Commit Graph

34 Commits

Author SHA1 Message Date
Christian Marangi
578f266ad7
imagebuilder: complete support for local signing keys
Complete support for local signing keys for APK.

A local key will be always generated, mkndx is always called with
--allow-untrusted as it needs to replace the sign key with the new local
one.

With CONFIG_SIGNATURE_CHECK the local index is signed with the local
key. Local public key is added with the ADD_LOCAL_KEY option.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-10-29 00:07:52 +01:00
Christian Marangi
23e27d21d5
build: detach apk repository handling from rootfs.mk
To better support imagebuilder declaring --repositories-file on calling
apk macro, detach this and --repository from rootfs.mk macro and move it
to package Makefile and image.mk where they are used to permit a more
generic usage.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-10-29 00:07:51 +01:00
Christian Marangi
b569d0cc3f
include/rootfs: improve readability of OPKG status fixup block
Improve readability of OPKG status fixup block.

Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-06-11 23:58:12 +02:00
Christian Marangi
b92e62d464
include/rootfs: rework handling of post-install scripts for APK
Rework handling of post-install scripts for APK. As we do with OPKG,
lets just iterate between each post-install package so we can actually
check if something fail in applying them.

To do this we first extract each .post-install script in APK
scripts.tar.

Also remove these files from final image as they are needed only for the
first installation of the packages.

Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-06-11 23:58:11 +02:00
Paul Spooren
c1e0f99ef8 apk: disable rootfs repositories during build
Since we set the root for APK it tries to use those during the build,
which shouldn't happen since local package are used instead.

Disable the repositories by manually setting an empty repository.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2024-05-20 18:08:28 +03:00
Christian Marangi
f46867e5cc
include/rootfs: skip removal of APK cache now deprecated
Skip removal of APK cache since now deprecated as APK doesn't make use
of cache anymore in our configuration.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-05-19 15:05:10 +02:00
Paul Spooren
52a225cba4 rootfs: fix USE_APK detection
Due to missing quotes the script would wrongly assume APK to be enabled
and don't run post install scripts, breaking pretty much everything.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2024-05-18 23:15:22 +03:00
Paul Spooren
d788ab376f build: add APK package build capabilities
A new option called `USE_APK` is added which generated APK packages
(.apk) instead of OPKG packages (.ipk).

Some features like fstools `snapshot` command are not yet ported

Signed-off-by: Paul Spooren <mail@aparcar.org>
2024-05-17 23:21:26 +03:00
Daniel Golle
68968fc981
Revert "build: don't drop 'user' flag when using the ImageBuilder"
This reverts commit c42b915af0.
Now that rpcd uses the 'Auto-Installed' field to differentiate between
deliberately and implicitely installed packages we can remove the
hotfix.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-23 15:59:09 +01:00
Daniel Golle
c42b915af0 build: don't drop 'user' flag when using the ImageBuilder
Commit be9023ed43 ("build: fix opkg flags in rootfs") introduced a
call to 'awk' which removes the 'user' flag from all installed
packages in the opkg status file. While is is somehow desireable when
building images directly within the buildroot, when using the
ImageBuilder dropping the 'user' flag means loosing information about
a package being deliberately selected or just implicitely pulled as a
dependency. And that then break tools like 'auc' which request only
packages having the 'user' flag from the asu server, resulting in
broken images being delivered to users.

Restore the original behavior in case of an image being created using
the ImageBuilder.

Fixes: be9023ed43 ("build: fix opkg flags in rootfs")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-20 21:18:44 +00:00
Justin Klaassen
be9023ed43 build: fix opkg flags in rootfs
By default opkg sets the "user" flag when a package is installed,
which resulted in most packages in the rootfs having this flag
set incorrectly. This patch removes the "user" flag from all
installed packages when preparing the rootfs image.

Fixes: #14427
Signed-off-by: Justin Klaassen <justin@tidylabs.app>
2024-02-16 10:01:19 +01:00
Paul Spooren
173ea745ab build: reduce cleanup binary calls in rootfs.mk
Both `find` and `rm` only need to be called once for folders and files.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-12-05 22:07:00 -10:00
Paul Spooren
1fdf6b745c treewide: replace which with command -v
Fix shellcheck SC2230
> which is non-standard. Use builtin 'command -v' instead.

Using `command -v` is POSIX compliant while `which` is not.  Also to
mention, `command -v` is a shell builtin whereas `which` is a separate
busybox applet.

Once applied to everything concerning OpenWrt we can disable the busybox
feature `which` and save 3.8kB.

Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Paul Spooren <mail@aparcar.org>
[also replace cases in zram-swap]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-12 11:08:05 +02:00
Alexander Couzens
8cb13f4e6d
rootfs.mk: ensure all timestamp are set to SOURCE_DATE_EPOCH
Some tools doesn't support SOURCE_DATE_EPOCH (e.g. initramfs images).
Ensure all files of a root filesystem are set to SOURCE_DATE_EPOCH.
Make initramfs builds reproducible (for ramips).

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-09-21 03:26:38 +02:00
Richard Musil
71ab2c9d17 imagebuilder: new DISABLED_SERVICES make variable
Adds a new variable DISABLED_SERVICES to ImageBuilder Makefile, which
defines a list of services (installed as /etc/init.d/*) to be disabled
during the build of a custom image (normally all are enabled).

It comes handy when a particular service should not be run under normal
circumstances, but should be ready in the image for situations when it
might be needed.

