Commit Graph

17061 Commits

Author SHA1 Message Date
Jason A. Donenfeld
80a6d3d4a2 wireguard: bump to 1.0.20200729
* compat: rhel 8.3 beta removed nf_nat_core.h
* compat: ipv6_dst_lookup_flow was ported to rhel 7.9 beta

This compat tag adds support for RHEL 8.3 beta and RHEL 7.9 beta, in addition
to RHEL 8.2 and RHEL 7.8. It also marks the first time that
<https://www.wireguard.com/build-status/> is all green for all RHEL kernels.
After quite a bit of trickery, we've finally got the RHEL kernels building
automatically.

* compat: allow override of depmod basedir

When building in an environment with a different modules install path, it's
not possible to override the depmod basedir flag by setting the DEPMODBASEDIR
environment variable.

* compat: add missing headers for ip_tunnel_parse_protocol

This fixes compilation with some unusual configurations.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-08-03 23:14:24 +02:00
Adrian Schmutzler
50413e1ec8 package: replace remaining occurrences of ifconfig with ip
ifconfig is effectively deprecated for quite some time now. Let's
replace the remaining occurrences for packages by the
corresponding ip commands now.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-03 10:42:35 +02:00
Magnus Kroken
48a9d99a21 openvpn: revise sample configuration
Update the openvpn sample configurations to use modern options in favor
of deprecated ones, suggest more sane default settings and add some
warnings.

* Add tls_crypt and ncp_disable to the sample configuration
* Replace nsCertType with remote_cert_tls in client sample configuration
* Comment out "option compress", compression should not be preferred
* Advise 2048-bit Diffie-Hellman parameters by default
* Add warnings about compression and use of Blowfish (BF-CBC)

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-08-01 14:54:39 +01:00
Rui Salvaterra
9565c5726a uboot-envtools: ath79: add support for the Nanostation M (XM)
Tested on an AirGrid M2 (AG‑HP‑2G16).

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-08-01 14:54:39 +01:00
Rui Salvaterra
f2af32c20c wireguard-tools: allow compiling with MIPS16 instructions
The wg utility compiles and runs without issues in MIPS16 mode, despite setting
PKG_USE_MIPS16:=0 in the makefile. Let's remove this, allowing for a substantial
size reduction of the wg executable. Since wg is a just a configuration utility,
it shouldn't be performance-critical, as the crypto heavy-lifting is done on the
kernel side.

wg sizes for both modes:

MIPS32: 64309 bytes
MIPS16: 42501 bytes

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-08-01 14:54:39 +01:00
Rosen Penev
cd41234d2f exfat: add out of tree module
>From an email conversation with the person responsible for upstreaming
the exFAT driver, it seems the staging one in kernel 5.4 is not so
good. Excerpts below.

Namjae Jeon:
Hm... exfat in 5.4 kernel  that we did crap shit long time ago is
contributed by someone who we don't know.
This version is unstable and low quality code. We have been improving
it continuously.
and staging version exfat is removed from linux 5.7 kernel.

linux exfat oot  version is a backport of exfat in linux 5.7 kernel to
support lower version kernel, and it is a real.
You can see the patch history fro linux-exfat-oot.
this version support timezone and boot sector verification feature newly.
and better filesystem structure and much clean code quality that
reviewed by high profile kernel developers. and add many bug fixes.
And this version is officially maintained by me and kernel guys.

I would not recommend to use staging exfat version.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-01 14:54:39 +01:00
Rosen Penev
d157ee0c12 staging: remove staging exfat driver
This will be replaced with the driver found in newer kernels.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-08-01 14:54:39 +01:00
David Bauer
68bf5a9659 mac80211: don't kill wireless daemon on teardown
Don't kill the wireless daemon on teardown. hostapd as well as
wpa_supplicant are managed by procd which would detect the shutdown of
either process as a crash loop.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-31 19:52:03 +02:00
David Bauer
8b3e170526 hostapd: fix incorrect service name
When retrieving the PID for hostapd and wpa_supplicant via ubus the
wrong service name is currently used. This leads to the following error
in the log:

netifd: radio0 (1409): WARNING (wireless_add_process):
executable path /usr/sbin/wpad does not match process  path (/proc/exe)

Fixing the service name retrieves the correct PID and therefore the
warning won't occur.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-31 19:51:51 +02:00
Adrian Schmutzler
65305cb448 kirkwood: use real model names for Linksys devices
This replaces the internal device names "Audi" and "Viper" with the
real model names, which a user would look for. This makes the
Linksys devices on this target consistent with the names recently
changed for mvebu based on the same idea.

