
precision and "tongue".

To unify things I created a *PoC*[0], mostly based on the official
LineageOS Wiki[1], as they have a similar situation regarding devices.

The idea is to define templates describing common information and fill
them with device metadata.

The *PoC* above is based on the following metadata here[2]. Most parts
of the metadata are scraped from the current ToH[3], however some small
pieces are added and later rendered in something useful:

    tftp_image: ArcherC5v1_tp_recovery.bin
    tftp_ip: 192.168.0.66

Result in a small text to explain how to use the TFTP recovery.

    switch_ports:
      0: ETH1
      1: WAN
      2: LAN1
      3: LAN2
      4: LAN3
      5: LAN4
      6: ETH0

Creates a table with the switch port messing.

Same could be done with the flash layout, LEDs, etc.

All these information are (hopefully) available to the developer adding
a new device, therefore easy to supply such a `yaml` metadata file as
well. Often these information are (re-formulated) in commit messages
anyway[4]. Meaning, somewhere in the buildroot could be a store of
`yaml` files, which could even be reused for building itself.

A second repository like openwrt-device.git[5] could be added to render
the wiki pages and organize the templates.

I'd be happy to hear your opinions.

Best,
Paul

PS: I'm afraid I don't know the mail address of tmomas...

[0]:
https://aparcar.github.io/openwrt-devices/devices/tp-link_archer_c5_ac1200_v1/
[1]: http://wiki.lineageos.org/devices/
[2]:
https://github.com/aparcar/openwrt-devices/blob/master/_data/devices/tp-link_archer_c5_ac1200_v1.yml
[3]: https://openwrt.org/toh/hwdata/tp-link/tp-link_archer_c5_ac1200_v1
[4]:
https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=43e8c37cb4da64a12a3cb88a84b19db7f2fc640c
[5]: https://github.com/aparcar/openwrt-devices



___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] procd: detect lxc container and behave accordingly

2019-04-27 Thread Paul Spooren 
meaning to not mount some specific parts witch cause trouble.

The patch is based on previous work of *containercraft* to combine
OpenWrt with lxc[0]. This patch however adds a detection copied from
*virt-what* to check /proc/1/environment for "container=lxc".

[0]: 
https://github.com/containercraft/openwrt-lxd/blob/master/patches/procd-openwrt-18.06/001_lxd_no_mounts.patch

Signed-off-by: Paul Spooren 
---
 initd/early.c   | 19 +++
 initd/zram.c| 10 ++
 plug/coldplug.c | 13 -
 procd.c |  7 ++-
 4 files changed, 31 insertions(+), 18 deletions(-)

diff --git a/initd/early.c b/initd/early.c
index 2e15112..4018e63 100644
--- a/initd/early.c
+++ b/initd/early.c
@@ -56,14 +56,17 @@ early_mounts(void)
 {
unsigned int oldumask = umask(0);
 
-   mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | MS_NOEXEC | 
MS_NOSUID, 0);
-   mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | MS_NOEXEC | 
MS_NOSUID, 0);
-   mount("cgroup", "/sys/fs/cgroup", "cgroup",  MS_NODEV | MS_NOEXEC | 
MS_NOSUID, 0);
-   mount("tmpfs", "/dev", "tmpfs", MS_NOATIME | MS_NOSUID, 
"mode=0755,size=512K");
-   ignore(symlink("/tmp/shm", "/dev/shm"));
-   mkdir("/dev/pts", 0755);
-   mount("devpts", "/dev/pts", "devpts", MS_NOATIME | MS_NOEXEC | 
MS_NOSUID, "mode=600");
-   early_dev();
+   if (!container) {
+   mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | 
MS_NOEXEC | MS_NOSUID, 0);
+   mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | 
MS_NOEXEC | MS_NOSUID, 0);
+   mount("cgroup", "/sys/fs/cgroup", "cgroup",  MS_NODEV | 
MS_NOEXEC | MS_NOSUID, 0);
+   mount("tmpfs", "/dev", "tmpfs", MS_NOATIME | MS_NOSUID, 
"mode=0755,size=512K");
+   ignore(symlink("/tmp/shm", "/dev/shm"));
+   mkdir("/dev/pts", 0755);
+   mount("devpts", "/dev/pts", "devpts", MS_NOATIME | MS_NOEXEC | 
MS_NOSUID, "mode=600");
+
+   early_dev();
+   }
 
early_console("/dev/console");
if (mount_zram_on_tmp()) {
diff --git a/initd/zram.c b/initd/zram.c
index b41bfd9..e8d71c2 100644
--- a/initd/zram.c
+++ b/initd/zram.c
@@ -116,10 +116,12 @@ mount_zram_on_tmp(void)
waitpid(pid, NULL, 0);
}
 
