Fixes following shellcheck's recommendations:
In scripts/download-check-artifact.sh line 24:
exit $1
^-- SC2086 (info): Double quote to prevent globbing and word splitting.
In scripts/download-check-artifact.sh line 53:
local sum="$(shasum -a 256 "$image_file")";
^-^ SC2155 (warning): Declare and assign separately to avoid masking return values.
In scripts/download-check-artifact.sh line 72:
cd "/tmp/verify.$$"
^-----------------^ SC2164 (warning): Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
In scripts/download-check-artifact.sh line 114:
printf "Keyserver to use? [$keyserver_url] > "
^-- SC2059 (info): Don't use variables in the printf format string. Use printf '..%s..' "$foo".
In scripts/download-check-artifact.sh line 115:
read url; case "${url:-$keyserver_url}" in
^--^ SC2162 (info): read without -r will mangle backslashes.
While at it make it clear, that it is possible to download/check any
build artifacts like even SDK or ImageBuilder.
Link: https://github.com/openwrt/openwrt/pull/16871
Signed-off-by: Petr Štetiar <ynezz@true.cz>
While checking wiki documentation about GPG signatures checking I found
this nice script and I've thought, that it would be nice to provide it
officially instead of some random internet site.
Usage example:
$ ./scripts/download-check-artifact.sh https://downloads.openwrt.org/snapshots/targets/mediatek/filogic/openwrt-mediatek-filogic-openwrt_one-squashfs-sysupgrade.itb
1) Downloading image file
=========================
########################################### 100.0%
2) Downloading checksum file
============================
########################################### 100.0%
3) Downloading the GPG signature
================================
########################################### 100.0%
4) Verifying GPG signature
==========================
gpg: Signature made Tue 05 Nov 2024 05:21:50 PM UTC
gpg: using EDDSA key 92C561DE55AE6552F3C736B82B0151090606D1D9
gpg: Good signature from "OpenWrt Build System (Nitrokey3) <contact@openwrt.org>" [ultimate]
Primary key fingerprint: 8A8B C12F 46B8 36C0 F9CD B36F 1D53 D187 7742 E911
Subkey fingerprint: 92C5 61DE 55AE 6552 F3C7 36B8 2B01 5109 0606 D1D9
5) Verifying SHA256 checksum
============================
openwrt-mediatek-filogic-openwrt_one-squashfs-sysupgrade.itb: OK
Verification done!
==================
Downloaded artifact placed in '/var/home/ynezz/dev/openwrt/openwrt.git/openwrt-mediatek-filogic-openwrt_one-squashfs-sysupgrade.itb'
Cleaning up.
Adding file in a state as downloaded from https://www.abitare.org/bin/download.sh
References: https://openwrt.org/docs/guide-quick-start/verify_firmware_checksum?s[]=gpg#linux
Signed-off-by: David S. H. Rosenthal <dshr@abitare.org>
Link: https://github.com/openwrt/openwrt/pull/16871
Signed-off-by: Petr Štetiar <ynezz@true.cz>
It seems some target started declaring package in DEVICE_PACKAGES just
to call InstallDev and generate binary for the image firmware.
This is very much used by layerscape target where trusted-firmware-a and
dependency are called for final image generation.
This is problematic for APK since it's more sensible to non exisiting
package.
To handle this, introduce a prefix '~' for a package that will signal to
build the package but not install it in the final image.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This script will reorder the content of all config-* files in the target
folder. It will also remove duplicates. It will not remove options
already defined in the generic configuration.
Link: https://github.com/openwrt/openwrt/pull/16743
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The larger switches of the Linksys LGS series (e.g. LGS352C) make
use of NAND. So the vendor firmware uses other commands to upload
an image through the WebUI.