As a consequence, the "viper" device definition is split into two
separate definitions with the correct names for both real models.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-31 15:03:43 +02:00
Tony Ambardar
217877d046 base-files: mount bpffs at boot
Explicitly mount the BPF filesystem if available. This is used for pinning
eBPF programs and maps, making them accessible to other eBPF programs or
from userspace with the help of libbpf or bpftool.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
[daniel@makrotopia.org: bumped PKG_RELEASE]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-31 13:43:03 +01:00
Adrian Schmutzler
c4dd7fc23b hostapd: reorganize config selection hierarchy for WPA3
The current selection of DRIVER_MAKEOPTS and TARGET_LDFLAGS is
exceptionally hard to read. This tries to make things a little
easier by inverting the hierarchy of the conditions, so SSL_VARIANT
is checked first and LOCAL_VARIANT is checked second.

This exploits the fact that some of the previous conditions were
unnecessary, e.g. there is no hostapd-mesh*, so we don't need
to exclude this combination.

It also should make it a little easier to see which options are
actually switched by SSL_VARIANT and which by LOCAL_VARIANT.

The patch is supposed to be cosmetic.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-31 11:40:15 +02:00
Adrian Schmutzler
02d6ac1060 base-files: fwtool: make compat_version backward compatible
So far, the compatibility mechanism only works if both device and
image are already updated to the new routines. This patch extends
the sysupgrade metadata and fwtool_check_image() to account for
"older" images as well:

The basic mechanism for older devices to check for image compatibility
is the supported_devices entry. This can be exploited by putting
a custom message into this variable of the metadata, so older FW
will produce a mismatch and print the message as it thinks it's the
list of supported devices. So, we have two cases:

device 1.0, image 1.0:
  The metadata will just contain supported_devices as before.

device 1.0, image 1.1:
  The metadata will contain:

  "new_supported_devices":["device_string1", "device_string2", ...],
  "supported_devices":["Image version 1.1 incompatible to device: ..."]

  If the device is "legacy", i.e. does not have the updated fwtool.sh,
  it will just fail with image check and print the content of
  supported_devices. If DEVICE_COMPAT_MESSAGE is set, this will be
  printed on old devices as well through the same mechanism. Otherwise
  a generic "Please check documentation ..." is appended.

  Upgrade can still be performed with -F like when
  SUPPORTED_DEVICES has been removed to prevent bricking.

  If the device has updated fwtool.sh (but is 1.0), it will just use
  the new_supported_devices instead, and work as intended (flashing
  with -n will work, flashing without will print the appropriate
  warning).

This mechanism should provide a fair tradeoff between simplicity
and functionality.

Since we touched a lot of fields in metadata, this also bumps
metadata_version to 1.1.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-31 11:40:15 +02:00
Adrian Schmutzler
ad3e1f9db4 base-files: fwtool: implement compatibility check for images
We regularly encounter the situation that devices are subject to
changes that will make them incompatible to previous versions.
Removing SUPPORTED_DEVICES will not really be helpful in most of these
cases, as this only helps after a rename.

To solve this situation, this patchset introduces a compatibility
version for devices. In this patch, the actual checks are implemented
into fwtool_check_image():

If an incompatible change is introduced, one can increase either
the minor version (1.0->1.1) or the major version (1.0->2.0).

Minor version increment:
This will still allow sysupgrade, but require to reset config
(-n or SAVE_CONFIG=0). If sysupgrade is called without -n, a
corresponding message will be printed. If sysupgrade is called
with -n, it will just pass, with supported devices being checked
as usual. (Which will allow us to add back SUPPORTED_DEVICES for
many cases.)