-   ret = mount("/dev/zram0", "/tmp", "ext4", MS_NOSUID | MS_NODEV | 
MS_NOATIME, "errors=continue,noquota");
-   if (ret < 0) {
-   ERROR("Can't mount /dev/zram0 on /tmp: %m\n");
-   return errno;
+   if (!container) {
+   ret = mount("/dev/zram0", "/tmp", "ext4", MS_NOSUID | MS_NODEV 
| MS_NOATIME, "errors=continue,noquota");
+   if (ret < 0) {
+   ERROR("Can't mount /dev/zram0 on /tmp: %m\n");
+   return errno;
+   }
}
 
LOG("Using up to %ld kB of RAM as ZRAM storage on /mnt\n", zramsize);
diff --git a/plug/coldplug.c b/plug/coldplug.c
index c6a89c3..aabe379 100644
--- a/plug/coldplug.c
+++ b/plug/coldplug.c
@@ -43,13 +43,16 @@ void procd_coldplug(void)
char *argv[] = { "udevtrigger", NULL };
unsigned int oldumask = umask(0);
 
-   umount2("/dev/pts", MNT_DETACH);
-   umount2("/dev/", MNT_DETACH);
-   mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755,size=512K");
+   if (!container) {
+   umount2("/dev/pts", MNT_DETACH);
+   umount2("/dev/", MNT_DETACH);
+   mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, 
"mode=0755,size=512K");
+   mkdir("/dev/pts", 0755);
+   mount("devpts", "/dev/pts", "devpts", MS_NOEXEC | MS_NOSUID, 0);
+   }
+
ignore(symlink("/tmp/shm", "/dev/shm"));
-   mkdir("/dev/pts", 0755);
umask(oldumask);
-   mount("devpts", "/dev/pts", "devpts", MS_NOEXEC | MS_NOSUID, 0);
udevtrigger.cb = udevtrigger_complete;
udevtrigger.pid = fork();
if (!udevtrigger.pid) {
diff --git a/procd.c b/procd.c
index 3de6208..b938a2f 100644
--- a/procd.c
+++ b/procd.c
@@ -26,7 +26,7 @@
 #include "plug/hotplug.h"
 
 unsigned int debug;
-
+unsigned int container = 0;
 static int usage(const char *prog)
 {
fprintf(stderr, "Usage: %s [options]\n"
@@ -50,6 +50,11 @@ int main(int argc, char **argv)
unsetenv("DBGLVL");
}
 
+   char *env_container = getenv("container");
+   if (strcmp("lxc",env_container) != 0) {
+   container = 1;
+   }
+
while ((ch = getopt(argc, argv, "d:s:h:S")) != -1) {
switch (ch) {
case 'h':
-- 
2.20.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] procd: add SIGPWR as signal

2019-04-26 Thread Paul Spooren 
to use procd in LXC containers they have to support SIGPWR to shutdown.

Signed-off-by: Paul Spooren 
---
 initd/init.c | 1 +
 signal.c | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/initd/init.c b/initd/init.c
index 0349e6e..29eee50 100644
--- a/initd/init.c
+++ b/initd/init.c
@@ -77,6 +77,7 @@ main(int argc, char **argv)
sigaction(SIGTERM, _shutdown, NULL);
sigaction(SIGUSR1, _shutdown, NULL);
sigaction(SIGUSR2, _shutdown, NULL);
+   sigaction(SIGPWR, _shutdown, NULL);
 
early();
cmdline();
diff --git a/signal.c b/signal.c
index 07dda9a..9974153 100644
--- a/signal.c
+++ b/signal.c
@@ -44,6 +44,7 @@ static void signal_shutdown(int signal, siginfo_t *siginfo, 
void *data)
break;
case SIGUSR1:
case SIGUSR2:
+   case SIGPWR:
event = RB_POWER_OFF;
msg = "poweroff";
break;
@@ -90,6 +91,7 @@ void procd_signal(void)
sigaction(SIGINT, _shutdown, NULL);
sigaction(SIGUSR1, _shutdown, NULL);
sigaction(SIGUSR2, _shutdown, NULL);
+   sigaction(SIGPWR, _shutdown, NULL);
sigaction(SIGSEGV, _crash, NULL);
sigaction(SIGBUS, _crash, NULL);
sigaction(SIGHUP, _dummy, NULL);
-- 
2.20.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] RFC: check signatures of sysupgrades via ucert

2019-04-23 Thread Paul Spooren 
Hi all,

to improve security of the router sysupgrade process, it's sane to check
firmware images for signatures of trusted parties. While this should
always be optional (aka no vendor locking), it helps *basic* users to
easily verify that they are installing the image they intended.

It is already supported via ucert[0], but neither installed by default
nor really activate able by users. An improvement is done with this[1]
pull request, adding an UCI option and installing ucert by default (+176
Bytes).

Eventually all targets should support metadata and therefore signatures
within the metadata, once there, the image verification could be turned
on by default?

Please share your opinion!