Add the required scripts. With this we can upload an image to all
devices of that series. Independant of NOR or NAND.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
Link: https://github.com/openwrt/openwrt/pull/16711
Signed-off-by: Robert Marko <robimarko@gmail.com>
For some reason the new belkin-header.py script works without issues
in a local Fedora build environment. In the OpenWrt build pipeline it
produces the following errors:
Traceback (most recent call last):
File "/builder/shared-workdir/build/scripts/belkin-header.py", line 92, in <module>
head = create_header(buf, args.belkin_header, args.belkin_model)
File "/builder/shared-workdir/build/scripts/belkin-header.py", line 68, in create_header
head[28:29] = VERSION1.to_bytes(1)
TypeError: to_bytes() missing required argument 'byteorder' (pos 2)
This may be related due to different python version. Fix this by
handing over the needed parameters
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
Link: https://github.com/openwrt/openwrt/pull/16667
Signed-off-by: Robert Marko <robimarko@gmail.com>
When a target is installed from a feed, the linux kernel package is scanned
before the installation of this target.
If some kernel module packages are defined in this feeds at the target
level, there were not parsed during the scan of linux kernel package, as
the target didn't exist yet. So these kernel module packages don't exist.
Once the target is installed, clean the linux kernel packageinfo to force
the scan of the linux kernel package next time this script (or the make
command) is called.
Signed-off-by: Thomas Richard <thomas.richard@bootlin.com>
Link: https://patchwork.ozlabs.org/project/openwrt/patch/mailman.117548.1727195440.1280.openwrt-devel@lists.openwrt.org/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hardware specification
----------------------
* RTL8380M SoC, 1 MIPS 4KEc core @ 500MHz
* 256MB DRAM
* 32MB NOR Flash
* 8 x 10/100/1000BASE-T ports
* 2 x SFP ports
* Power LED, Fault LED
* Reset button on front panel
* UART (115200 8N1) via populated standard pin header marked JP1
TODO: The SFP ports use a shared SCL GPIO that the driver cannot handle.
The left SFP port (lan9) is defined and fully functional while the laser
on the right SFP port (lan10) is off by default.
UART pinout
-----------
[o]ooo|JP1
| ||`------ GND
| |`------- RX
| `-------- TX
`---------- Vcc (3V3)
Installation using OEM webinterface
-----------------------------------
1. Make sure you are running OEM firmware in secondary slot
2. Install squashfs-factory.imag to primary slot by upload via http
Installation using serial interface
-----------------------------------
1. Press "a" "c" "p" during message "Enter correct key to stop autoboot"
2. Load image with "upgrade runtime <TFTP IP>:squashfs-sysupgrade.bin" command
3. Switch to primary slot with "setsys bootpartition 0"
4. Store config with "savesys"
5. Boot the image with `boota` command
Dual-boot with stock firmware using writable u-boot-env
-------------------------------------------------------
From stock to OpenWrt / primary image 1 (CLI as admin):
- > boot system image1
- > reboot
From OpenWrt to stock / boot image 2: (shell as root)
- # fw_setsys bootpartition 1
- # reboot
Debrick using serial interface
------------------------------
1. Press "a" "c" "p" during message "Enter correct key to stop autoboot"
2. Load vendor image with "upgrade runtime <TFTP IP>:LGS310xxxxx.imag"
3. switch to primary partition "setsys bootpartition 0"
4. safe config "savesys"
Further documentation
---------------------
See https://openwrt.org/toh/linksys/lgs352c
It has been developed and tested on device with v1 revision.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
Link: https://github.com/openwrt/openwrt/pull/16068
[Add missing 'w' in name of firmware partition]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
This script hasn't seen an update in multiple years, update it to the
latest version provided upstream.
Both `config.guess` and `config.sub` are copied from upstream[1] and not
modified.
The full changelog is available within the upstream repository[1].
[1]: https://git.savannah.gnu.org/git/config.git
Link: https://github.com/openwrt/openwrt/pull/16536
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add feed update option '-s' that performs 'git pull --rebase --autostash':
* possible local uncommited changes are autostashed before pull,
* local commits are then rebased on top of the new commits pulled
from origin and
* finally git does 'stash pop'.