Major version increment:
This is meant for potential (rare) cases where sysupgrade is
not possible at all, because it would break the device.
In this case, a warning will be printed, and -n won't help.

If image check fails because of one of the versions parts not
matching, the content of DEVICE_COMPAT_MESSAGE is printed in
addition to the generic message (if set).

For both cases, upgrade can still be forced with -F as usual.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-31 11:40:15 +02:00
Adrian Schmutzler
735de53b2a base-files: add support for compat_version on device
We regularly encounter the situation that devices are subject to
changes that will make them incompatible to previous versions.
Removing SUPPORTED_DEVICES will not really be helpful in most of these
cases, as this only helps after a rename.

To solve this situation, this patchset introduces a compatibility
version for devices. To complement the DEVICE_COMPAT_VERSION set
for the image to be flashed, this implements a compat_version on
the device, so it will have something to compare with the image.

The only viable way to achieve this seems to be via board.d files,
i.e. this is technically adding a compat version for the device's
config.

Like for the network setup, this will set up a command
ucidef_set_compat_version to set the compat_version in board.d.
This will then add a string to /etc/board.json, which will be
translated into uci system config by bin/config_generate.
By this, the compat_version, being a version of the config, will
also be exposed to the user.

As with DEVICE_COMPAT_VERSION, missing uci entry will be assumed
as compat_version "1.0", so we only need to add this if a device
needs to be bumped, e.g.

   ucidef_set_compat_version "1.1"

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-31 11:40:15 +02:00
Daniel Golle
d15b6e4895 procd: update to git HEAD
28be011 instance: make sure values are not inherited from previous runs
 2ae5cbc uxc: remove debugging left-over

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-30 17:16:53 +01:00
Adrian Schmutzler
917980fd8a hostapd: improve TITLE for packages
For a few packages, the current TITLE is too long, so it is not
displayed at all when running make menuconfig. Despite, there is
no indication of OpenSSL vs. wolfSSL in the titles.

Thus, this patch adjusts titles to be generally shorter, and adds
the SSL variant to it.

While at it, make things easier by creating a shared definition for
eapol-test like it's done already for all the other flavors.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-30 16:27:44 +01:00
Daniel Golle
34705946e2 hostapd: update mesh DFS patches and add mesh HE support
Drop outdated and by now broken patchset originally supplied by
Peter Oh in August 2018 but never merged upstream.
Instead add the more promissing rework recently submitted by
Markus Theil who picked up Peter's patchset, fixed and completed it
and added support for HE (802.11ax) in mesh mode.

This is only compile tested and needs some real-life testing.

Fixes: FS#3214
Fixes: 167028b750 ("hostapd: Update to version 2.9 (2019-08-08)")
Fixes: 0a3ec87a66 ("hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed")
Fixes: 017320ead3 ("hostapd: bring back mesh patches")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-30 16:27:44 +01:00
Daniel Golle
a15ed964cf procd: update to git HEAD
c3ca99f jail: serialize hook execution
 8ff8970 jail: add some remaining OCI features
 9d5fa0a uxc: behave more like a compliant OCI run-time
 1274033 uxc: fix create operation
 2d811a4 jail: add 'kill' method to container.%s object
 08133b8 uxc: use new container.%s kill ubus API

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-29 10:33:19 +01:00
David Bauer
c3e252d080 base-files: add function for generating random MAC
This adds a function for generating a valid random MAC address (unset MC
bit / set locally administered bit).

It is necessary for devices which do not have a MAC address programmed
by the manufacturer.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-28 15:52:44 +02:00
David Bauer
04f06787f1 uboot-rockchip: add NanoPi R2S support
Add support for the FriendlyARM NanoPi R2S.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-28 15:52:44 +02:00
David Bauer
65ac670b79 uboot-rockchip: update to v2020.07
Update the U-Boot to version v2020.07. Also replace the Makefile rewrite
with a proper patch, explaining why this hack is needed.