Best,
Paul

[0]: https://git.openwrt.org/?p=project/ucert.git;a=summary
[1]: https://github.com/openwrt/openwrt/pull/1992



___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] RFC: procd patch to run as container/lxd

2019-03-20 Thread Paul Spooren 
Hi,

procd causes trouble when running in a LXD container, however would be
nice to use OpenWrt as small VMs.

There are patches [0] "fixing" the issue, but they're not really
upstream ready (for obvious reasons).

Would it be possible to add a detection to procd if it's running in an
"unprivileged" container and behave accordingly?

Thanks for all further thoughts!

Sunshine,
Paul

[0]: https://github.com/mikma/lxd-openwrt/tree/master/patches/procd-master



___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] buildbots: offer zsync support for snapshots

2019-02-05 Thread Paul Spooren 
Hi,

tl;dr: please run zsyncmake[0] on created snapshot SDK and IB archives

I'm offering a web service to download custom firmware images via an
API[1], this includes snapshot images. To stay up to date, all snapshot
ImageBuilders are daily re-downloaded. While being convenient for some
developers, this introduces quite some traffic. Would it be possible to
offer a .zsync file to allow delta downloads?

The command would be something like

    zsyncmake openwrt-imagebuilder*
    zsyncmake openwrt-sdk*

Paul

/mnt/worker/updater/imagebuilder/openwrt/snapshots# du -sh
14G .

[0]: https://linux.die.net/man/1/zsyncmake
[1]: https://chef.libremesh.org/


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] mapping metadata supported_devices to profile

2019-02-02 Thread Paul Spooren 
Hi,

I couldn't find a mapping between the profiles and the
"supported_devices" in the resulting firmware metadata. With a script I
extracted the metadata and created a mapping, maybe it is useful for
someone.

https://chef.libremesh.org/download/openwrt/18.06.1/mapping.txt

It only contains entries where the profile != supported_device.

Some profiles seem to lack metadata, I added a list as well

https://chef.libremesh.org/download/openwrt/18.06.1/missing.txt

Best
Paul


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] ar71xx: OM2P ImageBuilder no firmware when BIN_DIR used

2019-02-01 Thread Paul Spooren 
Hi all,

thanks to this[0] bug report I found that the ar71xx/generic
ImageBuilder doesn't create any firmware images for profile OM2P when
used with BIN_DIR.

My first guess is that it's somewhat related to a hard coded destination
which doesn't handle BIN_DIR. At the very end of an "successful" build log:

> if [ -e 
> "/home/aparcar/worker/imagebuilder/openwrt/18.06.2/ar71xx/generic/bin/targets/ar71xx/generic/openwrt-18.06.2-c9d037b0992cca4-ar71xx-generic-om2p-squashfs-factory.bin"
>  ]; then cp 
> "/home/aparcar/worker/imagebuilder/openwrt/18.06.2/ar71xx/generic/bin/targets/ar71xx/generic/openwrt-18.06.2-c9d037b0992cca4-ar71xx-generic-om2p-squashfs-factory.bin"
>  
> "/home/aparcar/worker/imagebuilder/openwrt/18.06.2/ar71xx/generic/bin/targets/ar71xx/generic/openwrt-18.06.2-c9d037b0992cca4-ar71xx-generic-om2p-squashfs-sysupgrade.bin";
>  fi

Running the following commands

$ make image PROFILE="OM2P"
$ ls
openwrt-18.06.2-ar71xx-generic-device-om2p.manifest  
openwrt-18.06.2-ar71xx-generic-vmlinux.bin
openwrt-18.06.2-ar71xx-generic-om2p-squashfs-factory.bin 
openwrt-18.06.2-ar71xx-generic-vmlinux.elf
openwrt-18.06.2-ar71xx-generic-om2p-squashfs-sysupgrade.bin  
openwrt-18.06.2-ar71xx-generic-vmlinux.lzma
openwrt-18.06.2-ar71xx-generic-root.squashfs 
openwrt-18.06.2-ar71xx-generic-vmlinux-lzma.elf
openwrt-18.06.2-ar71xx-generic-uImage-lzma.bin   sha256sums

$ make image PROFILE="OM2P" BIN_DIR="/tmp/test/"
$ ls /tmp/test/
openwrt-18.06.2-ar71xx-generic-device-om2p.manifest  
openwrt-18.06.2-ar71xx-generic-vmlinux.elf
openwrt-18.06.2-ar71xx-generic-root.squashfs 
openwrt-18.06.2-ar71xx-generic-vmlinux.lzma
openwrt-18.06.2-ar71xx-generic-uImage-lzma.bin   
openwrt-18.06.2-ar71xx-generic-vmlinux-lzma.elf
openwrt-18.06.2-ar71xx-generic-vmlinux.bin   sha256sums

Hopefully someone could fix this!

Best regards,
Paul

[0]: https://github.com/libremesh/chef/issues/79


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

<    1   2   3   4   5   6