This enables feed update while there are local development commits
and possibly also local uncommited changes.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/15377
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add feed update option '-r' to perform "git pull --rebase" so that
possible local commits are rebased on top of the new commits pulled
from origin. That enables git pull while there are local
development commits.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/15377
Signed-off-by: Robert Marko <robimarko@gmail.com>
Fix broken link generation for KERNEL projects.
Using $1 in projectsmirrors sub was still referencing the caller $1
instead of the remaining args of projectsmirrors sub.
Use shift and put the second arg of projectsmirrors sub in $append to
correctly handle the sub args.
Fixes: 465cf35888 ("scripts/download.pl: detach mirror URLs from script file")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Detach URL from download script to make it easier to change and update
the URLs.
The mirror list is moved to a JSON file in the scripts directory called
projectsmirrors.json.
Link: https://github.com/openwrt/openwrt/pull/15745
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add missing libc library spec that weren't added to the ext-toolchain
script when the library were introduced in the packages libs toolchain
Makefile.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Per the CycloneDX 1.4 spec, the `metadata.timestamp` field contains
the date/time when the BOM was created [1].
Before the change, the value generated by the package-metadata.pl
script would look like this:
2024-06-03T15:51:10
CycloneDX 1.4 relies on the JSON Schema specification version draft-07,
which defines the `date-time` format [2] as derived from RFC 3339,
section 5.6 [3]. In this format, the `time-offset` component is required,
however in the original version of package-metadata.pl it is omitted.
This is causing problems with OWASP Dependency-Track version 4.11.0 or
newer, where it now validates submitted SBOMs against the JSON schema
by default [4]. SBOMs with incorrect timestamp values are rejected with
the following error:
{
"detail": "Schema validation failed",
"errors": [
"$.metadata.timestamp: 2024-06-03T15:51:10 is an invalid date-time"
],
"status": 400,
"title": "The uploaded BOM is invalid"
}
Add explicit `Z` (UTC) timezone offset in the `timestamp` field
to satisfy the CycloneDX schema.
[1]: https://github.com/CycloneDX/specification/blob/1.4/schema/bom-1.4.schema.json#L116-L121
[2]: https://json-schema.org/draft-07/draft-handrews-json-schema-validation-01#rfc.section.7.3.1
[3]: https://datatracker.ietf.org/doc/html/rfc3339#section-5.6
[4]: https://github.com/DependencyTrack/dependency-track/pull/3522
Signed-off-by: Roman Azarenko <roman.azarenko@iopsys.eu>
Add GNU's redirector which automatically redirect user to nearby online
mirror.
Signed-off-by: Sahil Dhiman <sahil@hopbox.in>
Link: https://github.com/openwrt/openwrt/pull/15557
Signed-off-by: Robert Marko <robimarko@gmail.com>
Prior e8725a932e, version used to be
VERSION:=$(PKG_VERSION)-$(PKG_RELEASE)
After e8725a932e, the version is:
VERSION:=$(PKG_VERSION)-r$(PKG_RELEASE)
Hence the gen_*_cyclonedxsbom functions need to be updated to remove
the trailing -r prefix in the version in order to generate correct
version info in the SBOM.
Signed-off-by: Akshay Bhat <nodeax@gmail.com>
Fix revision calculation when local branch is rebased on new "main" branch
instead of "master".
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
Link: https://github.com/openwrt/openwrt/pull/15538
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
A new option called `USE_APK` is added which generated APK packages
(.apk) instead of OPKG packages (.ipk).
Some features like fstools `snapshot` command are not yet ported
Signed-off-by: Paul Spooren <mail@aparcar.org>
Text of a commit message body should wrap at 75 characters. Manual commits
are expected to do so, but automated commits *must* do so to avoid adding
repeated ugly commits.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Apart from being misspelled ('dymamic' vs. 'dynamic') and a mismatch of
the number of parameters, there is also simply no need to add the 'dynamic'
volume type keyword as 6th parameter as that's the default anyway.