Run-tested: FriendlyARM NanoPi R2S

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-28 15:52:44 +02:00
Lucian Cristian
444b107118 atf-rockchip: update to 2.3
also install the firmware for all the supported boards

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
[fix ATF blob path in uboot-rockchip]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-28 15:52:44 +02:00
Adrian Schmutzler
8126e572dd imx6: use device-tree compatible for board name
In imx6, we currently use the model from DTS to derive a board name
manually in /lib/imx6.sh.

However, if we have individual DTS files anyway, we can exploit
generic 02_sysinfo and use the compatible as board name directly.

While at it, remove the wildcards from /lib/upgrade/platform.sh as
these might make code shorter, but are quite unpleasant when grepping
for a specific device.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-27 12:10:45 +02:00
Adrian Schmutzler
0f3c3a5fb2 layerscape: harmonize device strings
OpenWrt lately has harmonized device (definition) names to the
pattern vendor_model to improve overall consistency, also with
other values like the DTS compatible.

This patch applies that scheme to the layerscape target.

Since this (intentionally) creates a bigger overlap between DTS names,
compatible, and device definition name, it also moves DEVICE_DTS and
SUPPORTED_DEVICES definitions to the Device/Default blocks.

Apart from that, it also modifies several packages to use consistent
naming in order to keep the $(1) file references working.

While at it, remove one layer of complexity for the setup in
tfa-layerscape package.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-27 12:06:52 +02:00
Yousong Zhou
6c57fb7aa9 firewall: bump to version 2020-07-05
Changes since last source version

  e9b90df zones: apply tcp mss clamping also on ingress path
  050816a redirects: fix segmentation fault
  f62a52b treewide: replace unsafe string functions
  23cc543 improve reload logic
  9d7f49d redurects: add support to define multiple zones for dnat reflection rules
  f87d0b0 firewall3: defaults: fix uci flow_offloading option
  fe9602c rules: fix typo
  7cc2a84 defaults: robustify flow table detection.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-07-26 18:10:52 +08:00
David Woodhouse
ad295e0ee8 mediatek: add U-Boot build for UniElec U7623
Patches submitted upstream at
https://patchwork.ozlabs.org/project/uboot/list/?series=189178

Tested on Banana Pi R2 and U7623-06.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-07-26 16:42:36 +08:00
David Bauer
a956c14d6a mac80211: util: don't warn on missing sband iftype data
The kernel currently floods the ringbuffer with warnings when adding a
mesh interface for a device not support HE 6GHz modes.

Return without warning in this case, as mesh_add_he_6ghz_cap_ie calls
ieee80211_ie_build_he_6ghz_cap regardless of the supported interface
modes.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-25 22:36:34 +02:00
Daniel Golle
98b60b3efa procd: jail: fix build on glibc and uclibc
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-25 16:54:40 +01:00
Daniel Golle
114e5255c4 procd: update to git HEAD
48777de rcS: cast format string to int64_t
 a4df90f jail: fix wrong format for 32-bit
 c482c5d jail: add support for referencing existing namespaces

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-25 16:07:59 +01:00
Kevin Darbyshire-Bryant
b2f7355eec cake-oot: update to latest HEAD
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-07-24 18:44:31 +01:00
Hauke Mehrtens
ed2015c386 mac80211: Update to version 5.8-rc2-1
The following patches:
* 972-ath10k_fix-crash-due-to-wrong-handling-of-peer_bw_rxnss_override-parameter.patch
* 973-ath10k_fix-band_center_freq-handling-for-VHT160-in-recent-firmwares.patch
are replaced by this commit in the upstream kernel:
* 3db24065c2c8 ("ath10k: enable VHT160 and VHT80+80 modes")

The following patches were applied upstream:
* 001-rt2800-enable-MFP-support-unconditionally.patch
* 090-wireless-Use-linux-stddef.h-instead-of-stddef.h.patch

The rtw88 driver is now split into multiple kernel modules, just put it
all into one OpenWrt kernel package.

rtl8812au-ct was patched to compile against the mac80211 from kernel
5.8, but not runtime tested.

Add a patch which fixes ath10k on IPQ40XX, this patch was send upstream
and fixes a crash when loading ath10k on this SoC.

Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [ipq40xx/ map-ac2200]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-07-23 23:39:56 +02:00
Hauke Mehrtens
d1100c76b3 mac80211: Update to version 5.7.5-1
The b43 and b43legacy driver now support DRIVER_11W_SUPPORT.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-07-23 22:28:52 +02:00
Rosen Penev
1db3fb5842 uboot-mediatek: remove swig requirement
Ever since this package was introduced, the SDK for mt7629 failed to
build as it started failing on this package.

Fixed by porting Hauke's similar patch for uboot-sunxi to uboot-mediatek.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-07-23 17:38:13 +02:00
Michal Hrusecky
cdb25bcef3 openvpn: Allow override of interface name
If using a configuration file for OpenVPN, allow overriding name of the
interface. The reason is that then people could use configuration file
provided by VPN provider directly and override the name of the interface
to include it in correct firewall zone without need to alter the
configuration file.

Signed-off-by: Michal Hrusecky <michal@hrusecky.net>
(cherry picked from commit c93667358515ec078ef4ac96393623ac084e5c9e)
2020-07-23 13:10:09 +02:00
Michal Hrusecky
8483bf3126 openpvn: Split out config parsing code for reuse
Split out code that parses openvpn configuration file into separate file
that can be later included in various scripts and reused.

Signed-off-by: Michal Hrusecky <michal@hrusecky.net>
(cherry picked from commit 86d8467c8ab792c79809a08c223dd9d40da6da2e)
2020-07-23 13:10:09 +02:00
Kevin Darbyshire-Bryant
9b9726aeb4 kmod-sched-cake-oot: fix PKG_MIRROR_HASH
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-07-22 15:59:54 +01:00
Kevin Darbyshire-Bryant
017cd5bfb0 umdns: fix compiling using gcc 10
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-07-22 15:59:54 +01:00
David Bauer
93bbd998aa hostapd: enter DFS state if no available channel is found
Previously hostapd would not stop transmitting when a DFS event was
detected and no available channel to switch to was available.

Disable and re-enable the interface to enter DFS state. This way, TX
does not happen until the kernel notifies hostapd about the NOP
expiring.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-20 15:08:19 +02:00
David Bauer
cfd2f3bf6f mac80211: create channel list for fixed channel operation
Currently a device which has a DFS channel selected using the UCI
channel setting might switch to a non-DFS channel in case no chanlist is
provided (UCI setting "channels") when the radio detects a DFS event.

Automatically add a chanlist consisting of the configured channel when
the device does not operate in auto-channel mode and no chanlist set to
circumvent this issue.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-20 15:07:47 +02:00
Johannes Kimmel
65e9de3c33 vxlan: add capability for multiple fdb entries
Similar to wireguard, vxlan can configure multiple peers or add specific
entries to the fdb for a single mac address.

While you can still use peeraddr/peer6addr option within the proto
vxlan/vxlan6 section to not break existing configurations, this patch
allows to add multiple sections that conigure fdb entries via the bridge
command. As such, the bridge command is now a dependency of the vxlan
package. (To be honest without the bridge command available, vxlan isn't
very much fun to use or debug at all)

Field names are taken direclty from the bridge command.

Example with all supported parameters, since this hasn't been documented so
far:

  config interface 'vx0'
      option proto     'vxlan6'      # use vxlan over ipv6

      # main options
      option ip6addr   '2001:db8::1' # listen address
      option tunlink   'wan6'        # optional if listen address given
      option peer6addr '2001:db8::2' # now optional
      option port      '8472'        # this is the standard port under linux
      option vid       '42'          # VXLAN Network Identifier to use
      option mtu       '1430'        # vxlan6 has 70 bytes overhead

      # extra options
      option rxcsum  '0'  # allow receiving packets without checksum
      option txcsum  '0'  # send packets without checksum
      option ttl     '16' # specifies the TTL value for outgoing packets
      option tos     '0'  # specifies the TOS value for outgoing packets
      option macaddr '11:22:33:44:55:66' # optional, manually specify mac
                                         # default is a random address

Single peer with head-end replication. Corresponds to the following call
to bridge:

  $ bridge fdb append 00:00:00:00:00:00 dev vx0 dst 2001:db8::3

  config vxlan_peer
      option vxlan 'vx0'
      option dst '2001:db8::3' # always required

For multiple peers, this section can be repeated for each dst address.