Signed-off-by: Richard Musil <risa2000x@gmail.com>
2019-05-15 13:34:24 +02:00
Tomasz Maciej Nowak
31075313bf include/rootfs.mk: remove boot directory
Currently every file in boot directory is copied over target /boot on
root file system and is usually inaccessible because appropriate boot
file system is mounted on top of it. Therefore remove /boot, which in
result will also save space on target root file system.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2018-11-26 12:05:44 +01:00
Matthias Schiffer
2fbf669730
imagebuilder: reuse rootfs preparation from rootfs.mk
In addition to removing redundant code, this fixes various issues in
IB-generated images that have been fixed in prepare_rootfs before,
including better handling of CONFIG_CLEAN_IPKG and enabling of initscripts
from FILES.

We also reuse the opkg macro and remove --force-... flags that have been
removed from rootfs.mk as well.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-07 09:59:08 +01:00
Matthias Schiffer
cf1c7c0f17
include/rootfs.mk: pass additional files dir to prepare_rootfs as an argument
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-07 09:59:07 +01:00
Matthias Schiffer
6ab50bb10d
include/rootfs.mk: retain list of conffiles with CONFIG_CLEAN_IPKG
/usr/lib/opkg/status must not be removed completely, otherwise the
packages' conffile lists will be missing. Replace it with a reduced version
only containing the conffile entries.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-07 09:58:50 +01:00
Matthias Schiffer
d2daaf8f40
include/rootfs.mk: do not remove opkg prerm scripts during rootfs preparation
When a user removes a preinstalled opkg package, the package's prerm script
(and in particular our default_prerm) should run.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-07 08:49:45 +01:00
Yousong Zhou
60ad837bea procd: fix procd_lock() when prepare_roofs
This fixes the following errors when doing "make package/install"

    /home/yousong/git-repo/lede-project/lede/build_dir/target-mips_24kc_musl/root-malta/lib/functions/procd.sh: line 47: /home/yousong/git-repo/l
    ede-project/lede/build_dir/target-mips_24kc_musl/root-malta/var/lock/procd_urandom_seed.lock: No such file or directory
    flock: 1000: Bad file descriptor

Fixes FS#1260

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-28 09:51:06 +08:00
Yousong Zhou
dac629f710 build: cleanup tmp/ dir of target rootfs
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-02 22:10:50 +08:00
Matthias Schiffer
7e1fc09c4f
include/rootfs.mk: keep Require-User lines with CONFIG_CLEAN_IPKG
Require-User is handled by /etc/uci-defaults/13_fix_group_user on first
boot, so we need to keep these when removing all opkg data with
CONFIG_CLEAN_IPKG.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-24 17:18:36 +01:00
Felix Fietkau
64c386c566 build: remove stale .ipk files if package dir changes
If a package nonshared status is changed, a stale .ipk file might still
be present in the old package directory. Remove the .ipk file from all
package directories when building a new one (or explicitly running
clean)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-11-08 10:49:51 +01:00
Matthias Schiffer
5b99693832
rootfs: fail on errors in postinst scripts
The Gluon firmware framework [1] uses postinst scripts for sanity checks.
Make the build fail when a postinst script exits with an error to make
these sanity checks effective.

All postinst scripts in packages from the LEDE core and the packages feed
seem to work correctly with this change and will always return 0 unless
something is very broken.

[1] https://github.com/freifunk-gluon/gluon

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-26 17:57:58 +02:00
Matthias Schiffer
021b96d7c5
rootfs: remove unnecessary and potentially harmful force flags from opkg call
Especially --force-overwrite and --force-depends will often lead to broken
images; it's better to fail the build in such cases than to silently ignore
the errors.

Instead, ignore errors in the per-device rootfs opkg remove command, so
the build doesn't break when packages can't be removed because of
dependencies.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-26 17:57:58 +02:00
Matthias Schiffer
663145e419
image: fix CONFIG_CLEAN_IPKG with CONFIG_TARGET_PER_DEVICE_ROOTFS
Running prepare_rootfs on TARGET_DIR deletes the opkg state when
CONFIG_CLEAN_IPKG is enabled, making the per-device rootfs package install
fail.

To avoid this, create a copy of the TARGET_DIR before prepare_rootfs is run
and use this as basis for per-device rootfs generation.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-25 09:30:55 +02:00
Matthias Schiffer
c15d70c6d6
image: don't override opkg list directory in per-device rootfs mode
opkg's -l option is always interpreted relative to the installation root.
This leads to very weird paths inside the rootfs (containing the whole path
to the LEDE tree on the build machine) and causes the subsequent deletion
of the list directory to fail (cluttering the resulting images).

Instead, use the default list directory and remove its contents in
prepare_rootfs.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-24 03:37:08 +02:00
Felix Fietkau
653cb2594d build: set TMPDIR for opkg calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 10:18:26 +02:00
Felix Fietkau
731b166528 build: add template for getting opkg package files from package names
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 10:18:26 +02:00
Felix Fietkau
5d30bf8303 build: rework opkg command invocation
Drop included $(XARGS), add support for passing target dir via parameter

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 10:18:26 +02:00
Felix Fietkau
37e82e4e42 build: remove obsolete variables from opkg command
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 10:18:26 +02:00
Felix Fietkau
7dffc32ffa build: rework prepare_rootfs to pass target dir via parameter
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 10:18:26 +02:00
Felix Fietkau
973e6e1d71 build: move rootfs processing code to include/rootfs.mk so it can be reused later
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 10:18:26 +02:00