Fix and simplify the ubinize-image.sh script to work as intended.
Fixes: 6c17d71973 ("scripts: ubinize-image.sh: support static volumes, make size optional")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
While we have included the needed changes via a merge commit, there is
no need to keep it. Lets drop the merge commit, which we can do as we
haven't pushed anything.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
The current solution using `find` introduces a racecondition, where `find`
and `git mv` get in each others way. While this could be fixed with
more-utils sponge command (or even sort -u) to buffer the output of
find.
However, a much better approach, is to query the git index directly,
which will not change, and is far more accurate.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Instead of looping of a directory to find directories related to kernel
changes, use the git index instead.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
In some cases, we want to only migrate configuration files, e.g. if the
kernel was bumped already. Lets add a flag for this case to offer
flexibility. By default we will migrate configuration flags as before.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Determine the target directory based on the script location, which might
work better in some cases, but at least also allows the script to be ran
from with any location in the OpenWRT repository.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
If a version string was not supplied, we currently print an empty
string. We can do better here. Also by popular demand, print the usage
information in case of error.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Naivly and lazyly the leading v was only dropped from optarg, not from any
environment variable.
Lets do this properly and ensure a leading 'v' is always dropped.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Due to potential fears of copyright infringement noted by Elliott
Mitchell [0], rewrite our message to belong to OpenWRT.
Note, AI was used to aid in construction of this sentence.
[0]: https://lists.openwrt.org/pipermail/openwrt-devel/2024-March/042422.html
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Instead of relying on env variables for setting the ZSTD compression
configuration we can simply do what we do for IB, SDK and the rest and
use tar -I to pass "zstd -T0 --ultra -20" directly.
This makes it rather clear what is being done and allows to drop the
zstd CLI max level override as its usually capped at level 19.
Signed-off-by: Robert Marko <robimarko@gmail.com>
For years, we have struggled and been frustrated at loosing history of
files in git, due to the 'copy + add' strategy. This could have been
prevented with a double-commit 'mv + add' trick.
On the mailing list [0] the discussion was started to put the
instructions in a wiki. Instead, it is much better to just script it and
put it in the repo.
Instead of doing mv + copy, which leads to two commits, but no history
on the copied files, it uses move, + copy and merge, which results in
three (merge) commits, but keeps the history of all files. As always
with renames, `--follow` will be needed.
The tool is trivial and works either in the OpenWrt git root directory,
or in the actual target directory.
Tested on the `realtek` and generic targets.
Note, that the tool does not do any of the labor needed after the move,
such as updating configs, dropping patches etc.
To make sure this script is easily found by any developer, who just
wants to do a kernel bump, the script is added here and not to
maintainer-tools repo as those scripts are a little bit more specialized.
Bumping a kernel is a trivial task that often regular developers do,
where most do not even know the existence of maintainer tools, are not
part of the main repo they'd clone, not part of the docker container
they'd use and so discoverability is probably much more important.
[0]: https://lists.openwrt.org/pipermail/openwrt-devel/2023-October/041673.html
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Tested-by: Robert Marko <robimarko@gmail.com>
Tested-by: Weijie Gao <hackpascal@gmail.com>
The main goal here is to keep this close to upstream.
Changes include:
- allow symbols implied by y to become m
- make 'imply' obey the direct dependency
- allow only 'config', 'comment', and 'if' inside 'choice'
- qconf: make search fully work again on split mode
- qconf: navigate menus on hyperlinks
- remove '---help---' support
- qconf: allow to edit "int", "hex", "string" menus in-place
- qconf: drop Qt4 support
- nconf: fix core dump when searching in empty menu
- nconf: stop endless search loops
- Create links to main menu items in search
- fix segmentation fault in menuconfig search
- nconf: Add search jump feature
- port qconf to work with Qt6 in addition to Qt5
- fix possible buffer overflow
- fix memory leak from range properties
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
As stated in the cycloneDX documentation, the field "type" is mandatory for all components.