It's possible to specify a multicast address as destination. Useful when
multicast routing is available or within one lan segment:

  config vxlan_peer
      option vxlan 'vx0'
      option dst 'ff02::1337' # multicast group to join.
                              # all bum traffic will be send there
      option via 'eth1'       # for multicast, an outgoing interface needs
                              # to be specified

All available peer options for completeness:

  config vxlan_peer
      option vxlan   'vx0'               # the interface to configure
      option lladdr  'aa:bb:cc:dd:ee:ff' # specific mac,
      option dst     '2001:db8::4'       # connected to this peer
      option via     'eth0.1'            # use this interface only
      option port    '4789'              # use different port for this peer
      option vni     '23'                # override vni for this peer
      option src_vni '123'               # see man 3 bridge

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
2020-07-20 13:43:36 +02:00
Johannes Kimmel
5222aadbf3 vxlan: remove mandatory peeraddr
vxlan can be configured without a peer address. This is used to prepare
an interface and add peers later.

Fixes: FS#2743

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Acked-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-07-20 13:43:36 +02:00
Kevin Darbyshire-Bryant
a197fa093c dnsmasq: bump to 2.82
This fixes a nasty problem introduced in 2.81 which causes random
crashes on systems where there's significant DNS activity over TCP. It
also fixes DNSSEC validation problems with zero-TTL DNSKEY and DS
records.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-07-20 10:38:35 +01:00
Daniel Golle
5aedd5a110 procd: bump to git HEAD once again
Further complete OCI container support in ujail:
 f5f305e jail: move /tmp/resolv.conf.d to /dev/resolv.conf.d
 6f078ae jail: add support for defining devices
 686cf7a jail: actually apply filesystem-specific mount options
 f91009a jail: refactor default mounts into new structure
 66ae2d9 jail: re-implement /proc/sys/net read-write in netns hack

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-20 04:39:11 +01:00
Daniel Golle
211548c523 procd: update to git HEAD
9eddf0f jail: fix hooks
 1b1286b jail: parse and apply OCI sysctl values
 c049047 jail: implement OCI user additionalGIDs
 0e1920c jail: read and apply umask from OCI if defined
 1c46cc3 jail: parse and apply POSIX rlimits
 76adac5 jail: /proc/$pid/oom_score_adj to OCI defined oomScoreAdj

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-19 19:35:47 +01:00
Daniel Golle
bae4204e34 procd: bump to git HEAD
8d5208f jail: fix false return in case of nofail mount
 b41f76b procd: fix compile if procd-ujail is not selected
 86a5105 jail: fs: fix build on uClibc-ng
 bfce7d1 jail: fix some more mount options
 268126a jail: add support for maskedPaths and readonlyPaths

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-17 12:00:00 +01:00
Martin Schiller
6299c1760a ltq-*dsl-app: dsl_control: remove unneeded check for lantiq_dsl.sh
This file is always present because it is part of the ltq-dsl-base
package on which these packages depend.

This check would not have been necessary in the past, because the script
was part of the TARGET_LANTIQ on which these packages also depend.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2020-07-17 12:14:32 +02:00
Martin Schiller
4d8552c265 lantiq: move dsl related base-files into own package
It does not make sense to install this components on lantiq systems
where the dsl subsystem is not needed/used.

This also makes it possible to use the files also on other targets.
(hopefully ipq401x / FritzBox 7530 in the near future)

Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
2020-07-17 12:14:32 +02:00
Rosen Penev
cc66580293 lzo: fix pkgconfig paths
The last commit to this package that added the pkgconfig file did not
fix the paths to point to the prefix.

This allows packages to find lzo properly.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-07-17 11:00:33 +02:00
Alberto Bursi
f013cc4b26 uboot-mvebu: add uboot for helios 4
add u-boot for Helios 4 NAS

Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
2020-07-17 11:00:33 +02:00