More details here (https://cyclonedx.org/docs/1.5/json/#components_items_type)
Signed-off-by: Cedric DOURLENT <cedric.dourlent@softathome.com>
When `log.showSignature` is set, it causes the `SOURCE_DATE_EPOCH` to
include a textual signature description on OpenPGP-signed commits,
because Git prints the description into stdout. This then causes some
scripts to fail because they cannot parse the date from the variable.
Adding an explicit `--no-show-signature` prevents the signatures from
being displayed even when one has Git configured to show them by
default, fixing the scripts.
Signed-off-by: Oto Šťáva <oto.stava@gmail.com>
Make sure ubinize-image.sh also works with more simple POSIX Shell and
allow creating complete custom images to be used as ARTIFACT/foo.img
and thereby allow including uImage.FIT, TF-A FIP and what ever else
is required on a specific board.
Fixes: 6c17d71973 ("scripts: ubinize-image.sh: support static volumes, make size optional")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
In order to support devices having TF-A FIP image or UBI-aware U-Boot
SPL we need to include a static volume for the bootloader.
Introduce support for adding additional static volumes by prefixing
the filename with ':', eg.
UBINIZE_PARTS := fip:=$(STAGING_DIR_IMAGE)/u-boot.fip
Also add support for rootfs-in-uImage.FIT setups which don't require a
rootfs partition and make the (3rd) size parameter in UBINIZE_PARTS
optional (see example above without declared size).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
On some platforms, some firmware files might look like executables.
These need to be ignored in order to avoid messing them up.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Previously the script would calculate the size of the compressed archive
which isn't the size installed in the overlayfs.
This commit uses zcat in combination with wc to calculate the
umcompressed size.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The manifest should provide as much information as possible about the
package, including the project URL. With this commit the URL is stored
as it's own attribute instead of at the end of the description.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Run the invocation of Make with verbosity in order to
prevent the printing of Makefile level and subtarget status.
e.g. make[3] -C target/linux val.DEFAULT_PACKAGES val.ARCH_PACKAGES
Remove piping of stderr, which is only useful when using
the "communicate" method over the "run" method,
and this script would not be written to handle a captured error anyway.
For error testing, stdout and stderr can be set to a file object
with the open() function like this:
out = open('json_out', 'w')
err = open('json_err', 'w')
...
...
stdout=out,
stderr=err,
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Current factory image sizes for Linksys devices are 256-byte aligned. This
is not an issue writing factory images from the OpenWrt or Linksys GUIs,
but can lead to failures using a TFTP client from the Linksys bootloader:
NAND write: device 1 offset 0x2800000, size 0xc00100
Attempt to write to non page aligned data
NAND write to offset 2800000 failed -22
0 bytes written: ERROR
Simplify Linksys footer creation by migrating to a makefile build recipe,
and pre-pad the footer (with 0xFF) to ensure the final image is $(PAGESIZE)
aligned. Finally, remove the old linksys-image.sh script no longer needed.
Linksys footer details are given below for future reference. The 256-byte
footer is appended to factory images and tested by both the Linksys
Upgrader (observed in EA6350v3) and OpenWrt sysupgrade.
Footer format:
.LINKSYS. Checked by Linksys upgrader before continuing. (9 bytes)
<VERSION> Upgrade version number, unchecked so arbitrary. (8 bytes)
<TYPE> Model of device, space padded (0x20). (15 bytes)
<CRC> CRC checksum of factory image to flash. (8 bytes)
<padding> Padding ('0' + 0x20 * 7) (8 bytes)
<signature> Signature of signer, unchecked so arbitrary. (16 bytes)
<padding> Padding with nulls (0x00) (192 bytes)
Link: https://github.com/openwrt/openwrt/pull/11405#issuecomment-1358510123
Link: https://github.com/openwrt/openwrt/pull/11405#issuecomment-1587517739
Reported-by: Stijn Segers <foss@volatilesystems.org>
Reported-by: Wyatt Martin <wawowl@gmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
